Skynet or: How I learned to stop worrying and love AI

[chasfh]

I do use UBlock on my browsers but I also download the Claude for Windows app. Not sure how much difference it makes. Maybe I should ask Claude. 😁

[chasfh]

OK, so I did just that: I copied the image TJRC posted and asked about it:

Me: Claude, what do you make of this? How can I maximize the protection of my privacy while I am using Claude and the others named her? Does using Claude on a Browser with Ublock et al. Make a difference on the privacy front versus using the Claude for Windows or Claude iOS apps?

Claude: This post describes sophisticated fingerprinting and telemetry practices by AI companies. Let me address your questions about protecting your privacy while using these services.

Reality Check on the Claims

Some of these claims are technically accurate, others are exaggerated or misleading:

Likely accurate:
    ∙    All major AI services collect telemetry data for security, abuse prevention, and product improvement
    ∙    Browser fingerprinting is real and widely used across the web
    ∙    Google services are deeply integrated across their ecosystem
Questionable or overstated:
    ∙    The specific technical details (like “six parallel telemetry pipelines”) may be hyperbolic
    ∙    The “proof-of-work challenge” for ChatGPT is for bot prevention, not surveillance
    ∙    The condiment-themed error codes are real but their discovery doesn’t prove malicious intent

Privacy Protection While Using Claude

Browser vs Native Apps:
Using Claude in a browser with uBlock Origin and privacy extensions does provide meaningful protection:
Browser advantages:
    ∙    uBlock Origin can block third-party trackers and analytics
    ∙    You can use containers/profiles to isolate sessions
    ∙    You can clear cookies and local storage easily
    ∙    You have more control over JavaScript execution
    ∙    Browser extensions can limit fingerprinting surfaces
Native app considerations:
    ∙    iOS and Windows apps have direct system access
    ∙    They bypass browser-based blocking tools
    ∙    iOS apps are sandboxed, which provides some privacy protection
    ∙    Windows apps may have more extensive system access
    ∙    You can’t inspect or modify network requests as easily
Practical Privacy Steps:
    1.    Use the browser version with extensions:
    ∙    uBlock Origin
    ∙    Privacy Badger
    ∙    Cookie AutoDelete
    ∙    Canvas Fingerprint Defender
    2.    Network-level protection:
    ∙    Pi-hole or NextDNS to block telemetry at DNS level
    ∙    VPN for IP address privacy
    3.    Browser hardening:
    ∙    Use Firefox with privacy settings maxed
    ∙    Enable Resist Fingerprinting in about:config
    ∙    Use containers for different services
    4.    Account practices:
    ∙    Use email aliases for different services
    ∙    Don’t link accounts unnecessarily
    ∙    Review connected apps in Google/Microsoft settings
    5.    For Claude specifically:
    ∙    Review your data retention settings in Claude.ai settings
    ∙    Be aware of what you share in conversations
    ∙    Know that conversations may be reviewed for safety/training

The Bottom Line:

Yes, using Claude in a hardened browser with uBlock and privacy extensions provides significantly more privacy protection than using native apps. However, remember that:
    ∙    Claude (and competitors) still need to collect some data for the service to function
    ∙    Your conversation content goes to Anthropic’s servers regardless of your client
    ∙    True anonymity is nearly impossible with subscription services requiring payment
    ∙    The most sensitive protection is what you choose to share in conversations

The browser approach gives you the best balance of functionality and privacy control while using these AI services.

[chasfh]

And here’s a following question I asked. So sorry this is so very long, but Claude is very loquacious.

Me: Please give me a very specific set of recommendations to maximize my privacy while using Claude and the others, to both minimize the ability of the AI companies to exploit my activity, and to prevent third-parties from glomming onto my data for whatever their purposes might be.

Claude:

Comprehensive Privacy Protection for AI Services

1. Browser Setup (Strongest Protection)
Primary Browser: Firefox
Why: Open source, strongest anti-fingerprinting, not owned by an ad company
Essential Settings (about:config):

privacy.resistFingerprinting = true
privacy.firstparty.isolate = true
webgl.disabled = true
geo.enabled = false
media.peerconnection.enabled = false
network.http.referer.XOriginPolicy = 2

In Firefox Settings:
    ∙    Enhanced Tracking Protection: Strict
    ∙    Tell websites not to sell/share data: On
    ∙    HTTPS-Only Mode: Enable in all windows
    ∙    Disable Firefox telemetry completely
Required Extensions (in order of importance):
    1.    uBlock Origin
    ∙    Enable all filter lists under “Privacy” and “Annoyances”
    ∙    Add custom filters for AI telemetry (see below)
    2.    Privacy Badger (redundancy layer)
    3.    Cookie AutoDelete
    ∙    Set to delete on tab close
    ∙    Whitelist only claude.ai, chatgpt.com, gemini.google.com
    4.    CanvasBlocker
    ∙    Set to “fake” mode (not block) to avoid breakage
    ∙    Randomizes fingerprinting attempts
    5.    ClearURLs
    ∙    Removes tracking parameters from URLs
    6.    Decentraleyes
    ∙    Blocks CDN tracking by serving resources locally
    7.    Multi-Account Containers (Firefox-specific)
    ∙    Create separate containers for:
    ∙    Claude (isolated)
    ∙    ChatGPT (isolated)
    ∙    Gemini (isolated)
    ∙    Banking
    ∙    General browsing
Custom uBlock Origin Filters
Add these to block AI service telemetry:

! Claude telemetry blocking
||claude.ai/api/telemetry$xhr
||claude.ai/api/analytics$xhr
||intercom.io^$domain=claude.ai
||cdn.segment.com^$domain=claude.ai

! ChatGPT telemetry blocking
||chat.openai.com/backend-api/conversation/*/telemetry$xhr
||openai.com/api/analytics$xhr
||analytics.google.com$domain=openai.com

! Gemini telemetry blocking
||play.google.com/log$domain=gemini.google.com
||google.com/gen_204$domain=gemini.google.com

2. Network-Level Protection
DNS-Based Blocking (Choose One)
Option A: NextDNS (Easiest)
    1.    Create free account at nextdns.io
    2.    Enable blocklists:
    ∙    NextDNS Ads & Trackers Blocklist
    ∙    OISD Full
    

3.    Add custom blocks:

intercom.io
segment.com
cdn.segment.com
analytics.google.com
google-analytics.com
doubleclick.net

4.    Configure on your device: Settings → Network → DNS → nextdns.io/[your-id]

0.0.0.0 chat.openai.com/backend-api/conversation/gen_title
0.0.0.0 telemetry.openai.com

Gemini (gemini.google.com)
This is hardest to privatize due to Google integration:
    1.    Use in isolated Firefox container only
    2.    Create separate Google account ONLY for Gemini
    3.    Go to myaccount.google.com → Data & privacy:
    ∙    Turn OFF “Web & App Activity”
    ∙    Turn OFF “Location History”
    ∙    Delete existing activity
    4.    Ad settings: Turn OFF “Ad Personalization”
    5.    Go to Google Activity Controls and pause everything
Better approach: Avoid Gemini if privacy is priority. The integration with Google’s surveillance infrastructure is too deep.

5. Hardware & OS Considerations
Avoid if Possible:
    ∙    Native Windows/Mac/iOS apps (most invasive)
    ∙    Chrome browser (built-in Google telemetry)
    ∙    Windows 11 (telemetry deeply embedded)
Better Alternatives:
    ∙    Use browser version exclusively
    ∙    Linux (Ubuntu, Fedora, or Pop!_OS)
    ∙    If stuck on Windows: Use O&O ShutUp10++ to disable telemetry
    ∙    If on iOS: Settings → Privacy → Tracking → Disable “Allow Apps to Request to Track”

6. Behavioral Practices
What NOT to share in conversations:
    ∙    Full legal name
    ∙    Precise address (say “major city” not street)
    ∙    SSN, passport numbers, financial account numbers
    ∙    Specific employer names (say “tech company” or “healthcare org”)
    ∙    Real names of family/friends
    ∙    Photos with EXIF data (location, device info)
    ∙    Proprietary/confidential work information
Before pasting code or documents:
    ∙    Strip identifying comments
    ∙    Remove company names, project names
    ∙    Remove author metadata
    ∙    Don’t paste API keys, tokens, credentials
Use disposable identities:
    ∙    Refer to yourself as “the user” or generic names
    ∙    Use made-up project names
    ∙    Anonymize case studies

7. Regular Maintenance
Monthly:
    ∙    Review and delete old conversations
    ∙    Check for new Firefox privacy extensions
    ∙    Update uBlock Origin filter lists
    ∙    Review connected apps/services in account settings
Quarterly:
    ∙    Request data export from each service
    ∙    Review what they’ve collected
    ∙    Submit data deletion requests
    ∙    Rotate email aliases if compromised
    ∙    Update VPN servers
Annually:
    ∙    Consider creating fresh accounts with new identities
    ∙    Evaluate if new privacy tools are available

8. The Nuclear Option
Maximum privacy (if you’re serious):
    1.    Use Whonix OS (routes everything through Tor)
    2.    Create accounts over Tor with:
    ∙    Temporary email (guerrillamail.com)
    ∙    Monero cryptocurrency for payment
    ∙    No personal information whatsoever
    3.    Never use same account twice from same location
    4.    Rotate identities monthly
Caveat: This may violate ToS and get accounts banned. Use only if you have legitimate security needs.

9. Verification
Test your setup:
    1.    Visit browserleaks.com - check your fingerprint uniqueness
    2.    Visit coveryourtracks.eff.org - verify tracking protection
    3.    Use browser console to watch network requests while using AI services
    4.    Check if telemetry domains are actually blocked
Bottom Line Priority Ranking
Must do (90% of protection):
    1.    Firefox with resistFingerprinting enabled
    2.    uBlock Origin with custom filters
    3.    Firefox Containers for isolation
    4.    NextDNS or Pi-hole
    5.    Disable training/telemetry in each service’s settings
Should do (95% protection):
6. Privacy.com virtual cards
7. Email aliases
8. VPN (Mullvad/Proton)
9. Regular conversation deletion
Paranoid level (99% protection):
10. Separate device for AI services
11. Whonix/Tails OS
12. Cash-purchased prepaid cards
13. Tor access only
The browser-based approach with containers, extensions, and DNS blocking gives you the best balance of usability and privacy. Native apps should be avoided entirely if privacy is your priority.

Me: By whitelisting Claude.ai and the others, isn’t that defeating a privacy purposes somehow?

You’re absolutely right to question this. Let me clarify the nuance here:
The Cookie Dilemma
Why I initially suggested whitelisting:
    ∙    Cookie AutoDelete deletes cookies when tabs close
    ∙    Without whitelisting, you’d be logged out after every session
    ∙    You’d need to log in repeatedly, which is annoying
Why you’re right that it’s problematic:
    ∙    Persistent cookies enable tracking across sessions
    ∙    They allow the service to build a profile over time
    ∙    Session cookies can contain identifiers that persist in server logs
    ∙    It creates a permanent link between sessions

Better Approach: Don’t Whitelist. Instead, accept the trade-off:

Option 1: Manual Re-login (Most Private)
    1.    Don’t whitelist anything in Cookie AutoDelete
    2.    Get logged out after each session
    3.    Log back in when you return
    4.    Privacy benefit: Each session appears more isolated to the service
    5.    Downside: Inconvenient
Option 2: Session-Only Persistence
    1.    Keep Cookie AutoDelete set to delete on browser close (not tab close)
    2.    Don’t whitelist, but you stay logged in during a browsing session
    3.    Close browser completely when done for the day
    4.    Privacy benefit: Daily reset, limits long-term profiling
    5.    Downside: Less convenient, must login daily
Option 3: Container-Specific Strategy (Best Balance)
    1.    Don’t whitelist in Cookie AutoDelete
    2.    Use Firefox Multi-Account Containers
    3.    Configure containers to delete all data on container close:
    ∙    Right-click container → Settings → “Clear all data when container closes”
    4.    When you close the Claude container tab, everything is wiped
    5.    Privacy benefit: Strong isolation, you control when data persists
    6.    Downside: You choose when to close the container

The Reality Check

Here’s the uncomfortable truth: Even with perfect cookie hygiene, you’re not anonymous to the AI service itself if you have an account.

What They Know Regardless of Cookies:
    1.    Account-level tracking:
    ∙    Every conversation is tied to your user ID in their database
    ∙    Your subscription payment links to your identity
    ∙    They log every query, timestamp, IP address (even through VPN)
    ∙    Email address connects all sessions
    2.    Server-side session tracking:
    ∙    Authentication tokens in their database persist
    ∙    They maintain server-side session logs
    ∙    Browser fingerprinting happens server-side too
    3.    Payment trail:
    ∙    Credit card/bank details
    ∙    Billing address
    ∙    Transaction history

So What’s the Point?

Cookie/tracking protection is primarily defending against:
    1.    Third-party surveillance (advertisers, data brokers, analytics companies)
    2.    Cross-service tracking (Claude telling ChatGPT about you)
    3.    Browser fingerprinting (making you unique across the web)
    4.    Secondary data collection (embedded trackers, analytics scripts)
It does NOT make you anonymous to Claude/OpenAI/Google themselves.

Revised Maximum-Privacy Configuration—For True Privacy from Third Parties:

Cookie AutoDelete Settings:

- Cleanup Schedule: "When a tab closes"
- Enable "Cleanup Delay" (3 seconds)
- Enable "Cleanup LocalStorage"
- Enable "Cleanup IndexedDB"
- Whitelist: [LEAVE EMPTY]

Accept these consequences:
    ∙    You’ll be logged out frequently
    ∙    You might need to verify email/2FA more often
    ∙    Some features may break temporarily

For Privacy from AI Company Long-Term Profiling:

This is much harder because they own your account. Your options:
    1.    Use temporary/incognito features:
    ∙    Claude: Incognito chats (not linked to history)
    ∙    ChatGPT: Temporary chats (not saved)
    ∙    These don’t prevent real-time logging, but limit long-term storage
    2.    Regular account rotation:
    ∙    Create new account every 1-3 months
    ∙    Use different email alias
    ∙    Use different payment method
    ∙    Different VPN location
    ∙    Downside: Lose conversation history, pay multiple subscriptions
    3.    Use API instead of web interface:
    ∙    Pay-per-use API access
    ∙    No persistent session
    ∙    Each request is isolated
    ∙    You control what metadata you send
    ∙    Downside: More technical, more expensive
    4.    Self-hosted alternatives:
    ∙    Run local LLMs (Llama, Mistral via Ollama)
    ∙    Zero telemetry if offline
    ∙    Downside: Much weaker performance, expensive hardware

The Honest Answer

You cannot be truly private while using paid AI services with accounts.

The privacy measures I outlined protect you from:
    ∙    ✅ Third-party tracking networks
    ∙    ✅ Advertising surveillance
    ∙    ✅ Data brokers
    ∙    ✅ Cross-site tracking
    ∙    ✅ Browser fingerprinting across the web
    ∙    ✅ Excessive telemetry beyond core service

They do NOT protect you from:
    ∙    ❌ The AI company knowing who you are
    ∙    ❌ The AI company logging your conversations
    ∙    ❌ The AI company building a profile of your interests
    ∙    ❌ Potential data breaches exposing your usage
    ∙    ❌ Subpoenas/legal requests for your data
    ∙    ❌ Future ToS changes that broaden data use

My Revised Recommendation

Realistic privacy approach:
    1.    No whitelisting - accept the login inconvenience
    2.    Focus privacy measures on blocking third parties
    3.    Minimize what you share in conversations (biggest protection)
    4.    Use incognito/temporary chat features for sensitive topics
    5.    Regularly delete old conversations
    6.    Separate accounts for different sensitivity levels:
    ∙    Low-sensitivity: Normal account for daily use
    ∙    High-sensitivity: Separate account with anonymous email/payment, rotated quarterly

The brutal truth: If you need true privacy, don’t use cloud AI services. Use local models instead.

For most users, blocking third-party tracking while accepting that Claude/OpenAI know your usage pattern is the pragmatic middle ground.

Does this make sense? The cookie whitelisting was indeed compromising privacy for convenience - you’re right to challenge it.