Websites have a new way to spy on visitors: analyzing their SSD activity

Researchers describe "FROST," a proof-of-concept browser-based side-channel that uses a large Origin-Private File System (OPFS) file and JavaScript to measure SSD access contention; a convolutional neural network trained on these latency traces can fingerprint active applications and websites. The attack was fully demonstrated on an M2 Mac (Linux primitive tested), has practical limitations (requires gigabyte-scale OPFS files on the same SSD, detectable at scale), no reported real-world usage, and the paper recommends mitigations such as limiting OPFS file sizes and closing unused tabs.