This has nothing to do with FROST as it is used in cryptography and Bitcoin, they just happened to name their thing wiht the same acronym.

Fingerprinting attacks are horrible. Here (if I understand it correctly) they demonstrate that a malicious website can repeatedly probe your SSD and develop an idea of what else you are doing on your computer (eg. what other sites you are visiting or other programs you are running) based on the speed of the probe.

Prior work showed that variations in SSD access time can be used to leak information about user activity, e.g., the websites a user accesses, and for covert data transmission. To achieve this, SSD contention side channels require accurate high-resolution timing measurements of I/O operations, e.g., through the io_uring kernel API. However, the impact of these attacks is limited in their requirement for native code execution on the victim’s system.

In this paper, we show that SSD contention side channels can be mounted by a remote attacker from within the browser, without native code execution. Our attack FROST targets the Origin Private File System (OPFS) API in JavaScript, allowing us to create and access files on the disk, within the browser’s sandboxed environment. While a challenge in prior work was to evict the OS page cache, we devise an approach that instead bypasses the page cache, enabling fast SSD contention measurements from JavaScript without any user interaction. To evaluate the effectiveness of FROST on macOS and Linux, we build a covert channel that exfiltrates data from a native application to the malicious website with a true channel capacity of 661.63 bit/s on a Linux machine, and 891.77 bit/s on a macOS machine. To evaluate FROST in a side-channel scenario, we mount a website- and an application-fingerprinting attack on users of macOS systems. We can predict accessed websites with an F1 score of 88.95 %, and accessed application with an F1 score of 95.83 %, demonstrating the privacy implications our attack has on regular users.

we introduce Fingerprinting Remotely using OPFS-based SSD Timing (FROST), a novel remote side-channel attack that uses SSD contention measurements from within the browser to fingerprint user activity on a system. After tricking the victim into clicking a malicious link, an attacker can monitor the victim’s activity on the host system, such as website visits and application usage, without further user interaction. We demonstrate FROST on a macOS system, achieving an F1 score of 88.95 % for top-50 closed-world website fingerprinting, and 95.83 % for application fingerprinting in a closed-world setting. In an open-world top-50 website-fingerprinting attack, we achieve a macro-averaged F1 score of 86.95 %, demonstrating the practical impact of our attack.

FROST can be performed as a drive-by attack through JavaScript embedded on a website. We discovered that the private file system API OPFS, included in most major browsers, allows an attacker to perform precise SSD latency measurements, enabling a wide range of attacks.

Computers are so complex, I imagine there are very many of these sorts of attacks and we are only aware of a small number of them. But what I find scary about these sorts of attacks is that they aren't necessarily foiled by VPN or tor use. Basically, don't use the internet.