site logo

Security and privacy policy

About security

 thilmera digitally signs (code signs) all executable files (*.exe), libraries (*.dll), and built-in drivers (*.sys) (excluding deprecated old drivers) with the inscription " Gakuto Matsumura ". I am doing The CA (Certificate Authority) issuing signatures is GlobalSign until April 2021, and Certum after that.
 If the signature has a different name, is invalid, or is not issued by Certum, please do not execute it.
 When newly downloading, be sure to check that the digital signature (code signing certificate) is correct.
 All executable files of this software are forcibly stopped if their signatures are not determined to be normal by the OS, but if malicious modification is performed, this safety device will definitely be destroyed. Please think that it is.
 In addition to checking for file corruption, the software update process will be forcibly stopped at any point during download, update, or startup if this code signing certificate is not determined to be valid according to OS standards. It has become.

 A digital signature (code signing certificate) certifies the "original software that has not been tampered with" and certifies the identity of the program in this day and age where there are many programs whose publishers are unknown. It has been introduced in all builds since then.
 The thilmera digital signature is personal. Therefore, if I, the author, collect unauthorized information in this software or send information to other programs or services, my digital signature and my identity as an individual developer Your reputation will be irreversible.

 The reason why I provide it for free without any advertising, bundling, or information collection is that the reason for its development is not to pursue profit, but rather as a hobby that I do for fun, and training to improve our skills. This is because it is a practice table.
 I am considering creating a more developed paid service in the future, but there are no plans to make the currently available functions paid.

 I definitely don't want to be forced to install bundled software, which is often free, or which is essentially spyware, or which is replaced by spyware midway through.
 thilmera does not belong to any organization and all decisions are made by the same developer throughout the entire period, so the privacy policy will not be violated due to any interest.

Policy on data collection (privacy policy)

 thilmera will never send your personal information or data on your PC to outside your PC without your explicit consent.
 If you use the "PC-to-PC data sharing" function, which is turned off by default, the display data of thilmera will be sent to the destination specified by the user, but the information will not be sent to any destination other than the destination specified by the user. .
 When you use the "Status Post" function, which is turned off by default, the specified data will be sent to the destination specified by the user, but the information will not be sent to any destination other than the destination specified by the user.
 Also, at this time, there is no function to collect thilmera data on the server. Even if it is added in the future, it is assumed that it will be a new paid service that users will intentionally register for.
 The status log introduced in 0b172 is a complete function on the PC's local storage and is not sent to the network.

 Information sent to the 「 」 domain, such as the version, language, and channel number of thilmera you are using, may be used for administrative statistics by the developer, but may not contain personally identifying information or information about your computer. Contains no inside information.
 In the future, I plan to post rough statistics such as monthly and yearly statistics on the membership page, but i will only use them as an indicator to show supporters the operating status of the project. only the average value) is used.
 The contents of the data that may be transmitted are all listed below.
 In 0b180 Rev.14 and later versions, you can check at any time from the ENV item in "Settings" "About thilmera " "Details".

 「 」 The IP and time log for accessing the domain server is a report of unauthorized access. Or, it may be disclosed at the request of a provider or law enforcement agency.

Summary of data sent

 When sending and receiving HTTP requests, information such as a random hash value, session ID, version in use, channel number, language ID, and architecture (win32, win64, arm64) is included in the request content to confirm the security of both parties to a certain extent. will be granted.
 The language ID contains the language number (4-digit number) specified for the basic display of the OS and the language number set internally.
 This data is mainly used to determine the language of the text used as a response from the server and to branch out update information that should be provided.

 Starting from 0b180 Rev.14, version information is no longer included in the user agent name.
 From now on, the contents of the ENV item that can be viewed from the settings are used only when communicating with the " " domain, and these data are no longer included when accessing other domains.

 When running in offline mode, no traffic is generated other than code signing certificate revocation confirmation due to OS behavior.
 * In offline mode before version 0b180 (December 24, 2023), there is a version with a bug that causes traffic to obtain version information when manually checking for updates. This will not work unless the user does it intentionally.

 * The 「thermal network」 function that existed in versions before version 0b165 (August 14, 2020) sends the contents of Windows experience (benchmark results) and data such as temperature, CPU name, and GPU name depending on the settings. There used to be a ranking system, but in 2011 it was only sent when the setting was enabled, and it was completely abolished in 2020 with 0b165.

Data sent and timing

At first startup, etc.A confirmation of the revocation status of the code signing certificate is sent and received to Certum (a third-party certification authority) using an HTTP request. (This is not a request from within the program, but comes from the behavior of the OS)
Not in offline modeAt startup and once a day. Or, when the update check is manually clicked, the version string of the text data is obtained for 「 」 with an HTTPS (HTTP) request. Currently, the supporter list is also retrieved all at once.
At startup etc.If the retrieved version information includes a newsletter that is not a read ID, the text of the newsletter is retrieved from 「 」 using an HTTPS (HTTP) request.
SNTP When time setting is ONOnce every 15 minutes, UDP's SNTP request sends and receives the time to the specified host.
When data sharing between PCs is ONTCP's unique request sends and receives the main window display contents to and from the specified host.
When updatingGet the sum check, package, and update executable file from 「 」 with an HTTPS (HTTP) request.
Calendar display startsObtain holiday data for 「 」 by HTTPS (HTTP) request at startup and date change. (0b174 and later are obtained at the same time when checking the version)
Virtual currency systemRequest and receive json data from each API server using an HTTPS request.
Status notificationSend the specified string for posting to mail servers, Twitter (X), Discord, Teams, etc. with an HTTPS request.
Temperature, weatherRetrieve information from the 「」 server with an HTTPS request. The specified Zip code or latitude and longitude will be sent to openweathermap.

Reverse lookup - Data that may be sent

Version of thilmera「 」 when making an HTTP request. (*0b180 Rev.14 and later versions only send to 「 」 domain)
Default UI language IDWhen making an HTTP request to 「 」. 4 digit number. (*0b180 Rev.14 and later versions only send to 「 」 domain)
thilmera Internal language ID「 」 when making an HTTP request. 4 digit number.
Distribution channel number「 」 when making an HTTP request. single digit number.
Distribution type number「 」 when making an HTTP request. single digit number.
Architecture「 」 when making an HTTP request. Possible values ​​are currently win32, win64, and arm64.
IPWhen making an HTTP request. SNTP On request.
Session IDWhen making an HTTP request.
Random hash value「 」 or 「 」 「 」 for server confirmation (measures to reduce risks such as DNS cache poisoning)
thilmera Main window display dataWhen data sharing between PCs is ON. For the IP specified by the user himself.
Twitter API keyThe content converted by OAuth2 when posting the status is sent to the Twitter server.
Discord WebhookTo Discord server when posting status.
Slack Incoming WebhookTo Slack server when posting status.
Teams WebhookTo Teams server when posting status.
Weather API keyGo to when obtaining weather.

Others - Notes

・0b167 Rev.7 and later, the language ID is included in the user agent name during web communication.
 Example: For Japanese, the number is 0x0411.
 This does not represent the country of the communication source, but is the ID (4-digit number) of the default language of the UI set in the OS by the user.
 There were requests to support languages ​​other than Japanese and English, so this was introduced to determine which languages ​​were in demand.

 thilmera The internal language ID is the language ID used for display settings of thilmera in the same format.

 When sharing data between PCs, the computer name sent as a display can be turned on or off, and after 0b174, a custom name can be specified.
 Of the above, SNTP time adjustment and status email sending cannot be performed through a proxy, so if you have a provider contract that does not allow you to connect to the network without using a proxy, it cannot be performed.
© 2001-2024 Gakuto Matsumura:弦生ささと ( Privacy Policy