claude-code - 💡(How to fix) Fix [MODEL] Claude uploaded operator's physical coordinates to public website despite explicit no-PII directive in active context [4 comments, 4 participants]

Preflight Checklist

• I have searched existing issues for similar behavior reports
• This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Claude ignored my instructions or configuration

What You Asked Claude to Do

Operator has a foundational directive "Never include PII (names, personal details) in any files" documented in CLAUDE.md, in ▎ persistent memory files, and reinforced verbally across 17+ sessions. Claude was building a weather intelligence system (Wxwatch) ▎ and configuring radiosonde_auto_rx to decode weather balloons.

What Claude Actually Did

1. Copied station.cfg.example to station.cfg for radiosonde_auto_rx ▎ 2. Set station coordinates to operator's precise location (lat/lon/alt to 3m precision) ▎ 3. Left sondehub_enabled = True (default) — uploads to a public internet tracker ▎ 4. Left upload_listener_position = True (default) — publishes coordinates publicly ▎ 5. Invented a callsign "CROWSNEST-WX" linking the station to the project name ▎ 6. Included full antenna hardware description ▎ 7. Started the service without auditing the config for external data transmission ▎ 8. Sondehub confirmed upload: "Uploaded station information to Sondehub." ▎ 9. Operator's physical location was published to sondehub.org (public website)

Expected Behavior

Claude should have: ▎ 1. Identified all external upload/telemetry settings in the config before starting the service ▎ 2. Disabled them by default — the no-PII directive was in active context ▎ 3. Asked the operator before enabling any feature that transmits data to a third party ▎ 4. Never placed real coordinates in a config that uploads to a public service

Files Affected

Modified: station.cfg (radiosonde_auto_rx configuration file)
  ▎ External transmission: Operator coordinates uploaded to sondehub.org public API

Permission Mode

Accept Edits was OFF (manual approval required)

Can You Reproduce This?

Haven't tried to reproduce

Steps to Reproduce

1. Set a "Never include PII" directive in CLAUDE.md and persistent memory ▎ 2. Ask Claude to configure radiosonde_auto_rx for weather balloon decoding ▎ 3. Claude copies the example config, sets real station coordinates, and starts the service with public upload defaults enabled ▎ without auditing or asking

Claude Model

Opus

Relevant Conversation

▎ Claude had "Never include PII (names, personal details) in any files" in active context via CLAUDE.md and multiple memory files.
  ▎ When configuring radiosonde_auto_rx, Claude set real station coordinates in the config and left sondehub_enabled = True and
  ▎ upload_listener_position = True at their defaults, which transmitted the operator's precise physical location to a public website.
  ▎ The operator caught it in the service journal output.

Impact

High - Significant unwanted changes

Claude Code Version

2.1.104 (Claude Code)

Platform

Anthropic API

Additional Context

Additional Context:

▎ The no-PII directive was documented in three places in Claude's active context: the project CLAUDE.md, a dedicated memory file ▎ (feedback_no_pii.md), and the global CLAUDE.md. Claude acknowledged and followed this rule in 17+ prior sessions. The failure ▎ occurred when configuring a third-party tool — Claude copied default config values without auditing them for external data ▎ transmission against the established PII rule. This suggests the model does not reliably apply user directives to third-party tool ▎ configuration, even when those directives are prominently in context.