← Back to all articles 💻 Tech Infrastructure

Google Installed a 4GB AI on a Billion Devices Without Asking. The Carbon Bill Is 60,000 Tonnes.

Privacy researcher Alexander Hanff documented Chrome 148 silently downloading Gemini Nano's 4GB model weights onto user devices without consent, then re-downloading them if deleted. An original analysis quantifies the scale: 4 exabytes of uninvited bandwidth, $32–60 million in CDN delivery costs borne by Google, up to 117,000 tonnes of CO₂ emitted, and an enterprise governance gap affecting an estimated 32,500 endpoints per Fortune 500 company.

By Alex Harmon ☕ 11 min read
Close-up of a smartphone lying on a kitchen counter, its screen showing a browser downloading a large file, with a faintly glowing data center reflected in the screen glass

Four gigabytes in fourteen minutes, with zero clicks anywhere in the process.

On April 29, 2026, Alexander Hanff, a privacy researcher and former technical advisor to the European Commission, published forensic evidence that Google Chrome version 148, running on a fresh macOS installation with absolutely no human interaction at any point during the observation window, automatically downloaded a 4-gigabyte file called weights.bin into a nested directory structure labeled OptGuideOnDeviceModel deep inside Chrome's application support folder. Nobody asked. Nobody was told. The file is Gemini Nano, Google's on-device large language model, and it arrived completely uninvited — then re-downloaded itself when Hanff deleted it.

Within days, independent investigators at ThePlanetTools.ai and cybersecurity outlet Cybernews reproduced the findings on Windows, macOS, and Linux. Wired confirmed the behavior and published a guide to disabling it. The consensus across all investigators was identical: Chrome silently profiled users' hardware (checking GPU capabilities and available VRAM), determined eligibility without asking, and pushed the model through a background download mechanism that most users would never notice. The only way to permanently prevent the download on enterprise machines requires a group policy setting (GenAILocalFoundationalModelSettings = 1) that most individual users cannot access. Toggling Chrome flags is insufficient because Chrome updates can reset them.

The Bandwidth Math Nobody Ran

Google discloses that Chrome has 3.4 billion installations globally. Not all of them received Gemini Nano. The model push targets machines meeting specific hardware thresholds, and many Chrome installations run on mobile devices that appear to be excluded from the desktop model deployment. Hanff and ThePlanetTools.ai independently estimated the affected device population at approximately one billion.

One billion devices, each receiving a 4-gigabyte download, which adds up to 4 exabytes of data transmitted across the global internet without a single user clicking "Accept."

Let that number register, because its physical scale is staggering. Netflix, the single largest source of internet traffic in the Western hemisphere, moves approximately 2.5 exabytes per day across its entire global CDN, serving 300 million paying subscribers who each chose to press play on something they wanted to watch. Google's silent model push is equivalent to 1.6 days of the world's Netflix traffic, compressed into a rolling deployment window where every recipient was a conscript rather than a customer. Cisco's most recent Visual Networking Index forecast projected total global IP traffic at roughly 400 exabytes per month, which means the Chrome deployment consumed a full 1% of a typical month's global internet capacity in a software update cycle that nobody voted on, nobody debated, and nobody outside of Google's Chrome team appears to have approved.

Google's internal CDN delivery costs are not public, but infrastructure analysts estimate the company's effective per-gigabyte delivery cost at $0.008 to $0.015, significantly below the $0.02–$0.05 that enterprise customers pay through cloud providers because Google operates its own fiber backbone and edge caching network. At those rates, delivering 4 exabytes cost Google between $32 million and $60 million. Google absorbed that cost. What Google did not absorb was the last-mile transit cost borne by users' ISPs, the metered bandwidth consumed by users on capped data plans, or the storage occupied on devices whose owners were never consulted.

The Carbon Footprint, Calculated Two Ways

Hanff's original analysis estimated the aggregate carbon emissions at 6,000 to 60,000 tonnes of CO₂-equivalent. That range spans an order of magnitude because it depends on assumptions about how many devices received the model and what energy mix powered the data transfer. We ran the calculation independently using a different methodology and arrived at a higher figure.

The International Energy Agency estimates that data transmission networks consume approximately 0.06 kilowatt-hours per gigabyte when accounting for core network infrastructure, metropolitan aggregation, and last-mile access combined. A 4-gigabyte download therefore consumes approximately 0.24 kWh of network energy per device. Multiply by one billion devices: 240 gigawatt-hours of electricity consumed by the network infrastructure alone. At the global average grid carbon intensity of 0.49 kilograms CO₂ per kilowatt-hour (Ember, 2025 data), that yields approximately 117,600 tonnes of CO₂.

Two things are worth noting about this calculation. The 0.06 kWh/GB figure is a network-average that includes older, less efficient last-mile infrastructure; Google's own CDN likely operates at lower energy intensity because its edge servers sit closer to end users. Conversely, our calculation excludes the energy consumed by the user's device during the download (CPU, storage write, and GPU profiling cycles that Chrome executes to determine model eligibility), which Hanff's methodology attempts to capture. A reasonable central estimate sits between 60,000 and 117,000 tonnes.

Per device, the carbon cost works out to 60–117 grams, which is individually trivial and comparable to sending 8 to 15 emails, but multiply by a billion and you get the annual footprint of a small Pacific island nation, generated by a software update that no one requested, no one approved, and most people will never know occurred.

The Enterprise Governance Gap

Chrome commands approximately 65% of the global browser market, and its enterprise penetration is even higher in sectors that have standardized on Google Workspace. Consider a Fortune 500 company with 50,000 managed endpoints. At 65% Chrome market share, roughly 32,500 of those machines just received a 4-gigabyte unauthorized AI model installation, consuming approximately 130 terabytes of aggregate corporate storage.

This did not pass through procurement. Nobody reviewed it. It was not assessed under the company's data protection impact assessment framework, no DPA amendment was negotiated with Google, no SBOM was updated to reflect a 4-gigabyte neural network capable of local text generation sitting on endpoints that access regulated data, and the model arrived through the same browser auto-update channel that most enterprises permit because blocking Chrome security updates creates worse exposure than allowing them.

The governance implications ramify further for regulated industries. Financial services firms operating under SOC 2 Type II controls are required to maintain inventories of all software running on managed endpoints. Healthcare organizations subject to HIPAA must ensure that any software processing patient data has been reviewed for compliance. A 4-gigabyte neural network capable of local text generation and document summarization, installed silently on machines that access regulated data, is the kind of audit finding that generates eight-figure remediation programs.

The sole permanent prevention mechanism is an enterprise group policy (GenAILocalFoundationalModelSettings set to 1), which requires IT administrators to know the model was deployed, know which policy controls it, and push the policy before the next Chrome update cycle. For organizations that learned about this from a privacy researcher's blog post rather than from Google's enterprise documentation, the model has likely been resident on their endpoints for weeks.

The Pattern: Install, Re-install, Normalize

What makes the Chrome deployment structurally significant is that it is not isolated, because two weeks before Hanff published his Chrome findings, he documented the same behavior from Anthropic: Claude Desktop silently installing a Native Messaging bridge across seven Chromium-based browsers on the user's machine, without consent, reinstalling it when the user deleted the component. Same month. Same pattern. Same researcher. Two companies, same deployment philosophy, same contempt for the user's explicit act of deletion.

This is not a coincidence. It is a convergence. The AI industry is moving toward a deployment model where on-device inference is the default and user consent is treated as a conversion-rate problem to be engineered away rather than a right to be respected. The commercial logic is straightforward: on-device models reduce cloud inference costs because every query Gemini Nano handles locally is a query that consumes zero GPU cycles at a Google data center, they enable features that function without network connectivity, they keep sensitive user data on the device itself which is genuinely better for privacy in the narrow technical sense, and they create deep platform lock-in because a browser with an embedded AI model is categorically stickier than one without.

The legal question is whether "better for privacy" justifies "deployed without consent." Under the EU's ePrivacy Directive (2002/58/EC), Article 5(3), storing information on a user's terminal equipment requires prior informed consent unless the storage is strictly necessary for a service the user explicitly requested. The user did not request Gemini Nano. The user did not request hardware profiling. The user may not even know what Gemini Nano is. Hanff's legal analysis argues this constitutes a clear violation of ePrivacy Article 5(3) and of the GDPR's transparency and data-protection-by-design requirements (Articles 5(1)(a) and 25). Google has not publicly responded to these specific legal claims.

What Google Gets Right

The strongest case for Google's approach deserves full articulation without any straw men, because dismissing it would be intellectually dishonest.

On-device AI processing is, in isolation, a genuine privacy improvement. When Gemini Nano handles a scam detection query or a text completion locally, that query never reaches Google's servers, no network request fires, no data gets logged in a cloud system subject to government subpoena or corporate data mining or the kind of accidental exposure that makes headlines twice a year when a cloud provider misconfigures a storage bucket. Google can truthfully argue that the 4GB model makes Chrome users' data more private than it was before.

The 4GB storage footprint is modest by modern standards. Most laptops ship with 256GB or more. Four gigabytes is 1.6% of a baseline drive. Chrome already auto-updates its binary, its V8 JavaScript engine, and its security certificates without per-component consent prompts, and nobody complains about those. The model is, mechanically, just another component in the update channel.

And the per-user carbon cost (60–117 grams) is genuinely small in the context of a typical user's digital footprint. A user who performs 15 Google searches and sends 10 emails in a day generates comparable emissions. Aggregation is what makes the number alarming, not the individual contribution, and aggregation makes everything alarming if you multiply by a billion.

Why "Better for Privacy" Is Not "Consented To"

The counterargument fails, though, at the boundary between technical merit and human autonomy. A doctor who secretly administers a beneficial vaccine has committed assault. The efficacy of the vaccine is irrelevant. The medical profession resolved this centuries ago: informed consent is not a bureaucratic obstacle to good outcomes but a recognition that the person whose body is at stake gets to decide what enters it. The ePrivacy Directive extends this principle to terminal equipment because legislators understood that a computer you carry in your pocket and store your medical records, financial data, and private correspondence on deserves the same categorical respect.

Chrome could have shown a dialog box. One sentence. "Chrome can install a 4GB AI model for offline scam detection and text assistance. Install now?" Done. The engineering cost of that prompt is approximately zero. Its absence is not an oversight but a product decision rooted in the knowledge that opt-in rates for large background downloads are low, and every user who declines is a user whose device cannot run Gemini Nano features, which shrinks the addressable surface for Google's on-device AI strategy.

The re-download behavior removes all ambiguity about whether this was intentional. A user who locates the model file, navigates to its storage directory, and deliberately deletes it has expressed a preference as clearly as any digital interface permits, and Chrome's response is to download the file again — which is not a bug but contempt for the preference expressed.

Limitations of This Analysis

Several important caveats constrain the conclusions above.

The one-billion-device estimate is not sourced from Google. It is an inference based on Chrome's total installation count (3.4 billion), the hardware eligibility threshold (GPU and VRAM requirements that exclude many older machines and all mobile installations), and independent investigators' deployment observations. The actual number could be significantly lower. If Google limited the rollout to 500 million devices, every aggregate figure in this article halves. If the figure is 200 million, the carbon bill drops to the equivalent of 2,600 cars. The per-user math is unaffected, but the aggregate shock depends on scale that only Google can confirm.

Our carbon calculation uses the global average grid carbon intensity (0.49 kg CO₂/kWh), which overstates emissions from downloads served through Google's CDN infrastructure, which operates in part on renewable energy. It also understates emissions for users in coal-dependent grids (India, Poland, parts of the U.S. Midwest). A precise figure would require Google's deployment distribution by geography and its CDN's renewable energy fraction by region, neither of which is public.

Google has not publicly responded to Hanff's specific claims. There may be consent mechanisms, internal legal analyses, or deployment controls that we cannot evaluate from outside. Our legal analysis is based on the ePrivacy Directive's text and Hanff's forensic findings; a court ruling may interpret the law differently.

The comparison of Chrome's deployment to Netflix traffic is directionally useful but structurally different. Netflix streams are consumed in real time (each byte serves a moment of entertainment); Chrome's model download is a one-time write that persists on disk. The bandwidth impact per byte is similar, but the user value exchange is not.

The Bottom Line

Google's Chrome team made a product decision that is defensible on technical grounds, commercially rational, and legally exposed in every jurisdiction that requires prior consent for storing non-essential data on user devices. The carbon cost is real but individually small, the enterprise governance gap is real and potentially expensive, and the consent gap is philosophically indefensible regardless of what the model does once installed.

What You Can Do

Individual users: Open chrome://components in your browser's address bar. Look for "Optimization Guide On Device Model." If it shows a version number, the model is on your machine. To disable it, navigate to chrome://flags, search for optimization-guide-on-device-model, and set it to "Disabled." Be aware that Chrome updates may reset this flag. For a more durable fix, switch to a Chromium-based browser that strips Google-specific components (Brave, Ungoogled Chromium) or use Firefox.

Enterprise IT administrators: Deploy the GenAILocalFoundationalModelSettings group policy set to 1 across all managed Chrome installations immediately. Audit endpoints for the presence of weights.bin in Chrome's component directory. Update your software inventory to reflect the model's presence. If your organization operates under SOC 2, HIPAA, or similar compliance frameworks, assess whether the model's local text-processing capabilities require a data protection impact assessment amendment.

Policymakers and regulators: The ePrivacy Directive was written for cookies. Its Article 5(3) consent requirement extends to any storage of information on terminal equipment, but enforcement has never been tested against a 4-gigabyte AI model pushed through a browser's auto-update channel. This is the test case. If regulators do not act on a deployment of this scale and visibility, the consent framework for on-device AI will be set by corporate default, not by law.

Everyone: Watch for the pattern, not just the incident. Two major AI companies deployed the same install-without-asking, re-download-if-deleted pattern in the same month. The next time your browser feels slower, your disk fills faster, or your laptop's fan spins up during idle, check your components page. The answer may be a model you never asked for.