## What is FROST? A New Frontier in Web Tracking For decades, websites have employed various methods—from tracking browsing histories and device fingerprints to recording keystrokes and mouse movements—to monitor users. Even tech giants like **Meta** and **Yandex** have faced scrutiny for privacy-invasive practices. Now, a new technique, dubbed **FROST**, introduces an unprecedented level of surveillance by measuring subtle interactions with a visitor’s solid-state drive (SSD). ## How FROST Exploits Side Channels Laid out in a [recent research paper](https://hannesweissteiner.com/pdfs/frost.pdf), **FROST** exploits a [side channel](https://en.wikipedia.org/wiki/Side-channel_attack), a form of vulnerability that leaks information through physical manifestations like timing differences. Specifically, it leverages a [contention side-channel attack](https://www.usenix.org/conference/usenixsecurity22/presentation/zhao-zirui), where the timing of I/O operations on a user's SSD is measured. By analyzing these timings, researchers demonstrated the ability to infer which websites are open in other browser tabs—even across different browsers—and which applications are running on the device. Crucially, **FROST** requires no direct interaction from the visitor beyond simply opening the malicious website. Unlike previous SSD contention attacks, **FROST** operates entirely within the browser using JavaScript. It interacts with the [**OPFS** (Origin Private File System)](https://developer.mozilla.org/en-US/docs/Web/API/File_System_API/Origin_private_file_system), a sandboxed storage space allocated for specific sites to run code. While each **OPFS** is isolated, the JavaScript can meticulously measure I/O interactions, creating a unique signature of system activity. ## The Role of AI in Unmasking Activity To translate these subtle timing differences into actionable intelligence, **FROST** employs a pre-trained [**Convolutional Neural Network** (**CNN**)](https://en.wikipedia.org/wiki/Convolutional_neural_network). This deep learning system analyzes the I/O traces, enabling attackers to deduce specific open applications and websites. Researchers explained: “The attacker continuously measures SSD contention by performing random reads from a large **OPFS** file. SSD contention caused by user activity causes measurable latency differences for these read operations. By training a **Convolutional Neural Network** (**CNN**) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model.” ## Limitations and Practical Hurdles Despite its sophistication, **FROST** has notable limitations that could hinder widespread, stealthy deployment. The technique requires an extremely large **OPFS** file, likely a gigabyte or more. Such a significant file size could easily be detected by users or security software, making large-scale attacks less covert. Furthermore, the **OPFS** file must reside on the same SSD as the applications or browser tabs being tracked. While this is typically not an issue for monitoring browser activity, it could prevent the detection of apps installed on a separate drive. ## Mitigation Strategies for Users and Browsers The researchers suggest several preventative measures. For users, simply closing browser tabs when they are no longer needed can help mitigate the risk. More privacy-conscious individuals can also monitor the creation and size of **OPFS** files allocated by unknown websites. Browser developers are also in a position to address this vulnerability. The researchers propose methods such as limiting the maximum size of **OPFS** files, which would severely restrict **FROST**'s effectiveness. ## Real-World Impact and Future Outlook The full **FROST** attack has been successfully demonstrated on an **M2 Mac**. On Linux systems, the underlying primitive—measuring SSD access latency from JavaScript—was shown to work, with researchers, including co-author **Hannes Weissteiner**, expecting similar performance for the full classification. Windows systems were not tested. While the technique is potent, there are currently no indications that **FROST** attacks have been observed in the wild. The research is slated for presentation at the [**DIMVA** conference](https://dimva.org/) in July, bringing further attention to this evolving threat landscape. As web browsers continue to evolve into complex application platforms, the attack surface expands, necessitating continuous vigilance from both developers and users.