A hidden 4GB AI model, named Gemini Nano, has been discovered by privacy expert Alexander Hanff in the Chrome user data folder. This installation occurs without any user consent or notification. The file, known as weights.bin, is found within a directory labeled OptGuideOnDeviceModel and serves as the weight file for Google’s on-device language model.
Hanff identified this behavior through an automated audit of a fresh Chrome profile, utilizing macOS kernel filesystem logs to trace Chrome’s creation of a temporary directory and subsequent download of model components. This process takes about 15 minutes without any user interaction or alerts. The same installation pattern has been observed across Windows 11, Apple Silicon Macs, and Ubuntu systems.
Users experiencing unexplained storage increases over the past year may attribute these to Gemini Nano. This AI model powers several Chrome features such as “Help me write an email,” scam detection, smart paste, page summarization, and AI-assisted tab grouping. On Windows, it is stored at %LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel\weights.bin, while on Mac and Linux systems, it resides in the equivalent Chrome profile directory.
Even after deletion, Chrome reinstalls the model upon restart unless users disable the feature through chrome://flags or specific settings. Despite a new “AI Mode” button appearing prominently in the address bar, queries are sent to Google’s cloud servers rather than being processed locally by Gemini Nano.
Hanff argues this practice breaches EU privacy laws, specifically Article 5(3) of the ePrivacy Directive, which mandates explicit user consent for data storage on devices. He also references GDPR Articles 5(1) and 25 regarding transparency and privacy design.
Google acknowledges that Chrome uses on-device AI models to enhance web features and may download these models in the background to ensure readiness. The company states it began allowing users to disable this model via settings in February, noting automatic deletion when storage is low but not addressing why prior user consent was not sought. Google’s own developer documentation advises alerting users about such downloads—a practice overlooked in this instance.