I opened my Chrome folder and paused. A 4‑gigabyte file sat where I did not expect one. The name—OptGuideOnDeviceModel—felt like a secret I had accidentally found.
I’ll walk you through what I found, what I tried, and why you should raise an eyebrow. You should know enough to protect your own browser and your own data.
I found a 4‑gigabyte file tucked inside Chrome.
That file—weights.bin—turns out to be Gemini Nano, a tiny language model Google says has lived on devices since 2024. Alexander Hanff, known as That Privacy Guy, first flagged the folder. Google told Gizmodo the model is meant to power local features like scam detection and some developer APIs without sending data to the cloud.
This is the sort of thing that makes people who prefer local AI breathe easier: the model runs on your device rather than offloading everything to a data center. But it also quietly appearing in your profile feels, frankly, like a squirrel stashing acorns where you least expect them.
How did Gemini Nano get onto my computer?
Google’s line: it was bundled in Chrome updates and used for security features and developer APIs. The independent discovery came via GitHub and privacy researchers, and the file shows up inside Chrome’s profile directories. You didn’t have to ask for it, and the installer didn’t pop up a megaphone.
I tried to run it locally and nearly locked my own browser down.
To get it working I had to flip experimental flags and grant unsettling permissions. The site that wraps Gemini Nano into a ChatGPT‑like UI—ChromeAI.org—tracks back to a GitHub user named pipizhu / debugtheworldbot in Shanghai.
I flipped the flags, killed Wi‑Fi, and chatted with the model offline on an Apple M2 laptop with 8 GB of RAM. It felt fast and responsive. It also had no web search, no external chain of reasoning, and an appetite for confident nonsense.
Can I run Gemini Nano locally in Chrome?
Yes—if you enable experimental browser flags and accept permissions. But that path reduces the browser’s default safety and invites an amateur‑grade chatbot into your system. I don’t recommend it for anyone who values a locked‑down machine.
I asked it about Burkina Faso and then about Monkey Island.
The first prompt: “What is the capital of Burkina Faso?” It answered instantly: Ouagadougou. Correct.
Then I asked it to be Jeeves. It switched register into an old‑fashioned valet voice and stuck to it. When I tried to get rid of Jeeves, the model apologised—in Jeeves voice—three times before relenting. Then I asked about an obscure puzzle in the Monkey Island series and got a confident, wrong answer delivered in theatrical tones.
It insisted the keyhole was in the monkey’s cheek pouch and that the key looked like a coconut. The truth: the key goes in the monkey’s ear and looks like a Q‑Tip. The model lied with flourish, like a cheap stage actor wearing a tuxedo.
Is Gemini Nano private and safe to use?
Google says the model’s purpose is internal features and developer tools, not a consumer chatbot. Running models on your device reduces exposure to cloud leakage, but silent installs and the ability for third‑party UIs to wire into those files raise practical and trust questions. Communities on Reddit (LocalLLaMA) trade tips for local models precisely because they want fewer servers touching their data—yet local doesn’t mean harmless.
I asked for a list of presidents and it invented a man named John F. Lincoln.
I asked Gemini Nano to order U.S. presidents by age at inauguration. Instead the model produced a scrambled list and invented a “John F. Lincoln.” When I pressed it, the model doubled down and repeated the fiction.
Compare sizes: GPT‑3 once needed roughly 350 GB of storage. Gemini Nano fits into 4 GB and still manages to answer many prompts correctly—when it doesn’t decide to invent history. That trade‑off is impressive in engineering terms and risky in usage terms.
My last test was a simple challenge, and the model failed it badly.
I asked for accuracy, and instead I got confident fiction. That’s a pattern across small, on‑device LLMs: speed and privacy at the expense of reliability. Google explicitly told Gizmodo it does not want people treating Gemini Nano as a general chatbot; it’s meant to power internal protections and APIs.
If you care about truth and control, here’s the practical read: treat on‑device models as tools with limits, and be wary when third‑party sites try to coax them into full chat duties. Communities on GitHub and Reddit are making clever things with these files—some safe, some not—but clever doesn’t mean harmless.
So where does that leave you? Do you want the convenience of local intelligence in Chrome, or the quiet knowledge that your browser hasn’t secretly gained a talkative roommate?