Google Chrome 'silently' downloads 4GB AI model to your device without permission, report claims — researcher says practice may violate EU law, waste thousands of kilowatts of energy

Security researcher Alexander Hanff, also known as "That Privacy Guy," has published a new analysis claiming that Google Chrome is silently downloading a roughly 4GB on-device AI model to users' machines without notice or consent. According to Hanff, the behavior mirrors a separate issue he recently identified involving Anthropic's desktop software, and together the two cases point to a broader pattern of how large tech companies deploy AI features.

Hanff's earlier report focused on Anthropic's Claude Desktop app, which he says quietly installed a browser integration bridge across multiple Chromium-based browsers on a system, including five browsers he did not even have installed. According to the researcher, this happened without any user prompt or meaningful disclosure, and the integration would reinstall itself if removed. He argues that this kind of silent modification of a user's environment violates both user expectations and, in his view, European privacy law.

That earlier finding serves as context for what Hanff describes as a similar but even larger-scale issue with Chrome. In his latest post, he says Chrome is now writing a file called "weights.bin" to disk, part of the company's on-device AI system based on its lightweight Gemini Nano model. The file is approximately 4GB in size and is downloaded automatically on systems that meet certain hardware requirements. According to Hanff, there is no clear consent flow for this download. He says Chrome does not present a prompt explaining that a multi-gigabyte AI model will be stored locally, nor does it provide a straightforward setting to prevent it. Users who discover and delete the file will find it re-downloaded later unless they disable certain experimental flags or remove Chrome entirely.

Latest Videos From

To verify what was happening, Hanff conducted a controlled test using a fresh Chrome profile on macOS. He relied on the operating system's filesystem event logs, which record file activity independently of applications. According to his analysis, the browser created the model directory and downloaded the full 4GB payload in the background while no human interaction was taking place. The process completed in just over fourteen minutes, during what appeared to be idle browsing time. He also points to Chrome's own internal state files as corroborating evidence. These show that the browser evaluated the system's hardware capabilities and marked it as eligible for the on-device model before the download occurred. In Hanff's telling, this indicates that Chrome is proactively deciding which users' machines should receive the model, rather than responding to an explicit user action.

Beyond the technical details, Hanff raises legal concerns. He argues that both the Anthropic case and the Chrome case likely violate provisions of EU law, including the ePrivacy Directive's rules on storing data on user devices and the GDPR's requirements around transparency and lawful processing. These claims have not been tested in court, but they reflect a growing tension between aggressive feature rollout and regulatory expectations, particularly in Europe.

Swipe to scroll horizontally

Environmental cost of Gemini Nano deployment in Chrome
Devices receiving the push	Total bytes pushed	Total energy	Total CO2e
100 million (~3% of Chrome users)	400 petabytes	24 GWh	6,000 tons CO2e
500 million (~15% of Chrome users)	2 exabytes	120 GWh	30,000 tons CO2e
1 billion (~30% of Chrome users)	4 exabytes	240 GWh	60,000 tons CO2e

(Data above calculated by Alexander Hanff)

A key focus of Hanff's post is the environmental cost of silently distributing a 4GB AI model, where he highlights the perils of distributing a file of this size on a global scale. If deployed across hundreds of millions or billions of devices, Hanff estimates the total emissions impact of simply distributing the file (not even using it) could reach tens of thousands of tons of CO2 equivalent, an amount similar to the annual output of tens of thousands of cars. That estimate depends heavily on possibly dubious assumptions about scale and energy mix, but his broader point, that pushing large binaries to user devices is not free and the cost is externalized, is completely valid regardless of the math.

For many users, the more immediate concern is bandwidth. A 4GB download is trivial on an unlimited fiber connection, but that is very much not the global norm, nor is it common even in the United States. For users whose data is capped, metered, or expensive, including most of the developing world, silently transferring gigabytes of data can have real financial consequences. Even in developed markets, users on mobile hotspots or rural connections may feel the impact acutely. Hanff argues that downloading files of this size without clear notice or consent crosses a very clearly demarcated line, regardless of the feature being delivered.

Taken together, the two cases reinforce a familiar criticism of large technology platforms. According to Hanff, both Anthropic and Google acted first and left users to discover the consequences later. Whether it is silently registering deep system integrations (in the case of Claude Desktop) or downloading multi-gigabyte AI models in the background, the pattern is the same: the user's device is being treated as a deployment target rather than something the user actively controls. That framing may sound harsh, but it aligns with long-standing complaints about "dark patterns" in software design. Features that benefit the platform at the user's cost are enabled by default, buried behind obscure settings, or implemented in ways that make them difficult to remove. Hanff's reporting suggests that the shift toward on-device AI is not changing that dynamic, and in fact may be accelerating it.

Google has not publicly responded in detail to Hanff's findings at the time of writing, and the company may argue that these downloads are tied to legitimate product features and improve privacy by keeping AI processing local. Even so, the core question remains unresolved. If a browser is going to download gigabytes of data onto a user's machine, should that require an explicit opt-in? Hanff's answer is clearly yes. Whether regulators or users ultimately agree may determine how far companies can push this kind of behavior in the future.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

Zak is a freelance contributor to Tom's Hardware with decades of PC benchmarking experience who has also written for HotHardware and The Tech Report. A modern-day Renaissance man, he may not be an expert on anything, but he knows just a little about nearly everything.

44 Comments Comment from the forums

usertests

Oh no we can't even download a 4 gig file without releasing tonnes of CO2!

I've been wondering when browsers would start packing small LLMs for standards-based local generative AI inference in the browser. Preferably with no external libraries required. Which I would immediately try using in a local web application.

Is this Gemini Nano-2 (3.25B)? I think they should have started with Gemini Nano X
XXS or something sub-1B instead and offered an option to replace it with a larger model.

Installer vs. Installed App: The downloaded installer binary is typically between 54 MB and 80 MB depending on the operating system (Windows, Mac, Linux, etc.), while the actual installed application folder usually occupies 200–500 MB on disk.

Variable User Data: The total disk space Chrome uses on a user's hard drive can vary significantly, often ranging from 6 GB to 22 GB, due to the accumulation of cached data, browsing history, extensions, and recently added on-device AI models (such as the ~4 GB weights.bin file for Gemini Nano).

Reply
Freddy D

Could care less about carbon release. After all, that is plant food and contributed to continued global greening, a fact that climate nutjobs will dance around ..

But many people have monthly limits on Internet still

Another reason to leave the Google ecosystem
Reply
bill001g

Too bad for chrome I have stopped the auto updater tasks. Now it complains and wants me to reinstall....not that silly. I will no longer update chrome until it no longer works and I pretty much only use chrome when other browsers are having strange issues. It constantly was breaking adblockers and other things.
Reply
rluker5

Chrome used to come as an unwanted addon on "free" software downloads back in the day. This doesn't surprise me at all.

What Anthropic is doing sounds worse.
Who knows how much data mining they are doing.
Reply
DataPotato

Can we get a math check on the GWh per exabyte?

The table says "2 exabytes 120 GWh 30,000 tons CO2e". If 2 exabytes is 2,000,000,000,000,000,000 bytes, and 120 GWh is 120,000,000 KWh, then dividing that out gives 16.6 GB per KWh. That cannot be right; it cannot possibly take 2 KWh to download a random 30 gig steam game.

My home router, in 1 hour (using maybe 50 watts, so 0.05 KWh) could transfer at gigabit (~100 megs/sec), yielding 360 gigs/hour. Or, 7,200 gigs/KWh.

Are there 450 routers between my computer and Chrome's servers? Not likely.
Reply
Dr3ams

I use Chrome and Gemini all the time, so I could care less.
Reply
sftwn

Freddy D said:
Could care less about carbon release. After all, that is plant food and contributed to continued global greening, a fact that climate nutjobs will dance around ..
I agree with your overall message: The CO2 aspect is overblown. I also roll my eyes at the data center water claims. People bring these up about things they don't like and ignore it on background stuff like wasteful crops that destroy soil and have heavy water needs. The hypocrisy is not lost on me at all.

However, while it's true that CO2 helps some plants grow, that's like saying flooding is fine because water is good for you. It's a fun-sounding gotcha that doesn't hold up past the first question.
Reply
Roland Of Gilead

Freddy D said:
Could care less about carbon release. After all, that is plant food and contributed to continued global greening, a fact that climate nutjobs will dance around ..
Well, that might be true if there weren't a football field size of Amazon forests being chopped every 10 minutes. Global greening does not offset the rising climate change, and ecological losses which have already occurred.
Reply
CaptRiker

is this just for "chrome" or is it happening to all chromium browsers, ie like Brave?
Reply
DS426

bill001g said:
Too bad for chrome I have stopped the auto updater tasks. Now it complains and wants me to reinstall....not that silly. I will no longer update chrome until it no longer works and I pretty much only use chrome when other browsers are having strange issues. It constantly was breaking adblockers and other things.
Yeah, speaking of which: Firefox is supporting manifest v2 extensions indefinitely, so uBlock Origin and other ad blockers continue to work properly on it.

Ff had some rough years, but it's been pretty bright in recent times. They added (almost) full control of integrited AI features recently, and it sounds like more is coming.
Reply

Show more comments

Unparalleled insights. Industry analysis. Insider access.