Marcus M. 滅拉 マルクス🐧May 5
Tito Swineflu

Holy shit. I only use chrome when I have to for work, and these assholes...

https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/

May 5 at 2:08pmWeb
Show threadJ$May 5

@tito_swineflu cat /dev/null >! weights.bin; sudo chown 0:0 weights.bin

… if the best option is somehow not an option.

Show threadTito SwinefluMay 5
@js yeah, sure. Anyone can nuke it, it's infuriating that it's there at all.
Show threadJ$May 5
@tito_swineflu well, giving abusers free reign and not expecting abuse, would’t that be a tad naive?
Show threadBobo_PK 🦄May 5
@js @tito_swineflu From what I have read it redownloads every time
Show threadTito SwinefluMay 5
@Bobo_PK @js I piped /dev/null into the file and so far it hasn't come back.
Show threadBobo_PK 🦄May 5
@tito_swineflu @js kill it with fire :-D
Show threadJ$May 5
@tito_swineflu @Bobo_PK As in, you still kept Chrome on there?
Show threadTito SwinefluMay 5
@js @Bobo_PK I have to use chrome to log in to work. Vivaldi won't work, firefox (ugh) won't work.
Show threadOriel Jutty May 5
@js @tito_swineflu perhaps even chattr +i
Show threadBeccaMay 5

@barubary ah the nuclear option

i love this one

@js @tito_swineflu

Show threadIris Young (he/they/she) (PhD)May 5
@tito_swineflu ughhh have you figured out a way to get rid of it without it automatically coming back?
Show threadMx. Luna Corbden 🐸May 5

@iris @tito_swineflu I'll have to check if my Vivaldi is affected.

If I had this issue, I'd try creating an empty weights.bin file and then locking down the permissions.

Show threaddbMay 5

@corbden @iris @tito_swineflu

FWIW, my instance of Vivaldi (7.9.3970.60 (Official Build) (64-bit)) on AVLinux (AVL_MXe-25_x64 Ease November 27 2025 base: Debian GNU/Linux 13 (trixie)) does not include that enormous file (yet?). There's something similar in the config as shown. I don't know what it is, but it's much smaller and differently named.

Show threadMx. Luna Corbden 🐸May 5

@odjbo @iris @tito_swineflu I do know Vivaldi takes intentional steps to remove chromium's spyware, so this tracks, but you never know. Thanks for checking.

The other file you found looks legit. It's only 7MB.

Show threadTito SwinefluMay 5
@corbden @odjbo @iris I use vivaldi most of the time. It doesn't have this file.
Show threadferricoxideMay 6

@corbden @iris @tito_swineflu

For UNIX/Linux environments, something like:

1. Stop Chrome
2. Execute:

sudo -i SUDO_HOME="$( eval echo "~${SUDO_USER}" )" for TARG in $( find ${SUDO_HOME} -name weights.bin 2> /dev/null ); do rm "${TARG}" install -bDm 0600 -o root -g root /dev/null "${TARG}" done Ought to work?

Notes:
* If you use multiple profiles and suspect you might have more than one such file, that should take care of them all
* Depending on your sudo version, explicitly setting SUDO_HOME might be unnecessary

Show threadTito SwinefluMay 6
@ferricoxide @corbden @iris i just piped /dev/null into the file. It wasn't rewritten upon restarting chrome.
Show threadferricoxideMay 6
@tito_swineflu @corbden @iris Other threads have indicated that nuking or corrupting the file results in re-creation. I was trying to prevent re-creation. :)
Show threadTito SwinefluMay 6
@ferricoxide @corbden @iris i think that's for deleting it. I don't think chrome validates the file beyond its existence
Show threadTito SwinefluMay 5
@iris yeah. I just piped /dev/null into it and so far it hasn't come back, even without locking down the permissions. It may come back though, google is sneaky.
Show threadSimon BMay 5
@iris @tito_swineflu searched for Gemini in the Chrome config vars interface and disabled every one
Show threadTito SwinefluMay 5
@foobarry @iris I'm not certain this will remove the file. Did it remove the file after you did that?
Show threadSimon BMay 6
@tito_swineflu @iris not proactively remove it but should stop it appearing?
Show threadkamstrupMay 5
@tito_swineflu even more beautiful how it is installed for every user, on the same machine, as well 💩
Show threadKurt NelsonMay 5
@kamstrup @tito_swineflu looks like at least not per profile, but per version for funsies!
Show threadAllpointsMay 5

@tito_swineflu
I only use chrome when absolutely necessary. This is in my bashrc. In launches when I need it then wipes all traces from my account when I'm done.

#Google #Chrome

function _chrome {
/opt/google/chrome/chrome --no-first-run >& /dev/null &
wait $!
rm -rf ${HOME}/.config/google-chrome ${HOME}/.cache/fontconfig ${HOME}/.cache/google-chrome ${HOME}/.cache/mesa_shader_cache
}
alias chrome='_chrome &'

Show threadTito SwinefluMay 5
@allpoints Unfortunately, it's the only browser I can use for work. Not even other chromium-based browsers. Removing all traces between runs would be more hassle than it's worth.
Show threadAllpointsMay 5

@tito_swineflu Fair. I was mostly just sharing that for the thread.

FWIW, I also have a setup where the browser runs in another account and shared camera and mic for video calls etc. At least that limits the blast radius to the alternate account.

Regardless, we shouldn't have to play these games to defend ourselves against the tools we're forced to use.

Show threadNumber6 May 5

@tito_swineflu

Does this happen with chromium and other chrome-based browsers?

Show threadfdrMay 5
@tito_swineflu filename matches, it weigh(t)s and should go into the bin.
Show threadPaul - Antifa. LGBTQ+ safe.May 6

@tito_swineflu Holy crap. Even on linux machines.

Glad I use Vivaldi. Sorry you have to use the chrome thing for work...

Show threadScorpionMay 6
@tito_swineflu Lol, that's what they do
Show threadferricoxideMay 6
@tito_swineflu

Yeah. And, I dunno about you, but I use multiple profiles to keep different browsing-contexts wholly separate from others. So…

Fortunately, for the last year, the only time I use #Chrome is when I need to run #AWS's #FleetManager (it's basically unusable under #Firefox). So, only the one profile has the file, currently.