cd /news/ai-safety/secret-claude-tracker-shocks-users-a… · home topics ai-safety article
[ARTICLE · art-48163] src=arstechnica.com ↗ pub= topic=ai-safety verified=true sentiment=↓ negative

Secret Claude tracker shocks users after Anthropic’s anti-surveillance stance

Anthropic secretly added a tracker to Claude Code that monitored users in China, using prompt steganography to hide code that flagged timezone, proxy, and potential connections to Chinese AI labs. The company removed the tracker after a security researcher exposed it, but privacy advocates condemned the move as a breach of trust, especially given Anthropic's previous anti-surveillance stance against the US government.

read1 min views1 publishedJul 6, 2026
Secret Claude tracker shocks users after Anthropic’s anti-surveillance stance
Image: Arstechnica (auto-discovered)

Anthropic quickly removed a tracker secretly monitoring Claude Code users in China after a security researcher exposed the hidden code and condemned the spyware-like tracking as a “serious breach of user trust.”

Last week, a web developer known as “Thereallo” was researching privacy issues in Claude Code and was shocked to find that the AI firm was using “prompt steganography” to hide code that tracks Chinese users “in plain sight.” This code wasn’t malicious, but it was sending information to Anthropic that most users wouldn’t detect, relying on shorthand markers to quietly flag users’ timezone, proxy, and potential connection to Chinese AI labs that Anthropic has accused of distillation attacks.

On X, Anthropic engineer Thariq Shihipar confirmed that the tracker was added to Claude Code as an “experiment” in March. According to Shihipar, the code “was meant to prevent account abuse from unauthorized resellers and protect against distillation.” Regarding the former, The Washington Post found unauthorized retailers have sold access to free models for $1 a month, and pro subscriptions that can cost $100 monthly sell for “as little as $12.”

Supposedly, Anthropic has “actually been meaning to take this down for a while,” Shihipar said of the hidden code, because engineers have “landed stronger mitigations since then.”

Privacy advocates were not happy with the explanation, though, warning that the code is evidence that Anthropic is willing to cross lines to surveil users. That’s perhaps especially surprising, considering that Anthropic riled the Trump administration by refusing to allow the US government to use Claude to surveil US users. The AI firm has since sued the White House over the clash.

── more in #ai-safety 4 stories · sorted by recency
── more on @anthropic 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/secret-claude-tracke…] indexed:0 read:1min 2026-07-06 ·