A privacy researcher flags consent-less storage and persistent reinstalls of AI features in a commonly-used desktop browser.

According to privacy researcher Alexander Hanff’s forensic analysis published on 3 May, Google Chrome has ignited a significant privacy controversy by automatically downloading a 4GB Gemini Nano AI model onto users’ devices without explicit consent, prompting backlash from advocates and potential scrutiny under European data laws.

This on-device language model, saved as weights.bin in a hidden Chrome directory named OptGuideOnDeviceModel, supports features such as “Help me write” text assistance and scam detection, triggering silently when hardware requirements are met: no notification, dialog, or standard settings toggle appears to alert or empower users.

Affected individuals across platforms report a relentless cycle: deleting the file leads Chrome to re-download it immediately, trapping most in a loop with no straightforward exit.

Hanff’s report draws parallels to the prior Anthropic Claude Desktop case but underscores Chrome’s vastly larger impact, amplifying risks such as unchecked bandwidth consumption on metered connections, and storage quota breaches in cloud environments. He contends this behavior infringes the Article 5(3) of the ePrivacy Directive, demanding informed consent for terminal equipment storage or access — now explicitly including software such as AI models per the European Data Protection Board’s October 2024 guidelines — alongside GDPR Article 5(1) transparency shortfalls, and Article 25’s data protection by design mandates.

Should EU regulators validate these claims, Google could face penalties up to four percent of global annual revenue, although no formal actions have launched yet.

Google has defended the practice via its terms of service, permitting automatic “component” updates, a stance critics deride as inadequate for a hefty 4GB model masquerading as routine maintenance. In January 2026, a “On-device GenAI” disable-toggle had debuted in Chrome Canary but this has not been propagated to stable builds by early May, compelling workarounds such as chrome://flags tweaks, Windows registry edits, or enterprise policies — barriers far beyond the reach of average users.

This saga highlights friction in AI’s rapid integration into consumer tools, pitting innovation against autonomy and regulation. While complaints mount, users should watch storage and data usage, awaiting accessible fixes in upcoming updates — a cautionary tale on the concealed trade-offs of
“smart” browser enhancements.