Chrome’s silent Gemini Nano download raises privacy concerns over on-device AI
A 4 GB model lands on user devices without a prompt
Google Chrome is automatically writing a roughly 4 GB file to user devices as part of its on-device AI features, according to research describing the file as Gemini Nano’s weights. The file, named weights.bin, is stored in a directory called OptGuideOnDeviceModel and is reportedly downloaded without an explicit consent prompt or opt-out control.
The behavior has drawn comparisons to a separate case involving Anthropic, where a Native Messaging bridge was silently registered across Chromium-based browsers on machines with Claude Desktop installed. In both cases, the pattern is the same: software on one product reaches into another part of the user’s system and makes changes without asking.
According to the research, if the weights.bin file is deleted, Chrome downloads it again. The browser does not surface the download to users in any visible way, even though the model is used to support features such as “Help me write,” on-device scam detection, and other AI-assisted browser functions.
Privacy and surveillance questions
The concern is not only that Chrome is using local storage for a large AI model, but that it is doing so unilaterally on users’ machines. The research argues that this raises significant digital privacy and surveillance concerns, especially because the download occurs by default on systems with Chrome installed.
The same analysis says the practice may conflict with European privacy rules, including the ePrivacy Directive and GDPR principles around lawfulness, fairness, transparency, and data protection by design. It also flags the environmental cost of distributing the model at Chrome’s scale, estimating that a single push could produce between 6,000 and 60,000 tonnes of CO2-equivalent emissions depending on how many devices receive it.
The broader issue is not just the size of the file, but the precedent it sets: a browser making a substantial, persistent change to a user’s device without asking first. In a product used by billions, that kind of silent deployment is likely to invite scrutiny far beyond Chrome’s AI features themselves.
Sources: