Does it violate EU law? Google Chrome secretly installs 4GB AI models for users, and it will reinstall them even after uninstallation.

Studies indicate that Google Chrome secretly downloads 4GB of AI models for users, and even after deletion, it will forcibly reinstall them. This move may violate EU privacy laws and shifts large traffic and environmental costs onto the public, criticized as a “dark mode” that deprives users of rights.

Cybersecurity researcher discovers Google Chrome covertly downloads AI models

Renowned security researcher Alexander Hanff’s latest report states that Google Chrome browser will, without prior notice or user consent, secretly download approximately 4GB of terminal AI models onto users’ computers.

To verify the situation, Hanff conducted comparative tests on macOS using a brand-new Chrome profile. He successfully recorded the exact file activity through system-level file system event logs outside of the application.

Automatic installation with no interaction, still forcibly reinstalls after deletion

Hanff’s analysis shows that Google Chrome will autonomously create model directories and download the full 4GB data in the background without any interaction. Chrome writes a file named weights.bin to disk, which is part of Google’s lightweight Gemini Nano model-based terminal AI system.

The analysis indicates that as long as your computer system meets certain hardware requirements, the download process will automatically start. The entire process, seemingly during idle browsing time, completes in just over 14 minutes.

Image source: Alexander Hanff report. Alexander Hanff’s latest report states that Google Chrome secretly downloads about 4GB of terminal AI models onto users’ computers.

However, Chrome does not prompt that several gigabytes of AI models are stored locally, nor does it provide an intuitive setting option to prevent the download. Even if users discover and delete the file themselves, the browser will later re-download it unless they disable experimental features deep in the system or remove Chrome entirely.

He points out that internal status files of Chrome also serve as strong evidence, showing that the browser proactively assesses system hardware performance before downloading and marks the device as qualified for the terminal model. This indicates that Chrome actively decides which devices should receive the model, a unilateral decision.

Researcher accuses Google Chrome of potentially violating EU laws

Besides revealing technical details, Hanff also raises legal concerns.

He previously criticized Anthropic’s Claude desktop app as “spyware,” noting it quietly installs bridging components across multiple Chromium-based browsers on the system, even including five browsers he never installed; now he finds Chrome secretly installing AI model files, all happening without user prompts or substantial disclosures, and the integrated programs will reinstall after removal.

He claims that the actions of these two companies are very likely in violation of EU regulations, including the EU Electronic Privacy Directive regarding data storage on user devices, and the General Data Protection Regulation (GDPR) concerning transparency and lawful processing.

Although the researcher’s claims have not yet been adjudicated in court, they reflect the increasing tension between tech giants pushing new features and regulatory expectations, especially in Europe.

• **Related report: Claude desktop version questioned as “spyware”! Unauthorized access settings changed without consent, suspected EU law violation

Google shifts energy and bandwidth costs onto global users?

Hanff also estimates the environmental impact of Chrome silently downloading the 4GB AI model. If deployed across millions or even billions of devices, he estimates that the total CO2 equivalent emissions from distributing these files could reach tens of thousands of tons, nearly equivalent to the annual emissions of tens of thousands of cars.

Image source: Alexander Hanff report. Alexander Hanff’s research on the environmental impact of Google Chrome secretly helping users download files

Although estimates depend on scale and energy assumptions, he clearly states that pushing large binary files to user devices incurs extremely high costs, and these costs are externalized onto the environment and the public.

For many users, there may also be network traffic impacts. In unlimited fiber environments, a 4GB download might be negligible, but for users with limited or metered data plans, covertly transferring several gigabytes can cause tangible financial losses. Even in developed markets, users relying on mobile hotspots or in remote areas will be affected.

Tech giants act first and ask questions later, sacrificing user rights in dark mode

From Hanff’s perspective, both Anthropic and Google choose to act first and leave users to bear the consequences.

Whether it’s covertly registering deep system integrations or background downloading several gigabytes of models, the pattern is the same. Users’ devices are treated as deployment targets, stripping away active control, which closely resembles the long-criticized “dark patterns” in software design.

Dark patterns, also called “deceptive design,” are carefully crafted user interfaces intended to mislead or deceive users into doing things they wouldn’t otherwise choose, benefiting the vendor at the expense of user rights.

In Hanff’s case, user functions are not only pre-enabled but hidden behind obscure settings or implemented in ways that are difficult to remove. His research shows that the trend toward terminal AI development has not improved the flaws of dark patterns—in fact, it accelerates such negative developments.

Further reading:
Is China’s drone manufacturer exposing user security? He reverse-engineered Claude to gain control of devices worldwide—are you still buying AI toys? Bondu leaks 50k children’s personal data, while Miiloo propagates: Taiwan is part of China.