Secret Claude tracker shocks users after Anthropic’s anti-surveillance stance
Ars Technica AI · Ashley Belanger · 2026-07-06
Anthropic secretly embedded code using prompt steganography in Claude Code to monitor Chinese users' timezones, proxy settings, and connections to Chinese AI labs, which a security researcher exposed and condemned as a serious breach of user trust before Anthropic removed it.
Appears in
Extraction
Topics: ai-privacyanthropicclaude-codeprompt-steganographyuser-surveillance
Claims
- Anthropic embedded hidden tracking code in Claude Code that monitored Chinese users' timezones, proxy configurations, and potential affiliations with Chinese AI labs.
- The tracker used prompt steganography—shorthand markers hidden in plain sight—to covertly transmit user data to Anthropic.
- An Anthropic engineer confirmed the tracker was added in March 2026 as an experiment to prevent account abuse by unauthorized resellers and to protect against distillation attacks.
- Unauthorized retailers have sold access to Claude pro subscriptions for as little as $12 instead of the $100 retail price.
- Anthropic removed the tracker after security researcher 'Thereallo' publicly exposed and condemned the hidden code.
Key quotes
serious breach of user trust
was meant to prevent account abuse from unauthorized resellers and protect against distillation
using 'prompt steganography' to hide code that tracks Chinese users 'in plain sight'