Chrome downloads a 4GB AI file without user consent, researcher alleges

Source: Engadget

Overview

Google is reportedly downloading a 4 GB file containing the weights for Gemini Nano, its on‑device large language model, without prompting users. Computer scientist Alexander Hanff detailed the behavior in a post on his site, The Privacy Guy, and provided evidence from his own macOS system.

Findings

• The file, named weights.bin, appears in Chrome’s hidden folder within the macOS Library directory.
• Chrome does not prompt users to consent to the download, even though the file is required for AI‑powered features such as “help me write” and on‑device scam detection.
• On a second Mac and on a coworker’s laptop, the file was absent, suggesting the download occurs after a specific Chrome update (version 148.0.7778.97).
• Deleting the directory containing weights.bin only provides a temporary fix; Chrome re‑downloads the file within minutes.
• Similar behavior has been observed on Windows installations. The only ways to stop the re‑download are to disable Chrome’s AI features via chrome://flags or enterprise policy tooling, or to uninstall Chrome entirely.

Potential Issues

• Lack of consent: The download is invisible to users, with no opt‑in mechanism.
• Hidden location: The file resides in obscure system directories, making it difficult for users to discover or remove.
• Privacy concerns: The practice may conflict with European privacy regulations, including GDPR.
• Environmental impact: Hanff estimates that a “mid‑band” rollout to 500 million devices (≈15 % of Chrome users) could generate roughly 30,000 tonnes of CO₂e—equivalent to the annual emissions of 6,500 cars. This figure only accounts for the initial delivery; additional factors could increase the total energy cost.

Response

Google was contacted for comment but had not responded at the time of publication. Updates will be added if a response is received.

Source: Alexander Hanff’s article on The Privacy Guy