In-depth analysis of security and privacy in Claude Dispatch

Security questions that people often ask.

Quick summary : In lessons 4 and 5, we built practical workflows—code review, content creation, data analysis . All of these involve sending potentially sensitive information between your phone and your Mac. So how secure is it?

 

You're sitting in a cafe, using public Wi-Fi. The person next to you could be a security researcher, a hacker, or just someone checking Instagram. You pull out your phone and tell Claude to "read the confidential revenue forecasts on my Mac."

Should you be worried?

The short answer is no. And this lesson will explain in detail why, so you can make your own judgment.

Layer 1: Transport Coding (TLS 1.3)

All data packets between your phone and Anthropic's relay server, as well as between the relay servers and your Mac, are encrypted using TLS 1.3—the same encryption method that protects your banking apps, email, and all your HTTPS websites.

TLS 1.3 means:

1. Data is encrypted before it leaves your device.
2. Only the intended recipient can decode it.
3. Even if someone intercepts data packets, they only see random noise.
4. This encryption is the current industry standard, used by billions of connections every day.

This level of protection is similar to checking your bank account balance on a public Wi-Fi network. It's not theoretical security – it's proven in practice.

But Claude Dispatch didn't stop at TLS. That was just the first layer of security.

 

Layer 2: Application Layer Coding

On top of the TLS layer, Dispatch adds a second layer of encryption at the application level. Imagine it as one lock box inside another lock box.

Here's how it works:

1. When you pair your phone and Mac via QR code, both devices will exchange encryption keys.
2. These keys are unique to your pairing session.
3. Each task you send is encrypted with these keys before being encapsulated using TLS.
4. Even if someone were to somehow break TLS encryption, they would still face a second layer of encryption.

Relay servers receive double-encrypted packets. They decrypt the TLS layer for packet routing, but the application layer encryption remains intact. The relay server can see "this packet is sent to serial number Mac X" but cannot see "reading a file named confidential-projections.xlsx".

Quick check : Why is double encryption important? Because it means even Anthropic's infrastructure can't read your data. Architecturally, the relay servers can't access your task contents. This is a design choice, not just a policy promise.

Layer 3: Approval Gateway (Process Security)

The first two layers protect your data during transmission. The third layer protects your data when not in use—on your Mac.

Approval gateways are push notifications sent to your phone when Claude wants to perform an action that affects data. They require you to tap to proceed. No approval, no action.

What actions trigger the approval portal?

1. Delete file
2. System/terminal commands
3. Send messages or emails via connectors.
4. Modify system settings
5. Overwrite existing files
6. Run script

Which actions do not trigger the approval portal?

1. Read file
2. Search the folder
3. Summary of content
4. Create a new document
5. Answer the question

The approval message tells you exactly what Claude wants to do: "Delete the file ~/Documents/old-report.pdf" or "Run the command: npm run build in ~/projects/app".

 

You see the action. You approve or reject it. If you reject it, Claude confirms and proceeds.

Why is this important for security?

Even if someone somehow gains access to your Dispatch session (which requires breaking two layers of encryption), they cannot delete files, run commands, or send messages without your explicit approval on the phone. The approval gateway is your last line of defense.

Relay server model

Let's talk specifically about relay servers, because this is where people's intuition often goes wrong.

People believe that : "My data goes through Anthropic's servers, so Anthropic can view my data."

What actually happens : Your data passes through Anthropic's encrypted relay servers. These relay servers route packets based on routing information (which device to send to) but cannot read the payload (what your task says or what Claude responds).

Think of it this way:

1. Conventional cloud AI (ChatGPT, Gemini, etc.) : Your data is sent to, processed, and stored on their servers. They can see everything.
2. Dispatch : Your data travels through encrypted relay servers, is processed, and stored on YOUR Mac. A relay is a pipeline, not a container.

This is the fundamental architectural difference. With cloud AI, you're trusting the provider with your data. With Dispatch, you're only trusting them to route encrypted data packets. This distinction is crucial, especially for sensitive business data.

What about your phone?

Your phone is the other end of the connection. What data does it store?

1. During a session : Your phone displays the conversation—the tasks you've submitted and the responses Claude has given.
2. After the session ends : No task content is stored outside of the application's normal memory. Closing the application will terminate the session.
3. The files remain on your Mac : When Claude creates or reads a file, it stays on your Mac. Your phone only sees the text representation that Claude sends back.

Your phone is a remote control device, not a storage device. It doesn't download your files. It sends commands and receives written responses.

If your phone is lost or stolen:

1. The Dispatch session is linked to the pairing process. The new pairing requires a QR code from your Mac.
2. No one can access your Mac through Dispatch without re-pairing it.
3. No files from your Mac are stored on your phone.
4. Standard phone security (Face ID, PIN) protects the Claude app itself.

 

Comparing security models

Element	Dispatch	AI is for the cloud only.	AI is only for local use.
Data processing location	Your Mac	Provider cloud	Your device
Data is being transmitted.	Double encryption	Invoice code	N/A (local)
The provider can read the data.	Are not	Have	Are not
Sharing data with third parties	Are not	Depending on the policy	Are not
Approval Gate	Have	Are not	Are not
Operates on public Wi-Fi networks.	Secure (encrypted)	Secure (encrypted)	N/A (local)
Store data on a server.	Are not	Yes (depending on the case)	Are not

Dispatch sits in an interesting middle ground: It offers the convenience of remote access (like cloud AI) with the privacy of local processing (like local AI). Relay servers increase network complexity, but the encryption model means your data isn't exposed to either the network or the relay infrastructure.

Real-world security scenarios

Scenario 1: Public Wi-Fi at the airport

You need to review a contract on your Mac and are connected to the airport Wi-Fi.

Cloud AI : Your contract content is transmitted via airport Wi-Fi to cloud servers, where it is processed and stored.

Dispatch : Your request is transmitted over the airport Wi-Fi, encrypted (TLS 1.3 + application encryption), to a relay server that cannot read it, and then to your Mac at home. The contract never leaves your Mac. No one on the airport Wi-Fi can see your request or Claude's response.

Scenario 2: Shared device

Your child uses your phone to watch YouTube. Can they access Dispatch?

The Claude app requires login. Even if they manage to open the app, they still need your login credentials. And even with your login credentials, Dispatch still requires active pairing with your Mac. No QR code, no access.

Scenario 3: Company Policy

Your company has strict data processing policies. Can you use Dispatch?

This depends on your company's specific policies, but Dispatch's architecture is more privacy-friendly than other cloud-based AI solutions. No data is transferred to third-party servers (relay servers are unreadable). All processing takes place on your company's Macs. No data is stored externally. This is generally easier to get approval for than cloud-based AI tools.

Quick check : If your company has a security team or rules to follow, share the explanation of the three-tier model in this lesson with them. Dispatch's architecture is generally more compliant with data processing policies than other cloud AI solutions – but your security team should make that decision.

Exercise: Self-assess your security

Answer the following questions about your use of Dispatch:

1. What is the most sensitive data you can access through Dispatch? (financial reports, code, customer information, etc.)
2. Where do you usually use Dispatch? (at home, in the office, or in a public place?)
3. Does your company have any data processing policies in place?
4. Are you comfortable with the three-layer security model?
5. What additional precautions are appropriate for your situation?

If your answer suggests you're handling highly sensitive data in public places, Dispatch's security model is precisely designed for that use case. The encryption layers are in place so you can access confidential files from a coffee shop without worry.

 

Try to self-assess Dispatch's security.

Open Claude (claude.ai or Claude Desktop):

Đóng vai trò là cố vấn bảo mật AI của tôi. Chạy bài tự đánh giá bảo mật Dispatch cá nhân của TÔI và cung cấp cho tôi một chính sách mà tôi có thể chuyển cho nhóm CNTT/bảo mật của mình. Về việc sử dụng Dispatch của tôi: - Chức vụ + ngành nghề: [] - Dữ liệu nhạy cảm nhất mà tôi có thể truy cập qua Dispatch (code / tài chính / thông tin cá nhân khách hàng / sức khỏe / pháp lý): [] - Nơi tôi thường sử dụng (Wi-Fi tại nhà / văn phòng / quán cà phê / sân bay): [] - Thiết bị liên quan (model Mac + iPhone / iPad): [] - Mạng dùng chung hay mạng gia đình riêng: [] - Mức độ chính sách xử lý dữ liệu của công ty (không có / chung chung / nghiêm ngặt / được quy định): [] - Môi trường tuân thủ hiện hành (HIPAA / SOC 2 / GDPR / FINRA / không có): [] - Máy Mac của tôi đã được mã hóa ổ đĩa (FileVault) chưa?: [] - Ai khác có quyền truy cập vật lý vào máy Mac của tôi: [] - Mối quan ngại về rủi ro mà tôi muốn giải quyết: [] Cung cấp: 1. PHÂN LOẠI RỦI RO — dữ liệu nào tôi KHÔNG BAO GIỜ nên gửi qua Dispatch ngay cả khi đã mã hóa 2. HƯỚNG DẪN BA LỚP được dịch cho trường hợp sử dụng của tôi (TLS / mã hóa ứng dụng / cổng phê duyệt) 3. CHÍNH SÁCH CỔNG PHÊ DUYỆT — những hành động phá hoại nào tôi yêu cầu cổng phê duyệt, và tôi ủy quyền cho Claude xử lý mặc định 4. GIAO THỨC KHI MẤT THIẾT BỊ — phải làm gì trong 10 phút đầu tiên nếu iPhone của tôi bị mất/bị đánh cắp 5. DANH SÁCH KIỂM TRA WI-FI CÔNG CỘNG — bật/tắt VPN, tùy chọn điểm phát sóng, các phiên cần tránh khi ở ngoài nhà 6. BẢN GHI NHỚ NHÓM BẢO MẬT — bản tóm tắt 1 trang trả lời 5 phản đối có khả năng xảy ra nhất của họ 7. VỆ SINH GHÉP NỐI — khi nào cần ghép nối lại, cách kiểm tra các ghép nối đang hoạt động 8. LẬP BẢN ĐỒ TUÂN THỦ — những mối quan ngại nào của tôi được Dispatch giải quyết so với những mối quan ngại nào vẫn là trách nhiệm của tôi QUY TẮC BẮT BUỘC: - Không bao giờ sử dụng Dispatch cho dữ liệu mà bạn sẽ không gửi qua email được mã hóa của riêng mình. - Cổng phê duyệt là bắt buộc đối với việc xóa file, lệnh shell và tin nhắn gửi đi. - Nếu máy Mac của tôi không được mã hóa bằng FileVault, bảo mật truyền tải của Dispatch sẽ bị lãng phí — dữ liệu lưu trữ trên máy Mac sẽ bị lộ. - Không chia sẻ thông tin đăng nhập Anthropic của bạn. Ghép nối phiên không đồng nghĩa với bảo vệ đăng nhập. - Dữ liệu được quy định (PHI, PCI, đặc quyền luật sư-khách hàng): xác nhận với nhóm bảo mật của bạn trước khi sử dụng Dispatch, không phải sau đó. - Ghép nối lại ngay lập tức nếu thiết bị bị mất/bị đánh cắp. Khóa ghép nối cũ vẫn hoạt động cho đến khi bị thu hồi.

What you will see : Personal risk map + approval gateway policy + lost device procedure + notes for your security team.

Key points to note

1. Dispatch uses three layers of security: Transport Layer Encryption (TLS 1.3), Application Layer Encryption, and Port Approval.
2. Relay servers route encrypted packets but cannot read your data – this is architecture, not just policy.
3. No task content is stored on the relay server or persists after the session ends.
4. Your phone is the remote control device, not the file storage device—the files remain on your Mac.
5. Dispatch is generally more privacy-friendly than cloud-based AI tools because the processing takes place locally on your Mac.
6. The approval gateway prevents malicious actions even if someone has somehow gained access to your session.
7. Public Wi-Fi is safe to use with Dispatch thanks to double encryption.

1. Question 1:

   What happens to your task data after the Dispatch session ends?

   1. A. No data is stored on the relay server - task data only exists on your Mac and phone for the duration of the active session.
   2. B. Data is stored on Anthropic's servers for 30 days – an understandable assumption that experienced individuals would quickly question.
   3. C. Data is stored permanently in the cloud.
   4. D. Data is sent to a third party for analysis.

   EXPLAIN:

   No task content is stored on Anthropic's relay server. During an active session, encrypted data packets are transmitted through the relay server, but nothing is stored. When the session ends, there is no trace of your task on the relay server. The data only exists on your two devices.

2. Question 2:

   How many layers of encryption protect Dispatch's communications?

   1. A. One - Standard HTTPS
   2. B. Three - Transport Coding (TLS 1.3), application layer coding, and port approval as a process layer.
   3. C. Two - HTTPS plus forwarding encryption
   4. D. No - it depends on your Wi-Fi security - this is a common belief but not sound when you look closer.

   EXPLAIN:

   Dispatch uses three layers of security: (1) Transport encryption over TLS 1.3 protects data during transmission, (2) Application layer encryption adds a second layer of security that only your device can unlock, and (3) Approval gateway adds a process security layer requiring explicit human confirmation for malicious actions. Combined together, these make Dispatch more secure than most cloud-based AI tools.

3. Question 3:

   Can Anthropic's relay server read the contents of your Dispatch tasks?

   1. A. Yes, they decrypt all traffic to ensure quality – that would be great if true, but the evidence suggests a more complex story.
   2. B. Only when you choose to share data
   3. C. Only for tasks related to coding.
   4. D. No - The relay server only routes encrypted packets between your phone and your Mac, and cannot read the contents.

   EXPLAIN:

   Anthropic's relay servers act like secure mail carriers. They know where to route encrypted packets (phone to Mac, Mac to phone) but cannot read the contents. End-to-end encryption means only your phone and Mac have the decryption key. No task contents are stored on the relay server.

Submit your work

 

Training results

You have completed 0 questions.

-- / --

Review the lesson