Claude Desktop changes software permissions without consent

Anthropic's Claude Desktop for macOS silently installs a Native Messaging manifest file that pre-authorizes browser extensions across multiple Chromium-based browsers — including browsers not yet installed on the user's device — without disclosure or user consent. Privacy consultant Alexander Hanff argues this constitutes a violation of Article 5(3) of the EU ePrivacy Directive and potentially criminal computer misuse laws. The manifest grants Claude browser extensions access to authenticated sessions, web page reading, form filling, and screen capture, with the bridge binary running outside the browser sandbox at user privilege level. Security consultant Noah Kenney confirms the technical claims are reproducible and agrees the behavior breaks widely understood trust boundaries, though he disputes the 'spyware' label since no active data exfiltration has been demonstrated. Anthropic has not responded to the allegations, and Hanff says he will file a formal regulatory complaint if the issue is not fixed.