Opinions on piracy and anti-piracy techniques

I totally agree with Brad Hutchings! Piracy is not a problem to me, because I am always selling customized Business Software and Services tied together. This might be different if you serve End User Market without App Store.

Selling software that relies on your own servers is also a possibility. Our software uses our servers for cloud storage of the data. Without a paid account on our servers the software is pretty much useless.

It’s been said in this thread already but if someone wants to pirate your software, they’ll find a way. It’s not just about not wanting to spend money. The evidence for this is that apps that are less than dollar are being pirated. Who cares? That person was never going to buy your app anyway. I focus on trying to make great software for people wanting to pay.

For the record, I would never ever make my app do something malicious even if it suspected that it was cracked or pirated. That’s a terrible policy. I know from my own experience from the shareware days that pirated users sometimes turned into paying customers when they grew up. The negative publicity from causing malicious damage as some sort of revenge could be far worse than piracy itself.

I was thinking of storing an encrypted HardwareID somewhere, this would at least prevent people from copying the application from one computer t’other, my concern was that it wouldn’t take a cracker long to figure out how you create that data on disk and then create a registrar app…

These are mainly thoughts at the moment, next year I intend to sit down and design my own solution.

What about letting your anti-virus software think the application is infected? For example trying to modify the application executable. That would rise a warning but it will never do anything malicious to the system.

Which reminds me, on OS X, with Code signing required the cracker cannot sign your application with your code signature, so a simple test somewhere within the application is to validate that the code signature is yours and not a third party one (don’t do it in your main routine or the cracker will find it).

It should also help deter some users from running the cracked version as they’ll get the “Move to Trash” dialog by default, and while some will ignore, it actually has a physiological trigger which makes users more cautious of the app, even if they don’t realize!

There was an app in the 90s - it might have been BBEdit - that gently pushed people into paying by displaying a nag screen now and then, that reminded the user of why it was important to pay for software. Only pirated users saw the messages.

The app never accused the user outright of using stolen software but the messages played on the user’s conscience. Apparently they had a fairly successful rate of converts from piracy.

If people like your product enough, they will go out of their way to support it and you - if they can. If they can’t then it’s better to let them use your product as free testers and to advertise it for you.

With software intended for a mass market I think it’s better to have freeware with paid components. Offer considerable incentives for payment, but don’t attempt to punish pirates or make your software a pain to use. A lot of them are kids with no money who later get jobs and support you. The other 5% of them are people who’d never pay you anyway and will crack your software no matter what. They’re just an inevitable loss that you can’t really fight, and fighting them by treating everyone like a criminal just pisses off all your legitimate users.

I did my own system, its simplistic but it increased sales (I estimate) by about 10%
It relies on internet registration, so maybe 3 times I year I get someone who bought online claiming that they don’t have an internet connection.

It used to use numbers and letters: people often confuse O and 0 so I had to change the valid character set.

And if the program is altered, it amends things in a way that means the product doesn’t quite work properly afterwards, and shows piracy icons in lieu of real ones.
That has been triggered by accident about 8 times, meaning I had some cleanup to do.

I really wish I didn’t have a serial numbering system: its more work for me and more work for the customer.
But after finding my software on the torrent sites I almost shut the business down a few years ago in disgust.

Without the serial, I would probably sell less. But I’d work less too.
Tough call.

This is what I did for Real Studio, and I think you’re going to have a bad time with this. It’s a good idea on paper, but doesn’t really work in practice.

After spending a lot of time thinking about piracy schemes, I’ve come to the conclusion that using cryptographic signatures is the best solution we’ll get right now. It isn’t perfect - don’t use Aquatic Prime - but it’s pretty good and I don’t think you’ll find better.

I have been selling software since I was 13. I have tried everything, including the infamous “sentinel.” At the end I go with frequent releases, extra features under simple registration. Actually I noticed that some piracy keeps my products live and get a few new purchases from people that now feel that they should buy it.

Also try to keep my prices real. No matter what my ego wants me to do.

Quick brain dump on this.

  1. If you use activation codes, assign them to an email address, verify the email address and activation code combination on a server, communicate with server over secure HTTP. Early 2000s, a shareware company did a side by side test on client side vs. server side activation, and found significantly better sales with server activation.

  2. If your software is any good, your scheme will be broken. It doesn’t matter how much work you put into it. So just focus on helping honest users be honest. This plays into #1. If users can’t just share codes, incrementally, some more will buy.

  3. If you can sell anything other than just a license, and you’re selling a valuable thing, you’ll be less hurt by piracy. Maybe it’s a printing service, or training, or a Kickstarter-style award (T-shirt, mug). Maybe it’s access to betas. Maybe it’s customization. On the last point, I had a shareware type product that made tens of thousands of dollars. It led to a long term product development gig that made hundreds.

  4. Piracy is a fact. Don’t get emotional one way or another about it. Some customers who buy from you will pirate from others. Bite your tongue about the moral angle, and figure out why they decided you were worthy of a payment.

[quote=46286:@Charlie McCormack]How would it be if you could use a users real postal address as the actual seed of a serial number?

Surely this would make them think twice about putting up a copy on the Internet?[/quote]
Good idea.

[quote=46326:@Gavin Smith]It’s been said in this thread already but if someone wants to pirate your software, they’ll find a way. It’s not just about not wanting to spend money. The evidence for this is that apps that are less than dollar are being pirated. Who cares? That person was never going to buy your app anyway. I focus on trying to make great software for people wanting to pay.

For the record, I would never ever make my app do something malicious even if it suspected that it was cracked or pirated. That’s a terrible policy. I know from my own experience from the shareware days that pirated users sometimes turned into paying customers when they grew up. The negative publicity from causing malicious damage as some sort of revenge could be far worse than piracy itself.[/quote]
I would not like to do any malicious damage to anybodies computer.

Personally I’m of the opinion that it’s better to put your time and effort into developing new features rather than trying to over protect your software. Piracy is inevitable so for me it’s the cost of doing business.

I still use a serial number on my software, but I don’t bother activating it over the Internet or anything. The serial number is checked within the software itself.

The only other way I protect my software is that the trial versions on my site are actually different than the full version. They actually have code missing, so even if someone hacks the nag screens away, there are still missing features for which the code is not even in the app.

You can’t download the full version without purchasing. When someone purchases from me I send them a serial number and a download link. They need to enter their serial number to download the full version. This means I can track downloads per license and spot any that have been leaked. I limit the number of downloads per license (but sometimes have to reset the count for those who reinstall frequently) and also track the IP each download came from. Obviously I keep a list of which licenses are assign to each customer. I know this doesn’t stop people uploading the full download, but it does seem to prevent casual piracy.

Perhaps the biggest thing that has increased my revenue is tracking downloads. I used to get a lot of people who would purchase my software, download it and then instantly put in a PayPal claim saying they didn’t make the purchase and someone was using their account without permission. I would instantly disable the license, but as the user had downloaded the full version already they got the software for free. It was because of this I put IP tracking of each download in place.

Now when I receive a PayPal claim I just write to PayPal pointing out that you can’t download without a serial number, the serial number was emailed to their registered PayPal email address, so they must have had their email compromised too. I also include the date, time and IP address of the download that was made using the license code they purchased. Since I have done this PayPal have always awarded me the money from the sale. I guess the fools are silly enough to email PayPal from the same email and IP address they claim didn’t make the purchase!

Funny thing is 9 times out of 10 I will refund someone’s purchase if they are not happy, hoping it will be good PR. But if they try to pull a fast one and put in a claim to PayPal against me I will provide all the evidence I have to ensure they don’t get a refund. I’m fair in business and I expect people to be the same to me.

Richard that’s the point: " I’m fair in business and I expect people to be the same to me."

As Software Developer (and somebody who pay his bills from software) I have to trust my customers and concentrate on them and not on those who do not pay or steal. It’s hard to believe and I may be accused being kinda idealistic but as long as I keep my software & services tight together and as long as I try to satisfy my (paying) customers everthing works fine to me.

[quote=46699:@Tomas Jakobs]As Software Developer (and somebody who pay his bills from software) I have to trust my customers and concentrate on them and not on those who do not pay or steal. It’s hard to believe and I may be accused being kinda idealistic but as long as I keep my software & services tight together and as long as I try to satisfy my (paying) customers everthing works fine to me.
[/quote]

With a lot of desktop software, you are probably leaving money on the table if you don’t server-activate. That’s not passing judgement on you or your users, but it’s an experiment that’s been done and repeated often enough. It is sometimes easier for users to share codes with friends than for the friend to buy another code like you ask them to.

And off course hackers will somehow find this thread (via Googla?) and read about all the ideas here. :slight_smile:

Yeah, we’re never paranoid enough :wink:

I didn’t catch whether you were suggesting not to use AQ or if you were implying using AQ would bring the system closer to perfection.

Since I had AQ in pretty high regard, I wanted to make sure I understood and, if possible, to get you to share some opinions on it one way or another :smiley:

Forum for Xojo Programming Language and IDE. Copyright © 2021 Xojo, Inc.