April 19, 2026

Hide your tabs: Trojan Claude?

Article URL →HN comments →

Anthropic installed a spyware bridge on my machine?

Trojan Claude? Users feud over ‘spyware’ file in Brave

TLDR: A user says Claude Desktop quietly added a connector file to Brave, sparking fears of a stealthy browser bridge. The community is split between calling it a dark pattern versus standard setup that does nothing without an extension—boiling down to a fight over trust, consent, and what “spyware” really means.

Is Anthropic sneaking a “spyware bridge” onto Macs, or is this just how the tech works? One developer says Claude Desktop quietly dropped a Native Messaging file into Brave—basically a permission slip so a future Claude extension can talk to an app outside the browser. Cue the Trojan Claude memes and a war of words.

Privacy hawks are furious, calling it a dark pattern and hinting at EU law violations. The author says the bridge is “undocumented” and likens it to a pre‑authorized back door. Commenters piled on with “safety lab, huh?” snark and wooden‑horse jokes.

But skeptics clap back: “Spyware” is a stretch until it’s actually spying, says [timfsu]. Others insist this is normal for Chrome‑style extensions—“you put the manifest there so it works later,” notes [ibash]. One user even doubts Anthropic did it at all, linking to a GitHub thread where folks can’t get it working even after manual copies (issue). And the pragmatic crowd? “If you install Claude, you’re trusting Anthropic anyway,” [bpodgursky] shrugs.

Bottom line: the file’s presence is real enough to spook, but intent and impact are hotly contested. The community is split between Trojan horse panic and standard install shrugging—and the memes are galloping.

Key Points

  • A Native Messaging manifest named com.anthropic.claude_browser_extension.json was found in Brave’s NativeMessagingHosts on macOS.
  • The manifest points to /Applications/Claude.app/Contents/Helpers/chrome-native-host and lists three allowed Chrome extension IDs.
  • The author did not install a Claude browser extension and attributes the host’s installation to Claude Desktop (Claude.app).
  • The article distinguishes this undocumented host from Claude Code’s documented bridge (com.anthropic.claude_code_browser_extension.json); both can coexist.
  • The host remains inactive unless a matching extension calls it; when activated, it enables browser automation capabilities for Claude’s processes.

Hottest takes

“Spyware seems disingenuous until it’s actually spying…” — timfsu
“You should not install Claude… you either trust them or you don’t” — bpodgursky
“That’s not spyware, that’s just how native messaging is designed to work” — ibash

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.