By ByteBot
Between April 20-29, 2026, Google Chrome silently downloaded a 4GB AI model to hundreds of millions of devices without user consent. Privacy lawyer Alexander Hanff discovered the installation on April 24 while running a forensic audit on a fresh macOS profile. He published his findings May 5, and they immediately hit #1 on Hacker News with 1,273 points. The silent install violates EU ePrivacy Directive Article 5(3) and generates massive environmental costs—60,000 tonnes of CO2 at one billion device scale. However, the real scandal isn’t just the 4GB download. Chrome installs a local AI model, then doesn’t even use it—routing queries to Google’s cloud servers instead.
The Bait-and-Switch: 4GB Downloaded, Then Ignored
Chrome’s “AI Mode” pill sits prominently in the address bar, suggesting local AI processing. Users see a 4GB Gemini Nano model installed on their devices and reasonably assume their queries stay private. They don’t. Hanff’s technical analysis reveals that “the visible AI Mode pill delivers no on-device benefit at all because it routes to Google’s servers regardless.” The 4GB local model powers separate features—text suggestions, scam detection, tab organization—but the most prominent AI interface sends everything to the cloud.
This is textbook dark pattern design. Install a local model to create privacy expectations, then violate those expectations by sending queries to cloud servers anyway. The European Data Protection Board’s Guidelines 03/2022 identify three deceptive patterns at work here: misleading information (the “AI Mode” label falsely suggests local processing), skipping (no choice between local-only and cloud-backed surfaces), and hindering (separate controls in chrome://flags vs chrome://settings/ai obscure both options). Moreover, Google even obfuscates the directory name—”OptGuideOnDeviceModel” reveals nothing about containing Gemini Nano LLM weights.
ePrivacy Directive: All Five Consent Requirements Violated
EU ePrivacy Directive Article 5(3) requires “prior, freely-given, specific, informed, and unambiguous consent” before storing information on user terminals. Chrome’s silent 4GB install fails all five criteria. It wasn’t prior—Chrome installed without asking first. It wasn’t freely-given—users got no choice. It wasn’t specific—the model came bundled with the browser, not as a separate opt-in. It wasn’t informed—no disclosure about what’s being installed, its size, purpose, or features. Additionally, it wasn’t unambiguous—no explicit yes/no choice was presented.
The enforcement risk is substantial. GDPR penalties reach up to €20 million or 4% of global annual revenue, whichever is higher. For Alphabet, that’s approximately $12.3 billion maximum. Furthermore, the French Data Protection Authority already fined Microsoft for similar consent violations involving non-essential cookies. EDPB updated Article 5(3) guidelines in October 2024, expanding the scope to cover tracking pixels, device fingerprinting, and local processing where information transfers outside the user’s device. Consequently, Chrome’s 4GB Gemini Nano installation fits squarely within that expanded technical scope. This is a clear-cut violation backed by Hanff’s forensic evidence—regulators will investigate.
60,000 Tonnes CO2e: The Hidden Environmental Cost
Hanff calculated the carbon footprint using standard energy metrics: 0.06 kWh per GB network transfer, 0.25 kg CO2e per kWh grid emissions. Per-device cost: 0.06 kg CO2e for the 4GB download. At 100 million devices, that’s 6,000 tonnes CO2e. At 500 million devices: 30,000 tonnes. Meanwhile, at one billion devices—within Chrome’s reach given its ~65% browser market share—60,000 tonnes CO2e. This is equivalent to 13,000 passenger vehicles running for a year.
The calculations exclude SSD manufacturing carbon (approximately 640,000 tonnes for one billion devices at 4GB each), re-downloads from deletion attempts, and future model updates. In fact, multiple users report finding not just one OptGuideOnDeviceModel folder but several versions totaling 12GB or more. The environmental waste compounds when you remember the local model goes largely unused—Chrome routes the prominent “AI Mode” queries to cloud servers anyway. As Hanff puts it: “Illegal and extremely costly for the climate.”
How to Check, Disable, and Remove Chrome AI Installation
Check if you’re affected by navigating to your Chrome profile directory. On Windows: %LOCALAPPDATA%\Google\Chrome\User Data\Default\OptGuideOnDeviceModel\. On macOS: ~/Library/Application Support/Google/Chrome/Default/OptGuideOnDeviceModel/. On Linux: ~/.config/google-chrome/Default/OptGuideOnDeviceModel/. Look for weights.bin—if it exists and approaches 4GB, Chrome installed Gemini Nano without asking.
Disable future downloads first, or Chrome will auto re-download. Go to chrome://flags/, find “Enables Optimization Guide On Device” and set it to Disabled. Do the same for “Prompt API.” Restart Chrome. Only then remove the files—either use chrome://on-device-internals/ and click Uninstall, or manually delete the OptGuideOnDeviceModel folder (SHIFT+Delete on Windows). However, if you delete without disabling the flags first, Chrome treats removal as a “transient state to correct” and downloads again. This deletion resistance is by design.
Alternatives exist. Firefox doesn’t silently install AI models. Neither do Brave, Arc, or Safari. Privacy-conscious developers are already migrating. In fact, user revolt forced Microsoft to change Recall from forced opt-out to opt-in after backlash. Market pressure works—if enough users switch browsers, Google will reverse course faster than regulators can act.
Key Takeaways
- Chrome silently installed 4GB Gemini Nano on hundreds of millions of devices between April 20-29, 2026, without consent or disclosure.
- Violates EU ePrivacy Directive Article 5(3)—failing all five consent requirements (prior, freely-given, specific, informed, unambiguous).
- Bait-and-switch deception: Chrome installs a local model but routes “AI Mode” queries to Google’s cloud servers instead.
- Environmental cost: 60,000 tonnes CO2e at one billion device scale—equivalent to 13,000 passenger vehicles annually.
- Check your device for OptGuideOnDeviceModel/weights.bin, disable flags at chrome://flags/, remove files, or switch to Firefox/Brave.
