Chrome's "incognito" mode is a whole lot less incognito than you think.
Over the weekend, a Canadian software engineer named Evan Andersen posted about an unfortunate bug he'd experienced in which some porn imagery leaked from within a Google Chrome "incognito" session—the browser's mildly anonymized setting in which cookies, tabs, and search histories are left unsaved—to a loading screen within the game Diablo III.
Several hours after an incognito porn session, with Andersen assuming his porn trail had been wiped clean, there the porn was, plastered where normally there should have just been a black page.
It probably could have been a lot worse.
The bug, which we covered on Sunday, was traced to Andersen's Nvidia GPU. The hardware had "remembered" the pixels from earlier and they'd remained cached. So, when the game wanted to show the user an empty space, it had inadvertently returned the porn. According to Andersen, he'd reported the bug to both Google and Nvidia. Google told him that it wasn't an actual bug because incognito mode isn't supposed to provide for privacy among users of the same machine, while Nvidia had acknowledged the bug but not fixed it.
Now we know why: The bug, according to Nvidia spokesperson Bryan Del Rizzo, is Apple's. "This issue is related to memory management in the Apple OS, not NVIDIA graphics drivers," Del Rizzo told me. "The NVIDIA driver adheres to policies set by the operating system and our driver is working as expected. We have not seen this issue on Windows, where all application-specific data is cleared before memory is released to other applications."
That's not actually surprising. A device driver is meant to give an operating system access to hardware, not exist as its own microcosmic operating system. It's simply an interface. Memory, whether it's regular system RAM or residing within a GPU, is the operating system's responsibility. Del Rizzo pointed me to a reddit thread about the problem where users with AMD GPUs report the same occurrence. I've since reached out to Apple and will update when I hear back.
By the by, there are other ways of recovering porn data from an incognito session. It's a thin protection. If you were sharing a wireless network with me right now, for example, it would be very easy to spy on your supposedly masked porning activities just by way of some casual packet sniffing. Basically, incognito mode hides your activities from your local computer and that's it. The rest of the world can see what you're surfing pretty easily, including Google, of course, and the porn sites themselves.