The fact that Claude can and does access files outside the PWD while asking for sudo to do things constantly seems to be a recipe for Anthropic scanning your system without your knowledge and saving that for 5 years if you decided to 'help improve Claude'.

No, 'safety oriented' lab has a clause like that which can't be revoked historically. Anthropic, like the majority of 'don't be evil' firms is apart of the great masquerade.

Some weeks ago I opened Zeditor, it asks me if I want AI, I say yes, a sidebar opens I ask said LLM: What can you see? It does some `ls`'s, it sees my .ssh folder and priv keys. I turned it off. Now I run Claude code in a container with just pwd mounted to it.

The whole experience was a bit jarring. When it knows I use nix, the the thing can easily `nix-shell -p nmap` its way into learning a lot more about my entire network than I am comfortable with. I think I'll edit the Containerfile further to also make Claude Code a user that can't install anything.

It's really like some "agent" (yeah I know, but I mean really an external person) takes control of your computer, with the same privileges as you. Idk why I had to see this happen in front of my eyes to fully realize this.

Of course every computer program has these rights, and you have to trust any of these devs...

> The whole experience was a bit jarring. When it knows I use nix, the the thing can easily `nix-shell -p nmap` its way into learning a lot more about my entire network than I am comfortable with. I think I'll edit the Containerfile further to also make Claude Code a user that can't install anything.

Note that putting it in container changes jack shit, if it still has network access, it can scan your network anyway, and it needs access to install language deps and such to "do its work"

It's a security nightmare.

Every goddamn time with this type of dogshit advice.

Perfect is the enemy of good.

Don't just rawdog a coding agent because a perfectly viable solution (containers) takes an hour or two of work to set up.

There's a world of difference between "it can scan your network" and "I just uploaded my private SSH keys to the cloud".

> Don't just rawdog a coding agent because a perfectly viable solution (containers) takes an hour or two of work to set up.

Setting up a separate unprivileged Linux user account takes all of like a minute. Assuming that the $HOME for your daily-driver account isn't world-readable, [0] that gets you the majority of the isolation that containerization provides and doesn't expose you to any bugs in the containerization management daemon (or the containerization code, itself) that may still be present even after all these years.

These things are usually TUIs or CLIs, so you don't need to bother with giving them xauth access or whatever the Wayland equivalents for that are.

[0] If it is, you might consider fixing that immediately.

See, I like this. "Create a new user account" is much better advice than "don't use a container".

My problem with the latter advice is that I know for a fact that people will read it, then continue to use absolutely no protection whasoever.

I have also wanted to use a simple file permission system, but I started with a container and I can't be troubled to switch yet.

> Note that putting it in container changes jack shit, if it still has network access, it can scan your network anyway...

That's why VLANs are nice, as is requiring your container system (or VM or whatever) to attach its vNICs to a VLAN-tagged bridge on the host rather than the untagged interface that your trusted software uses. If the only thing that the container can hit on your LAN is your router, and your router refuses to forward traffic from that untrusted VLAN to anywhere other than the internet, then that cuts off another avenue for intelligence gathering.

That all assumes that you can't exploit the container daemon to get root, of course.

That's what happens with propietary software. No sane person -for work if your dumb $BOSS makes in mandatory- should be using that outside of a Guix/Nix env with really constrained settings.

At home I have no propietary software at all modulo some original GBC ROMs I dumped to play with emulators, but that is not my 'daily computing' usage but an act of nostalgia.

Exactly my worry, so I've bubblewrapped it on my computer. https://kaveh.page/blog/claude-code-sandbox

Great balance of simplicity and functionality. I'll be adapting this for VSCode+Cline. Thanks for sharing.

It does but AFAIK it always asks me if I want to allow it unless it has it saved that permission was already given.

There is a good graph for transitions that works well for learning since it is a process of forced change.

https://cdn.shrm.org/image/upload/c_crop%2ch_883%2cw_1401%2c...

Enron was lauded for its intense work culture and competitiveness.

Stop asking me for access to my contacts, microphone, location, or permission to send me 5 kinds of useless notifications.

FuckinAright

How is paying for a product instead of being the product a bad thing?

That view is overly simplistic. People find real utility in ad-supported tools and apps.

But the question is if its a net negative for society. People found real utility is leaded gasoline too, but we rightfully had to ban that

It is beyond time for a Representation Reconciliation. If the People do not control their destiny then tyranny reigns. There is no debate.

Very cool. Clean.

Arguments for the lesser of two evils are just wrappers for slippery slope logic. The actual alternative is to pass air tight privacy laws that restrain the growing power of control systems.

It's not a slippery slope if it's already slipped. In over 20 states you have to do age verifications with online companies in order to do "adult" things online