Privacy concerns mount as researcher reveals Chrome silently installed Gemini Nano on millions of devices
Google Chrome has become the center of a privacy storm after security researcher Alexander Hanff discovered that the browser has been quietly downloading a 4GB AI model called Gemini Nano onto user devices without explicit permission or notification.
The file, named “weights.bin,” is stored in the OptGuideOnDeviceModel directory within users’ Chrome profiles and downloads automatically when Chrome determines a device meets hardware requirements, without consent or notification.
The Discovery
Hanff, a privacy researcher also known as “That Privacy Guy,” documented his findings after creating a fresh Chrome installation on a Mac and running automated tests that visited 100 webpages, then monitoring the computer’s log files for evidence of the download. The file has been confirmed on Windows 11, Apple Silicon Macs, and Ubuntu machines, though according to Google Chrome’s developer pages, the model is not installed on mobile devices due to compatibility issues.
What alarmed Hanff most was the behavior after discovery: if users delete the file, Chrome automatically re-downloads it.
What the Model Does (and Doesn’t Do)
The Gemini Nano model powers features like “Help me write” and scam detection, processing these tasks locally on users’ devices rather than sending data to Google’s cloud servers.
However, a confusing contradiction has emerged. Chrome 147 displays a prominent “AI Mode” pill in the address bar, which users might assume is powered by the local Gemini Nano model, but it’s not — AI Mode routes every query to Google’s servers anyway. The local model handles buried features that most users may never use, while the headline AI feature everyone sees still sends data to the cloud.
Google’s Response
Google provided a statement addressing the controversy: “We’ve offered Gemini Nano for Chrome since 2024 as a lightweight, on-device model. It powers important security capabilities like scam detection and developer APIs without sending your data to the cloud. While this requires some local space on the desktop to run, the model will automatically uninstall if the device is low on resources. In February, we began rolling out the ability for users to easily turn off and remove the model directly in Chrome settings”.
However, Hanff confirmed that he did not have access to this setting, suggesting the rollout may not have reached all users.
Legal and Environmental Concerns
Hanff has raised serious legal questions about the practice. The GDPR requires transparency and fairness in processing personal data, but users were never told about the download at all. The ePrivacy Directive requires explicit consent before storing data on a user’s device, which Hanff argues Google has violated.
The environmental impact at scale is staggering. At Chrome’s global scale, the climate bill for one model push lands somewhere between 6,000 and 60,000 tonnes of CO2 equivalent emissions — roughly the annual output of a small wind farm or the emissions from thousands of passenger cars.
Hanff estimates that a mid-band deployment hitting 500 million devices would result in roughly 30,000 tonnes of CO2e — the annual emissions of 6,500 cars, and this is only the initial delivery cost.
Impact on Users
For users on devices with limited storage or metered internet connections, the impact is personal and immediate. The 4GB download happens automatically when Chrome determines your device meets the hardware requirements, without consent and without notification. For someone on a 256GB laptop or a metered data plan, 4GB represents a significant portion of available resources.
Google has not published any analysis of the welfare impact on populations whose internet access is metered.
How to Stop It
Users who want to prevent the download can take action. Navigate to chrome://flags, search for “optimization guide on device,” and set it to disabled. On Windows, users can also tweak the registry to permanently block it. Google says that beginning in February, Chrome started rolling out a way for users to easily turn off and remove the model directly in Chrome settings, and once disabled, the model will no longer download or update.
A Broader Pattern
Hanff noted this is part of a broader pattern: “An engineering team at a large AI vendor decided that the user’s machine is a deployment surface to be optimized for the vendor’s product roadmap, not a personal device whose owner is the legal authority on what runs there”.
The controversy highlights a fundamental question about the future of AI-integrated software: who controls what runs on your device? As AI becomes embedded in everyday tools, the line between helpful features and unauthorized installations becomes increasingly blurred — and the need for transparent consent becomes more critical than ever.
Note: Users concerned about storage space or bandwidth should check their Chrome directory for the OptGuideOnDeviceModel folder and consider adjusting their settings to prevent future downloads.
