Chrome Deleted Its Own Privacy Promise for Sneaky On-Device AI

Google Chrome’s settings page made a quiet promise before its most recent update.

In Chrome version 147, under Settings > System > On-device AI, the description read: “To power features like scam detection, Chrome can use AI models that run directly on your device without sending your data to Google servers.”

That line is gone in Chrome 148.0.7778.97, which began rolling out recently. The new text just says Chrome “can use AI models that run directly on your device. When this is off, these features might not work.”

The removal of the phrase, which first happened in April, was spotted yesterday by users on the Chrome subreddit and surfaced on Hacker News, where it collected over 250 points in hours, sparking debate among privacy enthusiasts. “I’m just surprised people use Chrome at all. Google has proven over and over they can’t be trusted and will exploit you every chance they get,” said one user. “It’s on-device AI spyware, really,” another user argued. “It collects intelligence about the user, summarizes it and sends it to Google, all paid by the user’s electricity bill. Deviously clever.”

As we reported yesterday, Chrome has been silently downloading a roughly 4GB file called weights.bin—the weight file for Gemini Nano—to any device that meets its minimum hardware requirements, with no opt-in prompt and no visible notification. The file lands in a folder called OptGuideOnDeviceModel inside Chrome’s user data directory. Delete it, and Chrome downloads it again on the next restart.

Privacy researcher Alexander Hanff confirmed the behavior using macOS kernel filesystem logs, and it has since been verified on Windows 11 and Ubuntu as well.

The deleted phrase in Chrome was doing real work. It was the primary in-product justification for why Chrome installs Gemini Nano without asking. Google’s argument was that on-device processing keeps your data off its servers, making the silent install of its Gemini Nano model a net privacy benefit.

That argument already had a hole in it. Chrome 147’s “AI Mode” pill in the address bar routes every query to Google’s cloud, not the local Gemini Nano model.

A Google spokesperson, however, told Decrypt that the removal of the phrase “doesn’t reflect a change to how we handle on-device AI for Chrome. The data that is passed to the model is processed solely on device.”

According to Google, though, there are times when websites that use Nano in Chrome will be able to see the inputs and outputs of the AI model. In those instances, the data use is subject to the individual privacy policy of the website—so Google removed the explicit mention of Google servers to avoid the potential confusion, the spokesperson said.

Hanff, whose forensic documentation of the silent install sparked the original story, has argued the download violates Article 5(3) of the EU ePrivacy Directive, which requires explicit consent before storing data on a user’s device.

Chrome 148 is currently rolling out. Users still on version 147 will see the old text; anyone who has already updated will find the new language.

Editor’s note: This article was updated after publication to include comments from Google and for clarity.