Google Chrome silently downloads a 4GB AI model on your PC without asking

It seems Google has decided that your PC needs a hefty dose of AI, whether you asked for it or not. Security researcher Alexander Hanff, also known as "That Privacy Guy," has published a new report claiming that Google Chrome silently downloads a roughly 4GB AI model onto users' machines without notice or consent.

The file in question is called weights.bin, and it is part of Google's on-device Gemini Nano AI model. Chrome stores it inside a folder called OptGuideOnDeviceModel, located deep in your system's Chrome User Data directory. On Windows, that path is C>Users>AppData>Local>Google>Chrome>User Data. The model is used to power AI features like scam detection locally on your device, rather than sending your data to the cloud.

Perhaps more concerning is what happens if you try to get rid of it. According to Hanff's research, deleting the file does nothing, as Chrome simply re-downloads it automatically. The only way to stop this is to disable the feature through Chrome's settings, which Google reportedly made available in February 2026. Once turned off, the model will no longer download or update.

2

To conduct his testing, Hanff set up a fresh Chrome profile on macOS and used the OS's own filesystem event logs to track exactly what the browser was doing in the background. He found that Chrome evaluated the system's hardware, marked it as eligible, and downloaded the full 4GB payload in just over 14 minutes, all without any user interaction.

Beyond the obvious privacy concerns about software being installed without consent, Hanff also argues that the practice likely violates EU privacy law, including the ePrivacy Directive and the GDPR. There is also an environmental angle to consider. Hanff estimates that if the model were deployed across hundreds of millions of Chrome users, the energy required just to distribute the file could reach hundreds of gigawatt-hours, translating to tens of thousands of tons of CO2 emissions.

The math depends on assumptions about scale and energy requirements, but the broader point still stands. This is especially true for users on metered connections, mobile hotspots, or with limited data plans, where a silent 4GB download can have very real financial consequences.

For Google, the timing is not ideal. The company is already facing antitrust scrutiny across multiple jurisdictions, and this discovery feeds into a familiar criticism that Big Tech enables features by default for its own benefit, burying the opt-out deep in settings menus. Whether regulators push back and how users respond will likely shape how aggressively Google and other companies can continue this kind of deployment going forward.