Websites Can Now Read Your SSD Activity Through the Browser

A new browser technique called FROST lets websites monitor SSD activity to fingerprint open tabs and running apps with high accuracy. Built on the OPFS API, it achieves over 88% F1 for website detection and 95% for applications on macOS. The side channel requires no user interaction beyond visiting a page and highlights growing risks from advanced web platform features.
Websites Can Now Read Your SSD Activity Through the Browser
Written by Lucas Greene

Researchers have uncovered a browser-based technique that lets websites infer what other tabs a user has open and which applications run on their device. All it takes is some JavaScript and access to a storage feature meant to help web apps feel more native.

The method, called FROST, stands for fingerprinting remotely using OPFS-based SSD timing. It turns subtle timing differences in how a solid-state drive responds to read requests into a reliable signal about user behavior. Ars Technica first reported the findings on May 27, 2026. The underlying research paper appeared just days earlier.

But FROST is no ordinary tracker. It doesn’t rely on cookies, canvas data, or battery levels. Instead it watches the drive itself. Short. Direct. And surprisingly effective.

Lead author Hannes Weissteiner and his colleagues at Graz University of Technology showed the attack works without any code running outside the browser sandbox. No native execution. No user permission beyond visiting the page. They detailed everything in their paper available here.

The core idea builds on earlier work about storage contention. When multiple processes hit the same SSD, each one slows the others down a bit. Those delays create a fingerprint. Previous attacks needed special kernel access or high-resolution timers that browsers restrict. FROST sidesteps those barriers by using the Origin Private File System, or OPFS, a JavaScript API that lets sites create and read files in their own isolated storage area.

Attackers create a very large file. Larger than the system’s available memory. That forces the operating system to pull data from the actual drive on every read instead of serving it from cache. Random reads from different offsets produce latency traces. Those traces vary based on what else is touching the drive at the same moment.

A convolutional neural network then classifies the traces. On macOS systems with an M2 chip, the model identified which of the top 50 websites a user visited in other tabs with an F1 score of 88.95 percent in closed-world tests. Open-world performance across the same set reached a macro-averaged 86.95 percent. Application detection hit 95.83 percent for a set of ten common pre-installed macOS programs.

Numbers like those matter. They show the signal is strong enough for real-world use. The same paper reports a covert channel that can exfiltrate data at 66.163 bits per second on Linux and 89.177 bits per second on macOS. Both figures come from tests that used only browser APIs.

So how does a website know what another site is doing? Or whether a user just opened Keynote or Calculator? The SSD doesn’t distinguish between browser tabs or native apps when they generate disk traffic. It only sees contention. The classifier learns the patterns associated with each target activity during a training phase. Once trained, new measurements map back to those labels.

This approach differs from traditional fingerprinting. Canvas or WebGL methods read hardware quirks that stay mostly constant. FROST reads dynamic system state. It can tell not just what device you have but what you are doing right now. That raises the privacy stakes considerably.

Browser makers added OPFS to support richer web applications. Google, Microsoft, and Adobe all ship productivity tools that run entirely in the browser. Those tools need fast local storage. The feature delivers. Yet the same capability opens a side channel that earlier storage attacks could not reach from pure JavaScript.

The researchers explained the evolution clearly. “Web browsers have evolved from simple document viewers into complex platforms capable of running sophisticated applications.” They continued, “While these features enhance the capabilities of web applications and allow completely novel use cases, they also increase the browser’s attack surface.”

Another quote from the paper drives the point home. “Our results show that direct low-latency filesystem access from the browser can pose a significant threat to a user’s privacy.” And later: “remote side-channel attacks, such as FROST, can be mounted without bypassing any security mechanisms, as they exploit unintentional information leakage from legitimate operations.”

Limitations exist. The OPFS file must sit on the same physical drive as the activity being observed. Separate storage volumes break the signal. Firefox caps per-origin storage at 10 gigabytes, though attackers can work around that by using multiple origins. Users might notice a sudden multi-gigabyte file appear in their browser data directory if they know where to look.

Scale presents another obstacle. A one-gigabyte or larger file per attacking domain would consume noticeable space. Many users would spot it. The attack also needs high-resolution timing, which browsers have tried to restrict. The FROST team enabled precise measurements by serving the page with the proper Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers.

Even so, the technique works on both macOS and Linux. The team demonstrated the full fingerprinting attack on an M2 Mac running Sonoma. On Linux the timing primitive performed similarly, leading Weissteiner to conclude that full classification accuracy should carry over. Windows remains untested.

Defenses are straightforward but imperfect. Close unused tabs. That reduces the number of active processes generating storage traffic. Monitor your browser’s storage directory for large unknown files. Browser vendors could limit maximum OPFS sizes or add noise to timing when large files are in use. The paper suggests several such changes, including explicit user permission for substantial OPFS allocations.

No evidence shows the attack appearing in the wild yet. That offers little comfort. Side channels often move from research to practice once the concept proves viable. Advertising networks already push the boundaries of fingerprinting. State actors or sophisticated trackers could adopt similar methods.

Recent coverage echoes the concern. On the same day the Ars Technica story appeared, security discussions on YouTube and tech forums highlighted the shift from static device fingerprints to live activity monitoring. One analysis noted that FROST succeeds where many cache-based attacks have been patched because it targets a resource the operating system cannot easily virtualize or isolate from the browser.

The broader trend is clear. Each new web platform feature intended to close the gap with native applications creates fresh attack surface. Storage APIs, high-resolution timers, shared array buffers, all have been pressed into service for tracking or exfiltration at one time or another. FROST demonstrates that even disk-level timing, long considered out of browser reach, now sits within grasp.

Users who want immediate protection can adopt habits that minimize exposure. Keep open tabs to a minimum. Use containers or separate browser profiles for sensitive work. Run privacy-focused browsers that disable unnecessary APIs where possible. Yet these steps treat symptoms rather than the root cause.

Real fixes likely rest with standards bodies and browser engineers. They must weigh the utility of low-level storage access against the information it leaks. The paper’s authors argue for careful consideration. “Without careful consideration of the security implications, these features can inadvertently also introduce near-native side-channel leakage, allowing new remote exploits.”

That warning lands at a moment when browsers face pressure from both privacy advocates and advertisers. Regulators tighten rules on cross-site tracking. Ad networks seek new signals to replace third-party cookies. Research like FROST shows the tension will not resolve easily. The hardware beneath the browser continues to offer information that software layers struggle to contain.

For security teams and developers who build web experiences, the message is cautionary. Features that improve performance or capability can carry hidden costs. Measuring those costs before wide deployment has become essential. The alternative is a steady stream of new papers showing yet another way to watch what users do when they think no one is looking.

The DIMVA conference scheduled to present the work in July will likely spark further discussion. Expect questions about whether OPFS needs tighter guardrails or if timing sources require additional jitter when storage APIs are active. Those conversations matter. They will shape what becomes possible, and what stays private, in the next generation of web applications.

Subscribe for Updates

CybersecurityUpdate Newsletter

The CybersecurityUpdate Email Newsletter is your essential source for the latest in cybersecurity news, threat intelligence, and risk management strategies. Perfect for IT security professionals and business leaders focused on protecting their organizations.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us