- Google Chrome silently downloaded a massive AI model to devices without user consent
- Users who deleted Gemini Nano files saw Chrome reinstall everything automatically afterwards
- Regulators now face questions about consent laws and silent AI deployments
Google Chrome has quietly downloaded a 4GB AI model called Gemini Nano to user devices without first asking for permission.
The file, called weights.bin, resides deep within Chrome’s user profile directory and powers on-device AI features like “Help me type” and scam detection.
Users cannot find a checkbox in Chrome settings labeled “download a 4GB AI model” because there is no such option at all.
Silent download causes outrage among users
The environmental cost of pushing 4GB to hundreds of millions of devices is staggering by any reasonable measure.
On Chrome’s global scale, the climate bill for one model push lands somewhere between 6,000 and 60,000 tons of CO2-equivalent emissions – roughly speaking, the annual production from a small wind farm or the emissions from thousands of passenger cars every single year.
Mobile data plans in many parts of the world treat 4GB as a full month’s allowance, but Chrome still uses it in one unsolicited download.
When users try to opt out of the AI tools by deleting the weights.bin file, Chrome treats the action as a transient error to be fixed in the next eligible window and re-downloads the entire 4GB package again.
The only ways to make the deletion permanent require disabling AI features through chrome://flags or corporate policy tools that home users typically don’t have.
A newly created Chrome profile that received no keyboard or mouse input from any human still contained the full 4GB model within 15 minutes of creation.
The browser downloaded the file while sitting idle waiting for a five-minute timer to expire on a third-party website.
What makes this legally and ethically problematic
The ePrivacy Directive expressly prohibits the storage of information on a user’s device without prior, informed and unambiguous consent.
Chrome works perfectly fine without a 4GB on-device LLM, so no “strictly necessary” exception applies to this situation.
GDPR requires transparency and fairness in the processing of personal data, but users were never told about the download at all.
The most visible AI feature in Chrome’s omnibox, labeled “AI Mode,” doesn’t even use the on-device model, since those queries go directly to Google’s servers instead of being processed locally on the user’s own device.
This makes the 4GB installation a pure cost imposed on users with no privacy trade-off whatsoever.
The company has not published any analysis of the welfare impact on populations whose Internet access is metered and limited.
Regulators also have yet to answer whether global technology companies are exempt from statutes that have been on the books since 2002.
Via The Privacy Guy
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
