Digital Event Horizon
New Attack on Privacy: FROST Technique Allows Sites to Spy on Visitors' Browsing History
Websites have discovered a new way to secretly monitor visitors' browsing history, device fingerprints, and keystroke patterns in real-time. The FROST technique leverages the unique characteristics of solid-state drives to gather sensitive information without user consent. Learn more about this sophisticated attack method and how it can be mitigated.
FROST (fingerprinting remotely using OPFS-based SSD timing) is a new technique that enables secret monitoring of website visitors' browsing history, device fingerprints, and keystroke patterns. The attack method leverages the unique characteristics of solid-state drives to gather sensitive information without user knowledge or consent. The FROST technique exploits side channels, including contention side channel, to measure interactions between processes and SSDs, allowing attackers to decrypt encrypted traffic and infer confidential data. Effective in scenarios with multiple tabs open or applications running on the device, but has limitations due to large OPFS file size requirement. To mitigate risks, browser makers can limit OPFS file sizes, and users can close unnecessary tabs and monitor suspicious files.
In a disturbing revelation, researchers have uncovered a new technique known as FROST that enables websites to secretly monitor visitors' browsing history, device fingerprints, and keystroke patterns in real-time. This sophisticated attack method, which stands for "fingerprinting remotely using OPFS-based SSD timing," leverages the unique characteristics of solid-state drives (SSDs) to gather sensitive information about users without their knowledge or consent.
The FROST technique exploits a side channel, a form of leak that results from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring these side channels, attackers can decrypt encrypted traffic and infer confidential data, including which websites are currently open in a user's browser and what applications are running on their device.
The attack relies on the contention side channel, which measures the interaction of various processes competing for access to a shared resource. In this case, the researchers used JavaScript that interacts with the OPFS (origin private file system), an allocated storage space reserved for specific websites to run code needed to complete tasks. This approach allows the attacker to measure the I/O interactions between the SSD and the website's operating system without requiring any interaction from the user.
The FROST technique has been demonstrated to be effective in several scenarios, including when a user visits multiple tabs simultaneously or opens applications on their device. By analyzing the timing of certain I/O operations performed by the SSD, the attackers can infer which websites are currently open and what apps are running on the device.
However, there are limitations to this technique. The OPFS file must be extremely large, likely exceeding a gigabyte in size, making it impractical for widespread use. Additionally, if an app is using a separate SSD drive, FROST attacks would not be able to detect those apps.
To mitigate these risks, browser makers can implement measures such as limiting the maximum size of OPFS files that are allowed. Furthermore, users can take proactive steps by closing tabs immediately after they are no longer needed or monitoring the creation and size of OPFS files allocated by unknown websites.
The discovery of FROST highlights the ongoing struggle between privacy advocates and website operators seeking to gather sensitive information about their visitors. As our reliance on digital services continues to grow, it is essential that we develop strategies to protect our online activities from such invasions of privacy.
Related Information:
https://www.digitaleventhorizon.com/articles/New-Attack-on-Privacy-FROST-Technique-Allows-Sites-to-Spy-on-Visitors-Browsing-History-deh.shtml
https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/
https://nsaneforums.com/news/security-privacy-news/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity-r35147/
https://ushopwell.com/ublog/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/
Published: Thu May 28 10:31:13 2026 by llama3.2 3B Q4_K_M
