Google Chrome 在你的电脑上安装了一个 4GB 的 AI 模型
Google Chrome Installed a 4GB AI Model on Your PC

原始链接: https://oztalking.com/en/issues/hidden-4gb-ai-model

Google Chrome 因在未经用户同意的情况下,静默向用户电脑安装了 4GB 大小的 AI 模型“Gemini Nano”而受到抨击。隐私研究员 Alexander Hanff 发现,如果硬件要求达标,该文件(weights.bin)会自动下载,且即便被手动删除,它也会重新出现。 尽管谷歌辩称此举旨在通过本地运行钓鱼网站检测和写作辅助等功能来提升隐私,而非依赖云端,但批评者认为这种缺乏透明度的做法是严重的违规行为。此事的讽刺之处在于:该模型在安装时并未获得通常对于 Cookie 等远小数据文件所要求的“明确同意”;且用户在地址栏中看到的 AI 功能,实际上仍依赖云端处理,而非本地模型。 这一事件凸显了一个日益增长的趋势:科技公司为了削减云端成本,正将用户的硬件视为其自身基础设施的延伸。除了存储和带宽方面的担忧,这一事态的发展也表明,在 AI 时代,我们亟需重新定义“用户同意”的准则,因为企业正越来越多地将 AI 的快速部署置于用户的知情权与控制权之上。用户可以通过 `chrome://on-device-internals` 查看该模型。

```Hacker News最新 | 往日 | 评论 | 提问 | 展示 | 招聘 | 投稿登录Google Chrome 在您的电脑上安装了一个 4GB 的 AI 模型 (oztalking.com)36 点,由 haebom 发布于 1 小时前 | 隐藏 | 往日 | 收藏 | 4 条评论 帮助 guilhermeasper 8 分钟前 | 下一条 [–] 依我之见,如果你是技术圈内人却还在用 Chrome*,那只能怪你自己。如果你不是,除非你需要电脑上的额外空间,否则你可能根本不在乎。*除非是工作中被迫使用。回复taf2 10 分钟前 | 上一条 | 下一条 [–] 我喜欢内置的 AI——我用它创建了这个带有 AI 喷子对手的井字棋游戏 -> https://taf2.github.io/ai-tic-tac-toe-trash-talk/回复ChrisArchitect 1 小时前 | 上一条 | 下一条 [–] 这是五月份的新闻;讨论:https://news.ycombinator.com/item?id=48019219 https://news.ycombinator.com/item?id=48050964回复haebom 1 小时前 | 父评论 | 下一条 [–] 那么,谷歌回应了吗?回复 指南 | 常见问题 | 列表 | API | 安全 | 法律 | 加入 YC | 联系 搜索: ```
相关文章

原文

Opening

Reader, have you noticed your computer’s storage suddenly shrinking lately?

Recently, a strange file has been making waves among Chrome users worldwide. Its name: weights.bin. Its size: 4GB. Buried deep in Chrome’s browser folder, this file turned out to be Gemini Nano, Google’s on-device AI model. The problem? Nobody asked for it to be installed.

Swedish privacy researcher Alexander Hanff uncovered the discovery by analyzing macOS kernel logs, and the same phenomenon was later confirmed on Windows and Linux. Let me get straight to the point: this isn’t a simple storage issue. It’s the start of a new pattern in which tech companies fold users’ devices into their own AI infrastructure.

Has it made things more convenient? Enormously, and I’m genuinely satisfied. But was the process behind it right? Well… no. Let’s dig in.

🔍 What Actually Happened

Let’s start with the structure of the file Chrome installed without users’ knowledge.

Inside Chrome’s user data folder sits a folder named OptGuideOnDeviceModel. The name itself is telling — it’s Google’s internal shorthand for “Optimization Guide On-Device Model.” Would an ordinary user look at that folder name and think, “Ah, this is the Gemini Nano AI model”? Hanff points out that this ambiguity is itself deliberate. If Google had named it honestly, it would have been GeminiNanoLLM.

Inside this folder sits weights.bin — the actual model weights1​ file for Gemini Nano. Chrome automatically checks your hardware specs: GPU tier, CPU core count, system RAM (16GB or more), and free storage (22GB or more). If your machine meets these criteria, Chrome downloads the model in the background without any notification whatsoever. When Hanff tested this on a clean Chrome profile, the download completed in 14 minutes.

What’s more interesting is what happens after you delete it. Even if you manually remove the file, restarting Chrome downloads it again. Chrome treats the deletion as a “temporary error” and attempts to restore it at the next opportunity. Some users have reported model files piling up to over 12GB because older versions were never cleaned out. When Snopes checked the devices of six of its own staff members, the file turned up on three of them, across macOS and Windows combined. In other words, deleting it doesn’t stop Chrome from forcing it back in.

Google describes it as “a lightweight on-device model we’ve offered since 2024,” and says that starting in February 2026 it began rolling out an “On-Device AI” toggle under Settings > System that lets users turn it off. But a substantial number of users, Hanff included, still haven’t received this toggle. Those without it have to manually disable the relevant flag at chrome://flags or edit the registry.

🎭 The Paradox: Violating Privacy in the Name of Privacy

The most notable part of this whole affair is the justification Google offers.

The features Gemini Nano runs locally include Help Me Write, phishing and scam detection, tab group suggestions, page summarization, and smart paste. The scam-detection feature in particular was integrated into Chrome’s Enhanced Protection mode in May 2025, and Google’s explanation is that on-device processing lets it catch phishing sites in real time — even ones that exist for less than 10 minutes before vanishing. That’s a threat cloud-based databases are too slow to catch. And these features are genuinely convenient — especially most of the tasks you do after opening developer mode (F12), which have become dramatically easier.

Google’s logic is that when these features run on the user’s device instead of the cloud, no data gets sent to Google’s servers, so privacy is protected. Taken purely on its own terms, that logic holds up.

But here’s where the paradox emerges.

A model installed to protect privacy was, itself, installed without consent. Article 5(3) of the EU’s ePrivacy Directive2requires “freely given, specific, informed, and unambiguous consent” before storing information on a user’s device. That single clause is the reason cookie banners exist at all. In plain terms, Google should have asked, “We’re about to download XYZ — do you agree?” before the download began. It didn’t.

A law that requires consent for a 4KB cookie somehow wasn’t applied to a 4GB AI model — a million times larger. Hanff argues this violates both the ePrivacy Directive and GDPR’s transparency principles. If EU regulators agree, Google could face a fine of up to 4% of its global revenue. Legal precedent is already accumulating too: in March 2025, a German court ruled that installing Google Tag Manager also requires prior consent.

Google’s consistent position, of course, is that this is simply part of the product, and therefore fine.

📱 The Gap Between Visible AI and Invisible AI

There’s another part of this story I find even more interesting.

Chrome 147’s address bar features a prominent “AI Mode” button. Given everything explained so far, users would naturally assume that AI Mode runs on the 4GB model sitting on their computer. It doesn’t. Every query typed into AI Mode gets sent to Google’s cloud servers. The locally installed Gemini Nano, meanwhile, powers features buried in right-click menus that most users don’t even know exist.

To summarize the structure:

  • The AI feature users see and actively use → processed in the cloud (data transmitted)
  • The AI model installed without users’ knowledge → processed locally (background feature)
  • The cost the user bears → 4GB of storage + download bandwidth…?????

Users pay the cost in storage and bandwidth, yet the AI feature they actually use directly delivers no privacy benefit to them at all. In Hanff’s words, this amounts to a privacy illusion.

There’s one more fact worth noting here. Chrome recently and quietly deleted a privacy pledge related to on-device AI — the line stating that “data is not sent to Google’s servers.” The situation changed once the Prompt API became enabled by default starting with Chrome 148.

This API allows websites to directly call a user’s Gemini Nano model. In that case, input and output data are handled according to that website’s own privacy policy. The data may not go to Google’s servers — but it can go to third-party websites instead.

🌍 The Bigger Picture: Whose Infrastructure Is Your Device?

If you see this only as a 4GB storage issue, you miss the point entirely.

Chrome’s global market share sits at roughly 65-71%. Its estimated user base exceeds 3.8 billion people. By Hanff’s calculations, deploying this model to 100 million devices consumes roughly 24GWh of energy; scale that to 1 billion devices and it reaches 240GWh — equivalent to 6,000-60,000 tons of CO₂, and that figure doesn’t even include future model updates and re-downloads. Now, I’m no environmentalist, so I don’t particularly want to dwell on carbon emissions. What matters is who bears this burden.

This is where the real question emerges: whose infrastructure is your device, anyway?

Until now, AI mostly ran in the cloud: users sent a request, a server processed it, and the result came back. But as the shift toward on-device AI3​ accelerates, tech companies are moving inference work onto users’ devices to cut cloud costs. This does bring real advantages in privacy and latency.

The problem is that this process consumes users’ storage, bandwidth, and power without asking permission. And it’s not just Google. In the same report, Hanff also flagged that Anthropic’s Claude Desktop app secretly installs a native messaging bridge even into browsers where it was never installed.

If this pattern keeps repeating, your laptop stops being “your device” and becomes just another node in a tech company’s distributed AI infrastructure.

What’s interesting is that Apple runs a similar on-device AI strategy but takes a different approach. Apple Intelligence clearly distinguishes between tasks it can handle on-device and tasks that must be offloaded to the cloud (Private Cloud Compute), and it explains this distinction to users. It’s a case that shows how, even with the same on-device AI, user trust can look completely different depending on how transparently it’s deployed.

Oz’s Lens

Honestly, I think on-device AI itself is a good direction. From my experience analyzing the architecture of various SaaS products while building go-to-market strategies, reducing cloud dependence is a sound choice on both cost and privacy grounds.

But this Chrome incident isn’t about the “what.” It’s about the “how.”

There’s a pattern I ran into constantly while doing data analysis: when a well-intentioned feature ships through a bad execution, it only takes one instance to lose user trust. If Google had simply asked from the start — “A 4GB local AI model will be installed in Chrome, used for scam detection and writing assistance. Do you want to proceed?” — most users would have clicked “yes.” The feature itself is genuinely useful.

Not asking for consent wasn’t a technical limitation — it was a strategic choice. Ask for consent, and some users click “no”; that lowers Gemini Nano’s adoption rate, which in turn slows the growth of the developer API ecosystem. A company holding a browser with 70% market share simply couldn’t resist that temptation.

Back when crypto scams were rampant, there was a wave of viruses that turned any desktop or laptop that downloaded them into a forced mining rig. Comparing this incident to that is obviously too extreme, but this case could give rise to a similarly severe misunderstanding. That said, whether Chrome asked me or not, I’ve been using it happily and would have kept using it happily either way, so I’m quite satisfied…

This isn’t a Chrome-only problem. It’s a signal that the very concept of “user consent” needs to be redefined for the AI era.

Closing

Let me sum up the core of this story in three points.

First, Chrome installed a 4GB AI model without user consent, and it reinstalls itself automatically even after deletion. A toggle to disable it in Settings is being rolled out, but it hasn’t reached every user yet.

Second, the contradiction between the justification of “local AI for privacy” and the practice of “installation without consent” is part of a larger trend in which tech companies are turning users’ devices into their own infrastructure.

Third, the fact that we live in an era that demands consent for a 4KB cookie while a 4GB AI model gets installed without any is evidence that our existing consent framework hasn’t kept pace with the AI era.

If you’re a Chrome user, try typing chrome://on-device-internals into your address bar to check exactly which AI models are currently installed on your device.

I’d also recommend checking Settings > System to see whether the “On-Device AI” toggle has reached you yet.

References & Further Reading

Primary sources

Background

The author, Kwangseob Ahn, is a professor of business administration at Sejong University and lead consultant at OBF (Oswarld Boutique Consulting Firm). He teaches statistics and data analysis — business data management and business analytics — while leading GTM and AI strategy consulting in the field, designing the seam between technology and business. He has published academic research on a memory architecture for AI dialogue systems (HEMA) and runs Daily Arxiv, a daily curation of global AI papers. He holds a master’s from Korea University’s Graduate School of Technology Management and a KMBA. He is the author of Homo Brainless: The People Who Outsource Their Thinking.

联系我们 contact @ memedata.com