Many of the questions that came up in our recent AMA were related to security, and given how seriously we take it, we deemed it pertinent to write up an overview of Ulterius's various security features that keep you, our users, safe.
Unlike certain remote management apps, with Ulterius, none of your data ever passes by our servers. This means that if we ever suffer a security breach (it happens to the best of 'em) your computer will remain completely unharmed and inaccessible to the attackers. For that matter, you wouldn't even be aware that it happened!
Although we at Octopodal may never know about it, your data still has to pass through (at least) your ISP. Ulterius uses standard SSL and AES encryption technologies to ensure that no one between your two devices can look at your data. Also in the works is the ability to use self-signed certificates; look for more details in the coming days.
Data We Do Collect
That being said, we do collect a small amount of data from users. When you first install Ulterius, you are asked if you would like to submit usage statistics. We use this data to fix bugs, analyze our audience, and commit overall improvements to the project. The exact pieces of information we collect are as follows:
- Operating system
- Number of processes currently running
- System uptime
- Ulterius version info
- Model name
- Current utilization
- Number of processes
- Various information that can be inferred from the model name
- Public IP address
- Internal IP address
- MAC address
- Graphics adapter name
- Refresh rate
- Driver name
- Driver version number
- Screen resolution
- Color depth
- Used space
- Model number
Other little nubs of data are collected like the "BIOS caption" and a drive's root directory (tip: its the same as the drive letter), but these are of little concern to us or the user.
As has been proven, security through obscurity does not work. In addition to various other benefits, having the source code to our project be open allows the public to review it and make sure there aren't any security flaws. Furthermore, our license (MPLv2) allows developers to submit fixes if such flaws are found.
A warrant canary is available at canary.ulterius.io. It will be updated once a month, complete with recent news to verify that the message was not signed in advance.
On a related note, reports detailing requests for user data, security disclosures, and other such related matters will be issued on an annual basis (or in pressing instances, as-needed) to this blog.
If we missed anything, just contact us at [email protected] and let us know!
--Joshua Garner, Community Manager