Google Chrome Silently Downloads 4GB Gemini Nano Model Without Consent

Google Chrome is silently downloading and storing a ~4GB on-device AI model file named weights.bin to users' machines without explicit consent. The file, located in the OptGuideOnDeviceModel directory under the Chrome user profile, contains the weights for Gemini Nano — Google's on-device LLM used for features like "Help me write" and scam detection. These AI features are enabled by default in recent Chrome versions on eligible hardware.

If a user deletes the file, Chrome re-downloads it. The only ways to prevent re-download are to disable Chrome's AI features via chrome://flags or enterprise policy, or uninstall Chrome entirely. The installer silently writes the file without any consent dialog or opt-out UI in settings.

At Chrome's estimated two billion user scale, the environmental cost of this single model push is estimated between 6,000 and 60,000 tonnes of CO2-equivalent emissions, depending on how many devices receive the download. The author, Alexander Hanff, argues this is a direct breach of Article 5(3) of the ePrivacy Directive (2002/58/EC), Article 5(1) GDPR principles (lawfulness, fairness, transparency), Article 25 GDPR (data protection by design), and would be a notifiable event under the Corporate Sustainability Reporting Directive (CSRD).

The article provides verification steps on a freshly created Apple Silicon profile, noting the file lands as mode 600 owned by the user (deletable in principle), but Chrome's Local State retains the install state and triggers re-download on the next variations server eligibility check. The same pattern was previously documented for Anthropic's Claude Desktop silently registering a Native Messaging bridge in Chromium browsers.

For developers, this is a stark reminder to audit any background downloads in your tools, respect user consent, and consider the cumulative environmental impact of large models deployed at scale.