Ars Technica3d ago

Websites have a new way to spy on visitors: analyzing their SSD activity

Telltale SSD activity can be measured in the browser using simple JavaScript.
https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Show threadSteve Bellovin
@arstechnica Javascript delenda est.
May 27 at 8:59pmWeb
Show threadPaul_IPv63d ago

@SteveBellovin @arstechnica

verissimum

Show threadSyntax3d ago

@paul_ipv6 @SteveBellovin @arstechnica I studied in the actual Carthage (few miles from Tunis).

This hits different

Show threadKellic Tiger 3d ago
@SteveBellovin @arstechnica yeah I used a Javascript blocker for all of 2 days before I dropped it. You think adblockes will break most of the web pages out there. You ain't seen nothing until you block Javascript. 70% of my sites it breaks.
Show threadmarcu3d ago
@KellicTiger @SteveBellovin @arstechnica absolutely! Is there a browser where one can selectively enable/disable specific JavaScript APIs? That would be useful.
Show threadBit3d ago

@ocktoboy14 @KellicTiger @SteveBellovin @arstechnica

There is an extension called „NoScript“ that lets you configure what individual domains are allowed to run JS on a per-tab basis. Been using that for a while now, it is pretty neat.

That obviously won‘t do much on pages where you have to get past, for example, a Google captcha, because you either allow all or no JS from that domain for that tab.

Show threadSteve Bellovin3d ago
@b1tc0r3 @ocktoboy14 @KellicTiger @arstechnica I've been using the extension for years—but it's increasingly less useful because of how many sites require it to function. The problem is that Javascript has become too powerful for use in a browser, what with this attack, the ability to do row hammer, its role in tracking people, and more.
Show threadmarcu3d ago
@b1tc0r3 @KellicTiger @SteveBellovin @arstechnica thanks for sharing. And it seems like it offers some granularity in the custom mode, cool. And also way more convenient than the built in white listing in the browser.
Show threadAngela Scholder3d ago
@KellicTiger @SteveBellovin @arstechnica Yes, it indeed breaks a lot of websites. Got it enabled in de main browser.
Show threadHans van Zijst3d ago
@Steve Bellovin Ceterum censeo... 😉