Websites Can Now Spy on You Through Your Hard Drive

A new browser-based tracking technique called FROST (fingerprinting remotely using OPFS-based SSD timing) lets websites spy on visitors by measuring subtle interactions with their solid-state drives. The technique exploits a contention side channel that measures timing of I/O operations as processes compete for SSD resources. Researchers demonstrated that FROST can monitor which other sites a visitor is viewing and what apps are open on their device. The attack works through the browser's Origin Private File System (OPFS) API without requiring any special permissions. This side-channel attack joins a long history of covert tracking techniques including browsing history sniffing, device fingerprinting, and real-time keystroke monitoring.