Toggle sidebar Toggle sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Google Chrome 'silently' downloads 4GB AI model to your device

Non-Euclidean

Non-Euclidean

macrumors 6502a
Original poster

Google Chrome 'silently' downloads 4GB AI model to your device without permission, report claims — researcher says practice may violate EU law, waste thousands of kilowatts of energy​



Security researcher Alexander Hanff, also known as "That Privacy Guy," has published a new analysis claiming that Google Chrome is silently downloading a roughly 4GB on-device AI model to users' machines without notice or consent. According to Hanff, the behavior mirrors a separate issue he recently identified involving Anthropic's desktop software, and together the two cases point to a broader pattern of how large tech companies deploy AI features.

Hanff's earlier report focused on Anthropic's Claude Desktop app, which he says quietly installed a browser integration bridge across multiple Chromium-based browsers on a system, including five browsers he did not even have installed. According to the researcher, this happened without any user prompt or meaningful disclosure, and the integration would reinstall itself if removed. He argues that this kind of silent modification of a user's environment violates both user expectations and, in his view, European privacy law.
Click to expand...


Full article at:

www.tomshardware.com

Google Chrome 'silently' downloads 4GB AI model to your device without permission, report claims — researcher says practice may violate EU law, waste thousands of kilowatts of energy

The integration would even reinstall itself if removed
www.tomshardware.com www.tomshardware.com
 
  • Like
Reactions: chrono1081
Will need to have a closer read of the detailed post referenced in Tom's article, but quick scan, not seeing it on my side of things. But that might be due to I've blocked Chrome's ability to do anything automatically (read: update everything Google). Took all permissions away from Google related things so that it can't read/write anything related to them, emptied folders, etc.

Code: 
% cd ~/Library
% find . -perm 000
./Application Support/Google/SoftwareUpdates
./Application Support/Google/GoogleUpdater
./Google/GoogleSoftwareUpdate
./LaunchAgents/com.google.keystone.xpcservice.plist
./LaunchAgents/com.google.keystone.agent.plist
 
Some (maybe) useful stuff here:

https://www.reddit.com/r/chrome/comments/1t536x6/psa_chrome_silently_downloaded_a_4gb_ai_model_on

Some of the instructions I've seen on various sites seem to be wrong and or for Windows. Reading over a few sites it seems, for Mac, want to type in "chrome://flags" in Chrome and search for anything with "Gemini" or "AI" in it: toggle "Disabled".

As mentioned earlier, my zeal to disable Google from updating things on their own has blocked this all, but went ahead with disabling the Gemini/AI stuff as well. Will check periodically to see if things are being blocked per my wishes.
 
Last edited:
There is no "perfect browser" in this sense unless you try to use vanilla Chromium. Brave has its' own things running in background. Microsoft uses Chromium code to run all Copilot stuff.

Vivaldi would be one of more acceptable choices but it has all sorts of annoying bugs which are not fixed for years.

P. S. There's one thing about "silent" in this case - how many of us are just skipping or dismissing all these "What's new" windows which pop up after relaunching browser after updating? It would be very simple to miss this as well if it would be advertised in "what's new" window...
 
  • Like
Reactions: Subarctic5216
Jesus.

Well, this is the push for me to remove Chrome from as many devices as I can, and switch to something else. I'm actually surprised more people in my social media feeds aren't talking about this, given that Chrome is what just about everyone is using nowadays. Vivaldi isn't perfect, but unlike Brave, they're not all-in on Web3/Crypto.
 
nmt1900 said:
P. S. There's one thing about "silent" in this case - how many of us are just skipping or dismissing all these "What's new" windows which pop up after relaunching browser after updating? It would be very simple to miss this as well if it would be advertised in "what's new" window...
Click to expand...

Except that the update process was truly silent, and it was by design.

Google's selling point was that users would be more secure, and never have to know, or worry about updates.

We're releasing Google Update under its codename Omaha. Omaha's functionality allows us to automatically update software without interrupting or distracting the user, which makes for a better user experience. Omaha checks for updates in the background, when it won't interfere with the user, even if an application isn't running.
Click to expand...

Only later were those changes made to allow for group management, and the code made open source.

Chrome also ushered in the version numbering scheme of rapid iterations of minor updates, rather than easily discernible major version numbers.

Google's apps all have the same package deal, whether people are aware of it, and what it does, or not.
 
  • Like
Reactions: NoBoMac
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back