Websites have a new way to spy on visitors: analyzing their SSD activity(arstechnica.com)
15 pointsby kurthr9 hours ago1 comment
  • bastawhiz6 hours ago
    The research paper:

    https://hannesweissteiner.com/pdfs/frost.pdf

    Not too exciting of an issue, unfortunately. It only really works if you have one application or website open in addition to the malicious page. They don't mention it explicitly (though maybe I missed it), but it seems like you'd have a very hard time fingerprinting individual pages, only websites. It also seems like you have to open the application or webpage while the malicious page is measuring—it can't get a meaningful trace from a page that's idling.

    The other thing that stands out to me is that I would expect the browser to throttle the malicious page when it's inactive. Background tabs don't stay fully active, so you'd be hard pressed to abuse this in realistic circumstances, I think.

    • kurthr2 hours ago
      Good, now I have an excuse for keeping 50 tabs open all the time!