AI HORRORS
All Incidents
2026-05-04T00:00:00.000Z
🟠HIGH
chromegooglegemini-nanoprivacyconsentunauthorizedclimate

Chrome Silently Installs 4GB AI Model Without User Consent

What Happened

Google Chrome began silently downloading a 4GB Gemini Nano AI model file to users' devices without consent, notification, or any user interface to control it. The file, named weights.bin, appears in the OptGuideOnDeviceModel directory and is designed to power Chrome's AI features like "Help me write" and on-device scam detection.

Privacy researcher Alexander Hanff documented the behavior using macOS filesystem event logs on a fresh Chrome profile that had never received human input. Within 14 minutes and 28 seconds of initial use, Chrome automatically downloaded the entire 4GB model in the background while the user was simply browsing websites. When users delete the file, Chrome re-downloads it automatically on the next launch.

The most concerning aspect is that Chrome's most visible AI feature - the "AI Mode" pill in the omnibox - doesn't even use the local model. Instead, it sends all queries to Google's cloud servers, making the mandatory local download appear to be purely for Google's benefit rather than user privacy.

How It Happened

  • Chrome determines device eligibility based on hardware "performance class" (typically 16GB+ RAM)
  • The model download triggers automatically when Chrome's AI features are active (enabled by default)
  • No consent dialog or notification appears during the 4GB download
  • The installation occurs through Chrome's normal subprocess (com.google.Chrome.chrome_chrome_Unpacker_BeginUnzipping)
  • Users can only prevent re-installation through enterprise policy tools or chrome://flags settings
  • The visible "AI Mode" feature misleadingly routes to cloud servers while the local model remains unused

Why This Matters

This incident represents a massive violation of user consent and environmental responsibility. At Chrome's scale of 2+ billion users, researcher calculations show the environmental cost could reach 6,000 to 60,000 tonnes of CO2-equivalent emissions for a single model push - equivalent to the annual emissions of 1,300 to 13,000 passenger cars.

"The user pays the storage cost of the silent install (4 GB on disk, plus the bandwidth of the silent download). The user's most visible AI experience - the pill they actually see and click - delivers no on-device benefit at all because it routes to Google's servers regardless," Hanff wrote in his analysis.

The behavior violates Article 5(3) of the EU's ePrivacy Directive, which prohibits storing information on users' devices without consent except when strictly necessary. For users on metered mobile connections, particularly in developing regions where smartphones serve as primary internet access, the unwanted 4GB download can consume an entire month's data allowance.

Lessons Learned

  • Consent cannot be assumed for large file installations - Even "free" browser features require explicit user permission for substantial downloads
  • Visible AI features should match claimed functionality - Presenting local-seeming AI interfaces while actually using cloud processing is deceptive
  • Environmental costs compound at scale - What seems insignificant per user becomes massive climate impact across billions of devices
  • Privacy-by-design requires user control - Default-enabled features that cannot be easily disabled violate data protection principles
  • Silent installations undermine user trust - Automatic downloads without notification damage the fundamental relationship between user and software

Prevention Checklist

  • [ ] Implement explicit consent dialogs for any download over 100MB
  • [ ] Provide clear UI in settings to view, control, and remove AI model files
  • [ ] Make AI feature descriptions accurately reflect whether processing occurs locally or in cloud
  • [ ] Calculate and disclose environmental impact of mass software distribution
  • [ ] Design deletion as permanent user choice, not temporary state to be corrected
  • [ ] Document substantial automatic downloads prominently in user-facing materials
  • [ ] Test consent flows with users who have limited bandwidth or storage

Original Source: That Privacy Guy! Full details: Google Chrome silently installs a 4 GB AI model on your device without consent

Back to All Incidents