Websites can now spy on users via SSD activity

A new technique called FROST (fingerprinting remotely using OPFS-based SSD timing) allows websites to monitor user activity by analyzing subtle interactions with their solid-state drives. This method exploits contention side channels, measuring the timing of SSD input-output operations to infer which other websites and applications are open on a user's device. The attack runs entirely within the browser using JavaScript and the origin private file system, requiring no user interaction beyond visiting the malicious site. While it has limitations, such as requiring a large OPFS file and the target SSD, it presents a novel privacy concern.