Chrome Silently Installs a 4GB AI Model On Your Device Without Consent (thatprivacyguy.com)
- Reference: 0183159464
- News link: https://tech.slashdot.org/story/26/05/08/0635229/chrome-silently-installs-a-4gb-ai-model-on-your-device-without-consent
- Source link: https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/
> Two weeks ago I wrote about Anthropic [2]silently registering a Native Messaging bridge in seven Chromium-based browsers on every machine where Claude Desktop was installed. The pattern was: install on user launch of product A, write configuration into the user's installs of products B, C, D, E, F, G, H without asking. Reach across vendor trust boundaries. No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually, every time Claude Desktop is launched. This week I discovered the same pattern, executed by Google.
>
> Google Chrome is reaching into users' machines and [3]writing a 4GB on-device AI model file to disk without asking. The file is named weights.bin. It lives in OptGuideOnDeviceModel. It is the weights for Gemini Nano, Google's on-device LLM. Chrome did not ask. Chrome does not surface it. If the user deletes it, Chrome re-downloads it. The legal analysis is the same one I gave for the Anthropic case. The environmental analysis is new. At Chrome's scale, the climate bill for one model push, paid in atmospheric CO2 by the entire planet, is between six thousand and sixty thousand tons of CO2-equivalent emissions, depending on how many devices receive the push. That is the environmental cost of one company unilaterally deciding that two billion peoples' default browser will mass-distribute a 4GB binary they did not request.
[1] https://slashdot.org/~couchslug
[2] https://www.thatprivacyguy.com/blog/anthropic-spyware
[3] https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/
Re: (Score:3)
When you install software, you can see how big it is, in some OSes/installers you are prompted if that's okay, if you want to enable/disable optional bits, etc. When you install Chrome, it's a certain size to get a web browser.
However, at some indeterminate point later, when you RUN Chrome, it downloads a chunk of data (that's not a browser) that's as big as (or bigger than) the initial browser install. It does this per user on a multi-user system. It does it with no prompting or notification. For a home us
Environmental impact probably overstated (Score:2)
The environmental impact is probably overstated. Chrome uses P2P to distribute updates, which can dramatically reduce the amount of data sent over the wire.
Re: Environmental impact probably overstated (Score:2)
Uhm; sorta.
You still need to receive it all.
That said, the article is dog shit.
Re: Environmental impact probably overstated (Score:4, Funny)
Yeah, but you also send some of it. That's negative data (the opposite of receiving) so it cancels out.
Re: (Score:1)
Yeah, some people just need to go outside and relax. The entire article is histrionic complaint, even before it gets around to claiming this will destroy the planet.
Re: (Score:1)
Yet look at the negative moderation. People with points don't seem to like out point of view on this.
Re: (Score:1)
How much does that mean? I'd rather comment than rate.
Re: (Score:2)
> P2P to distribute updates, which can dramatically reduce the amount of data sent over the wire.
Google's wire, sure. Your wire, no.
Re: (Score:3)
I'm assuming (the article really isnt clear on this) that its refering to the energy of a bunch of billion computers actually running the AI model, as GPUs running AI chews a tonne of energy. At those scales it does add up.
I've gone and deleted chrome. I'm using Brave, but its crypto-bros in charge of that so I dont exactly trust them either. They just have a really effective adblocker that doesnt seem to trigger youtube into issueing shrill threats about breaking TOSs with adblockers
Re: (Score:2)
> "I've gone and deleted chrome. I'm using Brave, but its crypto-bros in charge of that so I dont exactly trust them either. They just have a really effective adblocker that doesnt seem to trigger youtube into issueing shrill threats about breaking TOSs with adblockers"
I would suggest Firefox + UBO. I have no problems on YouTube or other sites with them (at least that is my experience on my machines which all run Linux). And as a huge bonus, you get to NOT support Google's efforts to control the web (Br
Re: (Score:2)
P2P results in more traffic, not less. The traffic is merely offloaded from google's server.
Re: (Score:1)
4 Gigabyte download is nothing. And you can expect that this will happen at most every 6 month, its not like they are retraining their AI every day.
Re: (Score:1)
Perplexity says (and one other search)
No. By default, neither Chrome nor Firefox uses peerâ'toâ'peer (P2P) over the public internet to distribute browser updates or extension/OS updates to other usersâ(TM) machines.
What do you expect from an advertising company? (Score:3)
Dija expect honesty?
Re: (Score:3)
Old Google: Don't be Evil.
Alphabet: BE EVIL.
Chrome is malware and spyware (Score:2)
And should be treated as such.
Re: (Score:1)
It doesn't.
why so mad? (Score:2)
This is far less annoying than software_reporter_tool.exe
The Scorpion and the Frog (Score:2)
Google is an ad company. They give away everything from browsers, to email, to mobile OS for free; because they are an ad company. Do not use the browser of an ad company. Imagine if Facebook had a browser. Would you use that?
Re: (Score:2)
People even use the facebook app.
I read TFA (Score:1)
and it seems this is happening when Claude Desktop is installed.
Or, to put it another way, Anthropic build Claude Desktop to do this.
My Chrome does not seem to have done this on a Windows machine. No sign of the weights.bin file, and I do not have Claude-anything installed.
I'm thinking this is not a Chrome problem, it's an Anthropic problem.
Prove me wrong. Validate my sig.
Re: (Score:1)
No, I did not. You have no idea what I read.
4G disk and 4-10G ram just to open an basic webpag (Score:2)
4G disk and 4-10G ram just to open an basic webpage?
weights.bin (Score:2)
What if you write a bunch of random noise of the same file size to weights.bin ... what happens then?
Re: (Score:2)
Then it just weighs down your computer.
That seriously blows... (Score:1)
Screw Google most of the time. They ARE evil.
That said, I don't trust anyone that would break this down with an, "Environmental Measurement" is not to ever be trusted at all.
Easy fix - ditch chrome (Score:2)
This should be a notification to ditch this slop. Fortunately I never used chrome to begin with.
The comparison is so stupid (Score:2)
Google pushed a modification to its own browser with its own feature set. There is literally never an explicit consent asked for individual features of software and there never has been. Even back in the days of ticking checkboxes during installs they only offered you a small selection of what a programmer decided to ask if you wanted included.
Claude Desktop is modifying *other* software without consent. Honestly the comparison here and the complaint about Google is not only is stupid, it sort of makes me t
LOL (Score:2)
That's fucking hilarious.
EULA? (Score:2)
Did he read the license? Seems odd for a lawyer that he would not even mention this, even if he thinks it does not matter that would be good to know for context.
Chrome? (Score:2)
I can't believe people still use Chrome given that there are other options available. I guess the general public is still stuck in the IE6 era.
Re: (Score:2)
> I can't believe people still use Chrome given that there are other options available. I guess the general public is still stuck in the IE6 era.
Sadly, here's basically the scoreboard:
--Google Chrome
--Microsoft Chrome (Edge)
--Apple Chrome (Safari)
--Chinese Chrome (Opera)
--Crypto Chrome (Brave/Vivaldi)
--AI Chrome (Comet)
--Firefox
--Not-Firefox-Firefox (IceWeasel, Palemoon, Waterfox, etc.)
And, while I prefer Firefox myself...the fact is that web developers hated the drudgework of having to work in anything but a browser monoculture...and Google wanted the browser to be an OS unto itself, which is why the browser has hooks into everything else - overwri
Re: (Score:2)
Like the forced-to-install on 80% of devices, clone, Microsoft Edge, you mean?
The problem with Firefox is that it's better at detecting spyware, via plug-ins: Corporations don't want their customers doing that. Which in turn, means many corporations can't avoid Chrome in their own computers because their computers use someone else's servers.
Another consequence of blocking spyware, is that Firefox (extension) settings need to be tweaked as corporations put new versions of spyware in their web-pages. S
It's still spyware (Score:2)
> ... paid in atmospheric CO2 by the entire planet ...
What's the bill when half a billion people download a 60GB game? Let's remember that Google demands those 2 billion computers update Chrome every 6 weeks: Mostly, for UI tweaks, not security and privacy. We're all turning a blind eye towards the environmental cost of our favourite tool and toy.
> Chrome does not surface it.
It's getting difficult to tell the difference between "free product" and malware. Google isn't doing this out of kindness, they're doing it to make the user, well the user's data, into the product. This is the lo
Re: (Score:2)
I installed a web browser 15 years ago , and now it's doing crazy shit.
Re: (Score:2)
You can turn off auto-updates, but you'll be sorry in other ways.
Re: I installed software... (Score:2)
Act surprised. Slashdot were running around screaming about bloatware and forced installs as it relates to Microsoft browsers, willfully ignoring that Google was sneaking in through every cracked window, installing cloud print servers, desktop search, shadow OSs all the while. So you are going to act surprised that they never stopped. What changed since then?
Re:I installed software... (Score:5, Interesting)
Silently adding an AI model is something that is going to get Chrome ripped out by certain employers.
A lot of companies limit AI model access. That means Google doing this in secret is considered a huge InfoSec red flag. At least one company I know will have Chrome ripped off ALL corporate assets (computers / phones / et al.) by the end of this weekend. They will then ask Google for a version that will NEVER install the AI software without central approval. Google says no? No Chrome on corporate assets.
They have contractual requirements that cannot be avoided.
Re: (Score:3, Informative)
Look before you leap - even in the dumbass article, that you can disable this via flags or GPO is mentioned. No enterprise concerns if you can just tick a policy box.
Re: (Score:3)
Hijacking this to say that TFS is fucking trash. Half of TFS is about some completely unrelated bullshit and a quarter of it is on the environmental cost of this, with no sensible technical details included other than half a filepath . No hints as to how to disable it. Just whining.
TFA is not much better. Lots of stuff that nobody fucking cares about. Instead: give us the summary of why it is there, how to disable it if that is possible and what side effects that may have.
Re: (Score:2)
> Lots of stuff that nobody fucking cares about.
Says you, IMHO, companies do need to give a shit about the environmental impact of the software they create (not to mention power consumption). If your reach is 10 people, then maybe don't worry too much, but if your reach is *billions*, then yes, you definitely do need to think about it. Just because we've suffered Microsoft's incompetently inefficient crap for decades is no reason to perpetuate it. If an oil company can be hit with the carbon cost of what
Re: (Score:2)
No enterprise concerns if you can just tick a policy box.
And for home users, people who don't know what GPO is let alone have access to it? They're just screwed, aren't they?
Re: (Score:2)
"you can disable this via flags or GPO "
Until they turn it back on.
Re: I installed software... (Score:1)
You do realize that the whole point of on-device models like Nano is to give you the capability without the privacy problems of sending your data to Google, right?
Re: I installed software... (Score:2)
Except you can't trust that Google's browser isn't snitching anyway, so no, it's really just a way for Google to keep you using their service without having to process your tokens
Re: (Score:2)
if you think google isn't main-lining AI usage in Chrome, even local, you're delusional.
Re: (Score:2)
They limit cloud (AI) access for privacy reasons. A local model is exactly what they wish for as replacement. The problem is not the AI, but data leaving the device.
Re: (Score:2)
"the problem is not the AI, but data leaving the device."
I give you MS Recall.
"It doesn't leave the device!"
But it is available for any other process to send it off device.
What is this "gemeni" (Score:3)
I don't know, I was born in October, so I use the LibreWolf browser, not Chrome.
Re: (Score:2)
Gougles AI moddel
Re: (Score:1)
Not true. I found the file, having not installed the Gemini extension.
I disabled the flag #optimization-guide-on-device-model then deleted the weights file. So far the flag has stayed disabled, but the file has been reloaded.
This is not installing software. It is force-feeding software not asked for, not wanted and in fact totally repudiated.
Re: (Score:2)
In Chrome, Settings->System then toggle off the Local AI option and it won't be reinstalled.
At least on Windows. I'm wondering if the file is on Android Chrome as well....
Re: (Score:2)
I have done none of those things and it was still on my machine.
She agreed to have sex with me once (Score:2)
I really do feel sorry for the women within 50 miles of every single techbro.
Re: (Score:2)
Why do you think women aren't able to understand consent or terms of service?
Re: She agreed to have sex with me once (Score:3, Insightful)
It's the techbros who don't understand it, obviously. You agreed to install one thing, they took it as permission to install another thing. Conversely, they also offer to support you, then they release the same product under another name and tell you to go fuck yourself. That shit is fucked both coming and going and you're here to defend it.
Re: She agreed to have sex with me once (Score:2)
You are replying to a troll who thought he just delivered a knock-out punch zinger. He will not understand any argument premised on ethics.
Re: She agreed to have sex with me once (Score:2)
Don't worry, I have no illusions about reaching him. This ain't my first rodeo where he's the bullshit
Re: (Score:2)
How did you arrive at that conclusion?
Re: (Score:3)
> No dummy, that's what "install" means.
But you'd think the idiots at Google would understand that when a user manually removes a file, it means they don't want it (that's called "uninstall", since you're obviously clueless), and they've done so because there's no way to do it otherwise, and they weren't asked if they wanted that in the first place, since it's not directly involved in the primary purpose of the app being installed (the browser), or even of any of the other 7 procducts that are equally unrelated.
But as usual, the typical employees
Re: (Score:3)
Why would they assume such a thing? You've never seen a user accidentally delete a file?
Re: (Score:2)
> But you'd think the idiots at Google would understand that when a user manually removes a file, it means they don't want it (that's called "uninstall", since you're obviously clueless)
I really hope you don't consider removing a file the same as uninstalling. Be careful what you call clueless.
Re: (Score:2)
>> But you'd think the idiots at Google would understand that when a user manually removes a file, it means they don't want it (that's called "uninstall", since you're obviously clueless)
> I really hope you don't consider removing a file the same as uninstalling. Be careful what you call clueless.
Nice of you to conveniently leave out the important part Mr. Clueless:
> and they've done so because there's no way to do it otherwise.
Re:I installed software... (Score:5, Informative)
You install software X, but without asking you software X silently installs additional software Y that is not necessary for software X to function, and if you try to remove software Y it gets re-installed without asking or alerting you.
We'd call that a trojan malware in any other context.
=Smidge=
Re: (Score:2)
> You install software X, but without asking you software X silently installs additional software Y that is not necessary for software X to function
And they silently install additional software Y a decade after you installed software X. You installed software X many years before software Y even existed.
Re: (Score:2)
Except it's not "software Y" it's a feature of "software X". The only person who would call that a trojan malware is someone who has no idea what either a trojan is, or malware is.
I honestly don't know why Slashdot is being so stupid about this. Google is including AI features in its browser. Would you prefer it to send all requests to their servers instead? Is that the kind of thing you want? If you're going to say you don't want the feature in the first place then pick another browser. Software is and alw
Re: I installed software... (Score:2)
Now that more people know what the installation entails, fewer will be inclined to press that button.
Why you find it upsetting that an article would bring to light extraneous installations in one of the most widely distributed pieces of software is beyond me. Seems newsworthy to me.
Re: (Score:2)
Wait till they realize that is not the only model.
C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\OptGuideOnDeviceModel\2025.8.8.1141\weights.bin
"name": "Optimization Guide On Device Model",
"name": "v3Nano",
C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\20251015.822788937.14\cr_en-us_500000_index.bin
"name": "OnDeviceHeadSuggestENUS500000",
C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\2\???
Re: (Score:2)
> But, since it's Google, "it's evil".
Congratulations, you finally figured it you - good little bot!
Re: (Score:2)
Yes people would shit if Mozilla did this too.
Re: (Score:3, Interesting)
> Would people be complaining like this if Mozilla added some new feature that inflated the disk consumption? No. Only if it further slowed Firefox.
seriously? of course firefox users fucking complained. That's why the mozilla had to add their AI kill-switch after they got caught auto-adding AI.
Re: (Score:2)
> after they got caught auto-adding AI.
Did they "auto-add AI"? My impression was that they were starting to look at doing this - but not on this scale - but realised pretty much from the start that a lot of people did not want it so they offered an Opt-Out.
btw, this 4GB won't be a one-time "thing", there will be bugs found and updates provided.
Re: (Score:2)
> "seriously? of course firefox users fucking complained. That's why the mozilla had to add their AI kill-switch after they got caught auto-adding AI."
No. Mozilla never "added AI". They added the ability to optionally hook Firefox into third-party AI systems (with the default on). And there was ALWAYS AN OFF SWITCH. It just wasn't in the main settings, it was under about:config. Then they later added in the main settings as well.
It never downloaded or installed any AI system. Very different.
Re:What A Whiny Little Bitch (Score:5, Funny)
I think we found the dev behind this.
Re: (Score:2)
Mod parent funny.
Also funny that I don't really blame the google for going all EVIL on us? If the once-proud google doesn't grow like a cancer then they will get eaten by a bigger and meaner corporate cancer. Small honest profits are no excuse and no defense against a suitably leveraged buyout.
Charge Google rent (Score:4, Insightful)
With the RAM and storage prices these days, they need to pay rent if they're going to "crash at your place" - no squatters allowed!
Re: (Score:2)
You welcomed them rent free. You're free to kick them out at any time.
Re: (Score:2)
WHERE'S MY LAWSUIT U TROLL?