wow 👀
Claude Code allegedly fingerprints China-linked custom routes through tiny prompt formatting changes.
The claim concerns non-default ANTHROPIC_BASE_URL routes, not ordinary direct Anthropic connections.
As to the mechanism, Claude Code normally sends your request to Anthropic’s server, but some users change the address so it goes through another server first.
The accusation says Claude Code detects that changed route, checks whether it looks China-linked, then hides tiny signals inside the prompt text.
ANTHROPIC_BASE_URL is a setting that tells Claude Code where to send your request i.e. as a way to point Claude Code at a gateway. A proxy or gateway means that request goes through another server before reaching Anthropic.
So the controversy starts if Claude Code then secretly fingerprints that gateway through the prompt itself.
The mechanism is allegedly invisible punctuation and date formatting, used to tag the request without clearly telling the user.
Claude Code allegedly checks the custom hostname, then compares it with China-linked domains.
📍Now this is quite massive issue
If true, hidden prompt markers would mean Claude Code silently tagged routing details without clear disclosure.
Abuse detection is understandable because Anthropic says proxy services are used to bypass China access limits. But secret prompt marking still crosses a trust line because users cannot review or refuse it.
Claude Code is not a normal chatbot because it can read files, edit code, and run commands. A hidden signal inside that kind of tool feels far more serious than tracking inside a website.
This may set a precedent for AI agents becoming hard to audit. Once invisible characters carry metadata, users will distrust even harmless-looking text.
‼️ BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then sends information regarding every user by injecting it into their prompt message.
Claude Code is sending info like timezone, proxy and possible AI Lab connections into the system prompt in ways Chinese users can't notice.
A coding agent with repo and command permissions should not silently hide routing metadata inside prompts. This is a serious breach of user trust.














