anthropics
Claude Code logs partial keystrokes and stores plaintext emails in ~/.claude.json
Claude Code is actively capturing and storing highly sensitive user input, including partial and unsent keystrokes, alongside plaintext OAuth account metadata (email, user IDs, organization IDs), all within its ~/.claude.json file. This behavior has been specifically verified on Windows Subsystem for Linux (WSL) environments.
The ~/.claude.json file grows indefinitely, creating an unencrypted, detailed log of user interactions and sensitive information. The OAuth metadata storage is particularly egregious as it's completely unnecessary after initial authentication - the app remains logged in even when this data is removed, meaning user emails are being stored alongside partial keystrokes for no functional reason.
For a full technical breakdown, and a temporary mitigation script, please see my claude-privacy-cleaner repository.
Following up on this issue with some more precise observations about the keystroke logging behavior, which might help in pinpointing the exact cause:
Intermittent Nature: I've noticed the logging of partial/deleted input is somewhat intermittent and not every single keystroke.
Character Threshold: It seems to primarily trigger only after typing approximately 20 characters or more, even if those characters are subsequently deleted.
Ctrl+L Correlation: Critically, I've observed that the logging occurs much more frequently when using Ctrl+L to clear the current input line. It appears that when Ctrl+L is used, the content of the buffer just before it's cleared is saved to the ~/.claude.json file.
My current hypothesis is that the program might be misinterpreting the Ctrl+L event (which should clear the buffer) as a kind of "buffer submitted" event, similar to hitting Enter, thereby triggering the logging of that discarded content. This would explain why partial, deleted prompts are appearing in the logs.
Hopefully, these additional details provide clearer reproduction steps and help narrow down the area of the code responsible for this privacy concern.
Here are highly targeted and obfuscated examples directly from the .claude.json configuration file, illustrating specific points about the data collected by Claude Code.
1. Logging of Every Prompt (including partial keystrokes)
This snippet demonstrates how Claude Code records every prompt, including incomplete or partial user input, which functions as a form of keystroke logging. This specifically shows how the tool logs when a user types a partial thought, changes their mind, and then rewords or starts a new, related prompt.
"history": [
{
"display": "can you write a markdow",
"pastedContents": {}
},
{
"display": "please compose a markdown document summarizing correct MCP server setup",
"pastedContents": {}
}
]
2. Logging of Project/Folder Paths
This example shows how Claude Code logs the full paths of directories you have opened or worked within.
"projects": {
"/mnt/c/Users/User/Desktop/Sensitive Project": { /* ... */ }
}
3. Plaintext OAuth Metadata Storage
This snippet illustrates the storage of sensitive authentication-related metadata is stored in plain, unencrypted text.
"oauthAccount": {
"emailAddress": "[email protected]",
"organizationRole": "admin"
}
Edit: Updated the example to remove ambiguity about what's happening - not just partial prompt saving but actual deleted prompt entries.
I've confirmed it on Mac OS as well. This appears systemic. This requires immediate attention. It is the ctrl l that logs the deleted prompt draft. The fact that prompts are being saved in plaintext along with your email address is bad enough. But it is also logging partial prompt drafts which is essentially a partial keystroke logger.
Wild. I can confirm that this appears to be a comprehensive log of most user actions/prompts in the CLI.
I cannot find any documentation about it on their site.
Wild. I can confirm that this appears to be a comprehensive log of most user actions/prompts in the CLI.
I cannot find any documentation about it on their site.
Absolutely! Please help spread the word and check out my script which instantly clears the file of everything except MCP server configs!
Hahah, I just found this because I was noticing weird buffer problems in my session, I'd get half-way through typing and the shell would hang. I suspected there was some claude behaviour that was running somewhere because the rest of my system was responsive. There's no reason IO should block prior to me hitting enter. Thanks for highlighting this issue.
That's insane. Why did Anthropic opt to store all user data in just a single JSON file? Please prioritize this issue and consider using a local database approach. I have good experience with https://sql.js.org/, which might be helpful.
I wonder if the data displayed when running /status is cached in the aforementioned log file!?
Sorry, I was away for so long, life happened. Currently typing this from my Prius while I wait for Uber passengers (lol).
I updated my fix script to match the new file structure and fixed the install issues. claude-privacy-cleaner
This still affects all users. All users are having their entire chat history stored in hidden plain text files without their permission or notifying them. Even months later. The CTRL L bug persists too and even stores partial keystrokes that way. And they even added even more logging files in .claude folder. Crazy.
I hope this helps! I'm running this every time I use Claude Code.
Note to devs: please don't add more secret logging files and folders lmao. You must be trolling me. Let's talk about this.
This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
