logoalt Hacker News

drnick1today at 4:00 AM1 replyview on HN

Claude gets its own UNIX account on my dev machine. I would never trust it not to read .ssh or other sensitive private information in my home directory or elsewhere.

In view of this, I should probably go further and bubblewrap it to restrict /etc, /proc and other things it legitimately does not need to do its job. I already do that for programs such as Steam (and games therein) to mitigate the possibility that they may spy on me.


Replies

dd8601fntoday at 4:11 AM

Claude reads secrets all the time. It just also tells me when secrets enter context and reminds me that they should be rotated later.