I was triggered to request this new feature because of this research paper (https://hannesweissteiner.com/pdfs/frost.pdf) about yet another new tracking technique: timing the speed of the users SSD via OPFS. See also the discussion on HN here: https://news.ycombinator.com/item?id=48309492.
The Origin Private File System (OPFS) API allows websites to store potentially large files on a user's device — in some cases up to 60% of available disk space. Recent research has shown that this can be exploited as a side-channel attack vector: by timing OPFS I/O operations, a malicious site can infer what other websites or applications a user has running (see: https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-...).
Firefox currently has two gaps when it comes to OPFS:
1. No DevTools visibility, Unlike cookies, localStorage, or IndexedDB, OPFS storage used by a website is not shown anywhere in the DevTools Storage Inspector. This makes it impossible for developers and privacy-conscious users to see what a site has written to disk.
2. No user controls. There is no setting to block OPFS access entirely, nor any option to mitigate the timing side-channel by injecting artificial jitter into OPFS read/write latency (similar to how Firefox already adds noise to certain APIs like canvas and AudioContext to prevent fingerprinting).
Requested improvements:
- Show OPFS usage per origin in the DevTools Storage Inspector, with the ability to inspect and delete stored files.
- Add a permission or privacy setting to block or restrict OPFS access, either globally or per site.
- Add random timing noise to OPFS operations to neutralize SSD-based side-channel attacks, consistent with Firefox's existing anti-fingerprinting approach.
These changes would bring OPFS in line with how Firefox already handles other storage APIs, and would meaningfully improve user privacy against an emerging class of attacks.
