Claude Desktop Accused of Steganographic User Tracking and Chinese User Blocking via Browser Injection
English summary
Cybersecurity expert亚历山大·汉夫 (Alexander Hanff) exposed that Anthropic's Claude Desktop client silently injects profile configurations into multiple browsers, reads the system timezone to detect China-based users, and employs text steganography in system prompts to covertly tag them. The method modifies the date separator from hyphens to slashes (e.g., 2026/06/30) and replaces the single quote in 'Today’s date is...' with distinct Unicode characters (U+2019, U+02BC, U+02B9) based on proxy URL attributes, allowing backend servers to identify users behind VPNs without altering packet structures. This mechanism is allegedly used to enforce access blocking for Chinese users.
Chinese summary
网络安全专家亚历山大·汉夫(Alexander Hanff)曝光称,Anthropic 的 Claude 桌面客户端会向多个浏览器静默注入配置文件,读取系统时区以检测中国用户,并利用文本隐写术在系统提示词中秘密标记他们。其手法是将日期分隔符由连字符改为斜杠(如2026/06/30),并将“Today’s date is...”中的单引号根据代理 URL 屬性替换为不同的 Unicode 字符(U+2019、U+02BC、U+02B9),后端服务器借此识别出使用 VPN 的用户,而不修改数据包结构。这一机制被指用于封禁中国用户。
Key points
Claude Desktop silently injects profiles into multiple browsers to obtain system timezone information.
Claude 桌面客户端向多个浏览器静默注入配置文件以获取系统时区信息。
The client uses timezone data to detect users located in China, including those connecting through VPNs.
客户端利用时区数据检测位于中国的用户,包括通过 VPN 连接的用户。
Steganographic tagging is achieved by changing the date format (2026/06/30 instead of 2026-06-30) and replacing the single quote in the prompt with proxy-attributed Unicode variants (U+2019, U+02BC, U+02B9).
通过将日期格式从 2026-06-30 改为 2026/06/30,以及将提示词中的单引号替换为编码代理属性的 Unicode 变体(U+2019、U+02BC、U+02B9),实现隐写标记。
This technique enables Anthropic to label and block Chinese users without visible changes to HTTP traffic.
该技术使 Anthropic 能在不引起 HTTP 流量可见变化的情况下标记并封禁中国用户。