Google Chrome is loading a 4GB UI model without users' consent

Security researcher Alexander Hanff has warned of a problematic practice in Google Chrome, which reportedly downloads an approximately 4GB-sized artificial intelligence model onto users' devices without their knowledge. This process, which allegedly violates European privacy laws, not only wastes disk space, but also causes huge energy consumption and unnecessary CO2 emissions.

Image by Pete Linforth from Pixabay

The integration of artificial intelligence into everyday software has reached a new level, raising serious concerns about privacy and transparency. Security expert Alexander Hanff, also known as “That Privacy Guy,” published an analysis claiming that Google Chrome automatically downloads a file called “weights.bin” in the background. It is part of Google’s artificial intelligence system on a device based on the Gemini Nano model.

Hanff conducted a controlled experiment on a fresh Chrome profile on macOS. By monitoring the system event logs, he found that the browser created a directory without any user interaction and downloaded the entire 4GB package in the background in just over fourteen minutes. Chrome supposedly independently assesses the hardware capabilities and marks the device as suitable for the download without asking the user for permission or offering them the option to decline.

According to the researcher, this practice violates the provisions of the EU ePrivacy Directive and the GDPR, as it involves storing data on the user's device without clear consent and transparency. Even more worrying are the environmental impacts of such mass distribution. Hanff estimates that deploying this model to a billion devices (about 30% of Chrome users) would consume around 240 GWh of energy and cause 60,000 tons of CO2 emissions, which is comparable to the annual emissions of tens of thousands of cars.

In addition to the environmental impact, there are also financial implications for users with limited data. Transferring four gigabytes of data can be a significant expense at mobile hotspots or in countries with expensive internet. The researcher points out that tech giants like Google and Anthropic (with its Claude Desktop app) are acting as if users' devices are mere targets for their rollout of services over which the owners have no real control.

If the user deletes the file, it is reloaded at the next opportunity unless experimental settings are disabled or the browser is completely uninstalled.