Detailed Analysis
A technically sophisticated Claude Max subscriber has documented a method for running two separate $200/month Claude subscriptions simultaneously on a single Mac, using Electron's `--user-data-dir` flag to spawn isolated Claude Desktop instances with distinct Dock icons, MCP configurations, and authentication states. The user's exploration went further than mere dual-instance management, however: while examining the `~/.claude/` filesystem, they discovered that Claude Code stores all session JSON Lines files in a single shared directory (`~/.claude/projects/<slugified-path>/`), regardless of which authenticated account generated them. UI-level filtering based on embedded account IDs creates the *appearance* of isolation, but the underlying files are fully accessible to both running instances — a distinction with potentially significant implications for how session state and billing are technically attributed.
The specific technical vulnerability the user identifies involves editing the account ID embedded in a session JSONL file (a one-line operation using `jq`) to transfer a conversation's context from one authenticated identity to another. The user is careful to frame this not as exploitation but as a gray-area workflow question: both accounts are legitimately paid, and they argue that continuing a session under a second account identity could actually consume *less* compute than re-establishing equivalent context from scratch. Recognizing that informal reasoning and Terms of Service compliance are separate matters, the user proactively contacted Anthropic for clarification before building any automation on top of the discovery — a notably responsible approach that distinguishes the post from typical vulnerability disclosures.
The broader community context reveals that running multiple Claude Max subscriptions on one Mac is a recognized, if unsupported, use case with several established workarounds. For the Claude Code CLI tool, users set the `CLAUDE_CONFIG_DIR` environment variable to point each shell session at a separate config directory, effectively giving each account its own credentials, history, and usage limits. Tools like Jean-Claude have formalized this pattern with named profiles and visual terminal distinctions. For Claude Desktop, the `--user-data-dir` flag approach the original poster uses is the dominant workaround, requiring a one-time browser-swap dance during authentication. Anthropic has not introduced native multi-account switching in either product, despite a GitHub feature request tracking the demand, and the company's support documentation explicitly states that individual Max plans cannot be merged into Team plans.
The filesystem-level session sharing the user uncovered points to a structural architectural assumption baked into Claude Code's design: that a given machine maps to a single user identity. As multi-account usage grows — driven largely by professionals separating personal and work contexts rather than attempting quota arbitrage — this assumption becomes increasingly misaligned with real-world deployment patterns. The fact that account isolation is enforced only at the UI layer, rather than through filesystem permissions or encrypted session stores, suggests the feature was not originally designed with adversarial or even multi-tenant single-user scenarios in mind. Whether or not Anthropic's eventual response permits the session-transfer workflow, the disclosure highlights a gap between the product's current architecture and the access patterns of its power-user base.
The episode also illustrates a recurring tension in AI subscription products: pricing and usage enforcement models designed for individual, single-session consumers are being stress-tested by a cohort of highly technical users with legitimate multi-account needs. The user's decision to seek explicit ToS guidance before proceeding, and to publish both the technical finding and the inquiry publicly, represents a constructive form of pressure on Anthropic to articulate clearer policies around multi-account use, native profile switching, and the acceptable boundaries of session-state manipulation. Until official documentation addresses these scenarios, the community will continue to operate in a policy vacuum, improvising filesystem-level workarounds and relying on informal norms rather than clear product guidelines.
Read original article →