you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 03 May 2026
15 points (100.0% liked)
TechTakes
2566 readers
69 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 2 years ago
MODERATORS
Google is forcibly installing Gemini Nano onto every Chrome installation without the user's knowledge, and actively re-installing it if the user deletes it. Probably an attempt to juice the numbers.
(h/t Matt Roszak)
Last summer the Web Speech API got incorporated into browser standards, it's supposed to offer in-browser speech-to-text and the like, and full support of the API requires the browser vendor to offer the ability to download a language appropriate model for autonomous inference.
Going from this to deciding that it's now ok to side load unspecified 4GB models without telling the user is why we should never give these people an inch.
I'd say the numbers are more a bonus.
I assume they're putting it in under the guise of various browser "features" like automatic tab grouping or something, but also using it for Google products like Drive / Docs / Sheets to have offline agentic crap in there that would be more efficiently done without LLMs. I suspect this is as far up as they can hoist it because any further would be outside the bounds of the browser sandbox, which would prevent those products from easily calling it.
But the features themselves are probably not the end goal either. The more tempting motivation is that it allows for circumventing the data center problem by offloading the compute to the client. A couple of quick updates to the ToS and I can see it being used as a mesh llm network, sort of like the "find my device" network they rolled out last year.
The article mentions eprivacy and gdpr, but I don't think those are the most problematic here, assuming Google maintains mostly local-only compute. What I'd be interested to know is how this plays with DSA and DMA, which have more explicit requirements and more teeth.
the guy's a bit of an infosec mall ninja, so reread anything he claims in the calmest possible way
I certainly got that impression, and I confess to mostly skimming the parts beyond the technical breakdown for that reason. The conclusions he draws are arguably a bit spurious, but the persistent download and opaque opt-out are interesting facets.
Given the controversial nature of AI and the EU's recent antitrust fines of Google, I can see this getting some legal scrutiny - just not under the legislation he cited. I'd be interested to see how next year's Google's DMA compliance report frames it, assuming it's not lumped into a "confidential" redaction (which shouldn't even be allowed in a transparency report...).