Chrome is shoving a 4GB AI model onto your machine without asking. Delete it, and the browser downloads it again in the background.
Privacy researcher Alexander Hanff proved it with macOS kernel-level filesystem logs.
Hanff, who runs That Privacy Guy, created a fresh Chrome profile on April 23 and ran an automated audit that never touched a single UI element. No keyboard input, no mouse clicks, no AI features invoked.
Within 14 minutes and 28 seconds on April 24, Chrome had created the OptGuideOnDeviceModel directory and downloaded weights.bin, the 4GB Gemini Nano LLM file. The forensic evidence came from .fseventsd, macOS's kernel-level event log that Chrome cannot modify. The file powers features Google markets as "Help me write," on-device scam detection, and other AI-assisted browser functions. But Chrome downloads it before the user has ever interacted with any of those features.
Android Authority confirmed that deleting the file triggers a silent re-download on browser restart, and the only way to stop the cycle is to disable Chrome's AI flags via chrome://flags or enterprise policy tools most home users don't know exist.
Chrome version 147 compounds the problem. The browser now displays an "AI Mode" pill in the omnibox, the most visible piece of browser real estate. A reasonable user with a 4GB Gemini Nano model already on their disk would assume that pill routes queries locally. It doesn't. The AI Mode pill sends every query to Google's cloud servers. The on-device model powers buried features like textarea helpers and tab-group suggestions that most users will never discover.
Google confirmed the behavior to Android Authority on May 6. A spokesperson said the model has been in Chrome since 2024 as "a lightweight, on-device model" that powers security features and developer APIs without sending data to the cloud.
They noted that the model auto-uninstalls on resource-constrained devices and that Google began rolling out settings-level controls in February to disable and remove it. That defense doesn't address the consent gap. Hanff argues the silent install violates EU law, specifically Article 5(3) of the ePrivacy Directive, which prohibits storing information on user terminal equipment without prior consent, and GDPR Articles 5(1) and 25 on transparency and data protection by design.
He also calculated the climate cost: a mid-band estimate of 500 million Chrome devices receiving a 4GB push generates roughly 30,000 tonnes of CO2e in network delivery alone, not counting the embodied carbon of storage or re-download cycles. For users who want the model gone, Android Authority documented the process: disable #optimization-guide-on-device-model and #prompt-api-for-gemini-nano in chrome://flags, relaunch, then delete the OptGuideOnDeviceModel folder. There is no guarantee a future Chrome update won't reset those flags and start the download cycle again.
