• frongt@lemmy.zip
    link
    fedilink
    English
    arrow-up
    33
    arrow-down
    16
    ·
    1 day ago

    That’s not what steganography is. There is no hidden message here.

    • WesternInfidels@feddit.online
      link
      fedilink
      English
      arrow-up
      34
      arrow-down
      2
      ·
      20 hours ago

      Your assertion baffles me. The CC client is sending information about its execution context back to Anthropic HQ in a sneaky, obfuscated way that most people wouldn’t notice.

      If that’s not a hidden message, if that’s not steganography, what is?

      • frongt@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        6
        ·
        16 hours ago

        It’s not sending it back. It’s essentially watermarking the output, so that it can be identified if it appears somewhere unexpected.

        • GamingChairModel@lemmy.world
          link
          fedilink
          English
          arrow-up
          24
          ·
          13 hours ago

          It modifies the prompt, aka the input, not the output. It is smuggling 3 bits of secret user/session data in a wrapper that doesn’t look like it contains that data. As the article explains:

          So the marker becomes part of the system context sent to the model.

          This is a normal timestamp on a prompt:

          Today's date is 2026-07-11.

          But if your system timezone is a Chinese mainland timezone, it looks like:

          Today's date is 2026/07/11.

          Then, if your base URL includes a keyword like “deepseek,” it silently replaces the apostrophe from a ' to a ʼ:

          Todayʼs date is 2026-07-11.

          Or if the base URL has one of the domains on the list, like any .cn domain, it replaces the apostrophe with another apostrophe character:

          Today’s date is 2026-07-11.

          And if it has both a URL and a keyword on the watchlist, the prompt context includes:

          Todayʹs date is 2026-07-11

          That’s 3 bits of information: does this system have a mainland Chinese time zone, does the base URL contain a known keyword (associated with Chinese AI competitors) or a known domain (associated with mainland China or its major tech companies). And it sneaks it on by without making it obvious.

          That’s steganography.

        • QuizzaciousOtter@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          7
          ·
          15 hours ago

          Did you read the post?

          the marker becomes part of the system context sent to the model. (Where Anthropic probably parses in their backend)

    • billwashere@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      ·
      22 hours ago

      Yeah I thought steganography was hiding messages in images.

      Ok I just looked it up, apparently it can be anything. Images, audio, video, or even text.

      I remember I had this Perl module once that would convert passwords into a binary string and then convert that string into spaces and tabs. Looked like a blank file. I guess that was technically steganography.

      • frongt@lemmy.zip
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        5
        ·
        22 hours ago

        No, that’s encoding. If you hid that message inside another message, that would be steganography.

        • wonderingwanderer@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          5
          ·
          22 hours ago

          It is a message hidden in a message. The hidden message is the binary password, and the container message is “[blank]