According to Decrypt on May 7, Google Chrome quietly downloaded about a 4GB Gemini Nano AI model to eligible devices without obtaining users’ consent. The privacy researcher Alexander Hanff discovered the behavior while conducting automated audits of new users’ profiles, saying it may violate the EU ePrivacy Directive.
Where is this 4GB file, and how do you disable it?
Hanff used macOS core file system logs to trace how Chrome, without the user’s knowledge, created a temporary directory, downloaded model components, and stored the final file. The entire process took about 15 minutes, with no notifications or prompts throughout, and the profile was not touched by any human action.
File storage path and disable method:
Windows:%LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel\weights.bin
Mac / Linux:the same folder under the corresponding Chrome profile directory
Permanently disable:go to chrome://flags, or enter Settings > System and turn off the “Device-side AI” switch, or in Windows Registry set OptimizationGuideModelDownloading to disabled
Gemini Nano supports Chrome’s device-side features, including “help me write an email,” scam detection, smart paste, page summaries, and AI-assisted label grouping.
Product logic intentionally blurred: your 4GB white label is loaded
Chrome recently added a prominent “AI Mode” button to the address bar. A reasonable assumption by an ordinary user is: since the device already has the 4GB Gemini Nano installed, queries for AI Mode should run locally, protecting privacy.
But the reality is the opposite. AI Mode routes all queries to Google’s cloud servers; the local Gemini Nano model plays no role in any computation for AI Mode. In other words, users pay the download cost of the 4GB in their own disk space and network bandwidth, yet when using AI Mode they still send every query to Google’s cloud.
Legal dispute and Google’s contradictory response
Hanff’s legal argument is mainly based on Article 5(3) of the EU ePrivacy Directive—that same provision behind cookie consent banners. The provision requires that before any content is stored on a user’s device, “prior, voluntary, specific, informed and unambiguous consent” must be obtained. He also cites GDPR Article 5(1) (transparency) and Article 25 (privacy by design), linking this case to the Anthropic Claude Desktop incident he previously exposed—where about 3 million devices were given prior authorization for browser automation, also without obtaining explicit consent.
Google says that starting in February 2026 it has introduced a feature in Chrome settings that allows users to turn off and remove the model, and claims the model is automatically deleted when storage space is insufficient. However, Google did not address the most critical question: why wasn’t user consent obtained beforehand?
More notably, Google’s own Chrome developer documentation says third-party developers should “remind users of the time required to download,” but this time Google’s action fully ignored that recommendation.
FAQ
How do I find and permanently disable Chrome’s Gemini Nano model?
On Windows, the file is located in the %LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel\ folder. To permanently disable it (prevent re-downloading), go to chrome://flags, search for OptimizationGuideModelDownloading, and set it to disabled, or enter Chrome Settings > System and turn off the “Device-side AI” option. Simply deleting the file won’t work—Chrome will automatically reinstall it on the next startup.
Why doesn’t AI Mode use the locally installed Gemini Nano?
Gemini Nano is a lightweight model designed to support specific device-side assistant features. AI Mode is a fully separate query feature that relies on Google’s cloud and its more powerful model processing. The two are separate products at the technical level, but Chrome’s UI design does not clearly distinguish them for users, which can lead users to mistakenly believe the local model is used for all AI features.
Do Hanff’s GDPR legal arguments have practical enforcement impact?
Article 5(3) of the ePrivacy Directive is the same provision EU regulators use to pursue issues related to cookie consent, and it has a clear enforcement basis. If regulators determine that the silent installation of Gemini Nano constitutes “storing content on a user’s device,” Google may face a formal investigation. So far, no official body has announced that an investigation will be launched, but the case has drawn broad attention from Europe’s privacy research community.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
