Claude Code is steganographically marking requests

Posted by kirushik 8 hours ago

Claude Code is steganographically marking requests(thereallo.dev)

1205 points | 314 commentspage 5

AtNightWeCode 4 hours ago|

Sounds to me more like a test. Put something into to the client and see what happens. If you really want to stop token sharing just ask Claude how to do it.

an0malous 6 hours ago||

Is this why Claude never knows what date and time it is right now?

__msh__ 3 hours ago||

Anyone else noticed the tailed ƒ Easter egg?

Biganon 31 minutes ago|

I did notice the tailed f, but what makes it an easter egg? I thought it was just a funky ligature

MangoCoffee 6 hours ago||

The AI race right now is in a sad state. Chinese's playbook is releases open weight models and trains them on their own chips.

Anthropic pushes fear and control. But the only way to win is by innovating. China is flooding the market with cheap, good enough models, while the U.S. is building a Chinese firewall.

ForHackernews 3 hours ago||

>Developer tools can enforce terms.

No they can't, because developer tools run on developers' machines. You can't trust your code running in an environment you don't trust.

luxuryballs 4 hours ago||

I can just as easily imagine non-nefarious reasons for this from a “being clever” standpoint.

hhh 7 hours ago||

Cool fingerprinting avenue.

anonym29 4 hours ago||

>the binary that ships it should be boring (ƒor example, pi harness)

pi's "minimal" coding-agent has a total of 132 transitive dependencies spanning 153 maintainers.

While I understand JS developers in the JS/NPM ecosystem think this qualifies as minimal, it most certainly does not, from a supply chain security perspective.

ahmedehab_01 7 hours ago||

Frankly, I don't see this as the concerning behaviour the article describes. It is fine to try to protect against distillation through a technique like this. This will also allow them to, instead of blocking the distillation agents, respond with a poorer result/model, hindering the progress of distillation, momentarily at least.

I would guess that's their first line of defense; they should have more techniques to identify distillation because that's a very simple way of detecting the host and can be easily spoofed.

applfanboysbgon 7 hours ago|

> This will also allow them to, instead of blocking the distillation agents, respond with a poorer result/model,

i.e. this will allow them to literally commit fraud against paying customers

SubiculumCode 7 hours ago|||

1st, this technique is not fraud, and fraud is a separate accusation. 2nd, paying customers can legally and legitimately be banned and monitored for breaking terms of service, which probably includes things like using the model against U.S. export restrictions.

applfanboysbgon 3 hours ago|||

> 2nd, paying customers can legally and legitimately be banned and monitored for breaking terms of service

Yes, I said that. If a user is breaking your terms of service, ban them. Continuing to charge them while not providing the service they're paying for is, in fact, literal textbook fraud.

applfanboysbgon 6 hours ago||||

Banning is completely different than charging for a service you're silently not providing.

SubiculumCode 6 hours ago||

Evidence?

skeptic_ai 6 hours ago|||

So if I change my timezone to Shanghai I deserve to get banned? Or get shitty model instead of what I’m paying for?

SubiculumCode 6 hours ago||

Evidence?

ahmedehab_01 6 hours ago||||

Do paying customers distill? Is it fraud to protect against distillers?

chadgpt3 7 hours ago|||

That's what capitalism is all about, baby! Especially if the customers don't notice.

mosfets 6 hours ago|

I clicked the link to learn what steganography mean...

LoganDark 6 hours ago|

Steganography is, essentially, hiding information within another message, such that it's not readily apparent that the message contains the information.

More comments...