Confirmed: Claude Code Secretly Inspects Users, Time Zone and Chinese AI Labs Are Key Factors

marsbitPublished on 2026-07-01Last updated on 2026-07-01

Abstract

Today was a significant day for Anthropic. The company announced the launch of Claude Sonnet 5, described as its most agentic model yet, and separately confirmed that the U.S. Department of Commerce has lifted export controls on its Claude Fable 5 and Mythos 5 models, allowing their distribution to resume. However, a separate controversy has emerged regarding its coding assistant, Claude Code. Developers have exposed that certain versions of the tool allegedly contain hidden code designed to detect specific user data. This code reportedly checks for the use of Chinese time zones (like Asia/Shanghai), the presence of custom API proxy URLs, and connections to domains associated with Chinese tech companies and AI labs. If triggered, this information is said to be encoded into the system prompt sent to the AI cloud, using subtle, nearly indistinguishable variations in characters (like different Unicode apostrophes in the "Today's date" line) as a form of steganography. The core issue is the covert nature of this data collection. While telemetry for security and abuse prevention is common, implementing it through hidden channels within the prompt—without user awareness or documented disclosure—fundamentally breaches trust. This is particularly sensitive for a coding assistant that operates with access to source code and system commands. Following the exposure, an Anthropic engineer acknowledged the code's existence and stated it would be removed in an upcoming release. The incid...

Today, Anthropic had a "double celebration."

On one hand, it released Claude Sonnet 5, "the most Agent-like model to date," with performance close to Opus 4.8.

On the other hand, it announced that the U.S. Department of Commerce has lifted export controls on its Claude Fable 5 and Mythos 5. Anthropic will restore access starting tomorrow and will soon share the latest updates.

According to an agreement signed by U.S. Secretary of Commerce Howard Lutnick, since the issuance of related letters on June 12 and June 26, Anthropic has worked closely with the U.S. government to take measures addressing the risks associated with Claude Mythos 5 and Claude Fable 5.

Anthropic has committed to proactively identifying and addressing security risks that may arise from these models; closely collaborating with the U.S. government on agreements, standards, and release arrangements for Mythos, Fable, and future models; and notifying the U.S. government upon detecting malicious activity.

Based on the actions taken and commitments made by Anthropic, as well as the U.S. Department of Commerce's Bureau of Industry and Security's assessment of the current transfer risks associated with Claude Mythos 5 and Claude Fable 5, the U.S. Department of Commerce has decided to withdraw the control measures outlined in the June 12 letter.

This means that exports, re-exports, domestic transfers, including deemed exports and deemed re-exports, of Claude Mythos 5 and Claude Fable 5 will no longer require a license.

However, the U.S. Department of Commerce reserves the right to reevaluate this decision. If circumstances change, or if Anthropic fails to fulfill its commitments, the Department may reinstate license requirements.

However, for Chinese users, there is little cause for immediate celebration.

On the very same day, the developer community was heatedly discussing another topic: some have discovered that Claude Code collects local proxy and time zone information without user knowledge and embeds this information into the prompts sent to the cloud using "Steganography."

Claude Code Exposed for Using Invisible Code to Tag Chinese Users

Recently, it was exposed that Anthropic secretly embedded a piece of code within Claude Code.

This code automatically detects whether the user is using China's time zone, current network proxy settings, and whether they are connected to environments related to certain Chinese AI labs.

It then embeds this information into the system prompts sent to the AI using steganography.

Chinese users are completely unaware, but Anthropic can use these invisible fingerprints for identification.

A developer first raised questions on Reddit, later publishing a verification report on GitHub claiming to have examined versions 2.1.193, 2.1.195, and 2.1.196 of Claude Code's code, confirming the existence of a hidden mechanism. This mechanism was characterized as a concealed information channel within the system prompt.

Detection Logic

According to the report, Claude Code detects the environment variable ANTHROPIC_BASE_URL. This variable is typically activated when users direct Claude Code to a custom API proxy rather than the official endpoint api.anthropic.com. When a non-official route is detected, the program extracts the proxy domain and reads the user's system time zone, specifically checking if it is Asia/Shanghai or Asia/Urumqi.

Analysis using GLM5.2

The report states that this domain is compared against a decoded list containing 147 entries. The list includes domains of Chinese tech companies and AI labs such as Baidu, Alibaba, Ant Group, ByteDance, Moonshot AI, MiniMax, Stepfun, as well as numerous addresses for Claude resale or API mirror services.

Information Transmission Method

The core of the controversy lies in the path of information transmission.

The report points out that Claude Code does not set up separate telemetry fields to report data. The carrier of the abnormal information is the most inconspicuous phrase in the system prompt: "Today's date is...".

When the system time zone is identified as a Chinese time zone, the date separator changes from a hyphen to a forward slash, for example, 2026-06-30 appears as 2026/06/30. The apostrophe in "Today's date" simultaneously alternates between Unicode characters such as ', ', ʼ, ʹ, which look similar, to mark whether the current request matches entries in the domain list, AI lab keywords, or both. These symbols are difficult to distinguish with the naked eye in regular interfaces.

For ordinary users, the symbols ', ', ʼ, ʹ are almost indistinguishable by eye, which is how this mechanism remained hidden for so long. If the analysis is accurate, every qualifying request carries such an inconspicuous marker upstream.

Controversial Points

Telemetry data collection is common in the software industry. AI companies often have strong motivations to identify user behavior to prevent misuse, curb resale, mitigate sanction risks, and prevent model distillation. From this perspective, it's understandable that Anthropic wants to curb the unauthorized resale of Claude access in the Chinese market.

The controversy lies in the implementation method, not the purpose itself.

For publicly disclosed telemetry mechanisms, developers have full rights to information and choice—they can consult documentation, block specific endpoints, or decide whether to accept certain data collection. However, hiding marker information in the subtle character differences of prompts, which is almost impossible to detect, changes the foundational premise of trust between the user and the tool. For a coding assistant, once such a boundary is crossed, the cost is significant.

Permission Context

Claude Code has a built-in permission system covering operations like file reading, Bash command execution, and file editing. Read-only operations do not require user approval, while operations involving command execution and file modification require permission confirmation.

Anthropic has previously publicly discussed the potential "approval fatigue" issue with Claude Code, acknowledging that most users habitually approve permission requests, and completely disabling permission approval mechanisms is unsafe in most scenarios.

The company's own engineering blog has documented real cases of "agentic misbehavior," including accidental deletion of remote git branches, unintended upload of GitHub tokens, and even attempts to execute migration operations on production databases.

A coding agent operates within a code repository, accessing source code, file structures, project details, and even inadvertently exposed user key information, and is granted permissions to execute commands and modify files. For such a tool, trust is its very foundation.

If the client-side secretly encodes routing metadata into prompts, users naturally have reason to ask: What other information is being recorded in similar ways? Are there other undisclosed detection logics on the client-side? Have any of these behaviors been documented anywhere?

After the exposure, Anthropic technical team member @trq212 responded to the reasons for the code implementation, stating that this code would be removed in a new version released the following day.

Reference Links:

https://news.ycombinator.com/item?id=48734373

https://thereallo.dev/blog/claude-code-prompt-steganography

https://x.com/IntCyberDigest/status/2071971609183678544?s=20

https://www.internationalcyberdigest.com/claude-code-accused-of-hiding-china-proxy-fingerprints-inside-system-prompts/

This article is from the WeChat public account "Machine Heart" (ID: almosthuman2014), author: Focus on AI

Trending Cryptos

Related Questions

QWhat is the main controversy surrounding Claude Code according to the article?

AThe article states that Claude Code was found to secretly collect user information, such as local proxy settings and time zone (specifically targeting Chinese time zones like Asia/Shanghai), and embed this data via steganography into system prompts sent to the cloud, without user knowledge or consent.

QWhat action did the U.S. Department of Commerce take regarding Anthropic's models mentioned in the article?

AThe U.S. Department of Commerce, based on an agreement with Anthropic, decided to withdraw the export control restrictions previously placed on the Claude Mythos 5 and Claude Fable 5 models, meaning these models no longer require a license for export or transfer.

QHow did Claude Code allegedly embed the collected user information into the system prompts?

AIt reportedly embedded the information by altering the punctuation in the system prompt 'Today's date is...'. For instance, the date separator changed from a hyphen to a slash for Chinese time zones, and different, visually similar Unicode characters for the apostrophe (like ', ʼ, ʹ) were used to encode whether the request matched a domain list or AI lab keywords.

QWhat was Anthropic's response to the allegations about Claude Code's hidden data collection?

AAn Anthropic technical team member (@trq212) responded to the reason for the code's implementation and stated that this code would be removed in a new version scheduled for release the following day.

QWhy is the method of data collection in Claude Code considered particularly controversial?

AIt is controversial because the method used steganography to hide the data within seemingly normal system prompts, making it undetectable to users. This breaches trust, as users have no knowledge, choice, or ability to opt-out, unlike with standard, disclosed telemetry practices.

Related Reads

YouTube Crypto Channel Views Drop 70% by 2026, Retail Attention Crisis Reshaping Next Cycle

Major cryptocurrency YouTube channels are experiencing a severe decline in viewership, signaling a potential crisis in retail investor attention for the next market cycle. Analysis of six top channels shows monthly view counts have plummeted 27% to 79% compared to January 2025, with four channels down approximately 75%. While subscriber counts remain high (e.g., Coin Bureau with 2.72M, Altcoin Daily with 1.65M), current engagement tells a different story. Recent 30-day view counts are significantly lower: Coin Bureau at 1.24M views, Crypto Banter at 1.06M, with Altcoin Daily and Benjamin Cowen performing relatively better at 1.79M and 1.8M respectively. The core issue is that subscriber numbers are cumulative and reflect past interest, while views measure current demand. The dramatic drop indicates a fragmented and more selective retail audience. This contrasts sharply with the 2021 bull market, where channels reportedly garnered 3-4 million daily views. Now, daily views for major channels range from roughly 35,000 to 60,000. This divergence suggests a new type of market cycle. Bitcoin's price can be sustained by ETFs and institutional activity, but without strong retail engagement via content channels, the dynamics of the next bull run will be fundamentally different. The real signal for a retail resurgence will be a sustained increase in daily and monthly view counts, not subscriber growth. If viewership fails to recover, long-form YouTube content may become a lagging indicator, with retail attention shifting to other, faster formats.

marsbit18m ago

YouTube Crypto Channel Views Drop 70% by 2026, Retail Attention Crisis Reshaping Next Cycle

marsbit18m ago

Grayscale: After Halving, BTC is Nearing the Bottom of This Cycle

Grayscale Research suggests Bitcoin's recent decline below $60,000, a >50% drop from its October peak, represents a cyclical correction within a long-term uptrend rather than a trend reversal. Key factors behind the pullback include a shift in market expectations toward Federal Reserve rate hikes under new Chair Kevin Warsh, uncertainty around the CLARITY Act's Senate passage, pressure on leveraged entities like Strategy, and concerns over quantum computing risks. The path out of the current bear market hinges on upcoming catalysts. An optimistic scenario, where the CLARITY Act passes, leverage is contained, and the Fed refrains from hiking, could mean Bitcoin is nearing its cycle bottom. A pessimistic scenario, featuring legislative failure, further deleveraging, and Fed rate hikes, could lead to additional moderate downside. Grayscale does not expect a historically deep ~80% drawdown due to a more measured prior bull run and stickier institutional demand. Despite short-term headwinds, Grayscale remains highly optimistic about crypto's long-term structural prospects, driven by institutional adoption of public blockchains, unsustainable government debt, declining trust in intermediaries, and AI's potential demand for alternative systems. The report concludes that while the exact cycle low depends on near-term catalysts, current valuations present an attractive entry point for long-term investors betting on the decade-ahead growth of digital assets.

marsbit1h ago

Grayscale: After Halving, BTC is Nearing the Bottom of This Cycle

marsbit1h ago

Web3 Bear Market Survival Guide: Ten Great Books to Help You Navigate the Cycles

"Web3 Bear Market Survival Guide: Ten Books to Help You Navigate the Cycle" This article presents a curated book list aimed at helping Web3 enthusiasts and professionals endure and grow during crypto market downturns. It argues that bear markets are not just periods of waiting but crucial times for deepening one's foundational understanding beyond technical whitepapers and price charts. The ten recommended books offer perspectives on technology, economics, philosophy, and strategy to build resilience and long-term vision. The list includes: 1. **"The Inevitable" by Kevin Kelly:** For using a long-term technological lens to combat uncertainty about the future, including the role of crypto and AI. 2. **"Human Action" by Ludwig von Mises:** To upgrade one's economic and philosophical framework, understanding action, speculation, and calculation in a bear market context. 3. **"The Nature of Technology" by W. Brian Arthur:** For viewing blockchain and crypto as combinatorial evolutions of existing technologies, understanding their modular and economic development. 4. **"The Distant Savior" (Chinese novel):** Explores the cultural attributes of self-reliance ("strong culture") versus dependency ("weak culture"), crucial for surviving industry cycles. 5. **"The Sovereign Individual" by James Dale Davidson & Lord William Rees-Mogg:** A prophetic 1997 work on how technology empowers individuals and challenges nation-states, foreshadowing Bitcoin's emergence. 6. **"Japanization: What the World Can Learn from Japan's Lost Decades" (Adapted title):** Uses Japan's economic history as a case study to identify structural opportunities that persist even during broader recessions. 7. **"Denationalisation of Money" by F.A. Hayek:** The ideological blueprint for Bitcoin, arguing for competitive currency issuance beyond state monopoly. 8. **"Duan Yongping Investment Q&A" (Chinese compilation):** Emphasizes the simple discipline of "doing the right things and doing things right," focusing on fundamentals and maintaining a "stop doing list." 9. **"The Network State: How To Start a New Country" by Balaji Srinivasan:** A visionary text from a crypto insider outlining bold predictions and concrete ideas for a blockchain-based future across media, governance, and identity. 10. **"Selected Works of Mao Zedong" (Vol. 1):** Analyzed as a strategic playbook for a weak force challenging a powerful establishment, offering lessons on strategy, alliance-building, and perseverance for the crypto movement. The conclusion states that bear markets filter out those with weak conviction, not weak skills. Survival depends on cognitive depth and mental fortitude, which these books aim to provide.

Foresight News1h ago

Web3 Bear Market Survival Guide: Ten Great Books to Help You Navigate the Cycles

Foresight News1h ago

Trump's 25-Year Financial Report: Family Earns Over $1 Billion Annually from Crypto, While Retail Investors Lose Money on $TRUMP

Former President Donald Trump's family earned approximately $1.2 billion from cryptocurrency ventures in 2025, according to a financial disclosure report. This revenue stream, outlined in a 927-page filing, now surpasses income from most of his long-established real estate holdings. The crypto earnings originated from two main sources: over $500 million from the sale of products like "governance tokens" by World Liberty Financial, a DeFi project co-owned by the Trump family, and roughly $635 million in royalties from the Trump-themed meme coin $TRUMP, issued by CIC Digital LLC. While Trump's entities profited, retail investors faced significant losses. The $TRUMP token, which peaked above $74 shortly after its January 2025 launch, has plummeted to around $1.68. World Liberty Financial's token has also fallen roughly 80% since its debut. Reports indicate that the majority of meme coin buyers have lost money, with Trump-linked entities still holding about 80% of $TRUMP's supply under vesting plans. The disclosure highlights a stark contrast: Trump's crypto and real estate businesses flourished—with new international property deals bringing in tens of millions—even as his administration shifted to crypto-friendly policies, relaxing the stringent regulatory stance of the previous Biden administration. The White House maintains that Trump acts only in the public interest, with his businesses placed in a trust managed by his sons, denying any conflict of interest. However, the report notes the difficulty of assessing such conflicts, particularly regarding foreign business dealings with countries that later received favorable U.S. policy decisions.

marsbit2h ago

Trump's 25-Year Financial Report: Family Earns Over $1 Billion Annually from Crypto, While Retail Investors Lose Money on $TRUMP

marsbit2h ago

Trading

Spot

Hot Articles

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of AI (AI) are presented below.

活动图片