Need someone to lead product management at your software company? I build high-craft software and the teams that build it. I'm looking for my next opportunity. Check out my resume and get in touch.

This is the blog of Adam Kalsey. Unusual depth and complexity. Rich, full body with a hint of nutty earthiness.

Security & Privacy

Java Spyware

Freshness Warning
This blog post is over 22 years old. It's possible that the information you read below isn't current and the links no longer work.

I was minding my own business when I noticed that the Java console had appeared in my Windows taskbar. I found that odd, since I hadn’t run any Java software recently. Opening the console, I find repeated references to RedSheriff.com followed by some HTML and the words "record sent."

That got my attention. I’m sending data to some company I’ve never heard of?

Apparently RedSheriff makes tracking software for companies. They knew that people and companies were able to easily defeat traditional tracking networks by disabling cookies, using proxies, and hiding behind NAT routers. So they decided to solve this problem by creating a small Java applet that runs in your browser on their client sites and sends data to RedSheriff’s servers.

The server logs are unable to pick up information relating to both PC and RAM cache and proxy servers. Server logs will also count all users behind a firewall as one user. All of the above mean that server log files fundamentally undercount site traffic.

RedSheriff Measurement avoids these difficulties by using a patented quantitative activity measurement technology, known as instrumentation, which allows activity to be measured from the browser.

Web servers aren’t able to accurately count traffic so RedSheriff is solving this problem by installing tracking software on consumer’s PCs without their knowledge or permission, effectively transfering the traffic counting burden from the server to the client.

So what are they tracking?

Exit and Entry Pages, Page Impressions, Path Analysis, Unique Visitors, Host Summary, Unique User Sessions, Browser and Operating System, Page Durations, Java/CGI Breakdown, Session Durations, Referring URL, Country of Access, Referring Domain, Reach, Period Page Impressions, Visitor Frequency, Internal and External Referring URL, Loyalty

Of course RedSheriff’s privacy policy assures you that they believe "providing the company with your personal information is an act of trust." They’re running tracking software on my machine to send personal information without my knowledge. That sounds trustworthy.

I’ve replaced their Java class file (measure.class) with a blank file and set it to read-only. I also changed my hosts file to redirect requests to their servers to a black hole and added a filter to the Proxomitron that neuters the applet.

Recently Written

Think Systems, not Symptoms
Dec 15: Piecemeal process creation frustrates teams and slows work. Stop patching problems and start solving systems. Adopting a systems thinking approach helps you design processes that are efficient, aligned with goals, and truly add value.
Your Policies Aren’t Your Culture
Dec 13: Policies guide behavior, but culture is the lived norms and values of your team. Policies reflect culture -- they don’t define it. Netflix’s parental leave shift didn’t change its culture of freedom and responsibility. It clarified how to live it.
Lighten Your Process Burden
Dec 7: Everyone hates oppressive processes, but somehow we keep managing to create them.
Product Add-Ons Are An Expansion Myth
Dec 1: Add-ons can enhance your product’s appeal but won’t drive significant market growth. To expand your customer base, focus on developing standalone products.
Protecting your Product Soul when the Same Product meets New People.
Nov 23: Expand into new markets while preserving your product’s core value. Discover how to adapt and grow without losing your product’s soul.
Building the Next Big Thing: A Framework for Your Second Product
Nov 19: You need a first product sooner than you think. Here's a framework for helping you identify a winner.
A Framework for Scaling product teams
Oct 9: The people, processes, and systems that make up a product organization change radically as you go through the stages of a company. This framework will guide that scaling.
My Networked Webcam Setup
Sep 25: A writeup of my network-powered conference call camera setup.

Older...

What I'm Reading