FROST attack uses browser storage timing to fingerprint open sites and apps

May 28, 2026 at 10:47 AM

•

1 min read

FROST attack uses browser storage timing to fingerprint open sites and apps — Photo: Ars Technica

TL;DR Summary

Researchers describe FROST, a browser-based side-channel that measures SSD access latency via the origin private file system (OPFS) to infer which sites a user has open and which apps are running, enabling cross-site fingerprinting with no user interaction. The attack relies on large OPFS files and reads from the same SSD, limiting scale and making detection likely; mitigations include capping OPFS size or other browser changes. The work was demonstrated on macOS and is slated for presentation at the DIMVA conference.

Topics:technology #fingerprinting #frost #opfs #side-channel #ssd #technology

Share this article

Websites have a new way to spy on visitors: analyzing their SSD activity Ars Technica

Reading Insights

Total Reads

Unique Readers

Time Saved

5 min

vs 6 min read

Condensed

92%

1,077 → 81 words

Want the full story? Read the original article

Read on Ars Technica

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights