With this argument you could also justify: "That's not a remote access trojan (RAT), that's just how client-server communication is designed to work."

> You have to put a manifest there if you want the native messaging to work later.

The point is that Claude Desktop didn't ask the user whether they want native messaging in the first place. Which is strange, given that users experience many "Do you grant permission to do XYZ" prompts when working with Anthropic products in other situations.

What you're describing was a norm back in like the 90's, but disappeared in the ought's/10's when companies decided the user actually being kept abreast of what their machine was being asked to do clashed with the ethos that "the luser is clueless, and we are not; just ship the functionality, and we'll beg for forgiveness later". I fought the attitude my entire tenure as a QA engineer, but business always seemed to get their override from the execs above.

At the point we're at, I'm so ethically locked out of unregulated contexts where one can't necessarily get away with that sort of thing, I'm beginning to give up hope the Industry can be turned around at all short of everyone with a modicum of ethics making the experience of computing so damned defensively locked down, it ceases to be a legacy worth passing down as anything but a cautionary tale on the hubris of man, and the ease with which men can be lured to corrupt ends via their stomachs.