Websites Can Now Spy on You Through Your Hard Drive
A new technique called FROST allows websites to track users by measuring interactions with their solid-state drives. This method can identify other websites and applications open on a user's device without any interaction required from the user. Researchers have outlined ways to mitigate this privacy risk, but no real-world attacks have been reported yet.
- ▪FROST stands for fingerprinting remotely using OPFS-based SSD timing.
- ▪The technique exploits a side channel to monitor user activity across different sites and applications.
- ▪FROST requires a large OPFS file and operates solely within the browser using JavaScript.
Opening excerpt (first ~120 words) tap to expand
Dan Goodin, Ars TechnicaSecurityJun 1, 2026 5:30 AMWebsites Can Now Spy on You Through Your Hard DriveThanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript.Photograph: Maria SaifutdinovaCommentLoaderSave StorySave this storyCommentLoaderSave StorySave this storyOver the decades, there has been no shortage of sites using clever techniques to covertly track visitors’ browsing histories, device fingerprints, and keystrokes and mouse movements in real time. Even Meta and Yandex were recently caught joining in the privacy-invasive free-for-all.Now sites have a new way to spy on their visitors: by measuring subtle interactions with their solid-state drives.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at WIRED.
Discussion
0 commentsMore from WIRED
