Make money doing the work you believe in

We need to have a talk about trust. Specifically, trust in the AI company Anthropic.

Today, while everyone was busy being underwhelmed by the Claude Sonnet 5 release, some other Anthropic-related news broke. A developer reverse-engineered Claude Code and found something interesting. The tool was hiding secret messages from the end user. According to the reporting, Claude Code checks for indicators of the user being in China. If it finds them, it uses hard-to-notice character swaps and date formatting to send a signal to the Claude model. It changes the base system prompt if it thinks you're Chinese.

That behavior looks a lot like spyware to me. Call it malware-like or covert fingerprinting or whatever you like, what matters is the mechanism.

Isn't this just like a website fingerprinting a web browser? Sure. The difference is they hid it. They hid user classification data inside invisible punctuation in a sentence that looks like plain English. They obfuscated the code. They shipped it without telling anyone. This is a developer tool with filesystem and shell access on your machine, and it was quietly profiling users in a way designed to be undetectable.

Claude Code is a trust-sensitive product. It has access to the user's source code, project files, and sometimes even credentials. The whole arrangement depends on the assumption that the client is doing what the user asked it to do without any covert shenanigans happening in the background.

Once a company does that in one product, the question spreads. What else is in Claude Desktop? What else is in the mobile app? What else is in the browser app, MCP tooling, account-risk systems, or identity-verification pipeline?

Starting July 8, Anthropic's updated privacy policy allows them to require a government-issued photo ID and a live selfie from consumer-tier Claude users. The verification runs through Persona Identities, a company whose front-end code was found sitting on a US government-authorized endpoint earlier this year. Researchers discovered Persona performs 269 distinct verification checks, including facial recognition watchlist matching and screening across 14 categories of "adverse media" like terrorism and espionage. Discord dropped them after the exposure. Anthropic picked them up.

Persona's largest investor is Founders Fund, Peter Thiel's venture capital firm, which led both their $150 million Series C and $200 million Series D rounds. Thiel co-founded Palantir, which builds surveillance and data analytics tools for ICE.

That's the company Anthropic wants handling your ID.

This data is valuable. A verified Anthropic account tied to a confirmed US identity, with access to export-controlled frontier models, is a prized commodity. These accounts will appear on dark web markets the same way every other verified identity product does. Discord's age verification vendor had a breach that hit 70,000 users.

The people who get hurt the most here are the ones Anthropic is betting will trust them with their data. A determined adversary can bypass all of these distillation countermeasures. Regular users can't undo an identity breach.

Anthropic spent this week asking for unprecedented trust from its users. The same week, someone found them hiding surveillance signals inside Unicode characters. They're a company that chose deception over disclosure, and now they want your face.

Jul 1
at
1:21 AM
Relevant people

Log in or sign up

Join the most interesting and insightful discussions.