Security and privacy policy
About security
thilmera digitally signs all executable files (* .exe) and built-in drivers (* .sys) (excluding older drivers) under the name "Gakuto Matsumura". The CA (Certificate Authority) issuing the signature is GlobalSign until 2021/04, and Certum after that.Never do this if the signature has a different name, is invalid, or is not issued by Certum.
In Windows XP, the reason why the sub-signature algorithm is unknown is that SHA256 is not supported by XP, which is the OS, so this is not a problem.
The software's automatic update will stop at any point of download, update, or launch if this digital signature is incorrect.
Digital signatures are a testament to the "unaltered original software" that clarifies the identity of a program in today's world of many programs of unknown origin, and was introduced in thilmera in March 2011.
The thilmera digital signature is for personal use. Therefore, if I, the author, collect malicious information in this software or send information to other programs or services, my digital signature and personal developer Reputation will be irreversible.
We provide it free of charge without advertisements or bundles because the reason for development is a hobby and the purpose of study (providing a high quality program).
So, I definitely don't want to do things like the usual free but bundles installed or spyware in the middle.
thilmera does not belong to any organization and all decisions are made by me personally, so any interests do not infringe on my privacy policy.
When you download a new one, be sure to check that the digital signature is correct.
The automatic update is designed to stop even if various files are inconsistent or corrupted, or the signature is incorrect.
Data collection policy (privacy policy)
thilmera will not send your personal information or data on your PC to the outside of your PC without your explicit consent.If you use the "Data sharing between PCs" function that is turned off by default, the display data of thilmera will be sent to the destination specified by the user, but the information will not be sent to anyone other than the destination specified by the user. ..
If you use the "Status Post" function, which is turned off by default, the data of the specified content will be sent to the destination specified by the user, but the information will not be sent to anyone other than the destination specified by the user.
Also, at this time, there is no function to collect thilmera data on the server.
The status log introduced in 0b172 is a complete function on the local storage of the PC and is not sent to the network.
When sending or receiving an HTTP request, the version of thilmera you are using and the language ID (4 digit number) are attached.
Data and timing to be sent
| At the first startup, etc. | Send / receive confirmation of digital signature expiration status to Certum (CA) by HTTP request (OS behavior). |
| When automatic update check is ON | Get the text data version string forrepo.thilmera.comin HTTPS request at startup, once a day, and when update check & update is clicked. |
| SNTP When the time adjustment is ON | Once every 15 minutes, the SNTP request ofUDPsends the time to the specified host and receives the time. |
| When data sharing between PCs is ON | TCP's original request sends and receives the character string of the displayed contents between the specified hosts. |
| At the time of automatic update | Get the checksum, package, and update executable fromrepo.thilmera.comwith an HTTPS request. |
| Calendar display started (0b134 Rev.4 ~) | Get holiday data forrepo.thilmera.comwith HTTPS request at startup and date change. (Obtained at the same time as checking the version after 0b174) |
| Virtual currency system | Request and receive json data on each API server by HTTPS request. |
| Status notification | Send the specified string for posting to the mail server, Twitter or Discord server in an HTTPS request. |
| Temperature, weather | Get information from the api.openweathermap.org server with an HTTPS request. The specified Zip code or latitude / longitude will be sent to openweathermap. |
Reverse lookup - Data that may be sent
| Version of thilmera | At the time of HTTP request |
| Default UI language ID (4 digits) | At the time of HTTP request |
| IP | At the time of HTTP request. SNTP On request. |
| Random strings and hashes | repo.thilmera.comFor server confirmation (measures against DNS cache poisoning, etc.) |
| thilmera Image data of the main window | When data sharing between PCs is ON. For user-specified IP. |
| Twitter API key | Twitter When posting the status to the server. Or when getting the timeline. |
| Discord Webhook | Discord to server when posting status. |
| Slack Incoming Webhook | Go to Slack server when posting status. |
| Weather API key | Go to api.openweathermap.org when getting the weather. |
Others - Remarks
・0b167 Rev.7 or later includes the language ID in the user agent name during Web communication.
Example: The number 0x0411 in Japanese.
This does not represent the country of the communication source, but is the ID (4-digit number) of the default language of the UI set by the user in the OS.
Since there was an opinion that we would like to support languages other than Japanese and English, it was introduced to determine which language is in demand.
In data sharing between PCs, the computer name sent as a display can be selected to be on or off, and any custom name can be specified after 0b174.
Of the above, SNTP time adjustment and status mail transmission cannot be performed for provider contracts that cannot connect to the network without using a proxy because they cannot be sent through a proxy.
© 2001-2023 Gakuto Matsumura:弦生ささと (thilmera7gmail.com)