How Claude Code Uses Steganography to Precisely Block Chinese Users

Claude Code identifies Chinese users by reading the local timezone and the ANTHROPIC_BASE_URL, then hides this information in system prompts using subtle Unicode steganography, allowing Anthropic to tag and block accounts without any visible telemetry or extra network traffic.

Java Tech Enthusiast
Java Tech Enthusiast
Java Tech Enthusiast
How Claude Code Uses Steganography to Precisely Block Chinese Users

Claude Code does not rely on IP addresses; instead it uses two local signals to identify users. The first signal is the computer's system timezone. If the timezone is Asia/Shanghai or Asia/Urumqi, the client marks the request as coming from China.

The second signal is the environment variable ANTHROPIC_BASE_URL, which points to the proxy server used in China. Claude Code extracts the domain name from this URL and compares it against an encrypted blacklist containing 147 domains, including top‑level Chinese domains (cn) and major Chinese AI companies such as Baidu, Alibaba, ByteDance, Meituan, NetEase, Ctrip, Xiaohongshu, DeepSeek, Zhipu, Moonshadow, MiniMax, and many API‑relay services.

Rather than sending a separate telemetry payload, Claude Code embeds the detection results directly into the system prompt of every request. It does this in two ways:

Date separator change: When the timezone indicates China, the date format 2026-06-30 is altered to 2026/06/30, replacing the hyphen with a slash.

Unicode quote substitution (text steganography): The ordinary ASCII apostrophe ' (U+0027) is replaced with one of three visually identical Unicode characters depending on the detection outcome: (U+2019, right single quotation mark) – triggered when a Chinese domain is matched but no AI‑lab keyword is present. ʼ (U+02BC, modifier letter apostrophe) – triggered when an AI‑lab keyword is present. ʹ (U+02B9, modifier letter prime) – triggered when both conditions are met.

These characters render identically in most monospaced fonts, but they are distinct Unicode code points that the server can decode.

Combining the four possible date‑separator states with the three quote variants yields six distinct identity tags that are packed into each normal request. Anthropic’s servers simply decode the date string and the quote’s Unicode value to determine whether the user is in China, whether a proxy is used, and whether the request originates from a known Chinese AI lab.

The hidden logic was introduced in Claude Code version 2.1.9‑1 released on April 2 2024, as revealed by Reddit reverse‑engineer LegitMichel777. Functions named Crt, Rrt, e0t, Zup, edp, and Vla implement the mechanism, though their names give no hint of their purpose.

After the discovery, Anthropic admitted the feature was an "experimental" measure launched in March 2026 to prevent unauthorized account resale and model‑distillation attacks. The company said a stronger mitigation would be shipped in a new version on July 2 2026, which will completely roll back and remove the code.

Despite the official justification, the community argues that reading a user’s timezone and maintaining a blacklist of domestic domains are disproportionate to the stated goal of preventing model distillation, and that the mechanism can be trivially bypassed by changing the timezone or proxy address. Moreover, the hidden tagging system leaves ordinary paying users vulnerable to unexplained bans, raising serious trust and privacy concerns.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

privacyreverse engineeringSteganographyAnthropicClaude CodeUser Identification
Java Tech Enthusiast
Written by

Java Tech Enthusiast

Sharing computer programming language knowledge, focusing on Java fundamentals, data structures, related tools, Spring Cloud, IntelliJ IDEA... Book giveaways, red‑packet rewards and other perks await!

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.