Security and Digital Signatures

 RealityRipple Software uses modern cryptography methods to ensure that the data you receive is identical to the data you requested. The website (realityripple.com) is fully available using TLS 1.1 or better security using the HTTPS standard, signed by DigiCert, Inc. The software available on this website is also digitally signed with a Certificate Authority under an in-house Root Certificate. Finally, all communications from RealityRipple Software are digitally signed with a certificate by Comodo Group, Inc.

HTTPS Encryption

The RealityRipple Software web server offers modern HTTPS access to prevent man-in-the-middle attacks and code injections. Any sub-domains under the realityripple.com domain also have HTTPS access available. Your connection to RealityRipple Software's website is encrypted using modern TLS protocols, and requires at least TLS 1.1 to work. Unfortunately, this means that Windows Vista, Windows XP, and earlier Operating Systems are not natively compatible with the HTTPS version of this site. This also means, unfortunately, that most the programs on this website do not use HTTPS to update, in order to keep compatibility with those Operating Systems. New versions may always be downloaded over HTTPS from this website manually instead of using built-in update features, if necessary.

Code Signature

Applications, Setup files, and Cross-Platform Installers (Mozilla Add-ons) available on this site are digitally signed by RealityRipple Software's own Code Signing Certificate Authority to prevent file corruption or manipulation. If even a single bit is changed in any file, the signature will be invalid. You can check the digital signature of any EXE or DLL file by right-clicking on it and choosing Properties. If a Digital Signatures tab exists, the file is signed. Choosing a signature and clicking the Details button under the Digital Signatures tab will display whether the signature is valid or not, and provide you with information about who signed the file and when. Please note that signatures may be marked as invalid if you do not have the RealityRipple Software Root Certificate Authority installed as a trusted Root. Installing a program by RealityRipple Software may install the RealityRipple Software Root Certificate into your trusted list. If you no longer wish to trust RealityRipple Software, you can remove it through your Internet Options Control Panel under the Content tab.

E-Mail Signature

Official communication over E-Mail will always contain a digital signature when sent from RealityRipple Software, using the S/MIME standard in most cases. I'm working on making both S/MIME and PGP available as signature options where applicable.

Repository Commit Signature

Since GitHub supports PGP-based commit signing on their website, I've begun to sign all new repository commits and releases since transferring my source code to the GitHub service. You can check for verification in a repository by looking for the green text "Verified" in a button on Commit and Release pages and lists. As long as the commit signature is verified, the data's integrity is ensured.

Trust and Security

All these signatures and encryption method only protect you from external attacks, and rely on your trust in me as a developer to provide you as a user with a product you can use safely. A valid certificate only means that the data hasn't been changed between my computer and yours. Providing source code is only useful to those that can read it, and does little to build trust for the average user. Instead, I rely on users with good experiences to pass on their opinions and observations to others. A good way to do that is to vote or provide comments on the product pages for software they enjoy, or to share the products through other websites or social media. So, if you have come to trust my work, I ask you to express that trust.


« Home Applications Mozilla Add-ons Themes Freelance Programming PC Repair »