As far as I know, OpenCode sends (has to send) the same data to Anthropic as Claude Code™ CLI (especially if they're going to successfully imitate CC™ in order to access cheap subscription pricing).

There are additional signals that a client can send as telemetry that they lose if you use a 3rd party app. Things like accepted vs rejected sessions and so on.

You have already done that when you sign up for an anthropic account

True. You can turn it off though: https://claude.ai/settings/data-privacy-controls

I doubt you can opt out

You can: https://claude.ai/settings/data-privacy-controls

Claude Code only trains on data if you opt in

They've recently switched to opt-out instead. And even then, if you read the legalese they say "train frontier models". That would (probably) allow them to train a reward model or otherwise test/validate on your data / signals without breaking the agreement. There's a lot of signal in how you use something (e.g. accepted vs. rejected rate) that they can use without strictly including it in the dataset for training their LLMs.

They switched to opt out, with some extra dark patterns to convert people who already opted out into opting in.

I did not know that. Could you elaborate?

New users now have to opt-out of training on their data - it is enabled by default. For existing users, during the transition they updated their terms and let you know about the change in policy, giving you an option to opt-in or opt-out. Opt-in was the default selection. Just today they AGAIN updated terms, presenting a click-through form on first load that looks like a permissions check (e.g. the standard dialog to enable access to the file system that we're conditioned to click-through). It was actually a terms-of-service update with opt-in selected by default, even if you already explicitly opted out. So if you hit enter to dismiss as you're used to doing, you just switched your account over to opt-in.

I used to be less cynical, but I could see them not honoring that, legal or not. The real answer, regardless of how you feel about that conversation, is that Claude Code, not any model, is the product.

I couldn't. Aside from violating laws in various countries and opening them up to lawsuits, it would be extremely bad for their enterprise business if they were caught stealing user data.

Maybe. But the data is there, imagine financial troubles, someone buys in and uses the data for whatever they want. Much like 23andme. If you want something to stay a secret, you don't send it to that LLM, or you use a zero-retention contract.

If your threat model is "vendor willing to ignore contracts and laws to steal your data" I can't see how a zero-retention contract helps.

They don’t need to use your data for an external facing product to get utility from it. Their tos explicitly states that they don’t train generative models on user data. That does not include reward models, judges or other internal tooling that otherwise allows them to improve.

If they believe it would get them AGI they would risk it.

You don't have to imagine, you can see it happening all the time. Even huge corps like FB have been already fined for ignoring user consent laws for data tracking, and thousands of smaller ones are obviously ignoring explicit opt in requirements in the GDPR at least.

Claude code cli and api vs subscription are tangential. You can use Claude code with an api token.