Technology

Websites have a new way to spy on visitors: Analyzing their SSD activity

Source

Ars Technica

Published

May 27, 2026

TL;DR

AI Generated

Websites are now using a new technique called FROST to spy on visitors by analyzing their solid-state drive (SSD) activity, allowing them to monitor other sites the visitor is viewing and open apps on their devices. This technique exploits a side channel, measuring the timing of I/O operations on the SSD to determine open websites and apps without any interaction needed from the visitor. FROST operates exclusively in the browser using JavaScript to interact with the OPFS, a storage space allocated for a specific site. This method highlights the increasing attack surface of web browsers due to their evolution into complex platforms capable of running sophisticated applications.

Read Full Article

The Download: Trump’s new AI order, and smart glasses for warfare

President Trump signed a new AI order focusing on innovation and security, introducing a voluntary review system for tech companies to share models with the government before release. Meanwhile, defense-tech company Anduril is developing smart glasses for warfare with Meta, envisioning drone strike orders via eye-tracking and voice commands. SpaceX plans to raise $75 billion in an IPO, Meta scales back worker tracking for AI training, and Microsoft launches a new AI assistant. Additionally, concerns arise about AI's impact on mathematics, surveillance, and cybersecurity.

MIT Technology Review•

8 hours ago

Trump signs AI executive order seeking 30-day government access to frontier models before release — voluntary framework will include classified benchmark to determine which models qualify

President Trump has signed an executive order requiring AI companies to provide the government with early access to their most advanced models for up to 30 days before public release. This voluntary framework includes a classified benchmark to determine which models qualify for review. The order tasks agencies like the NSA and CISA with creating the benchmark and selecting trusted partners for review. The directive also establishes an "AI cybersecurity clearinghouse" to coordinate vulnerability scanning and patch distribution. Critics raise concerns about potential government interference in deciding who gains early access to powerful AI models.

Tom's Hardware•

9 hours ago

MIT Technology Review

The Download: AI can run your admin department now

AI is increasingly taking on basic administrative tasks for small businesses, from organizing notes to invoicing and social media planning. Anthropic has confidentially filed for an IPO ahead of OpenAI, aiming to go public this fall. The EU may exclude US cloud giants like Amazon, Microsoft, and Google from critical contracts to reduce dependence on US tech. Florida has become the first state to sue OpenAI over alleged child safety risks related to ChatGPT. Hackers exploited Meta AI to steal Instagram accounts, highlighting the risks of offloading support to AI.

MIT Technology Review•

1 day ago

Dozens of Red Hat packages backdoored through its official NPM channel

Red Hat's official NPM accounts were compromised, leading to the distribution of a malicious worm that steals sensitive credentials across machines. The attack targeted the @redhat-cloud-services channel, a trusted source for Red Hat packages, affecting over 30 packages. The malware collects credentials during the npm install process and spreads by republishing infected packages to other accounts. Organizations are advised to consider systems that installed the affected packages as potentially compromised, as the payload executes during installation, not runtime use. The malware encrypts and sends credentials through web requests, with a fallback option to publish data to compromised GitHub repositories.

Ars Technica•

2 days ago

The Download: Trump’s new AI order, and smart glasses for warfare

MIT Technology Review•

8 hours ago

Trump signs AI executive order seeking 30-day government access to frontier models before release — voluntary framework will include classified benchmark to determine which models qualify

Tom's Hardware•

9 hours ago

MIT Technology Review

The Download: AI can run your admin department now

MIT Technology Review•

1 day ago

Dozens of Red Hat packages backdoored through its official NPM channel

Ars Technica•

2 days ago

Websites have a new way to spy on visitors: Analyzing their SSD activity

TL;DR

Similar Articles

The Download: Trump’s new AI order, and smart glasses for warfare

Trump signs AI executive order seeking 30-day government access to frontier models before release — voluntary framework will include classified benchmark to determine which models qualify

The Download: AI can run your admin department now

Dozens of Red Hat packages backdoored through its official NPM channel

We use cookies

Websites have a new way to spy on visitors: Analyzing their SSD activity

TL;DR

Similar Articles

The Download: Trump’s new AI order, and smart glasses for warfare

Trump signs AI executive order seeking 30-day government access to frontier models before release — voluntary framework will include classified benchmark to determine which models qualify

The Download: AI can run your admin department now

Dozens of Red Hat packages backdoored through its official NPM channel