Websites have a new way to spy on visitors: Analyzing their SSD activity
While each file system is sandboxed, meaning it’s isolated from other websites and from the device system itself, the JavaScript can measure the I/O interactions. Then, by running those interactions through a pretrained convolutional neural network—a system that uses deep learning to analyze text, audio, and images—the attacker can deduce various apps and websites open on the device.
“The attacker continuously measures SSD contention by performing random reads from a large OPFS file,” the resear...
Read more at arstechnica.com