AI & Tech Issue #103 ·

Google Chrome Secretly Installed a 4GB AI Model on Your PC

An AI installed to protect your privacy never asked for your consent—here's what that paradox reveals.

Google Chrome Secretly Installed a 4GB AI Model on Your PC

Opening

Reader, have you noticed your computer’s storage suddenly shrinking lately?

Recently, a strange file has been making waves among Chrome users worldwide. Its name: weights.bin. Its size: 4GB. Buried deep in Chrome’s browser folder, this file turned out to be Gemini Nano, Google’s on-device AI model. The problem? Nobody asked for it to be installed.

Swedish privacy researcher Alexander Hanff uncovered the discovery by analyzing macOS kernel logs, and the same phenomenon was later confirmed on Windows and Linux. Let me get straight to the point: this isn’t a simple storage issue. It’s the start of a new pattern in which tech companies fold users’ devices into their own AI infrastructure.

Has it made things more convenient? Enormously, and I’m genuinely satisfied. But was the process behind it right? Well… no. Let’s dig in.

🔍 What Actually Happened

Let’s start with the structure of the file Chrome installed without users’ knowledge.

Inside Chrome’s user data folder sits a folder named OptGuideOnDeviceModel. The name itself is telling — it’s Google’s internal shorthand for “Optimization Guide On-Device Model.” Would an ordinary user look at that folder name and think, “Ah, this is the Gemini Nano AI model”? Hanff points out that this ambiguity is itself deliberate. If Google had named it honestly, it would have been GeminiNanoLLM.

Inside this folder sits weights.bin — the actual model weights1​ file for Gemini Nano. Chrome automatically checks your hardware specs: GPU tier, CPU core count, system RAM (16GB or more), and free storage (22GB or more). If your machine meets these criteria, Chrome downloads the model in the background without any notification whatsoever. When Hanff tested this on a clean Chrome profile, the download completed in 14 minutes.

What’s more interesting is what happens after you delete it. Even if you manually remove the file, restarting Chrome downloads it again. Chrome treats the deletion as a “temporary error” and attempts to restore it at the next opportunity. Some users have reported model files piling up to over 12GB because older versions were never cleaned out. When Snopes checked the devices of six of its own staff members, the file turned up on three of them, across macOS and Windows combined. In other words, deleting it doesn’t stop Chrome from forcing it back in.

Google describes it as “a lightweight on-device model we’ve offered since 2024,” and says that starting in February 2026 it began rolling out an “On-Device AI” toggle under Settings > System that lets users turn it off. But a substantial number of users, Hanff included, still haven’t received this toggle. Those without it have to manually disable the relevant flag at chrome://flags or edit the registry.

🎭 The Paradox: Violating Privacy in the Name of Privacy

The most notable part of this whole affair is the justification Google offers.

The features Gemini Nano runs locally include Help Me Write, phishing and scam detection, tab group suggestions, page summarization, and smart paste. The scam-detection feature in particular was integrated into Chrome’s Enhanced Protection mode in May 2025, and Google’s explanation is that on-device processing lets it catch phishing sites in real time — even ones that exist for less than 10 minutes before vanishing. That’s a threat cloud-based databases are too slow to catch. And these features are genuinely convenient — especially most of the tasks you do after opening developer mode (F12), which have become dramatically easier.

Google’s logic is that when these features run on the user’s device instead of the cloud, no data gets sent to Google’s servers, so privacy is protected. Taken purely on its own terms, that logic holds up.

But here’s where the paradox emerges.

A model installed to protect privacy was, itself, installed without consent. Article 5(3) of the EU’s ePrivacy Directive2requires “freely given, specific, informed, and unambiguous consent” before storing information on a user’s device. That single clause is the reason cookie banners exist at all. In plain terms, Google should have asked, “We’re about to download XYZ — do you agree?” before the download began. It didn’t.

A law that requires consent for a 4KB cookie somehow wasn’t applied to a 4GB AI model — a million times larger. Hanff argues this violates both the ePrivacy Directive and GDPR’s transparency principles. If EU regulators agree, Google could face a fine of up to 4% of its global revenue. Legal precedent is already accumulating too: in March 2025, a German court ruled that installing Google Tag Manager also requires prior consent.

Google’s consistent position, of course, is that this is simply part of the product, and therefore fine.

📱 The Gap Between Visible AI and Invisible AI

There’s another part of this story I find even more interesting.

Chrome 147’s address bar features a prominent “AI Mode” button. Given everything explained so far, users would naturally assume that AI Mode runs on the 4GB model sitting on their computer. It doesn’t. Every query typed into AI Mode gets sent to Google’s cloud servers. The locally installed Gemini Nano, meanwhile, powers features buried in right-click menus that most users don’t even know exist.

To summarize the structure:

  • The AI feature users see and actively use → processed in the cloud (data transmitted)
  • The AI model installed without users’ knowledge → processed locally (background feature)
  • The cost the user bears → 4GB of storage + download bandwidth…?????

Users pay the cost in storage and bandwidth, yet the AI feature they actually use directly delivers no privacy benefit to them at all. In Hanff’s words, this amounts to a privacy illusion.

There’s one more fact worth noting here. Chrome recently and quietly deleted a privacy pledge related to on-device AI — the line stating that “data is not sent to Google’s servers.” The situation changed once the Prompt API became enabled by default starting with Chrome 148.

This API allows websites to directly call a user’s Gemini Nano model. In that case, input and output data are handled according to that website’s own privacy policy. The data may not go to Google’s servers — but it can go to third-party websites instead.

🌍 The Bigger Picture: Whose Infrastructure Is Your Device?

If you see this only as a 4GB storage issue, you miss the point entirely.

Chrome’s global market share sits at roughly 65-71%. Its estimated user base exceeds 3.8 billion people. By Hanff’s calculations, deploying this model to 100 million devices consumes roughly 24GWh of energy; scale that to 1 billion devices and it reaches 240GWh — equivalent to 6,000-60,000 tons of CO₂, and that figure doesn’t even include future model updates and re-downloads. Now, I’m no environmentalist, so I don’t particularly want to dwell on carbon emissions. What matters is who bears this burden.

This is where the real question emerges: whose infrastructure is your device, anyway?

Until now, AI mostly ran in the cloud: users sent a request, a server processed it, and the result came back. But as the shift toward on-device AI3​ accelerates, tech companies are moving inference work onto users’ devices to cut cloud costs. This does bring real advantages in privacy and latency.

The problem is that this process consumes users’ storage, bandwidth, and power without asking permission. And it’s not just Google. In the same report, Hanff also flagged that Anthropic’s Claude Desktop app secretly installs a native messaging bridge even into browsers where it was never installed.

If this pattern keeps repeating, your laptop stops being “your device” and becomes just another node in a tech company’s distributed AI infrastructure.

What’s interesting is that Apple runs a similar on-device AI strategy but takes a different approach. Apple Intelligence clearly distinguishes between tasks it can handle on-device and tasks that must be offloaded to the cloud (Private Cloud Compute), and it explains this distinction to users. It’s a case that shows how, even with the same on-device AI, user trust can look completely different depending on how transparently it’s deployed.

Oz’s Lens

Honestly, I think on-device AI itself is a good direction. From my experience analyzing the architecture of various SaaS products while building go-to-market strategies, reducing cloud dependence is a sound choice on both cost and privacy grounds.

But this Chrome incident isn’t about the “what.” It’s about the “how.”

There’s a pattern I ran into constantly while doing data analysis: when a well-intentioned feature ships through a bad execution, it only takes one instance to lose user trust. If Google had simply asked from the start — “A 4GB local AI model will be installed in Chrome, used for scam detection and writing assistance. Do you want to proceed?” — most users would have clicked “yes.” The feature itself is genuinely useful.

Not asking for consent wasn’t a technical limitation — it was a strategic choice. Ask for consent, and some users click “no”; that lowers Gemini Nano’s adoption rate, which in turn slows the growth of the developer API ecosystem. A company holding a browser with 70% market share simply couldn’t resist that temptation.

Back when crypto scams were rampant, there was a wave of viruses that turned any desktop or laptop that downloaded them into a forced mining rig. Comparing this incident to that is obviously too extreme, but this case could give rise to a similarly severe misunderstanding. That said, whether Chrome asked me or not, I’ve been using it happily and would have kept using it happily either way, so I’m quite satisfied…

This isn’t a Chrome-only problem. It’s a signal that the very concept of “user consent” needs to be redefined for the AI era.

Closing

Let me sum up the core of this story in three points.

First, Chrome installed a 4GB AI model without user consent, and it reinstalls itself automatically even after deletion. A toggle to disable it in Settings is being rolled out, but it hasn’t reached every user yet.

Second, the contradiction between the justification of “local AI for privacy” and the practice of “installation without consent” is part of a larger trend in which tech companies are turning users’ devices into their own infrastructure.

Third, the fact that we live in an era that demands consent for a 4KB cookie while a 4GB AI model gets installed without any is evidence that our existing consent framework hasn’t kept pace with the AI era.

If you’re a Chrome user, try typing chrome://on-device-internals into your address bar to check exactly which AI models are currently installed on your device.

I’d also recommend checking Settings > System to see whether the “On-Device AI” toggle has reached you yet.

References & Further Reading

Primary sources

Background

The author, Kwangseob Ahn, is a professor of business administration at Sejong University and lead consultant at OBF (Oswarld Boutique Consulting Firm). He teaches statistics and data analysis — business data management and business analytics — while leading GTM and AI strategy consulting in the field, designing the seam between technology and business. He has published academic research on a memory architecture for AI dialogue systems (HEMA) and runs Daily Arxiv, a daily curation of global AI papers. He holds a master’s from Korea University’s Graduate School of Technology Management and a KMBA. He is the author of Homo Brainless: The People Who Outsource Their Thinking.

Footnotes

  1. Model weights: a file that stores an AI model’s learned results as numbers. Think of it as the equivalent of a person’s judgment criteria accumulated through experience — the larger the file, the more complex judgments the model can make.

  2. The ePrivacy Directive: an EU regulation on electronic communications privacy, establishing the principle that storing or accessing information on a user’s device requires prior consent. This directive is the legal basis for the cookie consent banners you see on websites.

  3. On-device AI: an approach that runs AI directly on a user’s smartphone, laptop, or other device instead of a cloud server. Since data never leaves the device, it’s advantageous for privacy, but it comes with the trade-off of consuming the device’s storage and computing power.