Ars Technica: Websites have a new way to spy on visitors: analyzing their SSD activity

Ars Technica – 27 May 26

Websites have a new way to spy on visitors: analyzing their SSD activity

Telltale SSD activity can be measured in the browser using simple JavaScript.

While each file system is sandboxed, meaning it’s isolated from other websites and from the device system itself, the JavaScript can measure the I/O interactions. Then, by running those interactions through a pretrained convolutional neural network—a system that uses deep learning to analyze text, audio, and images—the attacker can deduce various apps and websites open on the device

However:

One of the best ways to prevent FROST attacks is to close tabs as soon as they’re no longer needed. More savvy users can monitor the creation and size of OPFS files allocated by unknown websites. The researchers proposed ways for browser makers to shut down the side channel. One such method is to limit the maximum size such files that are allowed. There are no indications FROST attacks have been performed in the wild.