FROST: Fingerprinting Remotely using OPFS-based SSD Timing [pdf]
simjnd
60 points
15 comments
May 31, 2026
Related Discussions
Found 5 related stories in 95.7ms across 9,043 title embeddings via pgvector HNSW
- How to Write to SSDs [pdf] matt_d · 79 pts · May 15, 2026 · 53% similar
- Websites have a new way to spy on visitors: analyzing their SSD activity kurthr · 15 pts · May 27, 2026 · 46% similar
- Websites have a new way to spy on visitors: analyzing their SSD activity XzetaU8 · 23 pts · May 28, 2026 · 46% similar
- Websites have a new way to spy on visitors: analyzing their SSD activity Brajeshwar · 15 pts · May 28, 2026 · 46% similar
- Remotely unlocking an encrypted hard disk janandonly · 112 pts · March 05, 2026 · 45% similar
Discussion Highlights (9 comments)
Bender
I see they are testing this on a Mac. I am curious what the test results look like if the users home directory or even the dot directories are tmpfs. On Linux .bash_login can repopulate dot directories from a archive directory think skeleton files and the dot directories can be ephemeral mounted as tmpfs . The person can have a command to commit their ephemeral directories back to the archive if they want to "keep their changes" so to speak. Or automate it on .bash_logout. du --max-depth 0 -h -c .cache .config .local 767M .cache 278M .config 2.2M .local 1.1G total It's a bit of space on this CachyOS laptop but it's doable.
vivzkestrel
a bit off topic but on the topic of fingerprinting here, anyone knows how reddit fingerprinting works at a rough level?
Dwedit
Saw "OPFS" and immediately misread it as OSPF (open-shortest-path-first)
nine_k
I still have trouble understanding what information can be leaked this way. Apparently it allows to check whether a particular website was visited recently, but the article is vague in this regard. Can anybody ELI55 this?
freedomben
As much as I love a good backronym, especially one with nested acronyms in it, it could use something self-referentially recursive, preferably with tail-recursion. This is not the solution, but something like FROSTY (Fingerprinting Remotely using OPFS-based SSD Timing with frostY)
mrbluecoat
A layperson overview: https://news.ycombinator.com/item?id=48309492
ttctciyf
If browsers have enough low-level access to my storage hardware to carry out timing attacks for fingerprinting, it seems likely they also have enough to maliciously chug the hardware sufficiently to degrade capacity over time and otherwise impact system integrity. I hate the thought of some random website writing and overwriting random bytes in a tight loop in the background while I'm browsing elsewhere to find the cause of my slow disk subsystem. To that end an option to disable storage access by type would be nice to have. All I see in firefox settings is the ability to block all storage including cookies, and the ability to block persistent storage when the site requests it. It's not clear to me how the OPFS system in TFA relates to either of these, but I'd guess that it's a separate system. There's a bunch of storage quotas in about:config, but nothing obviously related to OPFS (that I can see). Given the choice I would be happy to allow traditional cookie storage and block everything else with any exceptions I need (none that I can think of) on a per-site basis. If this can be achieved via about:config, I'm all ears! While looking at my storage data, I see youtube has 174(!) cookies and 57M data stored on my machine. Sigh.
SoftTalker
Wonding about running a background program that just performs a low level of random reads and writes to the SSD, or driver-level mitigations to add random delays to disk activity, to obfuscate the contention patterns. Though I think that adding random noise to channels like this doesn't really prevent the attack, though might make it more expensive.
firefax
Out of curiosity the use of this API normally logged in MacOS? This is interesting work... thanks for sharing.