Browser fingerprinting evades conventional defenses, while script-level blocking often breaks website functionality. This paper proposes ByteDefender—the first real-time defense system that detects browser fingerprinting behaviors at the V8 bytecode function level. Its core contributions are threefold: (1) it introduces the first Transformer-based model for modeling obfuscated bytecode sequences, enabling high-accuracy, obfuscation-resilient (including code obfuscation and URL manipulation) function-level identification; (2) it integrates lightweight signature-based online matching with pre-execution detection to ensure robustness and low runtime overhead; and (3) evaluated on the Top 100k websites, it achieves significantly higher function- and script-level detection accuracy than state-of-the-art methods, with only a 4% increase in page load latency. Crucially, ByteDefender effectively blocks fingerprinting without compromising web functionality integrity.

Browser fingerprinting enables persistent cross-site user tracking via subtle techniques that often evade conventional defenses or cause website breakage when script-level blocking countermeasures are applied. Addressing these challenges requires detection methods offering both function-level precision to minimize breakage and inherent robustness against code obfuscation and URL manipulation. We introduce ByteDefender, the first system leveraging V8 engine bytecode to detect fingerprinting operations specifically at the JavaScript function level. A Transformer-based classifier, trained offline on bytecode sequences, accurately identifies functions exhibiting fingerprinting behavior. We develop and evaluate light-weight signatures derived from this model to enable low-overhead, on-device matching against function bytecode during compilation but prior to execution, which only adds a 4% (average) latency to the page load time. This mechanism facilitates targeted, real-time prevention of fingerprinting function execution, thereby preserving legitimate script functionality. Operating directly on bytecode ensures inherent resilience against common code obfuscation and URL-based evasion. Our evaluation on the top 100k websites demonstrates high detection accuracy at both function- and script-level, with substantial improvements over state-of-the-art AST-based methods, particularly in robustness against obfuscation. ByteDefender offers a practical framework for effective, precise, and robust fingerprinting mitigation.