Need someone to lead product management at your software company? I create software for people that create software and I'm looking for my next opportunity. Check out my resume and get in touch.

Java Spyware

Freshness Warning
This blog post is over 21 years old. It's possible that the information you read below isn't current and the links no longer work.

I was minding my own business when I noticed that the Java console had appeared in my Windows taskbar. I found that odd, since I hadn’t run any Java software recently. Opening the console, I find repeated references to followed by some HTML and the words "record sent."

That got my attention. I’m sending data to some company I’ve never heard of?

Apparently RedSheriff makes tracking software for companies. They knew that people and companies were able to easily defeat traditional tracking networks by disabling cookies, using proxies, and hiding behind NAT routers. So they decided to solve this problem by creating a small Java applet that runs in your browser on their client sites and sends data to RedSheriff’s servers.

The server logs are unable to pick up information relating to both PC and RAM cache and proxy servers. Server logs will also count all users behind a firewall as one user. All of the above mean that server log files fundamentally undercount site traffic.

RedSheriff Measurement avoids these difficulties by using a patented quantitative activity measurement technology, known as instrumentation, which allows activity to be measured from the browser.

Web servers aren’t able to accurately count traffic so RedSheriff is solving this problem by installing tracking software on consumer’s PCs without their knowledge or permission, effectively transfering the traffic counting burden from the server to the client.

So what are they tracking?

Exit and Entry Pages, Page Impressions, Path Analysis, Unique Visitors, Host Summary, Unique User Sessions, Browser and Operating System, Page Durations, Java/CGI Breakdown, Session Durations, Referring URL, Country of Access, Referring Domain, Reach, Period Page Impressions, Visitor Frequency, Internal and External Referring URL, Loyalty

Of course RedSheriff’s privacy policy assures you that they believe "providing the company with your personal information is an act of trust." They’re running tracking software on my machine to send personal information without my knowledge. That sounds trustworthy.

I’ve replaced their Java class file (measure.class) with a blank file and set it to read-only. I also changed my hosts file to redirect requests to their servers to a black hole and added a filter to the Proxomitron that neuters the applet.

October 11, 2004 9:44 PM

I find it ridiculous that some of you are 'outraged' at this 'arrogant' 'intrusion' in the collecting of anonymous data. Do you realise what these metrics are routinely used for? To improve your future experience of the site you are visiting. Someone previously pointed out - this is someone's resource that they have made available - often for free. Surely then it's their prerogative to collect anonymous data on the use of their resource? It *is* anonymous - yours is one of hundreds of thousands of personally unidentifiable records from which the authors of the site can pinpoint what may be confusing to users, and how things can be improved. If you don't like the way they're using their own property you don't have to go back. If I owned such a site I think my first thought would be akin to 'good riddance'. *So what you are really affronted by is that the owners of a resource, that they have made available to you and that you obviously derive value from, have then gone on to invest money and time in trying to improve the experience for you next time you visit.* The b@stards! String 'em up I say! Oh, that's not what you're really upset by is it... the biggest complaint about redsherrif seems to be the dynamic loading and running of code on your computer via a web page - fact: *all Java Applets do this - it's what they're for.* For that matter, that's exactly what Shockwave Flash does, and activeX and JavaScript and others. So if you have issues with this behaviour in redsherrif you should disable all these things. Java and Shockwave Flash, however, are sandboxed - this means that *they are incapable of doing anything to compromise your system*, (unless, in Java's case, you explicitly agree to let them do it) or accessing data you haven't explicitly given them access to, just like JavaScript. If Java Applets crash - they only crash themselves, they don't have access to any data you haven't given to the page that contains them and they can only be run by the page that contains them which means that if you have entered your credit-card number into a page and an applet is capable of reading it - that applet is as trusted and trustworthy as the page you have made a conscious decision to trust, just like JavaScript. Nothing to worry about - if you trust the source. Some of you seem to be perfectly blasé about people and sites other than redsherrif loading and running Java Applets on your machine without your consent ("please tell me how to disable redsherrif without having to disable Java!") but you've heard that redsherrif is 'spyware' and immediately demonise it. So, what have we learned? Java is not JavaScript, but Java has the same exploitability as JavaScript and Flash (unless you have explicitly agreed otherwise). So, if Java worries you - so should JavaScript and Flash. You should turn them all off... and good luck. On a side note: I can't believe that some of you are willing to execute potentially lethal .REG files on your computer to remove a few totally benign java classes. It's like approaching a guy on the street selling pills, asking them for some medication because you sneeze once or twice every few days and blithely taking the pills without question. Is that rational behaviour? Only if you trust the source *absolutely*. The sneeze isn't really a problem - the pill might kill you. It would be the work of a few minutes to whip up a .REG file that would irrevocably destroy your computer setup, I would spend more time thinking on that, perhaps? If you are really concerned about online security and privacy then you will have a firewall and know how to use it - the best way to opt-out of the redsherrif data collection is to block their domains - a single entry... but I didn't need to tell you that, right? If you want to spend your time making meaningless gestures in the name of paranoia, be my guest... I for one have better things to do with my time.

November 17, 2004 8:05 PM

Good topic.. I have been blocking Red Sherrif worldwide for a while now , there are a lot worse things to be worried about , but still something worth avoiding. To Quote farmerbri : "If you are really concerned about online security and privacy then you will have a firewall and know how to use it...the best way to opt-out of the redsherrif data collection is to block their domains - a single entry" Which single entry would that be ? I have a firewall and there is lot more than just a single IP range to block , as well a large range of domains to be blocking in a Hosts file. Of course if you have something like Outpost firewall or some type of adfiltering program you can disable java applets from running altogether. The IESpyad .REG file is from a completly trustworthy source and has been used and recommended for many years on most sane security forums , it's hardly a serious risk to use. Also the post above which displays the format for effectively blocking RedSherrif in a Hosts file is not correct. since it was originally supllied by RedSherrif that may be the reason why it's incorrect. The Host file entries should actually be listed with localhost first : A great Hosts file for blocking dangerous spyware can be found here : There was a good discussion a while back on Spyware info on preventing RedSherrif connecting to your computer : And really it's not about being paranoid , I will block anything I want during my internet travels , since I own my computer and pay for my internet connection , it is therefore my choice who I allow to connect to me. :) cya

January 12, 2005 7:34 AM

That´s the point: if there is everything correct and friendly, why is it done secretely? K. P.

January 12, 2005 3:47 PM

websites do *lots* of things without notifying you... Just because a web page doesn't notify you each time it wants to change an image on a roll-over (by running code you haven't installed and didn't approve blah blah blah...) doesn't mean there's something sinister about the roll-over. There's an enormous amount of stuff going on inside your computer that you will never know about - and even on a clean install some of those things are considerably more sinister then what redSherrif does...

March 23, 2005 12:32 PM

Wow! Symantec had nothing I could find on Red Sherriff, but I learned a lot here!

April 11, 2005 1:58 AM

The constant reappearance of this baby was beginning to worry me. Like Anonymoose I've learned more from this site than any other I've looked at. I now know that the reason Ad-Aware keeps finding Imrworldwide on my machines is probably the BBC. I now know it's not particularly harmful but I've added the site and IP addresses to Zonealarm and put it in my IE resticted sites. I don't think I'll risk the more technical suggestions. Thanks to everybody.

August 27, 2005 5:44 PM

Ever since I stopped using Java of any description, all my Spyware worries seemed to dissappear. Sure makes it difficult to view some pages properly, but is well worth it. Forget Java - its LAME.. and infectious.

September 18, 2005 11:34 PM

Well, thank you Anon for that tremendously uninformed opinion... you may think Java is 'LAME' and 'infectious', but I can assure it is neither by nature. By deliberately causing yourself browser woes you are merely punishing yourself for your own ignorance. If your spyware issues seem to have disappeared since removing Java it is only because you are blind to the nearly infinate non-java spyware issues. Educate yourself and post again. cheers.

von-hill karl
January 2, 2006 5:51 AM


February 13, 2006 8:28 PM

There thieves. These companies ( ect.)have sent theives to our computers and thieves cannot be trusted. It shows they have no care for the people dealing with them. I have to pay for my internet connection. It gives me an amount I can download and my upload is included as download in that figure. These programs are stealing my bandwidth. I dont care what they want to collect I dont want to pay for it and I dont care how little it is. It is like going to someones buisness office and while there they go through my pockets and have a key cut for the backdoor of my house then go there and sent letters back to them using my stamps. How can anyone condone that? Any company using this technology has no integrity Wheres my cheque.

John Charville
April 16, 2006 4:03 AM

Dear People, Might I suggest that you all have a look at EC Directive 2002/58/EC paying particular attention to recitals 17, 24, and 25 (The paragraphs of the Preamble to the Directive itself) and then have a look at Article 5. Directive 2002/58/EC makes the deployment of spyware, cookies and anything else totally unauthorised if your fully informed consent is not obtained. Then have a look at section 1 of the Regulation of Investigatory Powers Act 2000, and sections 3 & 1 of the Computer Misuse Act 1990. These make the deployment of cookies and interception of traffic data a criminal offence, since such deployment and interception is clearly unauthorised. I hope that this helps. Regards John Charville

daniel vernede
July 3, 2006 8:26 AM

hello...i for some reason am unable to get onto my favourite site at the moment i can get onto but when i try to get to the kelloggs nutri-grain dream team competition it comes up with "this page cannot be displayed" it loads up "" please can i have some info as to how i can fix this problem because i MUST be able to access that site... please email me at asap its very important that i fix this problem kind regards daniel

March 1, 2007 3:26 PM it's on Pandora !? VV

John Charville
February 15, 2009 5:31 AM

The UK has actually annulled the obligations created by Directive 95/46/EC through Sections 22 & 23 from the Data Protection Act 1998.

John Charville
February 15, 2009 5:33 AM

The secretary of state has refused failed to produce the Orders that Sections 22 & 23 from the Data Protection Act 1998 refer to.

These are the last 15 comments. Read all 46 comments here.

This discussion has been closed.

Recently Written

Mastery doesn’t come from perfect planning (Dec 21)
In a ceramics class, one group focused on a single perfect dish, while another made many with no quality focus. The result? A lesson in the value of practice over perfection.
The Dark Side of Input Metrics (Nov 27)
Using input metrics in the wrong way can cause unexpected behaviors, stifled creativity, and micromanagement.
Reframe How You Think About Users of your Internal Platform (Nov 13)
Changing from "Customers" to "Partners" will give you a better perspective on internal product development.
Measuring Feature success (Oct 17)
You're building features to solve problems. If you don't know what success looks like, how did you decide on that feature at all?
How I use OKRs (Oct 13)
A description of how I use OKRs to guide a team, written so I can send to future teams.
Build the whole product (Oct 6)
Your code is only part of the product
Input metrics lead to outcomes (Sep 1)
An easy to understand example of using input metrics to track progress toward an outcome.
Lagging Outcomes (Aug 22)
Long-term things often end up off a team's goals because they can't see how to define measurable outcomes for them. Here's how to solve that.


What I'm Reading


Adam Kalsey

+1 916 600 2497


Public Key

© 1999-2024 Adam Kalsey.