Surfing Porn on Your Mac Isn’t as Private as You Think

| News

Surfing porn in Google Chrome's Incognito mode lets you check out all the sex you want without anyone being the wiser, unless you're on a Mac. Evan Andersen found a bug in Chrome that left his fun time activity loaded in his NVIDIA graphics card memory—a bug that NVIDIA claims is actually Apple's fault.

Incognito Web browsing bug could show your online activityIncognito Web browsing bug could show your online activity

Incognito mode is a feature that doesn't log your browser history or keep cached images, both of which are especially handy if you don't want anyone knowing what you're looking at online. Discretion, they say, is the better part of valor.

In Mr. Andersen's case, however, the images he was checking out a few hours earlier popped up on his display when he started to play Diablo III. Instead of seeing the usual splash screen as the game loaded, he saw a jumble of porn shots he checked out prior launching the game.

"So how did this happen? A bug in Nvidia's GPU drivers," Mr. Andersen said. "GPU memory is not erased before giving it to an application. This allows the contents of one application to leak into another."

NVIDIA says it's really Apple's fault and that it's video cards are performing exactly as they should. In a statement to Venture Beat, NVIDIA said it's OS X memory management that's at fault.

A company spokesperson said, "[Our] driver adheres to policies set by the operating system and our driver is working as expected. We have not seen this issue on Windows, where all application-specific data is cleared before memory is released to other applications."

As long as everyone is finger pointing, there's more waggling to be done. Chrome isn't clearing the video card's memory buffer at the end of Incognito sessions, and Diablo isn't flushing it, either. To be fair, an app requesting buffer contents should make sure it's been cleared first. In this case, it's Diablo III's responsibility.

The problem isn't limited to porn and Chrome, and Reddit users are saying the issue may include AMD's video cards, too. Any content stored in NVIDIA's buffer is up for grabs, so to speak, until it's explicitly flushed. That means any content that's stored there from any app could potentially be seen by someone else using your Mac.

Mr. Andersen said he alerted NVIDIA and Google of the bug over a year ago, but it still persists. Apple is aware of it now, but hasn't commented.

Until someone owns up and decides to address the issue, it's up to end users to make sure their sensitive data isn't tucked away in their graphics card. The easiest way to make sure there aren't any surprises tucked away is to reboot your Mac after doing anything sensitive, or maybe just play a little Diablo III.

[Some image elements courtesy Shutterstock]

Popular TMO Stories

Comments

Lee Dronick

I would also be concerned that login at a bank or such place maybe compromised. Is that possble?

Meanwhile here in San Diego a Rear Admiral was fired for using his work computer to view inappropriate images. I tried to link to the story, but the filter here wouldn’t let me.

geoduck

Not that I’d ever surf porn
But this is good to know.
Not that I’d ever surf porn.
But it makes me wonder about other browsers
But you know I wouldn’t surf porn, ever.
And what models of Mac might be at risk.
But I’ve never gone to porn sites.
But how about other Apps, Word page images? Excel page images? Is this a question for Corporate and government security?
But porn? Pass.
And I wonder if hackers can access the video card memory from outside?
Fortunately, porn isn’t something I deal with.

Ref: Queen Gertrude, Hamlet, Act III, Scene II

jdw

I think publishing of articles related to porn are totally inappropriate for this web site.  An alternate type of internet sites could have been used to exemplify the graphics issue.

Any involvement with porn is abusive to women, corrupts one’s mind, and leads to addiction.  I’m very surprised that you would publish an article relating to this deviant behavior.

geoduck

jdw
I see your point and agree with it on one level. Perhaps they might have used a different, or no image. On the other hand, at root this is an article about a computer security issue, which is within the purview of this site. And it’s not like they were trumpeting what sites and the material itself. Actually aside from a couple uses of the word ‘porn’ the article is almost completely about a technical issue regarding the graphics card memory.

jdw

I think publishing of articles related to porn is totally inappropriate for this web site.  Alternate types of internet sites could just as effectively been used to exemplify the graphics issue, such as finance-related sites.

Unless your head is buried in the sand, you ought to know that use of porn is abusive to women, corrupts one’s mind, subverts the sanctity of marriage, destroys families, and leads to addiction.  Do you really want your web site to be involved with this deviant behavior?

geoduck

Unless your head is buried in the sand, you ought to know that use of porn is abusive to women, corrupts one’s mind, subverts the sanctity of marriage, destroys families, and leads to addiction.

I don’t disagree with you. Porn is a problem and is abusive. However there is a difference between mentioning something in relation to another issue (in this case computer security) and promoting. By no stretch of the imagination was TMO promoting porn. Similarly the BBC will mention the atrocities in Syria. They are not promoting or endorsing the behavior.

CudaBoy

Don’t the pundits here kick Google around like the Big Brother data mining monster it is? Why would you use Chrome to begin with?? I’ve found it horribly crashy and obnoxious. I like Firefox and use Blur to anonymize my doings online. Having said that I would never assume that you are at any time 100% safe from being “exposed”.
  Re: jdw’s opinion; it’s just an opinion and not relevant to the thread here. There are millions of people internationally that would disagree with his opinion anyway thus making it even more moot.

Lee Dronick

Is Rodin’s sculpture The Kiss porn?

Lancashire-Witch

Definitely hard porn, Lee

refinery

I have been observing this phenomena for some time now in both OSX and iOS, and not with porn… we’re talking ANY previous content. in one case, it was my bank account which I had logged into several hours prior! You would be a well-timed screenshot away from having someone’s private details.

I believe the culprit is exactly as described - laziness on the part of Apple graphics driver developers. I actually see it more frequently on iOS devices than i do on OSX, likely due to the limited hardware which would have to reuse memory far more often.

now here’s the catch - the reason this is happening, Apple would say is a “feature” - back around 10.7 or so, Apple started using these memory caching features… designed to speed up the re-opening of applications and documents which had been recently closed. basically its just keeping stuff in memory in case you want to re-open it. there were bugs with this in 10.7, i remember having to frequently go into terminal and issue “purge” to get it to clear out idle RAM as it would slowly eat up all the available ram and then push new things into virtual memory… on a machine with 24GB RAM. I would not be surprised to see if this turns out to be this same mechanism at work, and there is some kind of bug in the sequence of events of how it purges memory that is allowing this to happen.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account