A report by security researcher Alexander Hanff, known as “That Privacy Guy,” alleges that Google Chrome is automatically downloading a 4GB on-device AI model to users’ computers without prior notification or consent.
This finding follows a similar report by Hanff regarding Anthropic’s Claude Desktop app, which he claims installed browser integration bridges across multiple Chromium-based browsers—including several not present on the system—without user prompting.
Hanff argues that these silent modifications to a user’s environment violate both general expectations of software behavior and European privacy laws.
A primary concern highlighted in the analysis is the significant environmental impact of distributing large files on a global scale. Hanff estimates that pushing a 4GB model to 100 million users (approximately 3% of Chrome’s base) requires roughly 24 GWh of energy and generates 6,000 tons of CO₂ equivalent. If deployment reaches one billion users, these figures could escalate to 240 GWh of energy and 60,000 tons of CO₂ equivalent—an impact comparable to the annual emissions of tens of thousands of vehicles. While these estimates rely on assumptions regarding energy mixes, the report emphasizes that the energy cost of such large transfers is often externalized to the user.
Beyond environmental factors, the practice raises immediate financial and technical concerns regarding data usage. For users on metered, capped, or expensive internet connections—particularly in developing regions or rural areas—a silent 4GB download can result in unexpected costs and consumed bandwidth.
Hanff characterizes these actions as part of a broader pattern where technology companies treat user devices as deployment targets rather than hardware under active user control. This aligns with criticisms of “dark patterns” in software design, where platform-beneficial features are enabled by default or obscured from the user.
While Google might argue that on-device AI improves privacy by processing data locally, the core debate remains whether such significant data transfers should require an explicit user opt-in.
Filed in . Read more about AI (Artificial Intelligence), Google and Google Chrome.