Websites have a new way to spy on visitors: analyzing their SSD activity
Websites have developed a new method to track visitors by analyzing their solid-state drive (SSD) activity. This technique, known as FROST, allows sites to monitor other open tabs and applications on a user's device without any interaction required from the visitor. While it has limitations, researchers suggest that browser makers implement measures to mitigate this privacy risk.
- ▪FROST stands for fingerprinting remotely using OPFS-based SSD timing.
- ▪The technique exploits a side channel to measure I/O operations of the SSD.
- ▪It can determine what websites and apps are open on a visitor's device.
- ▪FROST runs exclusively in the browser using JavaScript.
- ▪To prevent FROST attacks, users are advised to close unnecessary tabs.
Opening excerpt (first ~120 words) tap to expand
ADVANCES IN SNOOPING Websites have a new way to spy on visitors: analyzing their SSD activity Telltale SSD activity can be measured in the browser using simple JavaScript. Dan Goodin – May 27, 2026 4:56 pm | 3 Credit: Getty Images Credit: Getty Images Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Learn more Minimize to nav Over the decades, there has been no shortage of sites using clever techniques to covertly track visitors’ browsing histories, device fingerprints, and log keystrokes and mouse movements in real time. Even Meta and Yandex were recently caught joining in the privacy-invasive free-for-all. Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Ars Technica.
Discussion
0 commentsMore from Ars Technica
