this post was submitted on 11 Jun 2026
121 points (99.2% liked)

Privacy

49022 readers
1258 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
121
Researchers have just unveiled a technique called FROST that lets a website work out which other websites and apps you have open, without you clicking a single thing (protonprivacy.substack.com)
submitted 1 day ago by Innerworld@lemmy.world to c/privacy@lemmy.ml
23 comments fedilink hide all child comments
top 23 comments
sorted by: hot top controversial new old
[–] Reverendender@sh.itjust.works 43 points 1 day ago

The researchers responsibly disclosed FROST to Google, Apple, and Mozilla before publishing. The responses are worth reading carefully:

  • Google said it does not consider browser fingerprinting to be a security vulnerability.

  • Apple described the attack as “currently out of scope,” with possible mitigations in the future.

  • Mozilla acknowledged the findings but has not implemented any fix.

In other words, the three companies that ship some of the world’s most-used browsers have collectively said “ok, not my concern”. 

Fingerprinting is treated as a known cost of doing business on the modern web, and a side channel that leaks tab and application data through a storage API is, apparently, not a fire worth putting out.

[–] Jesus_666@lemmy.world 18 points 1 day ago* (last edited 1 day ago) (1 children)

I read about this a while ago and people then concluded that FROST is harder to exploit in real-world scenarios than in the lab. Still worth addressing and a fix shouldn't be too difficult, e.g. by adding small amounts of random latency to OPFS accesses. Firefox already does this with other APIs to make fingerprinting harder. Chromium doesn't because they love fingerprinting.

Honestly, I'm not thrilled with the OPFS model in general. Each page can randomly occupy part of your storage with you having no control over the process. You don't get asked. You can't even inspect the data. Even if it turns out to be useless for fingerprinting, the ability to use your storage invisibly with zero effort is not a power I want to hand out like candy in an environment that supposedly is assumed to be adversarial by default.

The only upside is that browsers do have a quota which is apparently shared between all instances of IndexedDB and OPFS. So the threat model of "use OPFS to fill up the user's entire storage" isn't plausible per se even if you have multiple tabs to attack with. Filling up the storage to evict other sites' stored data might actually work, though, and while it sounds like more of an annoyance, it might also become a step in some other attack.

Besides, quota size is entirely up to the browser; while Firefox uses 10% of total storage or 10 GB, whichever is lower, Chromium can in principle take up to 60% of total storage. When I tried, both a Firefox-based browser and a Chromium-based one had quotas of exactly 10 GB; I suspect that my distro's packagers configured the latter when the built the browser package.

[–] historicaldocuments@lemmy.world 2 points 1 day ago (1 children)

people then concluded that FROST is harder to exploit in real-world scenarios than in the lab

What happens if there's an extra 4GB of stuff laying around?

https://arstechnica.com/google/2026/05/no-google-hasnt-changed-chromes-local-ai-features-its-just-as-confusing-as-ever/

[–] Jesus_666@lemmy.world 2 points 1 day ago (1 children)

From what I remember, the measurements taken by the researchers were under rather controlled conditions with little other storage access to muddy the waters.

As for the 4 GB LLM Chrome now ships with: If those 4 GB create significant storage issues on your system you probably have other issues to worry about already. I'm not a huge fan of LLMs being crammed into everything but it shouldn't make much of a difference in this case.

[–] historicaldocuments@lemmy.world 1 points 14 hours ago

Hm. Had been thinking of it in terms of controlling the local file system.

Thanks.

[–] joeldebruijn@lemmy.ml 24 points 1 day ago (1 children)

Oh wow ... stating this is just regular fingerprinting is out of touch.

Its like my electric energy supplier analyzing current data and knowing brand, model and type of dishwasher and fridge. Which they can.

[–] unwarlikeExtortion@lemmy.ml 10 points 1 day ago (1 children)

That's putting it mildly.

It's if they'd know the exact food in your fridge and where you got it from. Or the exact makeup of the clothes you buy. Oh, kid's clothes? What a lovley daughter you have! Would you like some educational material targeted for 4-8 year-olds?

And aren't you expecting another one?

Use a blender? What lovely strawberry milkshakes you like for breakfast. Why not tell the store most of your food comes from to raise their prices a bit, since it seems to be a trend in your city?

Do you have meds in the fridge? Well, these items are often sold together, have a look. Oh, and a price increase.

[–] a_non_monotonic_function@lemmy.world 1 points 10 hours ago

Ok intrigued and incredulous. How could my power supplier guess the contents of my fridge?

[–] LovableSidekick@lemmy.world 8 points 1 day ago* (last edited 1 day ago)

Important to note that this has not been seen in the wild yet. From the article this article directly quoted (without attribution):

"The technique was published by security researchers at Graz University of Technology. There are currently no indications of it being actively used by ad networks or malicious actors." [emphasis mine]

So at this point it seems like when you read, "Company X unveils new fusion reactor" and it means a new design for one. You probably aren't being surveilled with this yet.

We now return you to your regularly scheduled dystopian panic mode.

[–] nosuchanon@lemmy.world 6 points 1 day ago (2 children)

So ifI run a hardened Firefox inside a docker container and spoof any identifying information and run no other tabs or programs, will that limit exposure?

[–] unwarlikeExtortion@lemmy.ml 4 points 1 day ago

Probably not. AFAIK docker isn't a virtual machine in the traditional sense that it has its reserved storage other apps on the machine can't access. And even if it were, it's the same physical drive.

Now I'm not too versed myself in SSD firmware so maybe the large file size really is like a wide net, or maybe the file size isn't important - only the fact you're doing read operations on a small space on the SSD may give enough volatility in the read speed to infer the exact app that decided to spin up at that moment.

The simplest fix that comes to mind is to have multiple drives (e.g. install and data) and put the browser on the data one. Maybe this added complexity can throw off some naive attacks. Also, a HDD "naturally" has some variability in the access time (since it needs to physically locate the sector with its read heads).

So in essence, laptops with a single SSD are by far the most vulnerable.

However, adding sane limits on the vulnerable API mentioned and throttling read/write speeds (ideally with randomization) seems like a fix good even for single-drive laptops.

What'd probably work with Docker is a similar read speed throttling setup.

Spoofing identifying information won't help much since read time variability is what matters here. It may make it take more info to infer performance rather than having the transparent information, but a good model is bound to infer pretty well after some initial data.

[–] MalReynolds@slrpnk.net 1 points 1 day ago (1 children)

Well, probably. Do you?

[–] nosuchanon@lemmy.world 1 points 1 day ago (1 children)

Thinking about it. I have docker running for other local homeland services.

[–] MalReynolds@slrpnk.net 1 points 1 day ago (1 children)

Look into podman / docker as user (may as well go podman, you get SELinux for free)

[–] nosuchanon@lemmy.world 1 points 23 hours ago (1 children)

I used dockge to manage images and instances.

[–] MalReynolds@slrpnk.net 1 points 23 hours ago (1 children)

As long as it's not basic root docker, the gaping hole in self-hosted security. I don't know that, why is it good?

[–] nosuchanon@lemmy.world 1 points 23 hours ago (1 children)

It’s a lightweight open source web based manager.

You can manage images and edit docker compose files and see terminal output from one place.

Makes it easy to see everything and is very functional.

https://github.com/louislam/dockge

[–] MalReynolds@slrpnk.net 1 points 23 hours ago (1 children)

Sounds like portainer with extra steps, but if it works for you, cool. As said I prefer podman, but I'm on an immutable fedora derivative, so it's natural.

[–] nosuchanon@lemmy.world 1 points 23 hours ago (1 children)

I didn’t like portainer. I think it works with podman.

[–] MalReynolds@slrpnk.net 1 points 23 hours ago* (last edited 23 hours ago)

Thanks, but I'm basically good with a text editor (kate) and systemctl calls (journalctl or podman logs in a pinch). YMMV, no judgement.

[–] Cherry@piefed.social 4 points 1 day ago

The web is becoming unusable from so many sides.

[–] Serinus@lemmy.world 6 points 1 day ago

A bit overstated. I'd be very skeptical about this being useful in a real world situation.

Something worth noting, but not to get too worked up over. Firefox will probably address it at some point.

[–] guymontag@lemmy.ml 2 points 1 day ago

Super interesting! Thanks for letting us know.