WEBSITES now employ a new technique called FROST (fingerprinting remotely using OPFS-based SSD timing) to monitor visitors by analyzing their interactions with solid-state drives (SSDs). This method exploits a side channel that measures SSD I/O latency to deduce other websites and applications open on a user's device, without requiring any interaction from the user. The FROST attack operates solely within the browser using JavaScript that interacts with the Origin Private File System (OPFS).
Although theoretically potent, it has limitations such as the need for a large OPFS file and localized SSD tracking. Researchers suggest users can mitigate risks by closing unused tabs and monitoring OPFS file sizes, while browser developers are encouraged to implement limitations to counteract such tracking.