Your Browser Can Now Be Used to Spy on Which Apps You Open

Researchers have discovered a way for websites to track which applications you open and which sites you visit, using nothing more than JavaScript code running in your browser. Unlike traditional tracking methods that ask for permission or require you to install something, this technique works silently in the background through a simple webpage.

The Details

Here's how this works in plain English. When you open an app or visit a website, your computer's solid-state drive (SSD) has to read data. That reading process takes a measurable amount of time. A malicious website can use JavaScript to repeatedly request files and measure how long your SSD takes to respond.

When your drive is busy loading your email program or a specific website, it responds just slightly slower to these timing tests. By measuring thousands of these tiny delays, the malicious site can figure out what you're doing on your computer. It's like listening to someone's footsteps in another room and guessing what they're doing based on the rhythm and speed.

The concerning part is that this happens entirely through normal browser functions. The attacker doesn't need you to click anything, download anything, or grant any permissions. A single tab left open in the background can monitor your activity for as long as it stays open. The technique works across different browsers and operating systems.

Who Is Affected

Anyone who browses the internet is potentially vulnerable to this tracking method. It affects users on Windows, Mac, and Linux computers that use SSDs, which includes most computers made in the last five years.

Families should pay special attention if children use computers for schoolwork or entertainment. A tracking script on a compromised website could monitor which educational apps they open, which games they play, or which websites they visit. This creates a privacy risk that most parents wouldn't know to look for.

What You Should Do Right Now

Close browser tabs you're not actively using. Don't leave dozens of tabs open in the background. If you want to save something for later, use bookmarks instead.

Check which tabs are running scripts. In Chrome, Firefox, and Edge, look at your Task Manager (Shift+Esc in Chrome, or through browser menus). Close tabs using excessive resources.

Use browser extensions that block JavaScript on untrusted sites. Tools like uBlock Origin or NoScript can prevent scripts from running on sites you don't explicitly trust.

Keep sensitive activities in separate browser profiles. Create one profile for banking and important accounts, and another for general browsing. This limits what any single tracking script can observe.

Restart your browser daily. This closes all tabs and stops any background tracking scripts. Make it part of your routine, like locking your doors at night.

The Bigger Picture

This discovery represents a growing trend in privacy threats. Attackers are finding creative ways to extract information without triggering security warnings or permission requests. Side-channel attacks like this one exploit normal computer functions that weren't designed with privacy in mind. As our devices become more powerful and complex, these attack surfaces multiply. Staying informed about emerging threats helps families make better decisions about their digital safety.

How GetCyberRight Can Help

Our Cyber Threat Radar tool tracks exactly these kinds of emerging privacy threats as they develop. It monitors new browser-based tracking techniques, side-channel attacks, and other sophisticated methods that might not make mainstream news but directly affect your family's privacy. Think of it as an early warning system that helps you stay ahead of threats before they become widespread problems.

Your Browser Can Now Be Used to Spy on Which Apps You Open