FROST paper claims a web page can ID your other sites and apps via SSD activity
A paper linked in a thread says FROST can identify websites with 88.95% accuracy and applications with 95.83% by measuring SSD activity from a visited page.
By Ryan Merket · Published
Why it matters
If a web page can infer other tabs and apps you are using by watching SSD activity, then conventional anti-tracking defenses are not enough. Browser, OS, and hardware boundaries may need new mitigations.

International Cyber Digest flagged a new attack called FROST that can infer which websites you are visiting and which applications you are running by observing SSD activity from a web page, according to a thread by International Cyber Digest (@IntCyberDigest) linking to the paper.
The linked research report, available as a PDF, attributes accuracy of 88.95% for website identification and 95.83% for application identification. The claim suggests a browser-exposed pathway to leak cross-site and cross-app activity using storage I/O patterns, without traditional tracking scripts.
Details, evaluation setup, and limitations are in the paper itself. The thread underscored the privacy implications, calling the findings concerning. For security teams, the takeaway is that even low-level hardware activity can become a fingerprinting vector when accessible from web contexts, raising questions about browser and OS hardening against such side channels.