What's the Right Amount of Copy Protection?

WPIDalamar writes "I'm currently working on a piece of commercial software that will be available through a download and will use a license key to activate it. The software is aimed at helping people schedule projects and will be targeted mostly to corporate users. With the recent Windows Vista black screen of death, it got me thinking about what sort of measures I should go through to prevent unauthorized users from using the software. While I don't wish to burden legitimate users, I do want to prevent most piracy. How much copy protection is appropriate? Is it acceptable for the software to phone home? If so, what data is appropriate to report on? The license key? Software version? What about a unique installation ID? Should I disable license keys for small amounts of piracy, like when there's 3 active installations of the software? What about widespread piracy where we detect dozens or hundreds of uses of the same license key? Would a simple message stating the software may be pirated with instructions on how to purchase a valid license be sufficient?"

None at all

[Ckwop]

While I don't wish to burden legitimate users, I do want to prevent most piracy. How much copy protection is appropriate?

This may not be what you want to hear but any copy-protection will burden legitimate users. Pirates will remove the copy protection from your software and the unprotected version they create will be more usable than the version you offer.

It doesn't just hurt your customers, it hurts you too. The time you waste trying to create some copy-protection and losing the arms race with the pirates (which you will lose) is time you could have spent making your product better.

The way to beat the pirates is to provide a better service to your customers than they do. The commonly advocated business model is to provide support on the software to paying users - and since your target is business customers this makes a lot of sense.

Businesses, by the way, tend not to pirate on the scale of the private user. Piracy is a big risk to business because businesses have very deep pockets.

In short, the answer is to have no copy protection at all and trust your customers. Trusting the customer is hard but they'll appreciate it.

Simon

Re:None at all

[lukas84]

I disagree, even though just on a tiny bit.

Businesses tend to purchase software they need, yes, but extending of software licenses is often overlooked.

e.g. they buy 5 licenses of your software. A year later, a team member is added to the team using said software. Now there are 6 users. Over time, many more people than the original number of licenses will use the software.

This doesn't happen in all Businesses, but the smaller the more often.

A good idea would be to add "soft activation". This means customer have to activate your software, and the number of currently active machines counted. Deactivating machines should be running a simple tool that removes the software and decrements the activation count on the server. Activation should never fail (even if the activation server is unreachable), but the customer should be reminded if he is running unlicensed software. This way, you can make sure that users don't mistakenly use to many licenses.

Criminal elements will of course find ways around this, so i wouldn't bother with making the activation process very secure - it's essentially just a license counter for your honest customers.

Re:None at all

[struppi]

Good points, but I can not completely agree with you. I personally never found it much of a burden to enter a license key. Even a one-time online activation is OK IMHO as long as it's painless. And I can understand why software companies put these measures in, not to stop pirating at all, but to keep the honest people honest.

I know that piracy is not so much of a problem when it comes to businesses, but consider the following: A company purchased 50 user licenses of a product, but the product has no copy protection whatsoever. Probably the people in charge won't even notice if more than 50 employees install the software - at least not in the companies I have worked so far. OTOH, if this software would have told the 51st user "Your company has no more licenses for you to install the software. You can use this program for another 30 days, but please contact your system admistrators to buy a license for you", the company probably will buy another 20 licenses.

So, IMHO, one-time activation is OK if it doesn't get too much in my way, but phoning home at every start or some annoying procedure like the Vista phone activation (I went through that once - took me more than 1.5 hours to activate a copy of Vista) is not OK.

Re:None at all

[FlyveHest]

So, in short you recommend using a piece of software, that installs another piece of software, that stays on the system after uninstalling the first piece of software (How else could it work, if you have multiple pieces of software that uses it?), and, as you say service, I assume it runs while the original piece of software is not.

Even though you say that you have never had any problems with it, I would absolutely HATE using anything of the kind, and would actively avoid using any piece of software that uses that kind of activation.

Don't phone home

Use a license key, make constant improvements to the product and each new version needs a valid key, disable disclosed keys in new versions.

To use your product a pirate would either have to settle for an old version, or constantly get a new hacked version and new hacked keys. It's enough to eventually get them to be legal.

Remember if you make your product hard to use with lots of negatives like phoning home, them you'll learn the lessons the Record companies are learning. Nobody is bigger than their customers.

Phoning home is _not_ an option

[gunne]

Prompting for a license key upon installation could be ok, since most users are used to that hassle anyway (though it's still a hassle).

"Phoning home" should never be done. Keep in mind that internet connection isn't flawless, sometimes it doesn't work for one reason or another, and would you really want to get a bunch of angry customers mailing/calling you when the software won't work/install because their internet connections went down for a while.
On top of that, if your main user base is business users, most of them will sit in a protected environment which probably won't let your program phone home even if it tries.

This is just an aside from the real problem with programs "phoning home", though. Integrity and privacy should not be taken ligthly.

A license key is enough.

[Draconix]

A license key is enough to discourage the casual pirate (custom encryption and multiple variables helps, such as name + password instead of just password) while, from my experience, not being enough to discourage regular users. Entering a key once and not worrying about it ever again is normal enough, and not bothersome. Going beyond that is asking for some glitch to cause legit customers to be calling you up to ask what the hell just caused their copy of your software to invalidate, or why they can't install it on their new computer, etc. Most importantly, it will also encourage people to crack your protection, thus making the pirate version more appealing to the end user.

Re:What's the Right Amount of Copy Protection?

[pilaftank]

If the question is how much should I beat the customer over the head, the answer is none. However, the question is wrong. The really question is how can my licensing mechanism best help legitimate customers track their licenses and stay compliant within the licensing agreement. The customers you want have no desire to steal your software, but they'll get annoyed if you make it laborious to maintain license compliance. Forget about the people who want to pirate your software. You add no value to your product when you waste time on them.

Re:Give it away for free

You can make tons of money on service contracts. Spoken like somebody who has never run a software development company.

The fact is most companies will not make tons of money on support. If people are not willing to pay for the software up front, they are not willing to pay for support. I will take my former employer as an example. They purchased one copy of RHEL and had a support contract in place for that one copy. They installed it on over 200 machines.

My current company charges $100 per agent and $20 per agent/year for support. We often get requests from people asking if we have a free or open source version. We have had people make comments that they would gladly pay for support if we had a free version. Based on experience, that is a lie and these people want something for nothing. We have business expenses to cover and cannot rely on support fees that may not show up.

Speaking as a very successful vendor: None.

[fyngyrz]

how can my licensing mechanism best help legitimate customers track their licenses and stay compliant within the licensing agreement

A much better question is, how can we maximize the rewards to our paying customers for providing us with the income we need to pursue our chosen path of software development?

The answers are:

• Provide them with a software key that is uniquely theirs so they have the means to protect their investment in us, not so we can attack them.
• Archive that software key so we can give it to them again if they lose it.
• Never, ever disable, restrict, or otherwise cripple a customer's product.
• Provide a means so they can legitimately share our software so as to spread the word.
• Price software reasonably; if the market is large, price low. If small, price higher.
• Be valuable: Provide strong functionality. Remain valuable: Fix it, improve it, be helpful.
• If someone wants a key and can't pay for it or wants to look before they leap, just give them one. Really. Doesn't hurt a thing. People who won't or can't pay aren't going to anyway. Better they use our stuff than our competitor's; better to make them happy than annoy them; better to see to it there's no value to an underground trade, because hacked software presents a security risk to us all.
• Last, but not least, don't burden our customers with "agreements" or "licenses." We wrote stuff, they paid for it. Done deal. Now it's up to us to add value to the product so they'll continue to boost our positions by using our support; spreading the word, the demo, the results.

You know the people who will insist on paying you when you mom their lawn, carry groceries, etc.? Those are the socialized, economically stable majority. They'll pay for good stuff as long as you price it sensibly and shovel value at them like it is going out of style (it actually seems to be in some cases, so use that instead of being part of it.) There is simply no need to go to war with everyone else - be a leg up instead of an obstacle to overcome.

I've done extremely well using this approach, as have my loyal employees. The only thing I would raise a flag about is you actually have to have something worthwhile; if you hand customers (and non-customers) bloated, cpu-hogging bugware, no amount of good will can counter the negative effects of the software itself.

That trick never works.

[porkchop_d_clown]

So, by way of example, I wrote an un-copy-protected software package and released it as "guiltware" - I asked them to click on the paypal link and make a donation to MDA through me. 5 years on, I know people are still using it because I get help requests.

But not one person ever, ever, ever clicked the link.

elicense marketing sucks

[Snibriloid]

Really, really bad marketing.

So how do i get the creepy feeling that this guy isn't entirely honest, but actually an elicense marketing stooge?

The install is painless (it installs a license control service that in many years of using I've never had any sort of issue with), and it stops a LOT of piracy.
Err, yes. I have original software too, but somehow the companies failed to send me regular, detailed newsletters about the LOTS of piracy they stopped with their particiular brand of DRM.

It IS possible to "unwrap" the executable, but of all the Elicense protected software I've used, I've only ever seen one game cracked. (Ironically it is the most obscure of the ones I own.)
Yeah, shure, I too make regular searches on the web for cracked versions of the originals i own, especially when the DRM is soooo good that i dont't want a no-cd crack.
And by the way, what are the multiple(!) games that haven't been cracked? I would really like to buy them, if only for rarity value. After all, in the whole history of mankind they are likley to be the only pieces of software ever that weren't cracked....

I am vehemently opposed to DRM, copy protection, call it what you will, but I find Elicense extremely inoffensive due to it's ease of use.
Yeah, i'm opposed to DRM but happy to install extra software on my computer that monitors me. But i am vehemently against everything else DRM-related, trust me.

DRM should not impact legitimate consumers, and this one is the only one I've come across that has never caused me any sort of negative experience.
Software where you have to enter a code ONCE is really a pain in the ass, believe me. But elicense is soooo easy to use, i have to mention it five times. Please buy our product.

DRM-Companies, i beg you, if you let your marketing division run loose on slashdot, at least stop them from taking drugs. Thanks!