By ByteBot
Chrome has been silently installing a 4GB AI model on billions of devices without asking permission. Security researcher Alexander Hanff exposed the practice in May 2026, revealing that Google’s browser downloads Gemini Nano automatically—and re-downloads it if you delete it. The controversy raises fundamental questions about consent, bandwidth costs, and who actually controls your device.
The Silent Installation
The file in question is weights.bin, a 4-gigabyte AI model stored in Chrome’s OptGuideOnDeviceModel directory. Chrome installs it automatically when your device meets certain hardware requirements. No notification. No consent prompt. Just 4GB consumed without your knowledge.
Hanff, a Swedish computer scientist and lawyer writing as “That Privacy Guy,” documented the installation in detail. His analysis revealed something worse: if you discover the file and delete it, Chrome simply downloads it again on the next restart. Google added an opt-out toggle to Chrome settings in February 2026, but only after the backlash started. The company chose opt-out over opt-in—a choice that matters.
The Misleading AI Mode
Here’s the twist that exposes the contradiction. Chrome 147’s most visible AI feature—the “AI Mode” pill in your address bar—doesn’t even use the local Gemini Nano model. According to Hanff’s analysis, AI Mode routes every query to Google’s cloud servers anyway.
Users reasonably assume the 4GB local model powers AI Mode and keeps their data private. Reality: you’re paying the storage and bandwidth cost for a model that doesn’t power the browser’s flagship AI feature. The visible AI is cloud-based. The invisible 4GB file sits unused for most users, consuming space and bandwidth for features like “Help me write” prompts that few discover.
The Real Cost
Four gigabytes might not sound like much if you’re reading this on fiber internet with terabytes of storage. But Chrome has over 3.5 billion users. A 4GB download without permission hits different depending on where you live and how you connect.
In many developing countries, 4GB is a month’s entire data allowance. For users on metered connections or mobile hotspots, Google just cost them real money without asking. For rural users with bandwidth caps, a silent 4GB transfer can exhaust monthly limits in minutes. Google has published no analysis of the welfare impact on populations whose internet access is metered and limited.
The environmental math is staggering too. Hanff calculated that pushing this model to just 1 billion Chrome users—roughly 30% of the user base—consumes 240 gigawatt-hours of energy and generates 60,000 tons of CO2-equivalent emissions. That’s for distribution alone, not even using the model.
Google’s Defense
Chrome VP and GM Parisa Tabriz defended the decision in a thread on X, arguing that “on-device AI is central to the browser’s security and developer strategy” and that “Gemini Nano still processes data locally.” But her response sidestepped the core question: why no consent prompt?
She didn’t explain why the model reinstalls if users delete it. She didn’t address the AI Mode inconsistency. She didn’t acknowledge the impact on metered connections or the environmental cost at scale. The subtext of her defense was clear: Google believes opt-out is sufficient. Many users disagree.
Legal Exposure
Privacy researchers argue the practice likely violates the EU’s ePrivacy Directive and GDPR. The ePrivacy Directive’s Article 5(3) prohibits storing information on a user’s device without explicit consent, except when strictly necessary for a service the user explicitly requested. Chrome functions perfectly without Gemini Nano, so the strict necessity exception doesn’t apply.
GDPR’s transparency and data minimization principles are also in play. As of May 7, 2026, no formal sanctions have been issued, but several European privacy organizations are evaluating complaints with national authorities. If found in violation, Google faces fines up to 4% of global annual revenue.
How to Remove It
First, check if you have it. On Windows, press Win + R and paste %LOCALAPPDATA%\Google\Chrome\User Data\, then look in the “Default” folder for “OptGuideOnDeviceModel.” On macOS, press Cmd + Shift + G and paste ~/Library/Application Support/Google/Chrome/.
To disable it, navigate to chrome://settings/ai and toggle off on-device AI features. If that option isn’t available in your region, go to chrome://flags, search for “optimization guide on device,” and set it to Disabled. Do the same for “prompt API for gemini nano.” Relaunch Chrome. You can then manually delete the OptGuideOnDeviceModel folder, and it should stay deleted.
The Trust Question
This isn’t really about 4GB. It’s about precedent. If browsers can silently install large files without asking, what else are they doing without disclosure? Google had two years—since 2024—to implement this with a consent flow. They chose not to.
On-device AI has legitimate privacy benefits. Local processing means less data sent to the cloud. Scam detection could protect vulnerable users. These are genuine improvements. But none of that justifies installing 4GB without permission. Innovation speed doesn’t override user autonomy.
The opt-out versus opt-in distinction matters. Opt-out assumes your consent and requires you to object. Opt-in respects your agency and asks first. Google chose opt-out for 4GB of your storage and bandwidth. That choice reveals how the company views device ownership. The device might be yours, but Google decides what goes on it.
