Sun Java Runtime Uploads Usage Data to RedSheriff?

stereoroid writes "

It appears as if the Sun Java 2 Runtime Environment, version 1.3.1_02 and later, is reporting usage statistics to a company called RedSheriff, presumably on behalf of Sun. This was the Win32 version, but other versions probably have the same "feature". If you load up the Java Console, you see multiple messages like this:

----------- RedSheriff Measurement -----------
Privacy: http://www.redsheriff.com/privacy.htm
Record Sent

I noticed this while setting up the latest version of Compaq Insight Manager 7, which includes JRE 1.3.1_02 (but works with 1.4.0 too). I started examining what was happening using a network sniffer, and could see several http requests to a server under http://imrworldwide.com/, a domain name owned by RedSheriff. The data in the packets included details of the system environment, and I even saw a URL that I had accessed in a previous unrelated browser session. This was a partial capture only, it doesnt happen every time, but Ill keep watching to see what else goes through. If I use the JRE, must Sun know my IP address and what OS Im running, and more? This has also been quietly commented on in Sun's Java Forums too. I'm currently digging for a way around this - any ideas, besides a firewall?"

Re:Fucking do *some* verification before posting

Yup, it's a spyware applet and I posted this story almost a month ago when I discovered that the news section of the BBC where using it to track usage.

A quick visit to the site suggests that they have stopped now. A visit to the redsheriff website is amusing; the 'business speak' is impressive - I would offer a link but I don't think the fish can translate from marketing b*llsh*t :)

They ignored my story and then published somebody else's badly researched version.... bah... editors.... grrr... slashdot.. paaa... Rob