A recent update to Google Chrome’s settings page saw the removal of a previously stated promise regarding user data privacy. In Chrome version 147, found under Settings > System > On-device AI, it was specified that: “To power features like scam detection, Chrome can use AI models that run directly on your device without sending your data to Google servers.” This assurance is absent in the latest update, Chrome 148.0.7778.97, which now states Chrome “can use AI models that run directly on your device. When this is off, these features might not work.”
Users on the Chrome subreddit and Hacker News, where it gathered over 250 points swiftly, noticed this change, triggering discussions among privacy advocates. One user commented, “I’m just surprised people use Chrome at all. Google has proven over and over they can’t be trusted and will exploit you every chance they get.” Another expressed concerns about the implications: “It’s on-device AI spyware, really. It collects intelligence about the user, summarizes it and sends it to Google, all paid by the user’s electricity bill. Deviously clever.”
Google has been quietly downloading a roughly 4GB file named weights.bin—the weight file for Gemini Nano—to any compatible device without requiring user consent or providing notifications. This file is stored in Chrome’s OptGuideOnDeviceModel directory within its user data folder, and it reinstalls if removed upon restart.
Privacy researcher Alexander Hanff confirmed this behavior using macOS kernel filesystem logs, with subsequent verification on Windows 11 and Ubuntu systems. The removed phrase from Chrome’s settings was a key justification for installing Gemini Nano without explicit permission, arguing that on-device processing keeps user data off Google servers, thus enhancing privacy.
However, this argument had limitations since Chrome 147’s “AI Mode” feature directed all queries to Google’s cloud rather than using the local Gemini Nano model. Deleting the phrase does not address this issue but eliminates an assertion Google apparently cannot uphold.
Google did not comment on Decrypt’s inquiry about the settings adjustment. Hanff argues that the download breaches Article 5(3) of the EU ePrivacy Directive, which mandates explicit consent for data storage on a user’s device. Removing privacy language from the UI does not mitigate this legal risk; it simply removes Google’s main defense for the silent installation.
Chrome 148 is gradually being deployed. Users still using version 147 will continue to see the original text, while those who updated will find the claim about data privacy removed.