May 31, 2026
Caught tab-handed
Websites have a new way to spy on visitors: analyzing their SSD activity
Your browser may be snooping through your storage — and commenters are losing it
TLDR: Researchers found that a website can use your computer’s storage activity to guess what other sites or apps you have open. Commenters were split between outrage over browsers storing so much data, confusion about how the trick works, and jokes that old hard drives may have accidentally won the privacy war.
The latest privacy scare has the internet doing what it does best: panicking, joking, and arguing in the replies. Researchers say a website may be able to figure out what else you have open by watching tiny delays in your computer’s storage drive. In plain English: you visit one page, and it may guess whether Reddit, other tabs, or even some apps are running in the background. No clicking required — just showing up is enough.
But the real fireworks are in the community reaction. One camp is pure disbelief: “Wait, websites can dump giant files onto my drive without asking?” That detail sent commenters into full outrage mode, with people sounding less shocked by the spying trick itself than by the idea that modern browsers casually stash huge amounts of site data on your machine. Another camp is just confused, asking the obvious question: how does “drive timing” magically reveal another tab? That skepticism gave the whole thread a “this sounds fake, but unfortunately it’s real” energy.
And then came the jokes. One user bragged that their old-school hard drive is basically a privacy shield now, turning outdated hardware into an accidental anti-spy flex. Another commenter dropped a Hacker News link for the people who wanted the extra-geeky version, while everyone else stayed busy turning browser storage into the villain of the day. The vibe? Equal parts creeped out, confused, and weirdly smug if your laptop is ancient.
Key Points
- •The article reports on FROST, a browser-based technique that uses SSD timing measurements to infer what websites and apps are open on a user’s device.
- •FROST is described as a contention side-channel attack that exploits latency differences caused by multiple processes competing for SSD resources.
- •The reported implementation runs entirely in the browser using JavaScript and the Origin Private File System, without requiring user interaction beyond loading the site.
- •According to the article, the collected timing traces are analyzed with a pretrained convolutional neural network to classify user activity.
- •The technique has practical limits, including the need for a very large OPFS file and storage on the same SSD, and the article notes possible mitigations such as closing unused tabs and browser-level defenses.