Gamer blames Nvidia GPU driver bug for showing porn viewed via Chrome incognito mode

Imagine launching a game on your PC and the black loading screen instead shows the porn you had been viewing hours ago via Google’s incognito browser mode. That’s exactly what happened to Evan Andersen, according to his blog post detailing how an Nvidia GPU driver bug breaks Chrome incognito.

Andersen said the porn he’d viewed hours previously had been “perfectly preserved” and was “splashed on the screen” while Diablo III was loading. He added:

So how did this happen? A bug in Nvidia’s GPU drivers. GPU memory is not erased before giving it to an application. This allows the contents of one application to leak into another. When the Chrome incognito window was closed, it’s framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of its own, Nvidia offered up the one previously used by Chrome. Since it wasn’t erased, it still contained the previous contents. Since Diablo doesn’t clear the buffer itself (as it should), the old incognito window was put on the screen again.

In the interest of reproducing the bug, I wrote a program to scan GPU memory for non-zero pixels. It was able to reproduce a Reddit page I had closed on another user account a few minutes ago, pixel perfect.

The issue is not even new to Andersen, as he reported the “incognito mode exposed my porn to a family member” bug to Google in 2015; he also previously submitted this bug to Nvidia. Yet here we are in 2016 and Nvidia has reportedly done nothing more than acknowledge the problem, while Google marked the bug as “won’t fix.” Ironically, Andersen noted that Google won’t fix it because incognito mode is “not designed to protect you against other users on the same computer (despite nearly everyone using it for that exact purpose.)”

Some say the fault sits on Google’s shoulders for not flushing buffers from the incognito processes. Others put the blame on Nvidia, but all operating systems and GPUs are reportedly affected.

One of the reasons for this privacy problem might be benchmarks in the cutthroat world of “fastest” GPUs. Andersen believes it’s an “easy bug to fix,” but Nvidia’s drivers are “gigantic” and reportedly have “1 to 2 million lines of code dealing with hardware abstraction layers, plus another million per API supported.”

Although Google claims that you can “browse in private with incognito mode,” incognito mode does not mean your privacy is guaranteed. While you might know this, not everyone does, as is apparent in comments every time there is some news about incognito not actually being private. After opening an incognito browsing window, Google says it won’t save your browsing search history or store cookies once you’ve close all incognito tabs.

According to Google’s Chromium “security and privacy guarantees of incognito mode” FAQ, “Incognito windows will be able to access some previously-stored state, such as browsing history.” The “incognito guarantee” is even weaker in iOS than it is for Windows or Linux.

Despite Alphabet Inc. (formerly Google) executive chairman Eric Schmidt’s assurances that incognito mode can protect users from government surveillance, it can’t stop the government from spying on you. Before the incognito redesign, Google used to jokingly warn incognito mode users to still be wary of “surveillance by secret agents” and shoulder surfers.

As DuckDuckGo points out in its private browsing myths, you can still be tracked when using an incognito window and advertisers can still build profiles based on your browsing habits; your ISP can still see what you’re viewing; it’s not an invisibility cloak to keep your porn surfing a secret from your employer; your searches can still be recorded and potentially requested by G-men. In a nutshell, your “private” browsing is far from private.

So what is Chrome’s incognito browsing mode good for?

While most folks might equate using an incognito window with browsing porn, if you’ve cleared your browsing history, then you might get more unbiased search results when using incognito. USA Today suggests using incognito browsing mode as a travel hack for finding the best hotel or airfare deals, but “don’t forget to clear your cache” first as cookies tracking your browsing habits can sometimes result in higher prices.

If you let a friend use your PC to check social media, their email, or basically anything else, and you don’t want to log out first and have them use a Windows guest user account, then consider first going to Chrome settings>People>Add person for guest browsing. Unlike incognito mode, browsing in “guest mode” means you can’t see another user’s history, bookmarks, passwords, or autofill data. That might mean if they fire up a game on your PC then they won’t see any porn you were previously checking out in a different incognito window. Then again, it might not.