@rohanpaul_ai: wow Claude Code allegedly fingerprints China-linked custom routes through tiny prompt formatting changes. The claim con…
Summary
Controversy erupts as Claude Code is accused of secretly fingerprinting China-linked custom proxy routes through invisible prompt formatting changes, raising serious trust and auditability concerns for AI agents.
View Cached Full Text
Cached at: 07/01/26, 08:05 AM
wow
Claude Code allegedly fingerprints China-linked custom routes through tiny prompt formatting changes.
The claim concerns non-default ANTHROPIC_BASE_URL routes, not ordinary direct Anthropic connections.
As to the mechanism, Claude Code normally sends your request to Anthropic’s server, but some users change the address so it goes through another server first.
The accusation says Claude Code detects that changed route, checks whether it looks China-linked, then hides tiny signals inside the prompt text.
ANTHROPIC_BASE_URL is a setting that tells Claude Code where to send your request i.e. as a way to point Claude Code at a gateway. A proxy or gateway means that request goes through another server before reaching Anthropic.
So the controversy starts if Claude Code then secretly fingerprints that gateway through the prompt itself.
The mechanism is allegedly invisible punctuation and date formatting, used to tag the request without clearly telling the user.
Claude Code allegedly checks the custom hostname, then compares it with China-linked domains.
Now this is quite massive issue
If true, hidden prompt markers would mean Claude Code silently tagged routing details without clear disclosure.
Abuse detection is understandable because Anthropic says proxy services are used to bypass China access limits. But secret prompt marking still crosses a trust line because users cannot review or refuse it.
Claude Code is not a normal chatbot because it can read files, edit code, and run commands. A hidden signal inside that kind of tool feels far more serious than tracking inside a website.
This may set a precedent for AI agents becoming hard to audit. Once invisible characters carry metadata, users will distrust even harmless-looking text.
This GitHub verification report note says the claim is real, but the effect is narrow.
-
Claude Code allegedly adds the hidden mark only when someone changes the server address away from Anthropic’s official server.
-
A normal direct user is not marked just because their timezone is China.
-
The mark is not shown as file theft, because it only changes punctuation inside the prompt already being sent.
-
The trust issue remains serious because the user would not clearly see or approve that hidden label.
-
The anti-abuse value also looks weak because a truly bad reseller could easily avoid it by changing settings or patching code.
https://gist.github.com/AdnaneKhan/0a0edb5620d5214282ef4027caad8950…
Some context on why Anthropic may be doing it.
The White House earlier warned through a official report that proxy accounts already support industrial-scale frontier AI extraction campaigns.
There’s a big grey market that sells cheap Claude API access through proxies that capture everything.
https://whitehouse.gov/wp-content/uploads/2026/04/NSTM-4.pdf…
Similar Articles
Claude Code Is Quietly Fingerprinting China-Linked API Routers (8 minute read)
Claude Code has a hidden mechanism that fingerprints requests routed through custom endpoints, particularly those linked to China, by altering date strings in model context.
@IntCyberDigest: BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then s…
The article alleges that Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users by injecting routing metadata into prompts, raising serious privacy concerns.
@rohanpaul_ai: A crazy blog. Chinese developers are buying Claude access through gray-market API transfer stations that can sell token…
Chinese developers are using gray-market API proxy services to access Claude at a fraction of the official price, exploiting account farming and free credits. These proxies pose risks of data theft and model substitution, undermining Anthropic's security measures.
@AISuperDomain: Breaking news! Claude Code allegedly has a built-in 'hidden backdoor' specifically designed to detect Chinese users. The reason for Claude account bans has finally been found!!! According to a Reddit leak: Starting from version 2.1.91, Claude Code checks whether the system timezone is Asia…
According to a Reddit leak, starting from version 2.1.91, Claude Code has a built-in hidden detection logic that checks system timezone, proxy URL, and modifies system prompt encoding methods, allegedly to specifically identify Chinese users, sparking serious concerns about developers' trust boundaries.
@johnbai: tbh i'm not even mad, i'm genuinely impressed
A cyber security account alleges Anthropic embedded spyware in Claude Code that covertly targets Chinese users, sending timezone and proxy data via prompts.