Ars Technica: Websites have a new way to spy on visitors: analyzing their SSD activity

> The technique has its limitations. First, the OPFS file must be extremely large—likely a gigabyte or more. Step one: crash the browser for 90% of people. While I do enjoy the validation of blocking JS by default and isolating my browsing the way I do, this also seems like a research-level issue and not a threat vector…for now. From the original paper: > Ultimately, the most effective mitigation would be to enable OPFS only > after explicit user permission, which would significantly harm the usability of > OPFS for legitimate applications and cause disruptions to user workflows. Also seems like something that should be one day covered in browser security settings, right? …right?