Privacy News Websites have a new way to spy on visitors: analyzing their SSD activity

[Parkinsond]

Content source

https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/

Over the decades, there has been no shortage of sites using clever techniques to covertly track visitors’ browsing histories, device fingerprints, and log keystrokes and mouse movements in real time. Even Meta and Yandex were recently caught joining in the privacy-invasive free-for-all.

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices.

Websites have a new way to spy on visitors: analyzing their SSD activity

Telltale SSD activity can be measured in the browser using simple JavaScript.

arstechnica.com

 

[Marko :)]

JavaScript should be discontinued just like Java Runtime Environment and Flash Player were.

 

[Zero Knowledge]

JavaScript should be discontinued just like Java Runtime Environment and Flash Player were.

Yeah but the world runs on JS and it's various/similar languages and packages. There is no point for extensions like NoScript on the open web anymore, breaks everything.

 

[Parkinsond]

JavaScript should be discontinued just like Java Runtime Environment and Flash Player were.

Most websites fail to load properly with JS disabled.

 

[Zero Knowledge]

Most websites fail to load properly with JS disabled.

Exactly. Useless on everything except for forums and even then who knows.

 

[Marko :)]

Yeah but the world runs on JS and it's various/similar languages and packages. There is no point for extensions like NoScript on the open web anymore, breaks everything.

Most websites fail to load properly with JS disabled.

Exactly. Useless on everything except for forums and even then who knows.

Entire world was dependent on the Flash Player, Java Runtime Environment, Silverlight at some point. You would load a website and without one of these, chances are nothing was working. Remember when entire websites were created in Flash Player (.swf file)?

I'm not saying we should suddenly discontinue and block JavaScript. I'm saying we should give a timeline until it's discontinued from the web browsers. Again, same happened with Flash. On July 25, 2017, Adobe announced Flash is getting axed by the end of 2020 and it was officially blocked by January 12, 2021. By 2022 we were all like "Flash who?!". Everyone forgot about it.

 

[Trident]

Exactly. Useless on everything except for forums and even then who knows.

Even for forums the website will be useless. You won’t even be able to post or log-in. Any authentication flow and anything that requires DOM manipulation (with most websites now built as single page app) will not work at all.
Everything will be read only and even certain information (like dates calculation and so on) will be messed up.

Disabling JavaScript is a very forceful methodic with very little security value, your security should not be rendering content useless.

Modern browsers already apply heavy restrictions to what JavaScript can do.

 

[HarborFront]

Need another extension to block FROST now

 

[Gandalf_The_Grey]

Howto defrost your browser

 

[Zero Knowledge]

When in doubt furious guy punching laptop GIF

Furious Guy Punching Laptop GIF | GIFDB.com

Click to view Furious Guy Punching Laptop GIF

media.gifdb.com

Need to move all A.I. data centers to ICELAND & use the cold to cool them