Computer scientist Alexander Hanff has alleged that Google’s Chrome web browser downloads a 4GB file named “weights.bin” without user consent. This file reportedly contains data for Google’s on-device large language model, Gemini Nano, which powers AI features such as “help me write” and scam detection.
Hanff detailed his findings on his website, The Privacy Guy. He criticized Google’s approach, noting that Chrome does not prompt users to install the Gemini Nano weights, which were found in a hidden folder within the macOS Library directory. He confirmed the presence of the 4GB file following the update to Chrome version 148.0.7778.97, and observed that it reappears after deletion.
Google responded to the allegations, stating that Gemini Nano has been available in Chrome since 2024 and is designed to be a lightweight on-device model. “It powers important security capabilities like scam detection and developer APIs without sending your data to the cloud,” the company said. Google indicated that the model automatically uninstalls if the device runs low on resources and noted that as of February, users can disable the model directly in Chrome settings.
While Hanff did not observe the weights.bin file on a second Mac or a coworker’s laptop, he reported similar download behavior on multiple Windows devices. “The user deletes, Chrome re-downloads; the only ways to make the deletion stick are to disable Chrome’s AI features through chrome://flags or enterprise policy tools, or to uninstall Chrome entirely,” Hanff stated.
Further, Hanff raised concerns about compliance with European privacy laws, including the General Data Protection Regulation (GDPR). He also estimated significant environmental impact if the 4GB file is deployed to 500 million devices, noting it could lead to approximately 30,000 tonnes of CO2e emissions, equivalent to the annual emissions of 6,500 cars.
Google’s statement and clarification regarding the option to disable on-device AI tools came after the initial report, highlighting the ongoing discourse about data privacy and the environmental implications of large-scale software deployments.
