Any non-dummies out there willing to dummy this down for me?

If I’m picking up what was being put down, websites typically reserve a small amount of space on a hard drive for any given website to install scripts they need to function. This is done as a matter of course, and is largely the modern Internet working as intended (for better or worse). However, in this case, a compromised website could instruct my browser to reserve a gig or more of space to deploy or install this FROST script. This reports back to the attacker what programs are competing for resources on my computer, including my individual browser tabs and what sites those tabs contain. It can do this despite the location where browsers let websites install/run scripts being nominally sandboxed away from the rest of the drive. It does this by measuring the latency of certain I/O operations occurring on the drive, and feeding that information through some sort of neural network.

Assuming that is generally correct from a layman’s POV, how exactly is that latency information sufficient to determine what programs or websites I have open? Wouldn’t different models of SSD (or even different SSDs of the same type) have minor variations in performance which would make this impossible? Hell, how does the script even know that it is installed on an SSD and not an HDD?

Not saying it untrue, because obviously the folks that discovered this know a touch more about computers than me, but, if this explanation were trotted out in a thriller movie (“well, President Ryan, we know the location of the terrorists’ hideout because we were able to measure the latency of their hard drive, which revealed they were placing an Amazon order in the other tab”), I’d chalk it up to techno-babble nonsense.

Yay for not using ECMAScript or WebDRM in my browser. And using spinning HDDs.

You wonder, where does it end?