Anthropic’s Claude Desktop for macOS is facing criticism for silently installing configuration files that pre-authorize browser extensions and modify third-party applications without obtaining explicit user consent or disclosure.

Key Points

• Privacy consultant Alexander Hanff identified that Claude Desktop installs Native Messaging manifest files that pre-configure browser integrations for software not yet installed on the user's device.
• The application creates a bridge between Chromium-based browsers and a local executable that runs outside the browser's security sandbox at the user privilege level.
• Critics argue this behavior violates Article 5(3) of the EU’s ePrivacy Directive, which requires clear disclosure and consent for storing information on a user's device.
• Security experts warn that this pre-authorized bridge expands the attack surface, potentially allowing prompt injection vulnerabilities to reach local system files.
• Anthropic has not responded to public concerns regarding the lack of opt-in controls or the difficulty of removing these persistent system modifications.

Why it Matters

This practice challenges the expected trust boundaries between desktop applications and web browsers, raising significant concerns about user autonomy and data security. If regulators determine these silent installations are not "strictly necessary," Anthropic could face legal scrutiny under European privacy laws and suffer long-term reputational damage regarding its commitment to AI safety.