Go to OpenReview Public Article DBLP homepageHephaistos: A Data Flow Analysis Framework for Identifying Browser Fingerprinting Functions in JavaScript
Abstract: With the increasing sophistication of web technologies in recent years, browser fingerprinting techniques have emerged as a widely used mechanism for uniquely identifying users based on device and browser characteristics. As advertising companies and web services actively adopt these techniques to deliver personalized content, user tracking activities have grown more prevalent, often without proper consent, thereby intensifying privacy concerns. In response to this evolving landscape, recent studies have explored machine learning-based approaches to detect tracking behaviors by analyzing script characteristics. However, existing techniques face limitations in identifying previously unknown trackers due to their reliance on known filter lists and insufficient training datasets. To address these challenges, this study proposes a novel detection method based on data flow analysis using the Hermes JavaScript engine. By analyzing intermediate representation (IR) and applying a script deobfuscation process, the method effectively tracks data flow across stages such as variable assignment, propagation, function calls, and external leakage. To evaluate the proposed approach, experiments were conducted on large-scale web datasets, including high-traffic websites. The results demonstrate the method’s capability to uncover previously undetected tracking activities, offering greater transparency in how behavioral information is collected and shared. Ultimately, this study aims to contribute to the development of more reliable and comprehensive tracking detection frameworks, strengthening user privacy protection in the modern web ecosystem.
External IDs:dblp:journals/access/SimHC25
Loading