Google Chrome is silently installing a 4GB AI model on each of our devices without consent, says Alexander Hanff, a prominent computer scientist and lawyer. According to him, that’s both illegal and extremely costly for the climate.

Hanff said on his blog he’s discovered that Chrome is “reaching into users’ machines and writing a 4GB on-device AI model file to disk without asking.”

The file is named weights.bin, and it lives in OptGuideOnDeviceModel. Essentially, it’s the weights for Gemini Nano, Google’s on-device large language model.

Moreover, the file appeared with no consent prompt, Hanff says. There is no checkbox in Chrome Settings labeled “download a 4GB AI model.”

The download triggers when Chrome’s AI features are active, and, of course, those features are active by default in recent Chrome versions.

“Chrome did not ask. Chrome does not surface it. If the user deletes it, Chrome re-downloads it,” Hanff rages.

“An engineering team at a large AI vendor decided that the user’s machine is a deployment surface to be optimized for the vendor’s product roadmap, not a personal device whose owner is the legal authority on what runs there.”

Have thoughts about this topic? Others do, too. Join them in the discussion.

The computer scientist has calculated that the total install time – from directory creation to final move – is only 14 minutes and 28 seconds. The human user doesn’t need to do anything and only finds out about the download months later when their disk fills up.

Classically, while adding the file takes zero clicks, removing it requires multiple steps, none of which are documented or even hinted at in Chrome, Hanff points out.

A couple of weeks ago, Hanff also said that Anthropic was secretly installing what he called spyware on users who were installing Claude Desktop, accusing the AI company of directly breaching the EU’s ePrivacy Directive as well as a multitude of computer access and misuse laws.

According to the researcher, the legal implications of this particular case around Google Chrome could be similar. But there’s more – simply because the Chrome browser is just so much more popular than any Claude application, at least for now.

At Chrome’s scale, the climate bill for one model push, paid in atmospheric CO2 by the entire planet, is between six thousand and sixty thousand tonnes of CO2-equivalent emissions, depending on how many devices receive the push, Hanff explains on his blog.

“That is the environmental cost of one company unilaterally deciding that two billion people’s default browser will mass-distribute a 4GB binary they did not request,” he adds.

All Google should have done is ask, the researcher believes. Here’s how the choice could be presented to the user: “Chrome would like to download a 4GB AI model file to your device to power the following features. Allow, or skip and decide later.”

“If Google’s next Chrome update silently removes the unconsented installs and replaces the behavior with an explicit opt-in, we will know the company can read the room,” Hanff concludes.

“If it does not, we will know what the company's published positions on responsible AI and sustainability are actually worth.”

---