111
Websites have a new way to spy on visitors: Analyzing their SSD activity
(arstechnica.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 28 May 2026
111 points (98.3% liked)
Privacy
48849 readers
182 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
I'd say your reading is pretty much correct. I don't know how much SSD variance would really impact things, but the extent to which it does would have to do with however the neural network was trained. The more robustly that model is able to discern what is and is not running based on the SSD analyses, the more plausible and reliable this attack is. I think that's where the bulk of the "techno-babble" aspect comes into play.
The reported attack is really messed up from a privacy perspective, but I also think it's not EXTREMELY viable in reality, due to the mentioned constraints (in particular the large file size requirement). There are two aspects here: 1. a web browser can snoop SSD behavior (❗), 2. if you run that data through an appropriately trained model, perhaps the sky's the limit (☹️).
The wackest part is that a web browser can analyze SSD behavior. That's just messed up. The fact that nerds were then like "yo, let's train an ML model on this to tell what the user is doing on their computer" is also nuts, of course, but obviously that threat is mitigated presuming nefarious actors aren't given carte blanche access to one's hard drive behavior in the first place. It also seems plausible that you could maybe break such a model by running a program specifically designed to disguise SSD usage, not to mention other isolation approaches already referenced in the article.
But so yeah, being able to snoop on SSD activity is insane. Training a model on that activity is where it gets more techno-babbley, but they also showed it can at least be done on an M2. There's no reason to think it couldn't similarly be done for other systems, OSes, applications, and configurations, but of course the wider they cast that net, the trickier it likely is to viably train the model(s).
It seems to me that Apple products would be the most susceptible to this, as there are a limited number of hardware variations as well as a walled garden for software.
The article mentions it technically being possible to do on a Linux machine, but I doubt it would be as easy to get conclusive data from it, when the SSD could be any size or brand and the software it could be running is nigh-limitless. I don't doubt it could extract some data, I just don't think it would have the level of granular detail they're saying they got on the M2.
I'm wondering whether having separate partitions on a drive would be enough to defend against this, or whether you would need actually physically separate drives.