Two take-homes: 1) don't use 3D acceleration in VMs 2) always power cycle after Tails Edit: 3) don't use the host or other VMs for "true-name" stuff
I had a look at coding GPUs for confidential information, and realised: Noooooo. They have no concept of memory protection or processes not interfering with each other. So, consequently, anything in the GPU memory is potentially available for anything that wants it. The more direct access the VM has to the card (necessary for performance reasons), the easier it is to get this.
Thanks for your reporting. For me good enough reason to disable GPU acceleration in browsers and plugin too. I've been disabled it for fairly a time and see no performance down.
Hmm. Might full emulation be any better? A lot of things run decently in Qemu, without hardware acceleration; given enough RAM and a fast enough CPU on the host. GMail would be slow as all heck to browse from Qemu, though. Edit: also Qemu doesn't have any kind of switch for the amount of virtual VRAM, last I checked. Modern OSes need a LOT of VRAM.
