thereallo.dev

Claude Code is steganographically marking requests

kirushik · 2.2K points · 647 comments · 21 ชั่วโมงที่ผ่านมา

Comments

5 preview comments · loading full thread
civet_java18 ชั่วโมงที่ผ่านมา

There are some commentors in this thread downplaying the severity of a service provider being less than transparent about exactly what their shipped tooling does on customer's machines. That the provider's business needs necessitate the this behaviour doesn't justify their lack of honest disclosure. That honest disclosure would render the solution to their problem useless isn't my problem. If anything, that they thought this was acceptable makes me wonder what else they're harvesting from my machine? PII? The cynic in me can't help but feel that the state of these comments reflects less on the commentor's views of this debacle but rather their feelings about AI/Anthropic/America/what-have-you.

meowface20 ชั่วโมงที่ผ่านมา

Value judgment aside: I am a bit surprised at how sloppily they did this. I think they could've achieved the same effect while decreasing the odds of detection via reverse engineering. (This field is known as "underhanded code", coined by the Underhanded C contest: https://www.underhanded-c.org. It's a little-known "art"; little-known for probably self-explanatory reasons. There are much cleverer ways of achieving objectives like this. One obviously being you can move more out of the client and into the server, but the other being you can write plausibly deniable client code in a much more benign-seeming way than this. Some of what they added can only be done on the client, but I think some could've been moved, and the client-required parts could've been done more subtly and credibly.) It's possible they knew the JS bundle gets so heavily scrutinized that it'd eventually get spotted and reported on regardless so they didn't bother doing something more subtle and duplicitous. But still seems slightly lazy.

isatty13 ชั่วโมงที่ผ่านมา

You can't trust any of the big AI labs as far as you can throw them, and most definitely not Anthropic. They may have a good model, but they've shown time and time again that they're not trustworthy. The CEO has recently started taking a stance against local AI. That must tell you something: local AI is the future. If you want to preserve privacy and be ready for the rug pull, you need to run things locally. Unfortunately, that means that you're going to need Google or the Chinese labs to constantly release open models. If anything, I'll trust Google more than any of the other labs just because the infrastructure that stores and protects user data was built over decades ago pre-AI craze.

mrshadowgoose19 ชั่วโมงที่ผ่านมา

The conclusion of this blog post is a bit hysterical. The intent of this steg is excruciatingly clear (identifying usage by Chinese firms that may be conducting model distillation). It's unclear on how this "punishes normal developers" in any shape or form.

orbital-decay18 ชั่วโมงที่ผ่านมา

To summarize what they've already been doing: - filtering out people from the wrong side of "all humanity", years before it was demanded by the government - downgrading their models in arbitrary ways (later saying "sorry but not really") - actively sabotaging the replies, as in covertly modifying them to feed the users incorrect results What's next to expect from Anthropic? Malware to brick your machine if they don't like you? Extending this to more people they don't like? I think I already can see how Dario's Amodei utopian visions of the future of "all humanity" are going to unfold.