Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
_alternator_ 3 hours ago

Yes, defeating this is relatively easy, particularly for sophisticated actors. But it's hard to always defeat all of the tricks. Sort of like how it's expensive and hard and uncertain to defeat all of the tricks when forging money.

Here's an example. Say you have your team use patched binaries. Then CC updates and requires a new patched binary with new tricks. You now have to have a team ready to analyze the binary and begin to address the tricks; meanwhile, unpatched code is now a fingerprint. If some researcher decides to update Claude on their own to access new features, they get fingerprinted.

Defeating a single fingerprinting technique once is easy. Defeating all of the techniques all the time is hard.

SubiculumCode 2 hours ago | parent | next [-]

Not to mention, it isn't that hard for vendor's to require updated code to run the product. Vendors do this all the time.

pishpash 2 hours ago | parent | prev | next [-]

Corporate surveillance malware on employee machines is also defeatable but most don't bother.

charcircuit 2 hours ago | parent | prev [-]

Is it hard? Just ask AI if the update added any new fingerprinting vectors?

_alternator_ 2 hours ago | parent [-]

I'd love for you to try this and report back. My guess is that no models today will successfully run a binary analysis for fingerprinting without a lot of handholding. If you try to use Opus it will almost certainly decline (and fingerprint/ban you).

charcircuit 2 hours ago | parent [-]

Not with Claude Code, but I trivially had Opus scan other closed source software for fingerprinting, including native libraries that it called into.

_alternator_ 2 hours ago | parent [-]

Can you share more details? I ask because my experience suggests that models still require a decent amount of expertise to use for binary analysis (largely inferring because of use on other tasks of this level). I would expect models to always find "something" when you ask for stenographic techniques in the code, but with an extremely high false positive rate.

charcircuit an hour ago | parent [-]

I don't think the diffs between Claude releases are that big. The amount of code in a diff doing sketchy stuff like looking into the host environment is going to be pretty small and obvious for the model. You can do things like ask for what an update included that wasn't mentioned in the release notes and stuff like that.