Chrome Silently Installs 4 GB Gemini Nano on Idle Profiles — 14 Min, No Consent, ePrivacy Article 5(3) Cited

What is it?

A research blog post by Alexander Hanff (operating as 'That Privacy Guy') documenting Chrome's automatic, silent download of Gemini Nano model weights. Hanff captured macOS filesystem logs on a freshly created profile that received no human interaction, and observed Chrome writing a 4 GB weights.bin file to the OptGuideOnDeviceModel directory.

How does it work?

Two Chrome flags, OnDeviceModelBackgroundDownload and ShowOnDeviceAiSettings, are gated by the same rollout switch — so the install begins before the settings UI even surfaces a toggle to the user. The 4 GB binary contains the Gemini Nano LLM weights and powers features like 'Help me write,' on-device scam detection, and the new Summarizer API. If a user deletes weights.bin, Chrome restores it; if flags are flipped to disabled, they reset on the next update.

Why does it matter?

It reframes the on-device-AI debate from 'good for privacy because your text stays local' to a regulatory question about consent for terminal-equipment storage. Hanff argues this violates ePrivacy Directive Article 5(3) and GDPR's Article 5(1) transparency principles, and estimates ~30,000 tonnes CO2-equivalent across 500M devices. The post hit HN's front page (#15, 204 points, 213 comments) and follows Mozilla's recent 'position: negative' stance on the related Prompt API.

Who is it for?

browser-platform engineers, privacy/compliance teams, EU data-protection authorities

Try it

Linux/macOS: ls -la ~/Library/Application\ Support/Google/Chrome/OptGuideOnDeviceModel

Tags

• chrome
• gemini-nano
• on-device-ai
• privacy
• gdpr
• eprivacy
• weights-bin
• consent