Websites have a new way to spy on visitors: Analyzing their SSD activity
Security researchers have demonstrated a new browser-based side-channel attack that can track user activity by analyzing their SSD's performance. The technique, which does not require special permissions, observes the timing of SSD operations to infer which websites a user is visiting. This presents a novel and difficult-to-mitigate privacy threat for web users.
MY TAKE
This is a fascinating and frightening hardware-level side-channel attack brought into the browser. It highlights how abstractions can leak, and that we can't just think about software vulnerabilities when building secure applications.
Websites have a new way to spy on visitors: Analyzing their SSD activity from Ars Technica (https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/) [Wed, 27 May 2026 20:56:03 +0000]