Over the decades, websites have developed increasingly sophisticated methods of tracking user activity. Now, researchers have unveiled FROST (fingerprinting remotely using OPFS-based SSD timing), which allows them to monitor other sites visited and apps running on your device simply by measuring interactions with your solid-state drive.

This technique exploits a 'contention side channel,' where the timing of certain input-output operations on the SSD can reveal information about open tabs, even those in different browsers. The attacker needs only to visit a compromised site and can use machine learning to classify user activity based on these timings.

While FROST has some limitations—such as needing an extremely large OPFS file stored on the same SSD—it poses significant privacy concerns for users relying on web applications that run complex software. The best defense is simply closing tabs when not in use, but savvy users can also monitor unknown website allocations and size.

Given FROST’s reliance on JavaScript interacting with your device, browser developers might implement safeguards to limit its effectiveness, such as restricting the size of OPFS files or enhancing sandboxing measures. However, as technology evolves, so do potential privacy invasions, leaving us all in a constant game of cat and mouse.