Slashdot Mirror
Nvidia GPUs Can Leak Data From Google Chrome's Incognito Mode (softpedia.com)
An anonymous reader writes: Nvidia GPUs don't clear out memory that was previously allocated, and neither does Chrome before releasing memory back to the shared memory pool. When a user recently fired up Diablo 3 several hours after closing an Incognito Mode window that contained pornography, the game launched with snapshots of the last "private" browsing session appearing on the screen — revealing his prior activities. He says, "It's a fairly easy bug to fix. A patch to the GPU drivers could ensure that buffers are always erased before giving them to the application. It's what an operating system does with the CPU RAM, and it makes sense to use the same rules with a GPU. Additionally, Google Chrome could erase their GPU resources before quitting."
Are you sure this isn't God judging your evil deeds?
/duck
/run
> Google Chrome could erase their GPU resources before quitting.
Why blank it when you can write a gaming ad to the buffer instead? #incentives
Why write a gaming ad when you can write a Radeon ad instead? #alsoincentives
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
The AMD Open Source Driver on Linux do the same thing. It's not really a new or spectacular bug, graphics cards and drivers have done that stuff for quite a long while. Once there was also a fun bug that would make large texts in Firefox 'bleed' into the desktop background image, so it wasn't just showing old content, but actively manipulating content of another application.
The performance hit is real - and without custom silicon it's quite expensive. This bit me on the ass recently on a GPGPU project I was working because the amount of time taken to clear the buffer before use was about 10x the amount of time to actually do the computation.
You mean using a graphics processing unit to process graphics? What level of weapons grade bullshit is this?
Thirty four characters live here.
There is value in using that mode for porn (although your IP address is still exposed, and it's unclear that anyone is going to understand why you were at LustyHotBabes.com for any non auto-erotic pursuits). But it is also incredibly useful for the times you want to visit a site that caches credentials locally or otherwise relies on client-side tracking, but you don't want that behavior. I do not like to leave data for gmail, facebook, linked-in etc. on my work machine, for example, I don't own it and IT can seize it at any time.
I use "incognito mode" all the time. Anytime I see some interesting link on Facebook, I always open it in incognito mode. Just one more level of protection against associating the link with my account or leaving behind unwanted trash.
I also find it very useful for news sites that let you have a certain number of articles free before throwing up a paywall. Using incognito mode resets the counter back to zero.
Use it to browse sites that need cookies to work, but then use them to fix or mess with prices against you. Like airline sites and travel search engines that will sometimes raise prices if you search from a browser with the same cookies.
Use it to follow links you don't want messing with other tracked histories. You see an article on weird stuff for sale but don't want Amazon or other sites suggesting related stuff every time you visit in the future?
Having trouble with sites that stupidly use cookies to track login attempts, either because you don't quite remember your password or because of connection problems requiring you to login too frequently? Or similarly to visit sites that try to only work a certain number of times before requiring a fee, but also restrict their tracking of visit count to cookies.
It is basically an easy way to pre-emptively stop cookies from remembering things for a particular session, instead of having to clean-up things afterwards.
it's unclear that anyone is going to understand why you were at LustyHotBabes.com for any non auto-erotic pursuits
I'm sure they read it for the articles. You know, unlike Slashdot where nobody reads the articles.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
The GPU memory is not handled by the OS, it runs on a separate piece of hardware, a full computer system if you allow, that does not run an OS by itself.
The NUMA API for using nVidia cards for GPGPU operations is quite simple and straightforward; when requesting memory, it allocates a chunk; when releasing it, it's just marked as "not yours anymore". Due to the massive parallel programming model, there is even some *value* in not clearing it, as for algorithmic iterations sometimes you can save the cost of populating and freeing memory blocks if you know you will get the same pieces of RAM (or if it does not really matter, and each algorithmic pass can work exclusively on a given set of data until a certain point has reached — think i.e. symmetric encryption schemes).
Due to every time more intelligent C compilers (and of course higher level constructs) we have got used to memory being zeroed out on assignation, but no AFAICT no standard mandates that. I would place the burden of cleaning the memory on the *initialization* of the new application. After all, be it pr0n or just random flipped bits, Diablo looks bad by starting with the display of digital noise.
I don't think it should be *too much* of a concern for Chrome cleaning up before closing a tab. Yes, there is a certain thing about it being "incognito mode" that should be honored, and –as a special case– it *should* ensure to clean up its act. But the main fault I'd say is at Diablo.