Alright - so if the example they provide illustrates the jist of their approach, it's essentially "sandboxing" the scripts so that calls to localstorage succeed but are then effectively non-persistent.
That's right, it's essentially sandboxing the scripts. But I think the real innovation is an automated system they've created for writing the sandboxing code based on tracing the execution of the malicious/ad scripts in the browser.
Otherwise, what you're saying would be true, and this could be easy to break/bypass.
Can scripts be written to bypass such sandboxing?