Ars TechnicaMay 27

Websites have a new way to spy on visitors: analyzing their SSD activity

Telltale SSD activity can be measured in the browser using simple JavaScript.
https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Show threadSteve BellovinMay 27
@arstechnica Javascript delenda est.
Show threadKellic Tiger 6d ago
@SteveBellovin @arstechnica yeah I used a Javascript blocker for all of 2 days before I dropped it. You think adblockes will break most of the web pages out there. You ain't seen nothing until you block Javascript. 70% of my sites it breaks.
Show threadmarcu6d ago
@KellicTiger @SteveBellovin @arstechnica absolutely! Is there a browser where one can selectively enable/disable specific JavaScript APIs? That would be useful.
Show threadBit6d ago

@ocktoboy14 @KellicTiger @SteveBellovin @arstechnica

There is an extension called „NoScript“ that lets you configure what individual domains are allowed to run JS on a per-tab basis. Been using that for a while now, it is pretty neat.

That obviously won‘t do much on pages where you have to get past, for example, a Google captcha, because you either allow all or no JS from that domain for that tab.

Show threadSteve Bellovin
@b1tc0r3 @ocktoboy14 @KellicTiger @arstechnica I've been using the extension for years—but it's increasingly less useful because of how many sites require it to function. The problem is that Javascript has become too powerful for use in a browser, what with this attack, the ability to do row hammer, its role in tracking people, and more.
May 28 at 2:44pmWeb