Chrome auto-downloads 4GB Gemini Nano model without consent

Privacy researcher Alexander Hanff discovered that Chrome downloads a roughly 4GB file named weights.bin-the weight bundle for Google’s Gemini Nano on-device language model-into eligible browser profiles without prompting the user. Hanff found the behavior while running an automated audit on a fresh Chrome profile and tracing file operations with macOS kernel logs.

Hanff reported that Chrome creates a temporary directory, downloads model components, and assembles the finished weights.bin inside a folder named OptGuideOnDeviceModel. The complete process took about 15 minutes and left no prompt or notification. The same pattern has been confirmed on Windows 11, Apple Silicon Macs and Ubuntu.

On Windows the file appears at %LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel\weights.bin. On macOS and Linux it is stored in the equivalent Chrome profile directory. Users who delete the folder find Chrome restores it on the next browser restart unless they disable the on-device model download in settings or flags.

Gemini Nano is the on-device model Chrome uses for features such as “Help me write an email,” scam detection, smart paste, page summarization and AI-assisted tab grouping. Chrome’s AI Mode button in the address bar routes queries to Google’s cloud servers; the local Gemini Nano file does not handle AI Mode queries.

Chrome provides several ways to stop the download. Users can disable on-device AI via chrome://flags, toggle the On-device AI option in Settings > System, or on Windows set the registry key OptimizationGuideModelDownloading to disabled. Google’s support entry states: “Chrome may download on-device Generative AI models in the background, so features that rely on these on-device models stay ready for use.” The company added that in February it began rolling out an option in settings to turn off and remove the model, and that models will auto-delete if local storage becomes low.

Hanff argues the download practice may conflict with European privacy rules. He cites Article 5(3) of the ePrivacy Directive, which requires prior, freely given, specific and informed consent before storing information on a user’s device, and points to GDPR provisions on transparency and privacy by design. He also linked the finding to a recent audit he published alleging that another desktop application pre-authorized browser automation across roughly three million machines.

Chrome’s developer guidance tells third-party developers to alert users to the time required for downloads. Hanff and other observers noted Chrome did not present a prompt before placing the 4GB file on disk. The discovery may explain unexplained storage increases some users have reported.