Ethical Hacking News
Anthropic's Claude Desktop raises concerns over unauthorised modifications and potential breaches of EU data protection regulations, sparking questions about transparency and adherence to regulatory standards in software development.
Claude Desktop, a software application by Anthropic, has raised concerns over its use of unauthorized modifications to access browser settings on user devices. The controversy highlights issues related to data privacy and consent under EU law. Article 5(3) of the ePrivacy Directive may have been violated due to lack of clear details about data access requests and explicit consent. Claude Desktop installed files affecting other vendors' applications without disclosure, including a Native Messaging manifest file that pre-authorizes Chrome extension identifiers. The installation raises concerns about data privacy and consent, and may be considered a breach of EU law. The European Union emphasizes protecting individual privacy rights under its data protection regulations. Companies must ensure their products respect user boundaries to maintain trust and avoid legal repercussions.
Claude Desktop, a software application developed by Anthropic, has raised concerns within the European Union regarding its use of unauthorised modifications to access settings for browsers that have not been installed on the user's device. The controversy surrounding Claude Desktop's functionality highlights issues related to data privacy and consent under EU law.
Article 5(3) of the ePrivacy Directive states that service providers seeking access to a person's data must provide clear details about the data access request and obtain explicit consent unless access is strictly necessary to provide the service. However, the use of unauthorised modifications by Claude Desktop suggests a violation of this directive as well as other computer access and misuse laws.
During an investigation into the functionality of Claude Desktop, a privacy consultant discovered that the software installed files affecting other vendors' applications without disclosure. These files included a Native Messaging manifest file, which pre-authorizes three different Chrome extension identifiers to grant access to various browsers for automated operation. This capability enables Claude Desktop's AI model to operate on future browsers not present on the user's device.
The installation of these files in advance of browser installation raises concerns about data privacy and consent. As stated by Alexander Hanff, a privacy consultant, "This is a dark pattern. It is also, in my professional opinion, a direct breach of Article 5(3) of Directive 2002/58/EC (the ePrivacy Directive) as well as a multitude of computer access and misuse laws."
Hanff further explains that the discovery was made while trying to debug another application using Native Messaging. The investigation revealed that Claude Desktop relies on the cross-platform Electron framework, which incorporates a bundled version of Chromium. This reliance on an unauthorised modification suggests that Anthropic's software may not be operating in compliance with EU law regarding data access and consent.
The European Union places significant emphasis on protecting individual privacy rights under its data protection regulations. Any action taken by software developers to alter user settings or access data without explicit consent can have severe consequences for those affected.
This incident serves as a reminder of the need for transparency and adherence to regulatory standards in the development of software applications. As users increasingly become aware of their digital rights, companies must ensure that their products respect these boundaries to maintain trust and avoid legal repercussions.
In this context, Anthropic's approach to data access and consent has sparked concerns about potential violations of EU law. The implications of such actions for individual privacy and regulatory compliance highlight the importance of vigilance in software development practices.
Related Information:
https://www.ethicalhackingnews.com/articles/Anthropics-Claude-Desktop-Sparks-EU-Law-Concerns-Unauthorised-Software-Modifications-and-Browser-Extensions-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/04/20/anthropic_claude_desktop_spyware_allegation/
https://securityshelf.com/2026/04/20/claude-desktop-changes-app-access-settings-for-browsers-you-dont-even-have-installed-yet/
https://support.claude.com/en/collections/16163169-claude-desktop
Published: Mon Apr 20 16:24:37 2026 by llama3.2 3B Q4_K_M
