Skip to main content
  1. Home
  2. Computing
  3. News

Your hard drive is giving away your browsing habits and websites can see it

A new attack called FROST lets malicious websites spy on your open tabs and apps by tracking your SSD activity.

By
Add as a preferred source on Google
An SSD data port.
Bdavid32/Shutterstock

Your browsing habits may not be as private as you think, even with all the right precautions in place. According to Ars Technica, security researchers have uncovered a new attack technique that lets a malicious website figure out which other sites and apps you have open. You do not need to click anything, download anything, or grant any permission; just visiting the page is enough.

How can websites spy on your browsing activity through hard drive?

The technique is called FROST, short for Fingerprinting Remotely using OPFS-based SSD Timing. Every website and app you use generates its own unique pattern of activity on your SSD, the storage drive inside your computer.

Recommended Videos

FROST exploits a browser feature called the Origin Private File System, or OPFS, which quietly lets websites store files on your local drive without asking permission first.

frost-technique-spying-browser-activity
FROST: Fingerprinting Remotely using OPFS-based SSD Timing

The attacker’s page creates a large file on your drive and then listens to the tiny speed fluctuations that happen when your SSD is busy handling other tasks. Those fluctuations are fed into an AI model that has been trained to recognize the telltale patterns of specific websites and apps.

According to the research paper, the technique correctly identified which websites a person had visited with about 89% accuracy, and which apps were running with about 96% accuracy, when tested on an Apple M2 Mac.

The attack also works across different browsers simultaneously, meaning visiting the attacker’s page in Chrome can still expose what you are doing in Safari.

The browsers won’t fix this, but you can protect yourself

A person using a laptop on a desk
Campaign Creators / Unsplash

FROST has not been spotted in the wild yet, which is reassuring. It also only works while the offending tab is open, so closing it immediately stops the attack.

Google, Apple, and Mozilla were all informed, but none have committed to a fix. Your best defense right now is keeping an eye on your available disk space. A sudden, unexplained drop in storage is a red flag worth investigating immediately.

Browser-level fixes have been proposed, including capping how much disk space OPFS can claim, but given the browser makers’ responses, those changes are not coming any time soon.

Manisha Priyadarshini
Manisha Priyadarshini
News Writer
Manisha Priyadarshini is a tech and entertainment writer with over nine years of editorial experience.
Topics
Gemini will now take notes for you in Google Meet for you, if you the minimum $20 AI tax
Yet another Google subscription just dropped for Gemini
Google Meet Take Notes for me Gemini

Google has just released a useful Gemini feature, which you can try if you are a paying member of course. The company is now bringing "Take notes for me" for Gemini, which will be available in Google Meet for Google AI Pro and Google AI Ultra subscribers, along with eligible Workspace business customers.

For personal users, the feature starts with Google AI Pro, which costs $19.99 per month in the US. In other words, Gemini can now take your Google Meet notes, provided you pay the minimum AI tax.

Read more
After iPad Pro and MacBook Pro, the iMac could be the next in line for an OLED screen upgrade
iMac with M4

The iPhone got an OLED panel in 2017, while the iPad Pro followed in 2024. Even the MacBook Pro is expected to follow later this year or early next year. But what about the iMac?

According to TrendForce, the iMac could get an OLED upgrade. There's no timeline yet, but the direction is clear. Apple wants to replace its current display technologies with OLED, raising the bar for color quality for both regular users and professionals.

Read more
This $1,299 gaming PC wants to be a Steam Machine without waiting for Valve
Valve’s Steam Machine dream is already real in MetaPC's new prebuilt
MetaPC's Steamroller is a new Steam Machine rival

Valve’s Steam Machine may be the face of SteamOS, but the platform isn't exclusive to it. A big announcement after Steam Machine's unveiling was that SteamOS would be arriving on systems outside of the new hybrid console. Now, MetaPCs is one of the first to take advantage of this by opening the preorders for the Steamroller, a new prebuilt gaming desktop that ships with SteamOS installed by default.

Though Steamroller is not trying to be a tiny console-like cube. It is a normal desktop PC with standard parts and a real upgrade path. The system costs $1,299 and is listed with a preorder date of July 3, 2026.

Read more