BotBeat
...
← Back

> ▌

Google / AlphabetGoogle / Alphabet
UPDATEGoogle / Alphabet2026-07-06

Chrome Quietly Installed a 4GB AI Model on Millions of PCs Without User Consent

Key Takeaways

  • ▸Google automatically installed a 4GB AI model (Gemini Nano) onto Chrome users' computers without notification, discovered by privacy researcher Alexander Hanff through system log analysis
  • ▸The model re-downloads itself when deleted and can accumulate to 12GB+ on some systems due to failed cleanup of older versions, effectively removing user control over device storage
  • ▸While on-device AI provides privacy benefits (phishing detection, summarization) by avoiding cloud transmission, the installation method itself violates privacy principles by lacking informed user consent
Source:
Hacker Newshttps://oztalking.com/en/issues/hidden-4gb-ai-model↗

Summary

Google has been automatically downloading a 4GB AI model called Gemini Nano onto users' computers through Chrome updates, with little notification or meaningful consent. Swedish privacy researcher Alexander Hanff discovered the installation of weights.bin—the model file buried in Chrome's OptGuideOnDeviceModel folder—by analyzing macOS kernel logs, with confirmations later found on Windows and Linux systems. The installation is automatic for users with compatible hardware (16GB+ RAM, 22GB+ free storage) and persists even when manually deleted; Chrome treats deletion as a "temporary error" and re-downloads the model on restart.

The Gemini Nano model powers several Chrome features including phishing and scam detection, tab group suggestions, page summarization, and smart paste. Google justifies the stealth installation by claiming on-device processing protects user privacy by avoiding data transmission to servers. However, this creates a fundamental paradox: a model ostensibly installed to protect privacy was installed without informed user consent. Although Google added an "On-Device AI" toggle in Settings starting February 2026, many users still lack access to this option and must manually disable it through chrome://flags or registry edits.

The discovery raises serious compliance questions under regulations like the EU's ePrivacy Directive, which requires "freely given, specific, informed, and unambiguous consent" before storing information on user devices. Some users report model files accumulating to over 12GB due to failed cleanup of older versions. The incident illustrates a broader pattern of tech companies folding user devices into their AI infrastructure without transparent disclosure or meaningful consent mechanisms.

  • An "On-Device AI" toggle was only added in February 2026 but remains unavailable to many users, forcing them to use workarounds like chrome://flags or registry edits
  • The incident violates the EU's ePrivacy Directive, which explicitly requires informed consent before storing information on devices
Generative AIRegulation & PolicyEthics & BiasPrivacy & Data

More from Google / Alphabet

Google / AlphabetGoogle / Alphabet
INDUSTRY REPORT

Google's AI Overview Amplifies Entirely Fictional Company, Raising Concerns About Search Quality

2026-07-06
Google / AlphabetGoogle / Alphabet
RESEARCH

Independent Evaluation of Google's TabFM Confirms Foundation Model Beats XGBoost on Tabular Data—With Caveats

2026-07-06
Google / AlphabetGoogle / Alphabet
INDUSTRY REPORT

AI Systems Failing at Fact-Checking, Still Wrong 45-60% of the Time, WIRED Analysis Shows

2026-07-05

Comments

Suggested

Academic ResearchAcademic Research
RESEARCH

Researchers Demonstrate Method to Detect AI Guardrails Through Behavioral Monitoring

2026-07-06
OpenAIOpenAI
POLICY & REGULATION

UK Regulator Warns of 'Arms Race' to Keep Up with AI in Financial Services

2026-07-06
AnthropicAnthropic
PARTNERSHIP

Maker Builds Interactive AI Robot Using Anthropic's Claude Code and Raspberry Pi

2026-07-06
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us