Chrome version 147 silently downloads Gemini Nano's weights.bin file to local storage, sparking major privacy, data, and legal concerns.
Google Chrome has started automatically downloading and installing an on-device AI model file called weights.bin to power Gemini Nano. The 4GB model is being installed on users’ devices without consent, notice, or an opt-out toggle and deleting the file causes Chrome to re-download the model without telling you.
According to Alexander Hanff from The Privacy Guy, this behavior mirrors a pattern previously seen with Anthropic’s Claude Desktop.
The weights.bin file is stored in the OptGuideOnDeviceModel directory in your Chrome user profile. It weighs a hefty 4GB and is installed on devices that meet certain system requirements, without getting consent from the user or offering an option to disable it in the settings. To stop it being redownloaded once deleted, you must disable it via chrome://flags or via enterprise policy tools. Right now it seems as though Windows and macOS are affected by this covert downloading.
In Hanff’s testing it took Chrome just 14 minutes to create the OptGuideOnDeviceModel directory and download the model, all while giving users no indication that it was downloading this large file. He said that this activity by Google had many dark patterns involved, similar to what was seen in the Claude desktop app, which he wrote about before. The dark patterns listed involve:
- Forced bundling across trust boundaries
- Invisible default with no opt-in
- Harder to remove than install
- Pre-staging capability user did not request
- Generic/obfuscated naming: OptGuideOnDeviceModel vs GeminiNanoLLM
- Registration without user configuration
- Documentation gap for normal users
- Automatic re-install after deletion
- Retroactive survival of future consent
- Shipped via stable release channel
Chrome’s most recent release, version 147, now includes an AI Mode pill in the omnibox, however, this routes queries to cloud-based AI servers. The local model is not used by that AI, instead it powers features like “Help me write”.
Hanff says that the silent installation of the model could potentially be illegal in several jurisdictions. Some laws that he claims it violates include the ePrivacy Directive Article 5(3) which prohibits storing information on user terminal equipment without prior consent and GDPR Article 5(1) and GDPR Article 25 which promote transparency and data protection by design and by default.
He also notes that the deployment of this model to devices has a significant climate impact, generating 640,000 tonnes CO2e. For users with data caps or relying on mobile data, the download could use up all the data and leave them scratching their heads about what’s going on.
To address these issues, Hanff recommends that Google gets user consent before starting the download, gives users an easy way to delete the model, and not to reinstall the model automatically after deletion.
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.