Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Java Programming

Sun Java Runtime Uploads Usage Data to RedSheriff? 52

Posted by Hemos from the any-news-on-this dept.
stereoroid writes "

It appears as if the Sun Java 2 Runtime Environment, version 1.3.1_02 and later, is reporting usage statistics to a company called RedSheriff, presumably on behalf of Sun. This was the Win32 version, but other versions probably have the same "feature". If you load up the Java Console, you see multiple messages like this:

----------- RedSheriff Measurement -----------
Privacy: http://www.redsheriff.com/privacy.htm
Record Sent

I noticed this while setting up the latest version of Compaq Insight Manager 7, which includes JRE 1.3.1_02 (but works with 1.4.0 too). I started examining what was happening using a network sniffer, and could see several http requests to a server under http://imrworldwide.com/, a domain name owned by RedSheriff. The data in the packets included details of the system environment, and I even saw a URL that I had accessed in a previous unrelated browser session. This was a partial capture only, it doesnt happen every time, but Ill keep watching to see what else goes through. If I use the JRE, must Sun know my IP address and what OS Im running, and more? This has also been quietly commented on in Sun's Java Forums too. I'm currently digging for a way around this - any ideas, besides a firewall?"
This discussion has been archived. No new comments can be posted.

Sun Java Runtime Uploads Usage Data to RedSheriff? More

Sun Java Runtime Uploads Usage Data to RedSheriff?

Comments Filter:

  • What can you do? (Score:2, Interesting)

    by kingosric ( 472809 )
    Send back fake results to screw up their data....

  • Edit. (Score:3, Interesting)

    by QuodEratDemonstratum ( 569501 ) on Saturday May 18, 2002 @03:11PM (#3543323) Homepage
    If you haven't got a firewall, edit the binary and alter the URL the messages are sent to. "http:www.sun.com/abuse" should send the point when they look in their server logs.

  • add imrworldwide.com to your hosts file (Score:3, Informative)

    by tswinzig ( 210999 ) on Saturday May 18, 2002 @03:13PM (#3543338) Journal
    In W2K/XP, look in winnt\system32\drivers\etc for a file called hosts. Add this line:

    imrworldwide.com 127.0.0.1

    Save. Reboot. (Or kill the java/browser processes and restart them.)

  • Can this behaviour be confirmed with other OS, like GNU/Linux or Solaris implementations from Sun?
    And what about ports which based on the Sun source like Blackdown?

    I think this is really bad and if it's true it shouldn't be only mentioned here on the developer page. Java users are also affected! So if this is really true and sends data like visited URL's everyone has to know it!
    Perhaps it would be better to use and support free Java implementations like Kaffe [kaffe.org] than this.

    • What is this GNU/Linux of which you speak?

      GNU/Hmmmm... GNU/Better GNU/post GNU/anonymously... GNU/Ach, GNU/why GNU/bother? GNU/It's GNU/only RMS/Karma.

  • When I discover that a person or a company has been sneaky, their reputation with me falls to zero. When I know someone has done one thing that is sneaky, it is very difficult or impossible to know if they are doing other things that are sneaky. It is difficult to put upper or lower bounds on their abusiveness. So, I end the relationship, or limit it as much as possible.

    Is Sun's sneakiness worth the enormous negative publicity of being featured as a sneak on Slashdot? It's difficult to imagine that it could be.

    Is Sun having financial problems, so that the company needs to scrape for nickels and dimes?
    • Sounds like Sun could prove a case of malicious falsehood here

      The information is not correct and is known to be not correct and is damaging to Suns reputation

  • Then "they" see how much I am using
    Limewire...I hope they do not report
    TCP/IP connection statistics also !

  • RedSheriff is the worst company name I've ever heard. What the fuck? Anyone have any other examples which might knock this fucker off the top of the hill in terms of really dumb names?

  • Nothing found (Score:5, Informative)

    by Ivan the Terrible ( 115742 ) <`vladimir' `at' `acm.org'> on Saturday May 18, 2002 @04:07PM (#3543523) Homepage
    There's nothing in the sources (as distributed) to validate this claim.
    $ find /usr/local/src/jdk1_3-src -type d \( -name RCS -o -name CVS -o -name SCCS \) -prune -o -type f \! -name \*\~ \! -name \*\,v \! -name s.\* -print0 | xargs -0 -e grep -n -e imrworldwide\|redsheriff\|RedSheriff /dev/nu ll
    $

  • It's not part of the Java runtime (Score:1, Informative)

    by Anonymous Coward
    Redsheriff is a spyware applet as a quick search at
    google would reveal. It's not part of the Java runtime.

  • This is absolutely not part of the Java Runtime (Score:5, Informative)

    by lurp ( 124527 ) on Saturday May 18, 2002 @04:54PM (#3543655)
    RedSheriff is definitely not a part of the Java Runtime. It is an applet that various web sites use to track usage statistics. A quick read of their privacy policy [redsheriff.com], a google search [google.com], or even a quick look at a security newsgroup [der-keiler.de] would have told you that.

    Don't slashdot editors check these stories before posting them?

  • Fucking do *some* verification before posting (Score:5, Informative)

    by gaj ( 1933 ) on Saturday May 18, 2002 @05:22PM (#3543736) Homepage Journal
    redsherrif is a spyware applet, not part of the J2SDK.

    A two fucking second search on google would have given you that much info. For the record, running strings on all the bins and libs in the j2sdk1.4 showed neither imrworldwide nor redsherrif.

    I know this is hard stuff, using google an all, so click here [google.com] to save yourself the trouble.

    • Re:Fucking do *some* verification before posting (Score:2, Funny)

      by Anonymous Coward
      Yup, it's a spyware applet and I posted this story almost a month ago when I discovered that the news section of the BBC [bbc.co.uk] where using it to track usage.

      A quick visit to the site suggests that they have stopped now. A visit to the redsheriff website is amusing; the 'business speak' is impressive - I would offer a link but I don't think the fish can translate from marketing b*llsh*t :)

      They ignored my story and then published somebody else's badly researched version.... bah... editors.... grrr... slashdot.. paaa... Rob

    • This is good to know. It means that the person visited a site that had this installed and loaded it on their site. The best thing to do after this happens is to shut down your browser, manually clear your browser cache then, restart your browser.

      Of course for added bonuses you could add a line in your host file that would redirect traffic to these sites to your local host. If you did this though and are not running a service on this port AND DON'T have a firewall, you may have to wait for the browser to timeout the connect to this site.

      If you do start a service on that port (probably port 80) to answer the requests it would prevent the browser time outs. I'm sure a simple perl server on port 80 would handle the request and drop it to the floor.

      Of course you have to realize that the person who reported this is a windows user user so they needed this dumbed down for them. A UNIX user would have searched the web first and gotton some info on this first.

      • Try connecting to a port that you know doesn't have a listener on it sometime. There is no timeout. An RST is sent in response to your SYN, giving an immediate "connection refused" error message:

        [phiggins@court ~]$ telnet localhost 1
        Trying 127.0.0.1...
        telnet: Unable to connect to remote host: Connection refused
  • This sets a new low in editorial standards for Slashdot. It was bad enough when RobLimo blatantly sucked up to Microsoft, turning a blind eye to obvious bullshit, as noted here: Re:"Not weasely?" [slashdot.org] posted on Thursday April 05, @10:14AM (Score:1) attached to Windows Exec Doug Miller Responds [slashdot.org]. Now, Hemos is spreading lies and FUD that bring Slashdot down to the level of tabloid non-editors. Please go out of business soon, or be sell out to Microsoft soon and in the open, so that your damage to the industry will be limited.
  • This seems a false claim to me, a careless acusation or flaming. You have only to download the sources for Java and check yourself because Sun Java is open sourced. Check also the previous posts and is obvious that a five minute search would have cleared all doubts: Java is not guilty.
  • Yeah, I didn't think Sun would screw up with such a dumb "Microsoft" type of blunder.. This looked like a post from April 1 :-) A little too late...

  • Responses from Poster (Score:3, Interesting)

    by stereoroid ( 234317 ) on Monday May 20, 2002 @03:57AM (#3548764) Homepage Journal
    1. You think I didn't check this first? Why did I see this behaviour on 2 different systems, starting with the installation of a new Sun JRE?
    2. Yes, I used a search engine, and found the same Trojan data. Yes, it's a Trojan, but who put it on my system? From the evidence, it appears that this is being done on Sun's behalf. I know it might not have come from Sun, but this behaviour started with a new JRE, and we don't go surfing the Net on a working server console.
    3. By "short of a firewall", I should have said "another firewall". I don't have the privileges to modify a corporate firewall (it's a very big company). Thanks for the reminder about modifying the hosts file - last resort, I guess.
    4. You assume that because I am using some Win32 systems here at work, that I am a Windoze Luser, and can thus be dismissed with a few careless swearwords. I'm not interested in getting into a pi$$ing contest with anyone, I'll just say that I know that nothing sucks like M$, yet I can deal with them and their products professionally. And you wonder why we're not all using Linux yet, with such lame attitudes?

    None of the above comments go any way towards answering my question. l33t nerds - who needs 'em?

    • Could it be bundled with the Compaq Insight Manager 7 that you were installing? I know HP at least likes to put a sh'load of monitoring and reporting software into their installs.

      ie, did you try getting the JDK straight from Sun?

      • It wouldn't surprise me if Compaq, did that stuff. According to the product roadmaps, Insight Manager is heading for the grave anyway, to be replaced by HP OpenView family products.

        The JRE did come straight from Sun - the CIM console sends you straight there...

        Thanks for a civil response..!

    • Re:Responses from Poster (Score:3, Interesting)

      by scrytch ( 9198 )
      I was going to address your points individually, but frankly I think you've written everyone off already. I hope you're putting up an anti-Sun page right now, excoriating them for their spyware, and calling for a class-action suit or something. Would serve you right when you end up with egg on your face.

      None of the above comments go any way towards answering my question.

      What question? You started with an accusation. Your accusation was demolished. You weren't told what you want to hear, so you're throwing a tantrum. By all means, do pick up your ball and go home.

    • Subject: What are the limits of web site visitor tracking?

      There is a very interesting story in this, but the Slashdot editors didn't think so.

      RedSheriff [redsheriff.com] tracks visits to web sites, and claims to be "the world's largest interactive media business intelligence specialist". RedSheriff claims "incomparable accuracy" [redsheriff.com] using "superior patented technology" that "records user activity at the source, giving clients unprecedented access to data that accurately describes user behaviors". This raises a question: How much can they know about you?

      To investigate RedSheriff claims, I visited the web sites of two of RedSheriff's clients, Telstra [telstra.com] and Virgin Direct's Virgin Money [virginmoney.com].

      (I prepared by turning off JavaScript and Java in Opera's File/Preferences/Multimedia menu, and selecting "Throw away new cookies on exit" in Opera's Privacy Preferences.)

      I went to the Telstra home page [telstra.com] and downloaded the HTML source. (Wow, the Telstra home page is ugly.) In the source I found mention of a RedSheriff JavaScript file, http://telstra.imrworldwide.com/a1.js [imrworldwide.com]. I downloaded that. (Save the effort of re-configuring your browser by just right-clicking on the link and selecting "Save target as".) Virgin Money's site has a different RedSheriff Javascript file, http://server-uk.imrworldwide.com/a3.js [imrworldwide.com]. Do a search for "Red Sheriff", with a space.

      Then I downloaded a RedSheriff Java program that I found mentioned in the Telstra and Virgin Money home page sources, http://server-au.imrworldwide.com/Measure.class [imrworldwide.com]. Embedded within this binary is RedSheriff's privacy policy web page address: http://www.redsheriff.com/privacy.htm [redsheriff.com]. ("RedSheriff Cares about Your Privacy", it says, humorously trying to have it both ways in the same web site.)

      Basically it seems that RedSheriff is carrying visitor tracking to the limits, including tracking unsuspecting novices who may foolishly but voluntarily give them personal information. Looking at the code, I don't see any attempt to go beyond the narrow boundaries of what the JavaScript and Java languages allow. However, I'm not sure I see everything the code is doing. Can someone help with this? What are the limits?

      Slashdot had a story about RedSheriff, Sun Java Runtime Uploads Usage Data to RedSheriff? [slashdot.org] Judging from the comments, there is some doubt about who is RedSheriff's client in that situation. The story submitter defended his information [slashdot.org], and no one seems to have done a verifying test. (It would be easy to hide encrypted references to RedSheriff sites within binary. It would be easy include something in the binary that was not in the freely distributed source.) Note that the first part of one of the RedSheriff Javascript URLs above contains the name of the client, Telstra.
  • I don't get it. If they do this simply to measure the amount of people that actually use the software instead of just downloading, why not simple ask? I normally do not like surveys but if I can contribute in any way to the downfall of Microsoft I will :)
  • Update this story so as not to confuse anyone else. Is it that much egg on the face to admit when you're wrong?

Slashdot Top Deals

"When the going gets tough, the tough get empirical." -- Jon Carroll

Close