共有:

Alleged Covert Fingerprinting

Can a date format
give you away?

THE DECODER and other outlets report that Claude Code covertly logged the connection paths of Chinese users through subtle differences in date formatting — 2026-06-30 vs. 2026/06/30. The claim still needs verification. For anyone running Claude Code in CI or local tooling, this is not something to ignore.

AI Navigate Editorial2026.07.026 min read

SAME DATE · DIFFERENT WRITING · A FINGERPRINT? 2026-06-30 Hyphen-separated 2026/06/30 Slash-separated SERVER LOG · ROUTE FINGERPRINT
01

The Claim

An "invisible ID"
tied to connection path

Multiple outlets, led by THE DECODER, reported that Claude Code covertly correlated the connection paths of Chinese users through variations in the way dates get written. The core observation: in the model's date output, the choice of separator quietly tracked with IPs, regions, and proxy routes.

Verification is still in progress. But this is exactly the kind of fingerprinting technique that's been discussed in the security literature for quietly identifying otherwise-anonymous clients, so the technique itself is plausible. Developers running Claude Code in CI and internal tooling have already begun to raise flags.


02

How It Works

Same date,
different writing

Using formatting as an identifier isn't complicated in itself.

USER PROMPT MODEL OUTPUT 2026-06-30 Separator carries the hint SERVER LOG Proxied vs. direct route resolved
FIG. Output-side format variation lines up with route information in server logs, per the report.

Claude Code reportedly used differences in date formatting to covertly log the connection paths of Chinese users. If it holds up, users just see a "normal-looking date" — but the server side can correlate the format pattern with the origin of the request, distinguishing direct connections from proxied ones.

Anthropic has not commented on the record as of this writing. This isn't a leaked internal document or court filing — it's an outside-researcher observation. Verification will play out in the industry over the coming days.

03

What To Verify

What you can check
on your own side

Output
Separator variation in dates/times
Path
Proxied vs. direct distribution
CI
Same-prompt reproducibility

Whether or not the report holds, the possibility that model output can carry an unintended identifier is not something CI operators or automation-pipeline owners can shrug off. Diffing outputs for the same prompt more carefully than usual is worth the time.

04

Who Should Look

Volume users
have the most to check

CI & local tooling owners

Comb your logs for anomalous format variation. Audit-log environments will find diffs easiest.

Enterprise security

If you use Claude Code through a proxy, "assume fingerprinted" is a reasonable default operating posture until further clarity.

Casual users

For ordinary conversations and one-off generations, felt-difference rounds to zero.


The same answer might have
an invisible ID stitched into it.


05

The Frontier

Transparency
and its boundary

Regardless of the truth value of the report, the story has surfaced the technical possibility that model output can carry hidden identifiers. Whether frontier-lab transparency policies address this level of detail is now on the agenda — the industry conversation about it will keep unfolding.

Anthropic has long put "safety transparency" on its banner. That's exactly why the official response to this report will carry heavier weight than usual. The principle now being tested: real transparency means disclosing what you're not doing, too.