Comment by LPisGood
2 hours ago
This is very interesting. Combating resellers and distillation seems like a very difficult problem indeed. Interesting to me is that these techniques mentioned in the article are just like anti-observation techniques used by some of the more sophisticated malware out there, however defeating them is pretty trivial.
Yes, defeating this is relatively easy, particularly for sophisticated actors. But it's hard to always defeat all of the tricks. Sort of like how it's expensive and hard and uncertain to defeat all of the tricks when forging money.
Here's an example. Say you have your team use patched binaries. Then CC updates and requires a new patched binary with new tricks. You now have to have a team ready to analyze the binary and begin to address the tricks; meanwhile, unpatched code is now a fingerprint. If some researcher decides to update Claude on their own to access new features, they get fingerprinted.
Defeating a single fingerprinting technique once is easy. Defeating all of the techniques all the time is hard.
Not to mention, it isn't that hard for vendor's to require updated code to run the product. Vendors do this all the time.
Corporate surveillance malware on employee machines is also defeatable but most don't bother.
Is it hard? Just ask AI if the update added any new fingerprinting vectors?
I'd love for you to try this and report back. My guess is that no models today will successfully run a binary analysis for fingerprinting without a lot of handholding. If you try to use Opus it will almost certainly decline (and fingerprint/ban you).
3 replies →
seems ironically like a similar problem of content owners trying to filter bot scrapers from legit users