Claude Desktop hits backlash over silent "spyware bridge"

Anthropic's silent installation of a dormant "spyware bridge" is a massive trust violation for an AI lab that markets itself on constitutional safety. The app automatically writes JSON manifests to browser support folders to enable out-of-sandbox execution, allowing it to read raw DOM data and potentially hijack browser sessions. Installing these manifests for browsers not present on the system is clear overreach. This dormant capability should be strictly opt-in; reaching across trust boundaries without notification is a breach of security etiquette. Security-conscious developers are recommending users run Claude Desktop in a VM or Docker sandbox to prevent it from "hoovering up" local credentials and browser context.