According to Decrypt on May 7, Google Chrome quietly downloaded about a 4GB Gemini Nano AI model to eligible devices without obtaining users’ consent. The privacy researcher Alexander Hanff discovered the behavior while conducting automated audits of new users’ profiles, saying it may violate the EU ePrivacy Directive.
Where is this 4GB file, and how do you disable it?
Hanff used macOS core file system logs to trace how Chrome, without the user’s knowledge, created a temporary directory, downloaded model components, and stored the final file. The entire process took about 15 minutes, with no notifications or prompts throughout, and the profile was not touched by any human action.
File storage path and disable method:
Windows:%LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel\weights.bin
Mac / Linux:the same folder under the corresponding Chrome profile directory
Permanently disable:go to chrome://flags, or enter Settings > System and turn off the “Device-side AI” switch, or in Windows Registry set OptimizationGuideModelDownloading to disabled
Gemini Nano supports Chrome’s device-side features, including “help me write an email,” scam detection, smart paste, page summaries, and AI-assisted label grouping.
Product logic intentionally blurred: your 4GB white label is loaded
Chrome recently added a prominent “AI Mode” button to the address bar. A reasonable assumption by an ordinary user is: since the device already has the 4GB Gemini Nano installed, queries for AI Mode should run locally, protecting privacy.
But the reality is the opposite. AI Mode routes all queries to Google’s cloud servers; the local Gemini Nano model plays no role in any computation for AI Mode. In other words, users pay the download cost of the 4GB in their own disk space and network bandwidth, yet when using AI Mode they still send every query to Google’s cloud.
Legal dispute and Google’s contradictory response
Hanff’s legal argument is mainly based on Article 5(3) of the EU ePrivacy Directive—that same provision behind cookie consent banners. The provision requires that before any content is stored on a user’s device, “prior, voluntary, specific, informed and unambiguous consent” must be obtained. He also cites GDPR Article 5(1) (transparency) and Article 25 (privacy by design), linking this case to the Anthropic Claude Desktop incident he previously exposed—where about 3 million devices were given prior authorization for browser automation, also without obtaining explicit consent.
Google says that starting in February 2026 it has introduced a feature in Chrome settings that allows users to turn off and remove the model, and claims the model is automatically deleted when storage space is insufficient. However, Google did not address the most critical question: why wasn’t user consent obtained beforehand?
More notably, Google’s own Chrome developer documentation says third-party developers should “remind users of the time required to download,” but this time Google’s action fully ignored that recommendation.
FAQ
How do I find and permanently disable Chrome’s Gemini Nano model?
On Windows, the file is located in the %LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel\ folder. To permanently disable it (prevent re-downloading), go to chrome://flags, search for OptimizationGuideModelDownloading, and set it to disabled, or enter Chrome Settings > System and turn off the “Device-side AI” option. Simply deleting the file won’t work—Chrome will automatically reinstall it on the next startup.
Why doesn’t AI Mode use the locally installed Gemini Nano?
Gemini Nano is a lightweight model designed to support specific device-side assistant features. AI Mode is a fully separate query feature that relies on Google’s cloud and its more powerful model processing. The two are separate products at the technical level, but Chrome’s UI design does not clearly distinguish them for users, which can lead users to mistakenly believe the local model is used for all AI features.
Do Hanff’s GDPR legal arguments have practical enforcement impact?
Article 5(3) of the ePrivacy Directive is the same provision EU regulators use to pursue issues related to cookie consent, and it has a clear enforcement basis. If regulators determine that the silent installation of Gemini Nano constitutes “storing content on a user’s device,” Google may face a formal investigation. So far, no official body has announced that an investigation will be launched, but the case has drawn broad attention from Europe’s privacy research community.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Genesis AI Launches GENE-26.5 Robotics Platform With US$105M Funding
Genesis AI launched GENE-26.5 on May 6, a full-stack robotics platform designed to improve robot manipulation using data from a proprietary hand glove, simulation, and human videos, according to the company. The startup has raised US$105 million from investors including Eclipse and Khosla Ventures a
CryptoFrontier11m ago
Ethos Raises $27.5M in Series A Led by a16z
According to Foresight News, AI-powered talent matching platform Ethos raised $27.5 million in Series A funding led by Andreessen Horowitz (a16z), with participation from General Catalyst, XTX Markets, Matt Miller, and Common Magic. The platform uses AI to interview candidates and analyze their
GateNews41m ago
Moonshot AI Raises $2 Billion at $20 Billion Valuation, Led by Meituan
According to Bloomberg, Moonshot AI, the Beijing-based startup behind the Kimi chatbot, raised approximately $2 billion in a funding round led by Meituan's venture arm Long-Z Investments, valuing the company at more than $20 billion. The company's annual recurring revenue exceeded $200 million in
GateNews51m ago
NVIDIA and MediaTek team up to jointly build the future car for AI-native assistants
NVIDIA and MediaTek team up to build an AI-native in-vehicle architecture; the edge is handled by DRIVE AGX for low-latency and privacy tasks and supports 7B+ models. The cloud acts as an AI factory for advanced inference and training, delivering a seamless UX through agent orchestration and scenario sharing. Dimensity AX handles high-end entertainment and IVI, with Drive OS shared. The two achieve high-frequency seamless data exchange via PCIe and the NvStreams API, forming a central computer architecture.
ChainNewsAbmedia1h ago
OpenAI Revokes macOS Signing Certificate Tomorrow, May 8, Disabling Outdated Apps
According to Beating, OpenAI's macOS signing certificate will be revoked on May 8, rendering outdated versions of ChatGPT Desktop, Codex, Codex CLI, and Atlas inoperable and unable to receive updates. Users with Mac versions should update immediately through in-app updates or by downloading from Ope
GateNews1h ago
Court Documents Show Altman Proposed Microsoft Acquisition to Retain CEO Role in November 2023
According to court filings released on May 7, documents from the Musk v. Altman case revealed text messages between Sam Altman and then-CTO Mira Murati from November 19, 2023, when OpenAI's board suddenly removed Altman as CEO. During the crisis, Altman proposed that Microsoft acquire OpenAI to
GateNews1h ago
