Websites have a new way to spy on visitors: analyzing their SSD activity

https://hannesweissteiner.com/pdfs/frost.pdf

Not too exciting of an issue, unfortunately. It only really works if you have one application or website open in addition to the malicious page. They don't mention it explicitly (though maybe I missed it), but it seems like you'd have a very hard time fingerprinting individual pages, only websites. It also seems like you have to open the application or webpage while the malicious page is measuring—it can't get a meaningful trace from a page that's idling.

The other thing that stands out to me is that I would expect the browser to throttle the malicious page when it's inactive. Background tabs don't stay fully active, so you'd be hard pressed to abuse this in realistic circumstances, I think.