Comment by VortexLain
3 hours ago
Codex CLI is FOSS, unlike Claude Code, so Codex is less likely to do things like that, and it's one more reason to avoid Claude Code and Claude in general. Hopefully, many eyes will be looking into Codex for malicious things like that.
Genuine question though, why would I care about this if I'm paying for a subscription and adhering to TOS. I'm very skeptical about their privacy policy, business practices, and so on, but am curious what the negative about this is. Seems like it would work to my favour as a customer pushing back any date of the cutting of subsidies.
That said, these fraudulent proxies are helping Chinese labs keep up, which might be to my advantage long term in eventually having a high quality private AI I fully control on my own hardware. That's not support, but I do recognize the incentive, for whatever that's worth.
"malicious"? Seems like a great way to filter users breaching the TOS while not impeding on normal users. A FOSS client just means they're doing more analysis hidden on their servers.
It's released and signed by GitHub I believe (although not deterministic builds), but there's at least a little bit of provenance that you're getting the real repository.
But wasnt claude code leaked? Why wasnt this found earlier?
It doesn't take long for them to vibe code new features for CC
Or vibe code it completely differently. After all, they have basically unlimited access to best models with maximum speed if they just wanted to.
This specific form of steganography was not present when the leak happened, as far as I can tell.