- Google Chrome silently downloaded a massive AI model onto devices without user consent
- Users deleting Gemini Nano files then watched as Chrome automatically reinstalled everything
- Regulators now face questions about consent laws and quiet AI deployments.
Google Chrome quietly downloaded a 4GB AI model called Gemini Nano onto users’ devices without seeking permission first.
The file, named weights.bin, sits deep in Chrome’s user profile directory and powers on-device AI features like “Help Me Write” and scam detection.
Users do not find any checkbox in Chrome settings titled “Download 4GB AI Model” because such an option does not exist at all.
Silent download sparks user outrage
The environmental cost of spreading 4GB to hundreds of millions of devices is staggering by any reasonable measure.
On Chrome’s global scale, a model’s climate bill pushes between 6,000 and 60,000 tonnes of CO2 equivalent emissions – or roughly the annual output of a small wind farm or the emissions of thousands of passenger cars each year.
In many parts of the world, mobile data plans consider 4GB as a total monthly allowance, but Chrome consumes it in a single unrequested download.
When users attempt to unsubscribe from AI tools by deleting the weights.bin file, Chrome treats the action as a transient error to be fixed in the next eligible window and re-downloads the entire 4 GB package.
The only ways to make the removal permanent require disabling AI features via chrome://flags or corporate policy tools that home users typically don’t have.
A freshly created Chrome profile that received no keyboard or mouse input from a human still contained the full 4GB template within 15 minutes of its creation.
The browser downloaded the file while it was idle, waiting for a five-minute timeout on a third-party website.
What makes this legally and ethically problematic
The ePrivacy Directive explicitly prohibits the storage of information on a user’s device without prior, informed and unambiguous consent.
Chrome works fine without a 4GB LLM on the device, so no “strictly necessary” exemption applies to this situation.
GDPR requires transparency and fairness in the processing of personal data, but users were never informed of the download.
The most visible AI feature in Chrome’s omnibox, called “AI Mode,” doesn’t even use the on-device model, as these requests go directly to Google’s servers instead of being processed locally on the user’s own device.
This makes installing 4GB a pure cost imposed on users, with no offsetting privacy benefit.
The company has not published any analysis of the social impact on populations whose Internet access is metered and limited.
Additionally, regulators have yet to answer whether global technology companies are exempt from the laws in place since 2002.
Via Privacy Guy
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
