Nowhere to Hide: Detecting Obfuscated Fingerprinting Scripts. (arXiv:2206.13599v1 [cs.CR])

As the web moves away from stateful tracking, browser fingerprinting is
becoming more prevalent. Unfortunately, existing approaches to detect browser
fingerprinting do not take into account potential evasion tactics such as code
obfuscation. To address this gap, we investigate the robustness of a
state-of-the-art fingerprinting detection approach against various
off-the-shelf obfuscation tools. Overall, we find that the combination of
static and dynamic analysis is robust against different types of obfuscation.
While some obfuscators are able to induce false negatives in static analysis,
dynamic analysis is still able detect these cases. Since obfuscation does not
induce significant false positives, the combination of static and dynamic
analysis is still able to accurately detect obfuscated fingerprinting scripts.