Websites have a new way to spy on visitors: Analyzing their SSD activity - Ars Technica

Skip to content

Ars Technica home

Sections

Forum

Subscribe

Search

AI

Biz & IT

Cars

Culture

Gaming

Health

Policy

Science

Security

Space

Tech

Feature

Reviews

AI

Biz & IT

Cars

Culture

Gaming

Health

Policy

Science

Security

Space

Tech

Forum

Subscribe

Story text

Size

Small
Standard
Large

Width
*

Standard
Wide

Links

Standard
Orange

* Subscribers only
  Learn more

Pin to story

Theme

HyperLight

Day & Night

Dark

System

Search

Sign In

ADVANCES IN SNOOPING

Websites have a new way to spy on visitors: Analyzing their SSD activity

Telltale SSD activity can be measured in the browser using simple JavaScript.

Dan Goodin

–

May 27, 2026 4:56 pm

|

140

Credit:

Getty Images

Credit:

Getty Images

Text
settings

Story text

Size

Small
Standard
Large

Width
*

Standard
Wide

Links

Standard
Orange

* Subscribers only
  Learn more

Minimize to nav

Over the decades, there has been no shortage of sites using clever techniques to covertly track visitors’ browsing histories, device fingerprints, and keystrokes and mouse movements in real time. Even Meta and Yandex were recently caught joining in the privacy-invasive free-for-all.
Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices.
A side channel based on contention
The technique, laid out in a research paper, exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data.
The attack that FROST uses is known as a contention side channel, which measures the interaction of various processes all using (or competing for) a given resource. By measuring the timing of certain I/O (input-output) operations of the SSD a visitor is using, the researchers were able to determine the websites open in other tabs—even on other browsers—and the apps that were open on the visitor’s device. FROST requires no interaction from the visitor other than opening the site hosting the attack.
“Web browsers have evolved from simple document viewers into complex platforms capable of running sophisticated applications,” the paper authors wrote. “Companies like Google, Microsoft, and Adobe have developed full-fledged office suites, photo- and video editors, or even integrated development environments (IDEs) that run entirely within the browser.” The authors went on to note: “While these features enhance the capabilities of web applications and allow completely novel use cases, they also increase the browser’s attack surface, and some have already been shown to introduce new vulnerabilities.”
Unlike previous contention side-channel attacks on SSDs, FROST runs exclusively in the browser. It uses JavaScript that interacts with the OPFS (origin private file system), an allocated storage space that’s reserved for a specific site to run code needed to complete a given task. Websites can create one with no interaction required by the visitor.

While each file system is sandboxed, meaning it’s isolated from other websites and from the device system itself, the JavaScript can measure the I/O interactions. Then, by running those interactions through a pretrained convolutional neural network—a system that uses deep learning to analyze text, audio, and images—the attacker can deduce various apps and websites open on the device.
“The attacker continuously measures SSD contention by performing random reads from a large OPFS file,” the researchers explained. “SSD contention caused by user activity causes measurable latency differences for these read operations. By training a convolutional neural network (CNN) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model.”
The technique has its limitations. First, the OPFS file must be extremely large—likely a gigabyte or more. That requirement means that attacks at scale would inevitably be detected by many users. Additionally, the OPFS file must be stored on the same SSD the visitor is using. This isn’t usually a problem for tracking open websites, since the OPFS file is stored in the browser’s default location. In the event apps are using a separate SSD drive for apps, those apps couldn’t be detected by FROST.
One of the best ways to prevent FROST attacks is to close tabs as soon as they’re no longer needed. More savvy users can monitor the creation and size of OPFS files allocated by unknown websites. The researchers proposed ways for browser makers to shut down the side channel. One such method is to limit the maximum size of such files that are allowed. There are no indications FROST attacks have been performed in the wild.
The researchers performed the full Frost attack on an M2 Mac. On Linux, they showed that the underlying primitive (measuring SSD access latency traces from JavaScript) works, but didn’t run the full attack.
“However, since the performance of the primitive is similar between macOS and Linux, we expect similar performance for the full classification,” Hannes Weissteiner, one of the co-authors, wrote in an email. “In principle, it would be possible to train a model on any system activity that reliably generates SSD accesses.”
The researchers did not test Windows.
The paper linked above provides many more technical details. The research is scheduled to be presented at the DIMVA conference in July.

Dan Goodin

Senior Security Editor

Dan Goodin

Senior Security Editor

Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.

140 Comments

Comments

Forum view

Loading comments...

Prev story

Next story

Most Read

1.
Here's why the failure of Blue Origin's New Glenn rocket is so catastrophic

2.
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

3.
Rocket Report: A dark day for Blue Origin; Pentagon eyes new launch site

4.
Proposed new US funding rules: We can cancel any grant at any time

5.
Steam Deck sells out in North America within 24 hours of price hike

Customize

Ars Technica has been separating the signal from
the noise for over 25 years. With our unique combination of
technical savvy and wide-ranging interest in the technological arts
and sciences, Ars is the trusted source in a sea of information. After
all, you don’t need to know everything, only what’s important.

More
from Ars

About Us
Staff Directory
Ars Newsletters
General FAQ
Posting Guidelines
AI Policy
RSS Feeds

Contact
Contact us
Advertise with us
Reprints

Manage Preferences

© 2026 Condé Nast. All rights reserved. Use of and/or
registration on any portion of this site constitutes acceptance of our User Agreement and
Privacy Policy and
Cookie Statement and Ars
Technica Addendum and Your
California Privacy Rights. Ars Technica may earn compensation on
sales from links on this site. Read our
affiliate link policy. The material on this site may not be
reproduced, distributed, transmitted, cached or otherwise used, except
with the prior written permission of Condé Nast. Ad
Choices

Websites are developing a novel method to monitor visitors by analyzing the activity occurring on their solid-state drives. This technique, termed FROST, stands as a way to remotely fingerprint visitor activity by measuring subtle interactions with the SSD. The method exploits a side channel, specifically a contention side channel, which arises from the physical manifestations, such as the time required to complete an input-output operation, when various processes compete for access to a shared resource, like an SSD. By measuring these differences in input-output operation timings resulting from user activity, attackers can infer sensitive information, including which websites are open across different browser tabs and which applications are running on the host device.

The research posits that the evolution of web browsers into complex platforms capable of running sophisticated applications, such as integrated development environments or office suites, increases the browser’s attack surface. This environment allows the technique to be implemented directly within the browser using JavaScript that interacts with the OPFS, or origin private file system, a storage space reserved for code execution related to specific tasks. Although file systems are generally sandboxed, the JavaScript can measure the resulting input-output interactions. To translate these physical measurements into usable data, the researchers employ a pre-trained convolutional neural network, a deep learning system, to analyze the traces of SSD contention. The network classifies these traces to fingerprint the user's activity on the host system.

The process involves the attacker continuously measuring SSD contention by performing random reads from a large OPFS file, leveraging the latency differences caused by user activity. The resulting timing traces are then fed into the convolutional neural network, which is trained to classify new traces, thereby creating a fingerprint of the user’s activity. The system requires no direct interaction from the visitor beyond simply opening the site hosting the attack.

The limitations and practical considerations of the FROST technique must be addressed. The method requires the OPFS file to be extremely large, likely gigabytes in size, which poses a risk of detection by numerous users. Furthermore, the OPFS file must reside on the same SSD the visitor is using; consequently, the technique may not detect applications running on separate SSD drives. One effective mitigation strategy suggested by the researchers is for users to close browser tabs immediately when they are no longer needed, and for developers to limit the maximum size of OPFS files allocated by unknown websites. The researchers have demonstrated the underlying primitive works on Linux, though the full attack was performed on an M2 Mac. The authors anticipate similar performance metrics between macOS and Linux due to the similarity in the underlying performance of the primitive, and they suggest that in principle, a model could be trained on any system activity reliably generating SSD accesses. The research is ongoing, with further testing planned.