Your Porn Habits Are Being Leaked by Chrome’s Incognito Mode

Posted on the 16 January 2016 by Tftb @TFTB

We all know what Google Chrome's Incognito mode is. Everyone uses it differently and honestly most use it to watch porn.
In incognito mode, Chrome promises not to save any history. As soon as you close the incognito session, poof... all the history is gone and nothing is saved to be brought back again.

But for one University of Toronto Student this wasn't the case. For Evan Anderson, not only was the history saved but the porn website popped up in some other application after one hour of the said chrome session being shut off.

In his blog post Evan Anderson said, "When I launched Diablo III, I didn't expect the pornography I had been looking at hours previously to be splashed on the screen. But that's exactly what replaced the black loading screen. Like a scene from hollywood, the game temporarily froze as it launched, preventing any attempt to clear the screen. The game unfroze just before clearing the screen, and I was able to grab a screenshot"

How is that even possible? Is that going to happen to you? Most likely not but there is a high chance it could.
Evan Anderson was not only able to understand the bug which leaked his incognito mode's browsing history but was also able to replicate it which he submitted as a bug report to concerned authorities.

The cause of leak as concluded by Evan Anderson were the Nvidia GPU drivers. Chrome like any other browser uses hardware acceleration which means the Nvidia CPU plays a role when it comes to loading video content or any media content to ease the pressure on processor and memory. Whatever is stored in the GPU memory should be erased as soon as the application is closed, but GPU memory wasn't erased and so the contents of Chrome's Incognito mode were leaked to Diablo III in this case.

If this sounds like a small problem, Evan Anderson paints a clear picture for you. This bug breaks the operating system's user boundaries by allowing non-root users to spy on each other on the same computer.
And since this can evidently happen by accident it would be a big threat to user's privacy.

Anderson even submitted this bug to Nvidia and Google Chrome two years ago, both parties acknowledged the bug. As of January 2016, Nvidia has not fixed this bug. And Google's chrome team has marked this bug as won't fix with the reason being, Incognito mode is not designed to protect you against other users on same computers.

But there lies a bigger problem, even though Anderson has laid down the problem with Nvidia GPU drivers and a possible solution for them. Nvidia says it isn't their fault at all. Nvidia believe it is a problem with Apple's operating systems.

According to Nvidia, "This issue is related to memory management in the Apple OS, not NVIDIA graphics drivers. The NVIDIA driver adheres to policies set by the operating system and our driver is working as expected. We have not seen this issue on Windows, where all application-specific data is cleared before memory is released to other applications."

And this could possibly be the real reason. This might be a problem with how Apple's OS X handles GPU memory.
After being reported many users on reddit have come forward saying they have experienced this with AMD GPUs. And all of them are Apple OS users. A user on reddit even explained why this won't be with Windows. In Windows OS, graphics memory is virtualized on Windows/DirectX and the system guarantees that GPU memory is zero'd before it is committed to your process.So from the surface it seems this could not be the GPU drivers' problem at all.

Chrome and Apple has to patch this bug before it raises alarms. As many OS X users have already reported this bug to Apple, there possible could be a patch to fix it from Apple's side. But the same cannot be said for Chrome as Google has washed their hands off this case stating it won't be concerned protecting users on their own computer. They would only interfere if the incognito mode data is being leaked off the computer somehow. That begs the question, isn't incognito mode supposed to not leave any traces behind?

So far only Nvidia has publicly spoken about this with their explanation as why this happens only on OS X and not with Windows. So for now OS X users need to be extra cautious while this gets completely fixed.

Source : Evan Anderson via Express