Slashdot Mirror
Ask Slashdot: Copy Protection Advice For ~$10k Software?
An anonymous reader writes I'm part owner of a relatively small video editing software company. We're not yet profitable, and our stuff turned up on thePirateBay recently. Some of our potential paying customers are using it without paying, and some non-potential customers are using it without paying. Our copy protection isn't that tough to crack, and I'd rather see the developers working on the product than the DRM (I'm convinced any sufficiently desirable digital widget will get copied without authorization). Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000? I feel like that would reduce the incentive to crack the paid version, and legit businesses (In the US anyway but we're trying to sell everywhere) would generally pay and maybe we could identify some of the people using it to make money without paying us (and then sue the one with the biggest pockets). What would you do?"
Please do clarify as to:
1) What would the program actually collect about users?
2) What would you do with the data?
3) Would you do that without informing the users of this or not?
You see, whether or not that is even LEGAL in the first place depends on the answers of yours.
Why aren't you using one already?
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
I'd ask anywhere but here: a lawyer, a friend with some knowledge of the industry's standards,
Girls prefer men comming second :)
Adding DRM won't stop people from pirating it, didn't you learn anything from being a Slashdot user?
Hardware dongle.
If your software is really worth that much, then I think it's justified.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Software will always be pirated. Period. There is nothing that you can do to stop that. It's technically not possible.
Give your customers other very good reasons to pay for it, and sell support/services/consulting based on the product.
So I know to avoid you in future
I've got some photographs, I'd like to show them to you. Though you don't know the girls You'll recognise the view..
You could employ Kneecaps-R-Us to persuade the pirates from pirating.
Well provide the paid version like you do now, and provide a stripped down version that has some really neat features that the pirates who would really want your software would use. There's no form of DRM that will stop anyone from taking it, none. Auth servers? Crackable. Dongles, about 8mins with a soldiering iron. Token keys, same deal, just longer. Rings, yep. And every bit of DRM that you use, will more than likely piss off your paying customer when it breaks the software.
Unique serials do work, especially if they're uniquely identified to who you're selling it to. Then you can at least go after them for copy infringement.
Om, nomnomnom...
No matter how much DRM you put on it it will always be removed. The best thing to do is concentrate on adding value for paying customers. Do an on-launch check against the serial number over the Internet. If no Internet is available up to X number of times then launch without it. This is similar to what DOOM 3 by id Software does. If the same serial number is showing up too often then ban it. Basically: you're a niche - put a little DRM on it, enough so that a normal user wouldn't notice it at all ideally but at the same time that just enough that it would need to be cracked for every version for illegitimate users.
Shh.
you should have posted the spyware one to thepiratebay yourselves before it got cracked. Then nobody would've bothered to crack your commercial version, assuming it is indistinguishable feature-wise.
Not for commercial use option would allow people to upskill using your product. Some of these guys may end up in the industry you sell to and in taking their skills into that industry raise your products profile. I would think that this is the easist way to become the defacto supplier of niche software. However, spying on these people might turn them away from you.
I thought all the $10K video editing programs had gone away except a couple of holdovers from yesteryear. Use a hardware dongle and piss people off like Autodesk did. Or use an online authentication scheme that will piss off other users. Hell, for $10K, fly a lackey there to install it personally.
My point is, if someone wants to crack it, they will. The high price tag makes it more attractive.
If the software is $10K, legitimate businesses will pay for it, rather than risk committing a crime by profiting illegally.
Every protection can be cracked. Getting $10k software for free, to learn it is a huge incentive to some people. Perhaps Bill Gates had the correct view back before Vista/7 in that you achieve mindshare and market penetration from pirating. People making money from the use of your product will always pay if it is at all feasible to do so.
Throw enough DRM at it, and the companies that might pay this ridiculous price will walk, due to it wasting their valuable time on failures and support calls/crashes.
Have the system call home with a serial number periodically and return with an encrypted expiration date. (I would go 30-45 days to avoid issues with loss of Internet connectivity)...also log the time, date, and ip address of the registrations so you can find "shared" serial numbers that can be disbaled... Or you can open source your software and be in the services business, supporting the software, helping people install, configure, and use the software.
Release the software as free, open-source software. Then, use the community goodwill and appreciation to feed your family and pay rent.
Alternatively, identify the client who released the software into the wild and sue them for breach of contract.
Lastly, make your software so awesome that one of the big players can buy you out before the well runs dry.
Oh, and brace for the commenters calling shenanigans. People who pirate software don't like the thought that there may be actual, real-life negative consequences for small development houses.
cut the price to 5k, give discounts to government and education institutions, charge a 10-20% of the license cost annually for "maintenance" after 90 days and release new versions frequently (4+ times/year)
at 10k you are talking executive signoff and possibly a whole vendor research process, at 3-5k its within the budget a project manager can approve or at least get approved without major paperwork
----
as for the copy protection thing it wont work but that doesn't matter, legit businesses don't pirate software. Shady ones will do without if they can't pirate. Focus on making a great product and keeping your customers happy and forget about piratebay, the people who use that version aren't your market
if you're trying to sell it for 10K a pop your over charging - try selling for $100 dollars and getting a much bigger userbase.
what makes it work 10k?
if you want to sell to a niche market then your going to have to use other methods - i.e. hardware dongle , ability to use stuff that is hosted on your servers only or other stuff that is going to cost time money and effort to achieve. YMMV
who where what when now?
If I knew the commercial free version did any sort of spying I would not trust the company what-so-ever. There is a reason I am boycotting Sony.
by Anonymous Coward: I, for one, welcome the shift from car analogies to pizza analogies. um.. overlords?
Is there potential for offering a basic product for a nominal amount, and selling modules which improve functionality to those willing to pay?
I certainly wouldn't pay the many thousands of dollars for Photoshop, but I might pay the hundred or so for the functionality I actually needed. Bolt-ons seem to make sense when appealing to many different markets.
Finally had enough. Come see us over at https://soylentnews.org/
Your flaw is to assume those "pirating" your software are "potential customers". They are not.
My karma is not a Chameleon.
How would this work for a product that's so reliable and so easy for most end users to figure out that it doesn't need a lot of support/services/consulting?
If someone is really a potential customer, like in would be willing to pay ~10k for your software, then support, improvements, fixes, and all the help they could get to successfully run it is a good part of the reasons they would, and that won't be in the pirate bay. It gives your software a bit of visibility, and if it lands in an operation big enough to have that kind money available to buy it, they will, and it the operation isnt big enough, then they wouldnt buy it anyway.
Trust Me, completely forget any kind of copy protection, it's pointless and just pisses off "proper" valued customers .. ..
The only sure-fire way to truly protect a piece of software like yours, is a client/server situation such as OnLive where the software runs remotely and the user simply receives an image on the screen, of His activities. OnLive is for games of course, but *maybe* other, similar solutions exist ?
You can nag periodically or add a watermark if they have an illegal copy
One of my favorite pieces of software is an audio editing and recording suite called "Reaper". Reaper is very cheap for personal use, and requests a reasonable sum from professionals. There's no copy protection - just a nag screen in the tradition of old school shareware. I know several people who have purchased it for their own personal use, and at least one "professional" who has as well. I think you touched on the real point here. If it's big and expensive, and people want it, then the pirates will crack it anyway. I mean look at Adobe's Photo Shop. You're absolutely correct in that you're better off writing the software than protecting against piracy.
A lock just keeps an honest man honest.
If your software is highly desired, identify what people want most of all. Sell a 'dumbed down' version for next to nothing. Get people hooked. Those that want more will pay. It's always good to have a demo version but make sure to give people the option to NOT send you anonymous data. Privacy is a make or break it subject right now.
Stage your software in multiple versions. Package it into modules, or versions that make sense. Most people just want the software to cut and paste video bits together. Give them a taste at what your software can do. Release it at price ranges those who are stealing it can afford. Keep the expert features for the experts who will pay for it.
You'll be amazed at the adoption rate. When your name gets out there and is affordable by smaller studios, then you have more weight. Focus on quality, configuration and features and avoid DRM. DRM does not work. I know. There isn't anything out there that can't be cracked in under a week... so don't challenge them. Otherwise you'll face the Streisand Effect.
Use something similar to Apple's USB key for Logic Pro 7.
Whatever they used, AFAIK it was never cracked, unlike Syncrosoft.
Or I could be wrong.
I chose to end my comments, not with a rim shot, but a long decaying F#7sus4
There are two methods I would suggest to do - first, leave the modest DRM in and do not offer a 'free for non-commerical use' option. If your software has real value, people (students and those casually interested) will grab a copy and learn to use it. When/If they take these new skills to an employer, their employer will purchase the software. (Adobe method?)
The second is to offer a trial, but extend the length beyond 30 days. I never thought 30 days was long enough to get accustomed to using a piece of software - you want to have the user get into a routine when using your software and then yank the rug out from under them 90-180 days later. Cruel/mean, perhaps, but you're trying to sell software at $10,000 a license. That generally isn't something someone will purchase on a whim.
Stay away from the 'spying' method.
My recommendation would be to provide a not-for-commercial-use free version which is almost totally identical to the premium version. Have this version embed a digital watermark so you can identify if videos pop up commercially which haven't paid for a commercial license. Make it non-obtrusive so home users don't mind (I recommend it not being a visible logo or anything of that sort, just the digital watermark).
You're not going to be able to prevent a pirated version from cropping up except that you make the pirated version not attractive compared to the legitimate version. Those inclined to not pay for the software are not going to pay for the software. Provide it for free with the forensic ability to detect license violations. The paid version places no watermark, so you get the best quality and the legal right to use videos commercially after it's paid for.
Slay a dragon... over lunch!
have tons of updates, features, reasons for they to upgrade constantly. Change the DRM constantly. Make smaller products, not large ones.
1) keep a list of your 30 valid customers and their IP range.
2) make the program require a network connection
3) You could load portions of the program from the net, you could validate against a server, you could load key data and then remove it afterwards, you could request a validation key from the server. Best way would be for part of the calculations be on your server. So a few key routines are never present on the customers computers.
4) When the same software starts asking from a new IP range, don't support it.
All bug patches and versions of the program for new O/S and new video drives has to be the patch version.
You'd lose some customers over this policy but it would be uncrackable. You would need someone who could run servers and your programmers would have to think about the design every time.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Doing some of the processing server-side might work for some applications but not for video editing because of the immense amounts of data that would need to be uploaded.
It's as simple as that.
You MUST require always-on Internet connection for your software to be usable. It's not only ubiquitous and accepted by the paying clients nowadays but it's also a feature paying clients do *WANT* (because you can tell them, for example, when they launch their software that a new update is out).
So the first step is this : always-on Internet connection. There's is no issue here: we're living in a connected world and virtually all your users are already always connected.
Then make part of the computation your software does happen on the server side. We've got servers that we call "licensing servers" up since four years. They do more than just "verify the licence": they do actually do things that the software doesn't. So should a pirate want to crack our software, he'd have to re-implement what is done on the server (or pirate our servers directly but good luck with that ; )
Needless to say: make sufficient computation happen on the server-side and your software becomes unintersting to pirates.
Now you have to decide how much information you want to send and how much CPU you're willing to use on your servers.
It takes some work... But we haven't seen any "crack" nor any "keygen" (impossible seen that we're signing all the keys we're emitting and that our server is verifying that the key are actually signed with our key) appearing on any rogue sites.
Now of course if our users don't like the fact that there's no crack / no keygen and that they need to have an always-on Internet connection to use our $$$ software, they can GTFO and use inferior product from our (lame) competitors.
; )
Can also add in a quick reporting function, and check if the source IP is from a major studio.
Disclaimer: I am not your lawyer, this is not legal advice, but is simply for my own amusement and should not be relied upon.
Especially one that is reselling, sue them.
If your customers stop renewing their support contracts/licenses, make them pay up to current before you support them again.
Other than that, you are just shooting yourself in the foot.
BTW: Years ago I work for a company that sold software starting at about $20K/license in early 90s money. We followed the two rules above and had a very nice payday when we found that one of our resellers had licensed 10 copies and delivered an unknown number. We made a convincing enough argument, based on information from discovery, that the number was about 1000 and walked away with several years revenue even after the lawyers took their cut. This was all business-to-business stuff, not going after end users.
Well, to be frank, you chose your own business model. If your entire company is based on thepiratebay not existing, and you are only now thinking about it. Im not sure you can be saved!
Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000?
Watermarked as non-commercial use only? Hilarious if you run your water mark detector on a TV show or movie and it shows up and you start blogging about the pirates.
Another good laugh would be bait and switch the free version has 75% of the features removed at compile time. You can left align or right align all you want but if you want to center its $10K. Or you could use any font you want for $10K but for free its only possible to use... comic sans.
Another good laugh would be speed. Intentional slow down loops in the free version. While evaluating your software for possible purchase do I care if everything happens 20% slower? Heck no. But if I'm a bean counter at corporate, I'd be insane to reduce my employees productivity by 20% just to save $10K Unless said employee using the software for 2 years earned less than $25K/yr, which is probably the case outside the US...
The problem you're going to have is "free or $10K" is an absolutely insane market. It better be unimaginably amazing to be worth $10K in a world of 99 cent apps and $100 video editors. Rather than the revenue from 100 sales at 10K each, wouldn't you prefer a million app store sales at $20 each?
Would I download your software for free at home if its legal? Maybe. Why not a license of pure profit where any CC released work is a $10 software license with no support. The cost to you is minimal and you get "free" revenue. Or a license where its gotta be CC licensed work with a link to your company in the comments or credits screen or something, basically they pay you, to market for you. Or "please support us by purchasing an anonymous coward XXL tee shirt along with a software license for CC released works for only $50" Or the software is free for CC editing work, but the fine manual in printed and pdf form is only available for $50 along with a formal written license for CC-released work.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Any copy protection will be broken. It always has, always will. The only thing you can do is to make it a pain for the people that try to crack your software. Completely changing your copy protection every release you build seems to be the only way around that. I used to work for a company that had a similar problem as yours (they were legally required by the copyright holder of their material to do DRM and the contract specified some pretty strict guidelines and penalties). It was all Java code, so they created a library of functions - some doing checksums, others doing online serial number queries, and so forth. Each copy protection class had a frequency and weight to it - how often should it be called and how resource intense is that check. Then there was a piece of code that would use that information and insert calls to the copy protection code fairly randomly in the code. Would change class names and packages and such too to make the copy protection code harder to spot. Then run it all through the profiler, measure the overhead when going through the junit tests and then verify that not too much overhead was introduced...
Yeah, overall a mess and a lot of effort, but it did work. Each version required so much effort from the cracker that only one version of the sw was ever cracked. Also, the developer that was hired purely for that purpose was simply cheaper than the penalties for violating the copyright owner's content restrictions...
Your worry isn't the small guys, which can't afford your product anyways but the businesses that have need for your product. Pirating then only becomes an issue in the fact that it allows businesses (specifically smaller ones which don't care about "out of sight" software, or larger ones which don't keep tract of employee installations) to pirate your software.
Your goal basically becomes, how do you
A) Make it more costly/harder for businesses to use your software without a license
B) Find those who take the risks anyways
As you said, a free noncommercial version is definitely the way to go in this case. Put in safe guards not to block usage but to identify usage so you have an easier time finding and proving companies who don't follow this non-commercial license. Also, be sure to put in bold letters on something like a startup splashscreen in the non-commercial product that it's non-commercial with easy links to buy the commercial. Sometimes, a boss really doesn't know what's going on in terms of software and it's license as he leaves it to the IT guy which may or may not be scrupulous especially within smaller business.
Making sure you get paid is important, but spying on your customers is not legal, regardless of your intentions. Remember Sony's rootkit and the fiasco that caused? You just don't want to go there. I'm a CISSP and am well versed in this area.
That said, you still need to make sure you get paid for what you do. PC software history has shown that the harder you make it for customers to copy your software, the harder people will work to break it, because you are taking away "reasonable use" rights, an action that many find morally objectionable. That doesn't mean you shouldn't implement a licensing scheme, but understand that how you do it and how you enforce it is very important. You want to make it controllable without taking away rights or making updating/moving your software difficult. Simple measures are effective. Anyone who has the expertise and time to attach a debugger is going to break your protection, period. So don't bother with those people. The two simplest and most effective measures are:
1. License key
2. Unique identifier or dongle
For expensive apps with a small number of customers, most companies choose a dongle because it doesn't annoy customers, no install/update or machine move issues, etc. Your only hole there is that customers can have it installed on multiple machines, but not running simultaneously. Normally, this is perfectly acceptable and falls within what customers want anyone. If you need to control that, you combine a dongle with a machine-specific key identifier or just use that. But if you do this, you have to support people moving licenses from broken machines to new machines. You can use the Windows Activation mechanism to do this - they have an SDK for it and it is used in many programs. A simple license key is sufficient for a $10,000 app, though.
after 10 min just pop up a random passage from the user manual and make the user find the correct page. the longer the manual, the more effective this is. alternatively, devise a strange set of symbols and provide the user with a high tech spinning paper wheel so they can "decode". this isn't rocket science here ; )
I think you should simply release free version for non profit use (no strings attached, no support) and paid one for for profit use (with support). Take bug reports and suggestions from both, but prioritize those from paying customers. Sue those who use free version for making profit.
Use FlexLM (license server tied to a hardware address - defeatable, but annoying) like the the majority of other vendors. Also, try to remember that you're company is in it's infancy. The more publicity and use your product gets the better. Better to lock it down after more people use it than before.
Don't worry about the "non-potential customers" that are using it, since I assume you mean they are not producing commercial video form it.
If their are legitimate educational institutions using it, offer to work out a licensing deal. They get levi copes and you get a broader user base. if it's a non-profit that truly can't afford it but is using it, consider the benefits of a donation in terms of good-will and publicity. Turn these into win-wins.
For those that you can prove are using your product to produce commercial video, go after them. They have no more right to pirate your software than someone has to pirate what they produce from it. Their customers may think twice about using them if they get embroiled in a lawsuit. Some of course, will be essentially unusable - follow your lawyers advice and pick battles that, if you win, will pay off.
Finally, consider a light version that has some features but really isn't strong enough to be used for professional work. For your pro product, consider a dongle but asses it's impact on your paying customers - will it make your software a PITA to use and chase them away?
I'm a consultant - I convert gibberish into cash-flow.
My company sells $5000 medical software and we use hardware keys from http://www.safenet-inc.com/ . I'm not sure how much development is required to get it working in your software, and the cat might already be out of the bag if its on TPB, but you can consider it for the next version.
Spyware sucks, look if "they" want to crack it it isn't going to make much difference what scheme you use including spyware.
"If any question why we died, Tell them because our fathers lied."
Seriously. You'll only annoy the people that pay.
The hardware dongle might help for a while, but I'm willing to bet even that doesn't work for very long. make your extra money on support. Make sure the software is so customized to a single business (hey, $10k) that it wouldn't do anyone else any good, or would be so obvious they wouldn't try. If the software isn't custom and would potentially be useful to people who can't (or wont') pay, then your copy protection won't work. Doesn't really matter what you pick. Paying customers will pay either way, don't punish them.
Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
If you're releasing a fairly specialized toolset, which I imagine you are for $10k, you might want to look at how people like AutoDesk handle things like that. They USED to provide semi-feature-limited versions for the self starter.. otherwise they worked great. (GMax and Maya's Personal Learning Edition).
Alternatively, you could go the UDK (and Crysis, and whomever else now) route of just saying 'have it.. merry xmas.. free for personal use.. but if we catch you using it commercially (or for a certain value of commercial), we'll find you.. you need to license it'..
The advantage of both is you're creating a brand-name awareness and educated user base, which is good for the long-term outlook of your product.. but it might be hard to justify or pay the bills in the short-term to your business people.. As others have said, you might be able to shift into a Support-for-dollars-only model as well.
----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
You said "dongle".
Well, you certainly won't find a shortage of opinions on Slashdot. :-)
If you think the software is good enough, then a non-commercial version with limited registration information (e-mail, name), and some very privacy-thoughtful reporting (maybe to ensure that the registered serial numbers are only being used by one machine at a time), should only be a good thing. Getting your software into the hands of the people that might buy it will get them used to it, relying on it, and eventually make them customers. But (as others here have posted), don't abuse the "spying"... if you start to make money by pilfering the free registrations for ancillary information you're just going to annoy your users and they'll be more apt to pirate the software or use fake registration information. Giving them something in return, like forum access for very limited support, is helpful.
Other possible models include giving the software for free and asking payment for support -- nearly all profitable Open Source companies do this, and even if you leave the source closed the business model isn't terribly different. You could publish a "crippleware" version, which I find rather annoying, unless the limits are such that the home and non-commercial users needs are really satisfied, and the only people that need to pay $10k for the software are those to whom it's worth it. I give a nice shout out to Andrea Mosaic for doing this correctly (at a lower price point).
Lastly an option you may have missed may be to ignore it because it isn't a problem. A pirated version by a customer that wouldn't have paid anyway probably doesn't hurt you. A pirated version by a customer that would have paid may actually turn into a sale if they need assistance. When you upgrade, if the pirates liked it, they'll want the next version, so they may buy. It may be pirated by employees or students who years later may remember it and decide to buy it. You never can tell.
In those cases, you're getting your software out there and used; you could take an "all exposure is good exposure" attitude. The fact that you didn't list the name of your software in the original post here means that you may not think that way, or you may outright disagree.
Still, piracy is going to happen. At least you're asking the right questions. Don't let yourself get dragged into a fight with the anonymous masses on the internet, though -- you'll probably lose.
Because of all the hacking many people now have network not connected to internet and an internet connected one. So before to have a solution that phone home look at your customer. We avoid some software because of that. For some software we have to develop bogus autoupdate or login feature on the internet connected network while the inside network has the real installation
Since you're small you have the benefit of very little interest in cracking your licensing system if it's sufficiently complex. However think about how much Adobe and Microsoft spend on preventing pirating of their software and think about how well it works. None of the people pirating your software are potential customers, you need to get that idea out of your head. They're pirating because they can't afford your asking price.
The most effective method I've seen is to simply scare the users into thinking that they're about to be caught. If the same key is being used in more than one installation, notify the user that they're being tracked.
WTF does it do?
Apple has Final Cut for the prosumer and wannabe pro
Avid is the pro software market
people like me use imovie or adobe something which is like $100 and includes the adobe version of iphoto whatever the name is
video editing software is a mature market. unless you are making some cool plug in or your software does something really cool that the big boys don't do you are screwed
I worked for a software company that faced a similar problem.
We eventually issued a new product release with a "soft" license key that displayed the customer name prominently on the application background but didn't block unlicensed users.
We figured it was better to do this - and maybe shame a few potential customers into eventually buying - than to inconvenience users with dongles or other disruptive protection schemes.
A couple of years later a disgruntled employee at a Fortune 50 company ratted out his employer for using the warez version of our product, and our little company won millions in the resulting lawsuit.
$10,000 is a lot. Maybe make real but effectively no-op customizations to each legit copy so each is unique, including a banner that says whose copy it is. If it later shows up stolen you know whom to sue. Add some phone-home statistics and you know how much to sue them for. Do a little runtime checking on the visible ID banner to make hard to remove.
Unless you're going to add several important new features, it's a bit too late. For a $10k software you should have a very strong copy protection. Dongles come to mind, but you need to add lots of custom stuff. If you use any commercial protection product as-is it will get cracked anyway.
So, IMHO what you should do now is:
1) Hire someone who knows about copy protection because you're obviously clueless and are going to have your software cracked every time and wonder why the very expensive XYZ software package didn't protect you adequately (or, if you're not very popular, maybe you can get away with that for some time). Read this article for some insight on real copy protection: http://www.gamasutra.com/view/feature/3030/keeping_the_pirates_at_bay.php
2) Implement some exciting new features, make the software look different. It's all about making people believe it's a MAJOR update, it doesn't have to be, objectively, that much of an improvement. Release this only after you have adequate copy protection, you're now on the crackers' radar and you can count on them trying to crack every new version.
Simply suing everyone who casually pirates your software is only going to turn the public against you and worst of all it could succeed by getting people to stop using your software and to use a competitors instead. I can't think of a single successful case of companies suing the public for pirating their IP and coming out ahead in the long run.
Instead make your software free for non-commercial use. Students and the curious / casual user can safely use the software without worry. After a few years of using the software they will insist on having it when they make the transition to professionals. It's like Microsoft Office, people use it because it is what they are used to.
Meanwhile if there is someone using the software commercially without paying, that is when you get the lawyers involved.
btw., what video editing software are we talking about? and why does it cost 10.000$ when you can get final cut pro for €249 (inkl davinci resolve lite for free)
The only DRM you need is: Make sure that your users have a valid serial number before you start providing support for the product.
You're trying to compete with 'free'. The solution is to make the version you're selling for $10,000 worth that much. Add more features, innovate, and provide support to the users who have paid you.
Also, most of the people yanking your software off of the Pirate Bay are not your customers now - they either can't afford it, or they're not even sure if your software will meet your needs. In the future, they might have that same need AND the money to pay you, and at that point they'll know your name.
Not joking, in a 10 000$ software a computer worth 100$ (arm) to 350$(atom) could be shipped to the customer (because is a small fraction of the software cost), that computer could go preloaded with a network licence server and manage the software installs/updates, I have worked with solidworks and autodesk network licences and that thing work (both flexlm based, don't know if is easy to crack).
Instead of install media ship a computer to the client.
This should offload your programmers, and maybe make this profitable - take down sites using DMCA, take over domains using ICE, get their private information via ACTA...
Isn't that what artists (aka programmers in arts&entertainment) and corporations taught us?
So you are willing to turn your program into the equivalent of a cheap slut looking for framing some rich guy into a rape lawsuit? Isn't this illegal in the U.S?
I like your forward thinking ideas. I wish some of the major players would consider this! By spy, I assume you mean look for evidence of commercial use, and if it "appears" to be used in a commercial environment, then to see about going after them for license fees. Like others have said, getting to use the software free when training, or a business starting up, but not yet turning a profit means your software will come to dominate as long as it provides similar features. If only the likes of adobe, autodesk, etc would get a clue...
This is something that I have never dealt with directly, but I saw a similar post on StackOverflow a few months ago and bookmarked it because it seemed useful.
The answer it seems is something called "Partial Key Verification": http://stackoverflow.com/questions/3550556/ive-found-my-software-as-cracked-download-on-internet-what-to-do
In short, the software would still work, but re-direct people to a page letting them know that they've been "caught" pirating software and that they should really purchase it. This won't stop everyone, but some people (especially in a business environment) won't risk "being caught", so they will purchase the software knowing that you know that they know they are pirating your software.
With low volume high price software, it's easy to tag copies provided to each customer with some unique pattern. Then you can deal with the company that's "losing" the software. Then, remove the copy protection measures entirely so that your above-board customers aren't inconvenienced.
You can deal with the losers with a relatively light touch: "Warning: Your copy of the prior version appeared on software pirate sites. This most likely means that one of your employees stole it from you. If your copy of the current version we're giving you now also slips your control, the next version will cost you double."
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Wholeheartedly. There are people who would benefit from it for not for profit tinkering, who wouldn't shell out 10k for the program anyway, but for corporate use they should be paying and there should be a way to track it. I'd suggest put reporting on both though, to keep track of all users, and track through forums for support to link them to paying customers. No support for a free program other than help and tutorials, but if you can track a real customer, then support as much as you can - they'll be back for more. I wish all software providers would do something similar - all corporate software should be payed for, and severely punished if broken, to the point of stopping the business to prevent misuse. This allows the tinkerers to provide a free community and larger user base to pull ideas and information from as well, and just maybe they will get a job somewhere and be evangelical enough to make a corporate sale down the line. Good plan.
Is what the software does worth $10K? If it really is, then you'd be far better off hiring some in house editors and offering your services using your magic proprietary undistributed tools. After all, you'd be able to undercut all your competition by at least $10K/yr equivalent.
Its has to be worth more than that, like $25K/yr, otherwise your purchasing clients would not waste the time and money learning new software, they'd just throw more bodies/billable hours at the task and not have to deal with you. They're planning to save $25K using your software of which they're giving you $10K to keep it legal. Why not keep the whole $25K for yourself?
Its one of those put your money where your mouth is moments... if its really worth the dough, you'd make more money reselling video editing services than you'd make selling the tools to edit video.
My guess is, you're about to discover the appropriate price would be maybe $100 not $10K.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
found one of the softwares I am working use following method:
generates a key including mac id, and few other unique ids. encrypt the key.
s/w. connect online to your licensing server and submit the key.
licensing server will give a valid encryped license file which will only authenticate with current installed system.
once they need to shift s/w. to new system, they have to surrender license in the same manner
and re-install on new system and go same above steps.
it's a video editing software - we're probably talking about a way more expensive computer
Most people who pirate things do so for two reasons:
a) can't afford it or the cost is so high the software loses it's actual value (e.g. Photoshop)
b) want to try it without a monetary investment.
You can fix both of these problems by:
a) stop charging stupid high prices for your software so regular businesses can afford to invest in your company
b) make alimited use version available for people to use before spending 10K on your TEH AWESOME software
Make a special version of your software that is loaded with the nastiest viruses available and seed it onto pirate boards. On your website warn people to only use software downloaded directly from you. Give away a limited free version so people can give it a test drive.
- For the complete works of Shakespeare: cat
Basically the only thing you can do is host your program as a cloud service, with dongles. That doesn't mean you should host users files (depends on what exactly the software does and for whom) necessarily, but core parts of your software should be online only.
Sell or give a away a free 'thin' client, that should always let users open files, convert them to another format, that sort of thing. But any actual functionality should require authenticating with your service.
If you're in the 10k/copy space you can set up the licence keys such that you directly track who has them, and where they're from, and if someone tries to access the software from out of a valid range you can simply block them.
There are a couple of ways you could do it, one is to have the client send data to your server to execute, the other is to dynamically pull down modules of the program as needed, and then clean them up once they finish executing. Keeping the data on your servers is the most secure from your perspective, but the least desirable from your customers perspective. Downloading program modules in real time shouldn't be too hard, but someone really determined could probably grab all of the modules and then disable the web check or redirect it, that's a fairly significant pain in the arse though, especially if you're a legitimate business then you're very clearly working hard to pirate the software, and that could land you in trouble, and anyone illegitimate well, they weren't customers anyway.
lots and lots of "bugs".
Then charge $10K/year for support.
The sweet thing about this approach is obvious -- most software houses already implement it.
Oh, and downloadable updates. It gives you an excuse to spy on your users.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
'Cause you're asking entirely too much for nothing more than a single piece of software. To whit:
Here is your competition.
Perhaps a lower price point would keep you from going tits up...
An enigma, wrapped in a riddle, shrouded in bacon and cheese
You can't beat pirates with better DRM, The crackers always look at that as a challenge, and they have the time and resources you don't.
Use a basic DRM to "keep people honest", then embed a serial number and client name in each copy you sell. Make it appear prominently in a splash-screen, or menu-bar for the software. Put a few routines deep inside your code that cause it to fail in subtle ways if someone messes with the embedded info:
-Cause an "out of memory error" with a code number specific to a license problem (could be a problem because if the crackers catch-on, they'll have a traceable element to identify your testing routine).
-Generate flash/corrupt frames during renders occasionally
-Modify keyframe values or parameters randomly enough to corrupt the output
If copies get out, you'll know which client leaked them and you can cut-off their support and black-list them, plus others will have unusable copies. The only risk is that if people think the corruption is due to your lousy coding rather than using a cracked copy...
"Nothing strengthens authority so much as silence." - Charles de Gaulle
Trying to be a douche about it with DRM and spyware is simply going to cause someone, somewhere, to crack your product and rip out the spyware code. You will waste a lot of money and time playing this game, and you will never win.
Instead, learn from those who have figured out that if someone's pirating your program, that someone is a possible customer. WHY didn't they buy it? Was it too expensive? Was it not available? What was their reason?
Go find out. Go ask them. Use this as a market research exercise and figure out what you're doing wrong -- because you ARE doing something wrong.
And then fix it. Maybe the fix is a free "only some of the features" version. Maybe the fix is "100 free copies to people who are working for nonprofits and doing good things for the world". Maybe the fix is...something else that you and I can't even imagine yet. But if you fix it, you will turn some of those pirates into customers, you will build good will, you will find OTHER customers, and you will avoid falling into the every-pirated-copy-is-a-lost-sale fallacy that has crippled so many companies.
This won't stop the piracy, of course. Nor is it intended to. You'll just have to accept that it CANNOT be stopped no matter what you do. But since it's inevitable, you should figure out how to profit from it. Others have.
Your spyware should be marketed as a corporate metric service where someone (da bossman?) gets an email listing how many hours per week per install or whatever.
Nothing bad, no legal documents, no permissions or guarantees, but you'd be insane not to track down and crack down upon an ip addrs from a major studio using it 60 hours per week every week for months, and you'd be equally insane to crack down on a residential cablemodem who used it once or twice for a couple hours.
Market it as a performance metric evaluation tracking value added feature, not a DRM problem.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Focus on adding new features and move forward. DRM moves you the other direction! Release often!
Make your software communicate back to you and let the user know that they are using not authorized copy - offer them 20% discount.
As an IT person who has supported software like what you're using, I always insist on paying for software because, for professionals, it's not worth the legal (and technical) liabilities that come with pirated software. Yes, your software will be pirated; that cannot be helped. If your software is worthwhile, you will not prevent copyright infringement.
However, many companies try to fight piracy by requiring product activation or hardware dongles. When I run across software with their of these kinds of protections, I always recommend looking for another solution. In other words, if you make me use a dongle, I will be looking to replace your product with something that does not require a dongle, or to rearrange our workflow so we simply don't need your product.
I know, people *think* that dongles and activation and other copy protection shouldn't cause problems, but I've been supporting software that uses them for well over a decade now, and they *always* end up being a headache. It's true that in some cases, I was not able to replace software that required dongles or activation, but do you really want to rely on me being "stuck" using your product? Do you want to run your business by relying on your customers to be locked-in and forced to use your product, or would you rather have your users be happy with their purchases?
In short, if you have some very minimal DRM, that's not a huge problem. One option might be to have forced registration-- i.e. when you install, it checks a serial number online and won't install without verifying that the serial number is legitimate. But the main problems with this sort of scheme (i.e. activation) is that it tends to block imaging solutions in businesses, and it tends to break down when an admin needs to move licenses between computers. Make sure you consider both of these needs before implementing DRM.
...in order to defeat someone seriously interested in breaking your copy protection. Misdirection is key.
Dongles, node locked licenses, networked licenses - all rather easily crackable and to be honest - primarily seemed to be designed to eke out maximum revenue from people who actually bought the software.
The only thing likely to give you some serious protection is to obfuscate your licensing scheme. The best way I've found to do this is to have a non-obvious component actually doing the licensing evaluation (periodically as part of some normal functional operation) and if that fails to subtly screw up the operation of the software. You still want to have standard 'relatively easy to tear out' protection so that legitimate users get notifications of a bad configuration or license, but what you're trying to do is make the software useless for people pushing it on a torrent/warez site.
For example, let's say this is Windoze software and you've got some COM+/MTS components in it. Don't have the main executable do anything other than the standard license checking. The DCOM/COM+ object will actually do the quiet validation, and if the licensing fails, it doesn't warn the user, it simply signals another DCOM/COM+ object to operate slightly differently, then that one does something wonky to screw up the experience.
Ultimately, there's no ultimate protection possible, but if you make it hard enough, people will likely avoid trying until the benefits outweigh the effort. Hopefully by that time you're profitable ;).
Loading...
If it's just individuals, let 'em go or reach out to them in an innovative way. Maybe add code that detects a pirated version and change all the menus to pirate-speak. If it's a company, then sue. I seriously have no problem with vendors suing businesses within reason if they are blatantly pirating software.
Integrate an invincible red scorpion in all videos produced with cracked version of your software.
Should be detrimental enough !
The only REAL way to prevent software from being copied/cracked is to include a hardware dongle. A simple USB device that has some hardcoded information included that must be plugged into the machine that is running the software. This has been done for years by high-end vendors. Nortel did it. AutoCAD did it. There are also ways to circumvent dongles. They are much more difficult to implement, however, and as such your software should be safer. If you are making a product that has such a high retail value the additional cost of a dongle (and the associated code) could easily be built in to the purchase price.
.sig
What does your $10K piece of software do that a copy of Premier or Final Cut Pro doesn't?
If it's "natively supports REDCODE" and Peter Jackson is using 30 copies when he purchased one you have a marketing problem, not a technical one. Also, you need to think about sliding scale purchases for large orders...
10K for one
9K ea for two to four
8K ea for five to 10
etc.
If someone wants 100 seats you would be a bit of an ID10T to charge them 1M - as the first thing for their next project will be to look for another tool.
As for locking it down - at $10K - custom USB dongle is your best bet. Also at $10K your support staff better be stellar in their ability to diagnose dongle related issues. When building your dongle, don't build your own - hire it out to someone that might know what they are doing - e.g. Aladdin Knowledge Systems
In my case, i would make people register on my site from a per person percpective. I would give the info on my product myself. For example,you give the serial number and you register the person in your database. That way if a certain serial number is on pirate bay you know exactly who to talk too since you got his info. In other words if people are ready to pay a lot for a software, then some manual work should be done on your part as in taking all the personal information from the company that way if something goes bad, you got enough to trace back to him. I'm not sure about drm methods, "Internet" users will always find a way to get through like safedisc v4 got cracked and it was suppose to be the top software protection. online regular registration was suppose to be good too but its not cause it got cracked too. It also pisses off lots of people off cause it gets really annoying to login each single time you need to use the software. Seems like when you want to buy the product, you need a person to get all the intel, information and everything from that user who wants to use your product. Hell if I spent a lot of cash on a product like this i wouldn't mind giving some intel so that way if people uses my name they would be in trouble...not me.
There's an arguable downside to copy-protection. If it's so bullet-proof, you risk new customers entering into your market trying a competitor's product that can be found online somewhere and then standardizing on it. That happened in the 3D animation market back in the early 90s. One company that shall remain nameless spent a lot of development effort making their protection so good that newly minted starving artists avoided it and tried competing products. People tend not to switch major applications once they've learned one and built a production pipeline around it.
In my (admittedly not-comprehensive experience) the more expensive the software the more likely that the 'DRM' was fairly minimal; but the greater the risk of real lawyers really going after you, personally, not as part of some shock-and-awe attempt fishing expedition...
For software that expensive, the sorts of ghastly DRM that get used on consumers and their $60 EA shovelware are mostly going to piss off your customers, their tech people, and your phone support drones. As much as this isn't the correct Slashdot answer, 'Bring in the lawyers' is likely both the best and least alienating technique.
That said, BSA bullshit tactics make more enemies than friends, you Do Not Want a situation where somebody who would be just fine with cutting the check fails to do so because license tracking is byzantine and then gets jumped. Similarly, you burn both legal hours and goodwill hitting people who aren't customers-who-underpay or customers-not-paying. If some warez kiddie is downloading it to justify his 6TB piracy server, or somebody's English class documentary is getting cut on your software instead of iMovie, that may be 'piracy'; but it isn't exactly a potential sale...
Do what you can to make license tracking and compliance easy(speaking as "IT" we have no enthusiasm for being the go-to piracy hatchetman when the higher-ups want to save some cash, so even token DRM can be useful in that it allows us to shrug and say 'Oh, sorry, I tried to install 5 extra copies, like you asked; but I can't get it to activate, and I read on CNET that bittorrent is a haven of viruses and rootkits.' if asked. However, at the same time, I'll be damned if I have to grovel through some mess of PDFs attached to vendor emails to figure out exactly how many 'Foo' licenses I have, whether they are 'person', 'seat', 'network', concurrent' CAL, whatever, and then grovel through N computers to figure out where the software is installed. Sometime I do, because sometimes it's my job; but it isn't at the top of the list(either of what I like to do, or of 'things I could be doing that would make users happier now'). If that is set, the honest and ethically-lazy-but-risk-averse customers are covered.
If you have people doing serious business stuff with cracked copies, nuke 'em from orbit. As for the rest of the cracked versions out there, it is unlikely that trying to win an arms race against people who crack software for fun is going to be profitable, and it is similarly unlikely that any amount of force is going to convert casual pirates without commercial use for your product into customers(worst case, they never give you a dime and get some use out of your product; best case, they get experience now and buy later; but you'll be lucky to make back the legal fees if you try to extract by force now...)
You seem to have done your homework about the "potential paying customer" you have lost with TPB (At ~10k$ software, I really doubt there's many), but what about potential paying customers you'll lose by pissing off customer with DRM?
Anything that is close to online DRM will result in lost of client, and all offline DRM is easily crackable. By asking the question, you already gave the answer : There's no magic DRM that'll do everything. Trust me, if it existed, you'll be already using it.
The real mistake you did was spying on TPB. The same way celebrity avoid Star magazine, developer should avoid looking on demonoid or TPB because the only thing they'll achieve is pissing you off. Stop wasting time on this and concentrate on making your software better and save your money for advertisement.
Elok
So we can "try" it ourselves and give suggestions.
I have a Reprap 3d printer. The software that seems to work the nicest for designing parts is Solidworks. But they only sell it in two ways: for business for about $4000 and for verified university students for $150 a year. I'm neither. They don't make an option for hobbyits. Which leaves me with the Pirate Bay option. That kind of sucks because I wish there was a way a hobbiest could use this software without stealing it.
So that's something to consider. Who's stealing it? If it's businesses then yeah you have a problem. If it's hobbyists then maybe it's because you don't have a deal for them.
When your software is THAT expensive, then you can afford to compile each instance for each customer. By recompiling for each customer, you can make each release version they have unique to them so you know where the leaked copy came from. Secondly, you can also arrange and require a "license server" on the network where it will be run. This enables a machine to run without internet access but will need access to a licensing server. You can figure out the details to make it usable but the idea is that it won't run without licensing information available at any or even all times.
And since you are compiling each copy for each customer's site, "cracks" will be a bit harder to maintain, but in order to accomplish this feat, you would have to take some pages from virus writers' playbooks.
In the end, everything I have spelled out is defeatable. EVERYTHING. In the end, software is a series of instructions that the computer runs. It's not a magic box.
And this interpretation of "potential customers just getting it for free" is nonsense. If they use it professionally, they will pay. There will be incidents where some professionals will not want to pay. You will either have to live with it or spend a lot of money on investigators and lawyers. Is that really where you want your existing profits to go?
And are you SURE you're not charging too much in the first place?
Make your product need the internet, if it costs $10K+ then you can guarantee anyone paying that much has a fixed net connection.
When the program is started have it download localisation strings and anything else that is portable off your servers on net, make it so the only way to get that stuff is by having a registered account on your servers.
Build in content freshness checks, run the server connection encrypted using shared keys that are customised for each customer and changed every month or so, have a session key that is time sensitive, there are lots of things you can do when you run in client->server mode.
You market it to your customers as being "constantly updated" and you make sure you put updates out regularly, that way your customers believe they have a value added service.
Piracy will let people get to know your software. Commercial users will end up paying for it. Copy protection will only serve to screw the people who actually paid for the product. No matter what DRM and copy protection schemes you come up with someone si going to crack it. Any of your efforts to stop this will be a complete and total waste of resources. Spend those resources on marketing your product or on developing it.
So that if someone uses your software without a valid license, then you own the copyright of any resulting work.
That, plus a watermark in a prime time TV show would make for some real fun.
Another possibility is to never send the same code file to two customers so you can trace back who put it up on Pirate bay.
Not sure how complicated your software is, but you can not sell the software itself and sell services and support. One way around needing the DRM.
People will always pirate software. The trick is for you to make it worth their while to pay - support, features, bug fixes, etc. Look into some of the FLEX licensing code (IIRC Macrovision) where you can assign specific keys. I'm sure that's also crackable, but you're raising the bar. Consider a cheapware version too.
I want to delete my account but Slashdot doesn't allow it.
Although I like the concept and the relative ease-of-use from an end user standpoint, avoid the iLok. I thought I was having problems with Pro-stools. Turns out it was the iLok driver that was crashing and occasionally bluescreening windows. Narrowed it down to iLok when it caused plugins to crash in other DAWs, including DAWs without evil license management.
Ultimately, people will pirate your software. Remember that it's generally a service problem. You simply need to keep your customers engaged, and offer deep discounts on multi-seat licensing. Have minimal, non-intrusive license enforcement (read: brand the software with license ID, and that's it). Offer site licenses. If that doesn't cut it, chances are your $10,000 software is really $10 software.
I've thought that Google Native Client (NaCL) has the potential to solve some piracy issues. Its very much like a steam service- the code runs only in the browser as native code that has been instrumented somewhat for execution in a sandbox. That doesn't mean it can't be cracked, but I believe software could be constructed in a way with NaCL that integrates it with a web site in a way that it cannot be operated alone. Yea, this is the nasty DRM word in some form, but I think this would also allow for other models for software- like pay by the day usage of expensive applications. Why pay $10,000 for the package if you have a 2 week project? If you could access it through NaCL online, you could rent it to them for 2 weeks for $400.
The genie is out of the bottle. The version that people have downloaded will be eternally freely available and there is absolutely nothing you can do about it. You might modify future versions of the product, but unless the future version adds significant value to the product, it will not dillute the availability of the other version (and even then, it still might not change things).
If you add DRM, somebody, somewhere, will take it as some sort of personal challenge to strip it, so... in a nutshell, you are hooped. You cannot stop piracy, and it is futile to even try.
About the only thing you might be able to do is, when you create a new version of the software (that adds significant value to the product), create a process at your location that automatically makes a complete custom build (as in, a custom build from source) for each and every customer, so that each unique copy of the software that each customer gets is somehow distinctive from every other customer's copy. Keep the details of what you do a secret... but make it pervasive, and make it complex - ideally extending in some way through every file that is part of your software.
If (or, more probably, when) a pirated version does turn up on some pirate web site somewhere, you could then download it yourself and check to see which customer the pirated version corresponds to (perhaps starting by comparing md5 hashes to narrow down the choices, and then to cover the remote possibility of md5 hash collisions, comparing the pirated version with each individual potential matching customer's build). This won't stop pirated copies from appearing, but it will at least give you tools to find the customer who initially copied the software illegally. Since your software is so expensive, it's a reasonable bet that the customer would be in a position to pay restitution. Even then, however, there is the possibility that none will match, so this still isn't a guarantee, but I think it's the best shot you might have.
File under 'M' for 'Manic ranting'
My suggestion: Forget copy protection. Use piracy as free advertisment. Make a special "pirate edition" of the software that will lack some functionality (by lacking functionality I really mean conditional compilation of the underlying code but keep the disabled interface widgets in place) and display information about where to buy the full version.
True, WinZip is another example of a program that has become "good enough" to not need support, but it's easily replaced with free software. When the choice is WinZip or free software, one can avoid both payment and piracy by choosing the free software. The choice isn't so easy with a video game.
Unfortunately in the world that we live in the copying of software can not be avoided. Trying to prevent it is futile at this point. Instead my recommendation is to build your business around the idea of supporting your software. You wrote the software, no one will ever know it as well as you do, so capitalize on that. Look at the model set forth by companies such as Red Hat, they sell free software and grossed 1 billion dollars last year. Let me repeat that, Red Hat was paid one billion dollars in a year for free software products. Why? Because they emphasized the support that you receive along with the software and provided value above and beyond what could be obtained by downloading the software for free. Just my two cents, but I feel like trying to stop copying is a losing proposition and the development hours and money spent on that fight could be better purposed by using it to develop your product and support your customers to a level where they want to pay you.
I'm not saying I care to even try it, just wondering if this is even real.
If your software does something unique, what you really want to do is move that computation to your own servers, and have the client call an API to get the result. That way you can make sure that every IP address that is running the software is licensed. This is how basically everyone who has successfully defeated piracy has done it. Nothing done purely on the client side can't be defeated.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Dongles are quite difficult to crack. You need to access to an actual physical dongle to crack it if protection is done properly, and you cannot download the dongle off the net.
.exe file, but doing that is not trivial.
/whatever.
Multiple locations in the code that check for presence of dongle will make it even harder. If you have a serial number or something, validate different digits of the number or use different algorithms in each check so that there are no common patterns in your software. Or better yet, store some critical code or data on the dongle, that way it's completely impossible to use your software without a dongle. Well, until someone extracts that critical code or data from the dongle and patches it into your
Anyway, if a dedicated cracker wants to pirate your software, you won't be able to protect it. If it can be executed on a computer- it can be duplicated. Things like this will only buy you more time and scare away newbie crackers. On the other hand, now you need to deal with extra cost of distributing dongles, and making sure dongle hardware provider has up to date drivers for all platforms you need to support. And that these dongles keep working with next release of Windows/Linux/Mac OS
--Coder
For 10k, you can afford some odd DRM. I've seen such programs require USB dongles be inserted into the computer running it. As others suggested, you could require an Internet connection to have it work, though if requiring the connection every time it runs is inconvenient, you could have the requests every calendar week and disable the program after that time "unable to contact licensing server, please connect to the Internet and try again" The plus being that perhaps the pirated version will end up phoning home, even if operational on failure, allowing you to collect some statistics on unauthorized use.
Or drift into fully evil DRM where an online connection is required to use the software (not just once or once a time period for licensing), with some calculations being done "in the cloud" and returning necessary operations. If you leave that connection completely open, then the pirated version will still work fine without modification, letting you track everyone.
The answer is more about what you are willing to do, rather than what you "can" do. at $10k per software, make each unique. That way, if one does make it out in the wild, you know who to go after. Code a serial number into the MD5 of the EXE or something. Though professional pirates don't generally pirate until they have more than one copy, for that exact reason.
Learn to love Alaska
My software company sells software in a similar price bracket. We don't bother with hard-core DRM or protection. We aren't aware of any widespread piracy (admittedly that might be an artefact of working in a fairly narrow niche. Most people just wouldn't care to use the software.). We encourage legal licensing through two mechanisms:
1) The stick. We do have a simple licensing system, but it is easy to defeat if you have the desire to do so. Honestly, it is more to act a as reminder to customers that licenses have expired and need renewal or that they've installed it on too many PCs.
2) The carrot. Make it worth the money. The customer gets support from us that is worth the cost of the software. One of our scientists will happily work with you to get results from the software and employing an outside consultant to do that work would definitely cost more.
You could say that our business is customer support, and the software is the hook to bring custom to us. With that mind-set, piracy is mostly irrelevant to us.
You have to sell software to commercial customers. In order to do that it has to be competitive with comparable offerings, but be better overall. It also needs a large user base, so that it becomes an industry standard piece of equipment. Music, design and video editing folks at the low end of the industry are notorious for pirating software. But who cares? It's not like they can afford it in the first place. They're not making any money. They're not customers, but potentially later on their ability to work fluently with the software might help them get a job with one of your commercial customers. $10k software doesn't just sell itself. You need a sales and marketing staff to get the commercial interest. the pirating part is just free crack for potential users.
Four completely different ideas:
1. Make sure people register before they have any sort of chance of downloading/using the software. If you're downloading a trial version of a $10k piece of software, this is fairly standard practice. Then, make sure your sales department follows up in a few days to find out how the software is working. Offers of a free demo are mandatory.
2. Your $10k price point needs to be addressed. $10k is not a huge amount for medium/large sized businesses. However, it's above the purchasing level for a lot of managers. It firmly puts it in the capital expenditure realm. What you really need is something like a $850 a month plan, which puts it under that magic $1000 purchasing threshold and into the realm of something that could be snuck into an operations budget. Also, offer financing through some third party software licensing company.
3. Have a database necessary for the app to run, encrypt and reencrypt key components of it via keys that get downloaded or generated off some unique piece of data. Each month when the customer pays their bill, supply the key needed to unencrypt it. If a customer doesn't pay, hold their data hostage. We have a vendor that did this, and although I hate them for many other reasons, it did keep us paying for their software for many months after we stopped using it.
4. I really like the idea of base software being cheap and modules costing more. At some point everyone needs to purchase more functionality, even if it's for a limited project. At that point, you have an opportunity to sell services to train people how to use it. Companies don't mind spending $1000 on a training session for a $2500 module.
----- obSig
When you start asking multiple thousands of dollars for a software package, no matter WHAT it claims to be capable of doing, you're setting yourself up for a predictable chain of events:
1. You attract the interest of crackers and pirates, who get cheap thrills or bragging rights simply from saying they were able to copy and distribute something so valuable.
2. You lock out a number of potential customers for your product because the price tag is simply too high for them to consider it.
3. You create expectations from those who DO buy your product that they'll receive a superior amount of support and even "hand-holding" long after the sale.
I'm not saying these are reasons you're "charging too much" for your application. Only you can really determine if that's true or not. I'm simply saying these are practically guaranteed side-effects of doing so. In most cases, you see the folks selling such high priced packages implementing all sorts of copy-protection schemes, precisely out of fear about items 1 and 2, but the most effective schemes will put a severe crimp in your ability to deliver on expectations for item 3.
I work for a steel fabricator, a business where very niche (and costly) software is found all over the place. In every single instance, the copy protection schemes included with these programs we've used has caused us considerable hassle in the long haul. For example, many years ago, they spent tens of thousands on a steel detailing package which was loaded on a PC given to an outside detailer, as part of a long-term arrangement. (He'd do detailing of our drawings for us at a greatly reduced rate, in exchange for us supplying the hardware/software -- and he was free to use the equipment to do other peoples' work too, as long as ours too precedent.) That was great, except he suddenly became unreliable (personal/family problems, we assume), and we wound up having to reclaim our hardware/software. Problem is, nobody in-house is currently able to use the software, nor do we really want to hire or train anyone. (At this point, it's cheaper for now to just send the work out and pay regular rates ... We have far less need to detail drawings than we used to anyway.) Meanwhile though, the software maker requires we keep paying thousands annually to maintain a contract on the package, or lose all upgrade rights down the road -- rendering it pretty worthless. Without a current maintenance agreement, we can't even call up and get the key code transferred over if we wanted to migrate the app to different hardware.
In another case (our document management package), we were getting absolutely reamed on annual support costs, but again, were trapped between a rock and a hard place because we had so much data in the package already, and migration costs to use someone else's produce were huge too. We got lucky and found a guy who used to work for the place, who now has his own consulting business. He was able to give us a far cheaper support contract to help us with any issues we had in the program (software crashes, questions about custom coding, etc.) - but was unable to provide us with any update patches. He bailed us out of a serious database problem the software developed at one point ... but again, we're trapped if we ever need the features or fixes put in newer service packs. (They want to back charge us for all previous unpaid years of support to "get current" before we can even buy a new contract from the original vendor!)
Still another situation involves a vendor who has to email us new, lengthy key codes to copy/paste into the application every so often, so it then "phones home" to verify it's allowed to keep legally operating. It could be worse, but it still stinks. If someone isn't available with administrator rights who can get the emails in a timely manner and take care of it, the whole package shuts down on everyone. And you can't update the key code while anyone is actually IN the software either, meaning it's best done after hou
Ok, I hate being pesimistic, but we need to face the facts. Money spent on DRM is wasted money. However, there are some ways others have spoken about that have some merit, but also problems. One such is the aways-online network model and also hardware dongles. Networks go down and standard dongles are easy to hack around. So, what to do?
The always-online model has the strong point that a portion of the processing can be off loaded so the central server, and user's software itself has code missing that can not be simply hacked around like in the dongle. The dongle can have some unique embedded features which can be tested for but is generally easy to hack around since its easy to bypass code. What about a mix of the two? What about a custome dongle that actually adds processing power to the software and the software is then sold as a "system".
If the dongle/board/unit has real functionality (e.g. FPGA accellerator board) the software without it is useless, and if the device is non-trivial it would be very hard to duplicate by the average hacker, and they couln'd just post the results of that hacked code online. You need both. It would be too costly to develop the replacement hardware for fun and impossible to sell it without being noticed. It would not be like a "standard" dongle that one can hack by putting in noop's and nonconditional jumps to deactivate it, as it actually does things the software side needs. A pirate would have to be *very* comitted, and with much more money and resources than the cost of one simple licensed unit to even think about trying to replicate it. As long as the coprocessor dongle unit adds functionality in the form of function or performance it may be acceptable to users, but not unless it actually gives them something for their money. So, can you product be decompoed into two peices where a portion is hardware accellerated?
Quite simply, OP has enormous balls.
.. with a very long ID associated with the license. Preferably a history of all IDs used to work on that file.
Crackers may remove this, but then at least you can check a file sent to you by a "customer" and decline support if the file doesn't have any valid IDs in it or have any non-valid ones, or ones known to be pirated. This way you can at least save yourself from giving unnecessary free support time.
1> What could your software do that would possibly be worth paying $10k for it?
2> Did you know that your DRM would be cracked in time?
3> Who is your market and are they using cracked versions?
4> Do you understand that spyware is just as hated as DRM?
5> Is this your first time in the software industry, really?
1. You would have to provide some pretty spectacular functionality that isn't provided elsewhere to justify that price tag. Customers do research these days before buying. They also look at finding open source alternatives first to save money. You do understand you're going against adobe, apple, and sony among others?
2. If you knew this would happen and you made the decision to put it in anyway, you just wasted a lot of money spent a lot of brand capital. If you didn't know, then you didn't do your due diligence. You really have to understand what happened. Customers or otherwise, don't view your software as being worth $10k and so they will wait for a crack to evaluate it themselves.
3. Perhaps you don't understand who your market really is. The majority of people downloading pirated versions of a $10k video editing suite couldn't ever pay for it to begin with. Perhaps the people downloading it are students or indies. If someone uses a pirated version of your software to make the next great indie film and wins a bunch of awards and gains recognition, I believe that is acceptable. Because copyright is used to promote the useful arts and sciences. You should really understand, you shouldn't be trying to sell your software to that type of market. Your market has to be those using the software for commercial purposes ongoing: The type of customer who will see sustained value in buying the software. Let's put it this way, if a guy in his mom's basement downloads your software, learns it, uses it to make a demo reel, and then gets a job, you benefit. That person is trained in your software and will be more likely to recommend or promote it to his or her employer.
4. Try doing some research on spyware and DRM in other types of software. I mean research from a customer point of view. Read some forum posts about UBISoft's DRM. Google when apple's iphone secretly phoned home or when android phones were using the secret carrierIQ software. Usability metrics are one thing. They provide valuable intel on how your software is being used. By whom should be obtainable only by seeking permission.
5. Piracy happens. Sometimes for no reason other than some dude really likes cracking software. It shouldn't have been a surprise. You should have planned for it. It should have been an opportunity to learn about your business and your product.
They're using their grammar skills there.
Maybe, just maybe your software isn't worth $10k!
Don't waste time and money on trying to keep 14 year olds from using your product illegally and in the process irritate legit customers. Build a licensing/activation scheme that requires a key and gets automated updates from your online repository. This is a common enough act that it shouldn't irritate your average consumer. Keep track of the keys that show up over and over again and which registered users are leaking their keys. Do some light analysis and if it is a corporation violating your license confront them and if that doesn't work sue them. If it's a hobbyist who downloaded it from TPB ignore them or shut down their access to online updates but don't waste time and money on DRM that will only frustrate paying users and not even slow down the pirate community. You don't care about the end users (or you shouldn't) you care about the guys leaking their legit keys and enabling the end users.
This is especially true of your software if it really specialized software in the $10K range. You have a niche market and every legit customer you alienate is devastating to the bottom line. Any petty thief you catch doesn't help your bottom line anyway. You have to make decisions through an economic lens not a principle of ownership lens. Unless the goal of your business is to uphold a principle rather than make money.
(Note: Developer, small dev shop, higher-priced software, same situation.)
If you distribute an "unlimited" version, this will be what is pirated; there's no value in having different versions. Also, if you have a key which allows "unlimited" access without secondary verification, this is what will be distributed on pirate sites.
In our experience, it took about a week from changing the key format to a new crack key being distributed. Obviously, this is for software which is "in-demand", but don't expect that implementing a new scheme with the same underlying characteristics will buy you much time.
For "good" protection, you basically need secondary verification which is "hard" to fake. Currently, that is hardware dongles or an online verification loop. Both of these can be pains for the users, costly for you, and/or prohibitive in some environments (online, in particular, doesn't play nice with classified government envs).
Keep in mind also: most people who pirate are not potential customers, at least at anything close to full price, but their experience using the tool may turn into a sale at a company later.
My suggestion: do what you can to track usage, but don't be overly obtrusive and/or try to prevent all piracy usage. Being able to watch and track, and act when appropriate, is much better than trying to prevent all piracy.
My experience as both a user and a developer is that hardware dongles suck major donkey butt.
They are excellent at preventing customers and pirates alike from using your software.
The drivers for every brand we tried was buggy, and often had conflicts - *especially* when installed on the same machine as a different version of the same brand dongle from someone else's software.
It was a support nightmare, because it can easily turn into a problem that *you* can't fix - only the manufacturer of the dongle and the other software you from who knows where can.
You can also very quickly require a separate USB hub just for all of your dongles.
Many products have trials that are limited in functionality in some way, and it seems to work well. You need to walk a fine line; allowing casual use for people who might turn into customers if they are sufficiently impressed with what your software can do for them. Given the expense of a license, it is understandable why "potential customers" would attempt to get a free copy. Your job is to convince those people who already have a free copy to go legit, and you're not going to do that by spying on them.
I have a compiler suite for microcontroller work that is fully functional up to a 64K compiled code size. Enough for the casual user to get a few things done, and not broken in a way that hinders a potential professional user's ability to evaluate how it will really work if they were to purchase it.
Another toolchain I have is fully operational for 30 days before requiring activation. A good thing, too, since "activation" entails faxing some license details to the company's office half-way around the world and waiting for them to get around to generating a license key and e-mailing it back to you.
Maybe with your video editor, you could allow saving only 3 minutes of finished video? Or only one audio channel? CoolEdit Pro, a sound editor, used to present a dialog on startup asking you which 2 of the following 6 features you would like active for this session. I forget exactly what your choices were, but included things like clipboard usage, saving files, waveform generation, etc. Enough of a hassle to encourage springing for a license, but gentle enough that the casual user could actually try out all the features of the software.
Well I used to use pirated copies of photoshop like most everyone else (I await the screams of horror). Basically because it is like $700 and the cheapo version "elements" sucks. Now I don't object to spending $700 but given that I don't use it every day, it's still a chunk of change. This year, however, they allowed to to pay $35 a month and you get to use it for a year. Sign me up sir. Now a fully paid up legal subscriber to adobe photoshop.
Here's the thing about 'cracked' software. They remove it's ability to report to home, that's part of the crack, so you can't update and aren't aware that it's running.
So even if it was legal, it's not going to do you any good. Plus it would have to be in the end user license agreement that people accepted before you could legally collect identifiable information.
If someone else removes that EULA and then distributes the software, that one person is bad, but everyone who downloads the software with no EULA wouldn't be liable. They didn't agree to anything.
I don't know if this will work for you, but it works for some big companies:
Just post the full unprotected software for download on your web site. Make it clear that if they want security updates, bug fixes, permission to use it for production, or any other kinds of support, that they must purchase a license. (And be sure to post scary sounding security bulletins periodically, with the actual updates only being available if they have a paid license account with you)
The advantage is that with an official download source any torrents will likely dry up over night. This also makes it easier for people to evaluate your software for possible use, potentially bringing in new customers. You will get some a-holes who try to use it for unlicensed production, but hopefully they will eventually want security updates, fixes and other support from you.
We faced a similar problem once upon a time and used a USB key from Wibu as the solution (http://www.wibu.com/wibukey.html - they have a newer product out now). It's been a few years since I worked on the project but in general what we did was used the key to decrypt small, critical portions of the code. The software couldn't run without the key and it was non-trivial to patch the code to an unencrypted state. No solution is perfect but that worked for us.
Show me a video game that is worth $10,000 a copy.
For one thing, I was trying to describe something that doesn't need support, not necessarily something that both doesn't need support and is worth $10,000 a copy. I was under the assumption that what is effective for something that costs $20 a copy can be applied at least in part to something that costs $10,000 a copy. For another, how much does an arcade cabinet+PCB cost again?
At $10,000 for a license, the software you sell is not a consumer product. That's not to say that a consumer may not want to use it, but that you've already discounted them as a customer. You should simply not trouble yourself with thwarting them because they would never be able to pay for it. They aren't your clients and by familiarizing themselves with your product, they may well turn their employer or future employers into clients. Some companies even embrace the idea by offering unsupported no-cost versions for non-commercial use.
Once you've decided that your customer base will only be professional / commercial customers, then the license is the important part. A commercial customer stands to loose A LOT if they are caught using unlicensed software. For them, they should consider the software part of their cost of doing business. If your product is too pricey, they should select another, otherwise, they need to purchase it and expense it. If you catch a customer using unlicensed copies, contact them and give them an opportunity to true up (after all, sometimes companies simply loose track of how many licenses they purchased - crappy license management is rampant). If a company still continues to use unlicensed versions of the software, then have a lawyer draft a demand for payment (and consider terminating their licenses; mind you, you'll loose them as a customer). When all else fails, file an infringement claim against them.
There's simply no DRM scheme that's 100% effective, and it only needs to be cracked once for it to become widely available. DRM schemes cost vendors like you lots of money to implement, and they are invariably a nuisance to the customers that legitimately license your software. Ultimately, DRM makes the pirated copies more valuable -- they are more portable between systems as they are upgraded, there are no dongles, issues with license key management, etc. It would be hard to make the case that DRM is likely to pay for itself.
Instead of pirating Matlab you should take a look at Octave. It's fairly similar to Matlab and heavy duty enough for regular work, not just the home projects you mention pirating Matlab for.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Legacy Windows apps can be hosted on spoon.net or via Application Jukebox. Your app is essentially unhackable and license control is all yours.
Please do not read this sig. Thank you.
http://www.safenet-inc.com/
Many, many, MANY industrial software companies use hardware copy protection. You can build several layers of copy protection around and in lieu of the key (in case a dongle emulator come around).
The software company I worked for used them ($10-15k per copy of the software) and my little print shop computer has 5 plugged in as I type this. Pretty common stuff, and way better than DRM, which just pisses your customers off. They key, at least, makes sense to them; just make sure to inform them that it is the heart of their software; it should be insured against damage, loss, and theft (otherwise, all your customers could claim they "lose" their key every time they need a new copy of the software).
Consider selling the next version as coming with a "plug-in USB computer" that does some of the more important processing and which self-destructs when tampered with.
OR consider making the service contract so valuable that the software isn't useful in a production environment without a support contract.
Consider shipping a feature-limited or demo version at a much-reduced cost or even free. For example, limit the size, color palette, or frame-rate of the videos that can be saved, or watermark the saved videos.
Also, make your full version available on a "piece of the action" basis: No fee for the first $1000 in gross revenue of any project using videos created by this software and 10% of the rest up to a maximum of $15,000. This will allow college students and experimenters to create student films and charge admission without paying until they collect $1000, then pay on a sliding scale if they rake in more than that.
Consider annual licenses for institutions and trade associations for members to use on a "non-commercial-scale" basis under the institution's or association's license.
As far as current user of the illegal versions go, handle them on a case-by-case basis. If they are clearly not "potential customers" then treat them gently. If they are potential customers, then insist they buy a license at full cost and donate a $5000 (half the cost of the license) penalty to charity, but give them an affordable payment plan. Not all businesses can cough up $10K+ all at once.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Use a common license manager like FlexNet (FlexLM) from Macrovision. Another alternative is Sentinel. Most of the big commercial packages use it. You can license the software per computer, per seat, concurrent or time-limited. It's your choice.
The only way you'll be able to eliminate piracy is to host your application on your own cloud, and the users don't actually get to possess the program code itself. Maybe this is impractical for video editing given the massive amounts of data your customers work with, but you'll never be rid of the pirate problem. Any user-side copy protection scheme is easily bypassed at a Romanian pirate sweat shop. It doesn't matter if it's a hardware dongle or online verification - your program will simply be patched to bypass those routines.
There is no hardware solution to a socioeconomic problem. How can you charge $10k when the competition (your stolen software and/or Blender) is free?
By selling in volume at a smaller margin you produce the same net income and create a much larger user base, which increases your popularity and sells more copies. In the end it's a more profitable move.
How about you charge $500 for the full version, and $100 for the educational version with 50% of the features. Make a second revenue stream with training courses. Get some colleges & universities (esp film schools) to run courses in your software.
There's so many ways to judo your opponents instead of trying to punch them over the internet.
EVERY piece of software will be cracked. Even if they need to write a software version of the dongle. You are competing against genius level 14 year's who can read assembly by looking at a hex dump, have unlimited time, no gf and a need to prove the size of their epeen.
There are a lot of good comments here. Ignore all those that make you feel like an asshole. Build brand loyalty instead.....
If your product is $10,000 a license then you need to close up shop. AVID already OWNS The market you are thinking of going into and no shop will use your podunk software over an industry Standard like AVID or FCP.
Honestly if you guys are the app I think you are, You guys are way, way, WAY behind Adobe Premiere and Sony Vegas, both does more and are far more supported out there at a lower price.
Your real solution is to give your software away and charge for support, if you want any chance at all becoming a standard out there and used on any large projects.
Do not look at laser with remaining good eye.
Look, you and I probably aren't in the exact same field of software design or anything, but you come to Slashdot and ask for some help deaing with your proprietary software that uses DRM.
Most (many?) of the people on Slashdot are interested in FOSS and generally like to think that Ask Slashdot is an interesting forum for people to share ideas about how to improve something or how to do XYZ better. What benefit do we get if you lock down your proprietary video editor? Did we actually improve the situation? Maybe some people who would use a cracked version of your stuff now consider Kino or some other FOSS video editor, but generally speaking we've just helped you lock you and your users (both the paying and the piratical varieties) into a weird, constrained dance wherein it seems like the more you try to head-off cracked versions of the software, the more you frustrate and inconvenience the people who want to pay you for your work.
It just seems like nobody wins.
I'm not going to tell you that you have to open-source your software, but what I will say is that I don't know of another really good way to combat unauthorized distribution of software without inconveniencing the users. The FOSS solution to the problem is very interesting: You avoid the "unauthorized user" problem by basically letting the users do whatever they want with the software. It's much easier to go after the distributors in a one-to-many situation, and there's no need to "crack" anything if the source is available for a program.
In any case, software won't succeed without an audience. Remember that if you build up a devoted userbase that's willing to pay you to work on the software, it doesn't matter how you license it or how much it's being used by those who don't pay for it. From just the financial standpoint, as long as your business takes in enough to pay all of the employees and remain soluble. then your business has succeeded.
coding is life
I would say if you have a small customer base it may be the best policy to change a string somewhere in your code that doesn't really do much. When you compile the program that string is there. For each customer recompile the program and give them a different string.
Download the pirated version it check the string and see which customer did it, and sue them. None of this destructive DRM stuff. However you can track who did it.
Sure this can easily be defeated, however being that the program works fine after it copied and moved most people will not think of really looking trying to crack it. And if you put it in a different spots with different codes, and do a little bit of different logic to each string, it will take them a while, In the mean time you will be raking in the money suing your bad customers for copyright infringement.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Forget copy protection. I know it's hard to sit there and see someone using your work without paying for it, but you're not going to coerce anyone into paying. You're only going to inconvenience your legitimate customers. The pirates aren't going to be inconvenienced at all. Someone will inevitably crack it and post it. Now the pirates have a better product than you have -- all the features, none of the inconvenience. Remember, you're not losing money because someone pirates your product. Even if they're using it to gain money, you're not losing it. If they're willing to pirate your stuff now, they'll be willing to no matter what you do. No one's going to buy your stuff because it's too hard to copy. The pirates outnumber you and they're undoubtedly more devious than you. They will find a way to crack your software if it's at all useful to them. If you're going to spend time and effort fighting them, do it in court.
Whether you release a "non-commercial-use" version of your product is completely orthogonal to the piracy question. If it fits your business plan, do it. If it doesn't, don't. The pirates aren't your customers. They're not even potentially your customers. Don't let them dictate how you run your business.
For the most part, people are honest. Most (most) companies will pay for software, or find alternatives if the software is too expensive (or if the licensing terms are too onerous). Those are your customers and potential customers. Treat them right and they'll treat you right.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
If your sw sells for 10 grand very few organisations will be able to afford it and you will be up against fearsome high end comoetition. If you lose those few customers or they just use cracked version youre screwed. Video editing isn't a niche anymore so youre probably better off changing your business model. Sell the sw for 100 bucks and target 100 times the user base, also offer a comprehensive support contract to keep the deep pocketed customers happy. The big lesson of the last ten years is you dont put the big price tag on the software you put it on the support.
money is made in software through support. the software can be given away and if a good product the support contracts will be bought. Microsoft makes money this way, Redhat makes money this way. Get a clue.
About 15 yrs ago, I pushed for and implemented a network license tool in some cross platform commercial software similar to what FlexLM provides. I think the LM SDK license was $1000 per platform.
Companies inside the USA and Canada loved it. It meant they would never violate the license agreements.
Middle Eastern companies seemed to not care either way. It was common to have this in software like ours.
Asian companies hated it, especially Korean and Chinese. Japanese companies tried to use the batch license as a web front-end to the system. When I saw that, I ensured the batch process startup took too long to be useful in that way and told them 3rd party libraries were to blame. They were going to cancel 500 end-user licenses for 1 "batch" process meant to be used for overnight, long running, batch processes.
With the license manager SDK, we were able to do all sorts of monitoring and reporting on the software uses. The tool made graphs for us AND for the client. It was a great selling point to show who and when all the licenses were used. We sold different license levels with the same software so end-users, administrators and batch use was each licensed differently. Licenses could be reserved for a user or shared anywhere on the network or some mix.
We also had a custom built, standalone date-based expiration key that the sales guys used for their laptops. The value for each month was created by a tightly controlled program to which the sales guys didn't have access.
The tool we used recognized when system dates were changed by large amounts and stopped providing licenses if that happened. The licenses were tied to a certain number of specific CPUs too.
The other option is to stamp each executable program with a client name on the splash screen - if a program "gets out", ask the company to pay for the damages, since they didn't act in good faith.
When you role out these updates, do not publicize them for a few releases and have a 90 or 180 day trial built-in so that everyone running the old version "upgrades" to the newer version and can be tracked. I'd use UDP for any tracking that you add and encrypt all the traffic in some way. I'd build in 100 DNS names to receive the traffic too.
You could even give away the software for free and sell the dongle. It will work as long as the encryption doesn't get cracked.
Why crack the encryption when I can just insert some machine code that returns "true" whenever
your isDongleConnected(); function runs?
This is MY machine. I control ALL instructions it operates on, bytes in RAM, EVERYTHING it does. If I give you the privilege of running your code on my hardware, I may pay you for the bit-twiddling benefits it provides -- Because you saved me the time of programming it myself, and I'm funding your future improvements... At the very first instance your code tries to make my computing life more difficult, or "hide" what it's doing in any way. I will delete your software, I'll want my money back, and will never purchase anything of yours ever again.
We had a deal. Your software would be useful, not deceitful or wasteful; What business does it have running crypto algorithms in secret? That's very suspicious behaviour, especially for a video editor. If we were countries then your software would be a worker in my country; The first time they do something treacherous on your behalf, they get deported or otherwise eliminated, and your betrayal of trust through or malicious actions may be seen as an act of WAR.
There is much valuable personal information in my systems. I have to know I can trust you to do what you say you'll do, and nothing more. If I find out that the worker is a spy -- especially if you show blatant disregard for trust and tell me up-front that they're a spy -- then we'll have a trade embargo in place in a heartbeat blocking ALL goods and services between you, and myself as well as any other countries I can influence.
We can have a good diplomatic and business relationships, but this requires trust on both our parts. Piss me off and you're pissing off a country who's main export is reverse engineering skills. I just might make it my mission to tell other folk how simple it is to remove the malicious parts of your software.
It's time to look at WHAT you do as a company. What is it? Do you develop software? Well so do I, only I get paid when I actually do work; You're getting paid repeatedly for working once. Copyright infringement is the cost of doing business in the artificial scarcity market. If you're a software developer then look for ways to get paid when you are developing the software: support, features, upgrades -- The reasons I PAID YOU for.
I surely can't be the only one who understands it's folly to build a business around artificial scarcity -- basic economics says that if the supply is Infinite then the price is Zero, regardless the cost to produce. THINK FOOLS, would YOU invest in a business who sells freely available dirt, their sole strategy being to proclaiming they're the only ones who can sell that precise mixture of dirt, and trying to hide what the mixture contains while also distributing it? Instead, you should strive to get paid to actually do work: Come up with better combinations of dirt [bits].
That's the general rule. The point is: is it worth cracking it?
Some software pieces from Steinberg are so hard to crack with the Syncrosoft dongle that the pirates themselves cracked it once and then said they will not do it again for relevant updates since:
From their FAQ:
Q: But we had to wait so damn long for this release - Why?
A: The amount of time to analyze and reverse the current syncrosoft implementation was just that high. Think about it like this: around 25% of the program code is MCFACT protected and therefore protection-related. As you can imagine the effort to analyze and reverse such a target is incredibly high. This time it took us almost 4000 man hours to emulate the little beast!
And that also means that the cracked version works 25% faster. Literally.
Now, back to your question. The best way to protect your software is to either make it not-worthy to be cracked (i.e., making a really bad program or a really good software protection, but the latter will be expensive also to you), or make it hard to leak:
This already covers 98% of your bases. Still, there will be leaks. The only thing you can do is to limit them.
Sure you can continue to add DRM, dongles, licensing, etc. to help prevent un-authorized copying...
However, to really survive you must be continually improving the software thus giving incentive for customers to pay/license the new version. That's how you can keep ahead of the game and if the older version gets pirated... well at least you get a fresh start with the new release.
If this isn't the case then your static software probably isn't going to keep its $10k value for long and no matter what protections you put inside it'll get cracked/hacked eventually.
Can your potential customers easily get in contact with your support staff before the sale? Once they get in contact with live human beings, the piracy rate should drop.
No data, no cry
After the last unpopular comment, I've come to a conclusion. It doesn't matter if what I'm saying is true so long as it is popular.
For that reason my untruthful but popular advice is for you to man up, realize that people who aren't buying it wouldn't buy it anyway, and not put any copy protection on it. See if you can build rapport with your customers instead. They'll buy it just because they like you.
On a more practical note, if the software is $10K you're probably going to end up selling consulting services and licensing the software as a prerequisite to those.
C'mon; this is so obvious.
First, unless your software is made for the ultra-high-end professional, $10,000 is way WAY too much for the software alone. Adobe (who is admittedly NOT the largest player in video editing in the professional world) sells their suites at around $2500 USD. You have to consider the total cost for the customer, which will probably involve a $5000-$10000 system to run the software on, plus your software, plus any other tools they need. So if their total cost with your package is hovering around $30K, then the legit customers will be shopping around. And your new company will probably not get their business because of a lack of history supporting the product.
Now, as to spying on users or not, that's a fantastic way to get your software noticed by the wrong people and make a very bad name for yourself. A crippled try-before-you-buy scenario would help get your software in front of potential users, so they can see whatever it is that you do better than everyone else. And once they fall in love with your software, it'll be hard to not buy it...right?
I've found one of the most persuasive ways to get people to buy your wares on the internet is to be honest with them. Tell them what it cost to develop your software, how hard everyone there has worked, what people have given up to get this project off the ground, and how proud you all are. Basically, reach out to the human side of the internet. Otherwise, it's a cold and vast digital wasteland and your software is just written by strangers somewhere that nobody cares about. This isn't a perfect strategy, but it does usually mean the people that pirate your software are going to be a scumbag above the rest, and you really aren't going to get them to pay anyway.
Now, as far as your goal of suing the deepest pockets...stop that right now. Sue everyone equally, or don't sue anyone at all. It's that simple. This deep pockets clause is so morally reprehensible that it's ridiculous. You're essentially sending the message that the person with the most money is the only person you care about stealing, and everyone else can have at it. That's some serious BS. The legal system in the US is set up to protect you, your company, and your intellectual property. Use it correctly or risk losing the right to use it. It's literally that simple. People are getting really tired of that kind of thing clogging up the courts, and you only stand to make a bad name for yourself. Especially if the person with the deepest pockets has deeper ones that you!
Anyway, that's my two cents. Put a human face on it (look at Louis C. K.'s video sales), price it fair and competitively, and don't try to be a bigger scumbag than the people stealing your software.
You might as well release it under an open source license and concentrate on selling support packages. That way every pirate becomes a potential customer instead. Getting your hands on software is easy, using it can be hard! That is where your market should be.
Did Adobe raise the price on Creative Suite again?
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
This isn't as simple as adding "return true;" to "isDongleConnected()". Clearly you've never tried to add copy protection to anything.
First there's the challenge/response model. Imagine this as "sometimes you should return false instead of true".
Second there's the dongle processor. Imagine "int DoDongleCalculation(int x, int y)". The dongle then calculates x and y and returns a value. What do you propose to return in those cases?
Oh, what's that, you want to peek inside the CPLD and extract the code and reverse engineer it so you know what DoDongleCalculation is doing? lol, good luck buddy.
:(){
3. Have a database necessary for the app to run, encrypt and reencrypt key components of it via keys that get downloaded or generated off some unique piece of data. Each month when the customer pays their bill, supply the key needed to unencrypt it. If a customer doesn't pay, hold their data hostage. We have a vendor that did this, and although I hate them for many other reasons, it did keep us paying for their software for many months after we stopped using it.
This is truly fucking *EVIL* and you should be shot for suggesting it. And someone should be seriously beaten for buying that software in the first place.
This is the kind of shit that ...
Sorry, I don't even have words.
in addition to the excellent idea of watermarking done in-software (advertised as a security feature for proving video made is the work of your customer), have it base that on machine ID information, report it back to your servers and...
don't disable software, ever. Just keep an eye out, compare watermarks in video to your database and when you find commercial use of your product from non-paying businesses, advise your legal team to go after them.
This lets you avoid DRM stigma, add paying customers when they should be customers if they are using your software, and recover from businesses that refuse to purchase a licensed copy if necessary, without making waves in the hobbyist community that would insure they never became paying customers. (if that is your goal that is, to allow non-commercial use of your product by unlicensed copies)
captcha: tortoise (why are these so often appropriate? is it like fortune cookies in hindsight?)
When installing, the software checks the serial number on the motherboard or something. The customer has to contact you for an activation key based on the hardware hash key. Your customer changes its hardware? They contact you and you give them a new activation. If you ever close business, you ought to send out the activation key generator to your customers.
Of course, this can be cracked. You confuse the crackers by uploading your own cracked version with some defects. The cracked version should watermark anything saved. Perhaps include a phone-home function disguised as an automatic updater. Show a splash screen/demo with "cracked by _____" so any employee using the software knows it ain't legit. The cracked version would be good enough for a hobbyist, but it would dissuade use from your target market.
I don't think you understood what I wrote. My suggestion was to move the Save(); procedure to the dongle. Obviously this couldn't be circumvented with a simple return true;
Nobody said anything about encryption running in secret. Just say you use it, how you use it and why you use it. And your statement about act of war is a wee bit over the top. Encryption is very common for video (think DRM.) By your definition, any DRM protected content is an act of war. Good luck with that.
In that price range, you probably know each of your customers anyway, sou you can use registrations. Have your support hand out simple registration codes (md5 of salted username, xored by some secret string). With a pricetag like that, you need to offer excellent support anyway and are not aiming at a wide enough userbase to become popular among crackers.
bickerdyke
For big accounts you may want to spare your client the hassle of local hardware keys (or you might even find yourself loosing sales), but you may still be able to negotiate some form of DRM that's palatable to them (e.g. floating licenses or a server hardware key or (if you trust your client) even a simple agreement not to spread the goods plus a demonstration that the software contains hidden keys that make it traceable).
Harware keys aren't that hard to bind in: you can sprinkle your code with function calls to the library that comes with the hardware key.
If you release a free spyware version pirates will still pirate the full version because it's far more convenient to have free software that also isn't spyware.
I think the traditional way to handle your problem is with accounting so that the majority of your "losses" are in sales lost to piracy instead of, say, an inability to pay your own vendors or your paychecks. Build up huge tax write-offs that you can defer to future years and never pay taxes again.
Are you sure you're at the optimal price on the supply-demand curve? Maybe $10k per copy is totally appropriate for your market, but it sounds high. Neither DRM nor any other action on your part is going to magically create $10k in the pockets of your potential customers and if they currently can't (or won't) afford your product then DRM or spyware isn't going to drastically alter their budget or their demand for your product (except perhaps reduce it). How are you determining your market size and which potential customers have bought, pirated, or simply don't use your software? Assume 75% to 90% of people are honest (even the BSA says US piracy rates are about 20%). If more than 10% to 25% of your installed software is pirated it means it's overpriced. If you can't make a living from the three quarters of your users who are honest then your product is unnecessary in the current market.
Can't you just put a little piece of tape over the notch on the side of the diskette?
I would guess that at $10k a pop there aren't all that many people that have actually purchased it.
When you're selling any kind of software product there will be deadweight loss because the marginal cost of making another copy is very close to $0.00. This tends to go up as the software becomes more expensive. See:
http://en.wikipedia.org/wiki/Deadweight_loss
The amount of companies that can profit greatly from your product is likely pretty small given the price. They're also likely to have IT people that can tell them about how much getting sued by the BSA sucks. You would be better off spending your time and money selling to the few customers that are going to pay ten grand, rather than try to fight people that just want to play around and aren't making enough money to be afraid of getting sued.
Here is my question to you:
What if you succeed, your company starts generating a lot of revenue, a patent troll comes along and sues you. We hear stories like this quite often and small companies like yours tend to settle any bogus claims because they do not have enough money to fight in court (i.e., legal fees etc). Often patent trolls will make sure that they can get just enough money from you so that you will stop short from file from bankruptcy but they will try to bleed you dry.
What then? The very legal system that is supposed to protect you and prevent users from copying your work may turn right against you. I often wonder whether companies like yours wouldn't be better off choosing a different jurisdiction (e.g., Brazil since software there is only covered by copyright law). Anyone in slashdot has any experience considering such an option?
I think you stumbled upon one problem I have found with demo versions that unintentionally encourages piracy. If you disable the versions too much, like your 3 minute limit example, people will just go to TPB to get a fully functional trial version. Or, if the software is sufficiently obscure that TPB doesn't have a crack then you might try to crack it yourself if you have the skill. I would say that at least half the demo software I download is too disabled to give you any real sense of how the software compares to its competitors. If no crack is available I just end up using and in some cases buying software from the competition. I'm not going to buy software that I can't test properly first.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
If u can actually find cost effective DRM, more power to you, but I doubt u can. What makes your product worth 10k is great support. I once spent four and a half hours on the phone with someone from AVID, on Sunday on a holiday weekend, getting our editing boxes and playback server back online. This guy was not a CSR in a call center -- he was an engineer who knew the product inside and out. We got back up in time to make the evening news.
Other companies make a great product. I can find all sorts of AVID software on TPB and other places. But if I'm building out a professional edit suite, I'll spend the big money for a licensed AVID system, and it's mostly because I'll know that when everything goes to hell I can call that engineer up 24/7 and make sure I make air. That beats any DRM I've seen.
I'm not sure what your product is, but from experience, you have two types of pirates:
a) Collectors - Who collect everything, but never use it. This may include cracked retail versions or the unpatched version and a later keygen/crack for the version in the file.
b) Users who refuse to pay for everything - These users are just asshats and you're not going to get them to pay for your product short of sending some mafia-type to go break their kneecaps.
Everyone else either has no interest in the product and won't even try it without playing a demo/free version or they will pay for it after 90 days, even if they were exposed to it via a pirate version. I've often found that sometimes the free "training" on your software outweighs any potential revenue loss. As Microsoft said "If people are going to pirate, we want them pirating OUR software."
Businesses won't dare use pirated software unless their IT department is clueless. The people who recommend what to buy are people who are comfortable using products X Y and Z, and don't care if there is a free or cheaper alternative unless it's familiar.
At the same time, you probably want to prevent any useful output from software that isn't licensed properly. The easiest way with video/photographic software is to simply watermark the output. These are difficult to erase, and you don't want to intentionally degrade the video, otherwise your software will be considered "poor quality."
Another way to prevent cracking software is to version self-check. Not actively, but passively. If the software uses plugins, the plugins should fail to run if the software has been modified. Remember that crackers can not ADD functionality. They can only NOOP or JMP instructions to prevent whatever DRM you put into the software from running. The more hardcore crackers will actually pull the decrypted software right out of the system RAM if it's encrypted. Minimally you probably want to make it hard to just casually crack, which can be done by not using C++ linkage, instead sticking with C linkage and destroying/hiding the import table so that the pirates can't just simply load it up in a disassembler and NOOP around the checks.
Alternatively you could just not be a dick about the piracy and instead require the software licence to access support. You'd be amazed at how often people with pirate versions of software will take advantage of the support infrastructure. Release patches that fix or replace "cracked" versions with the version that requires a licence verification check. Again, the users of pirate software are not the sharpest pencils in the box, and will let auto-updaters run.
Disclaimer, I've reversed engineered software for fun and to screw over cheaters who hack games by reporting their hacks to the copyright owner.
Licensed accounts only downloads with automatic embedding of useraccount (crypted) this will show who leaked it as it will just be a senseless .data portion
Simple phonehome to show who is using it is fine as well (shows if someone non licensed is operating it).
Sue any business that pirates, end users wouldn't buy it anyways.
The best way but also the most asinine and annoying one is to flag your whole code vs a dongle/online server. It WILL get cracked, maybe not if you tell your server to do important portions of the computing (feed numbers for things -> server -> compute -> feed results back). But it will take a very long time to do so, especially if the data you feed isn't static information (eg. RGBA or similar details that needs to be worked on), this of course makes your software slower due to the server architecture, it's a fun thing to theorize about though =D
Autodesk actually makes student versions of most products widely available with activation through a school email account. They seem to be full versions mostly.
Now, how to get people to pay for it? I'd say complicated software needs support. If you software interoperates with others, make minor updates and require that a user is not behind more than 2 or 3 minor updates (less if it auto updates). This is basically the Microsoft Office way.
Adding a copy protection that does something simple but annoying, like a 2 second trailer "edited with the free version of BLAHsoft - personal use only" added to every exported project. One can delete it, and it certainly doesn't hurt individual use, but in a professional setting the risk of footage being aired with that trailer might just be a tad too high.
Crackers may not want to spend their efforts on something simple like that. Even an overlay (like DiVX has in the demo) seems to be there to 'stay'.
It is literally impossible to keep a piece of software from being cracked if there's a demand. No matter how draconian a DRM scheme you implement, the software will be pirated, and the cracked version will be completely DRM-free, leaving you with pirated copies that treat the user better than the legit copies do.
Even software packages that utilize hardware security dongles are cracked between a week before, and a day after release.
For the most part, the people who don't pay for software wouldn't have paid in the first place. So what's the point? You just end up screwing your paying userbase.
Friend: "The NIC is misconfigured..." Me: "No prob, I'll just telnet in and fix it." *Silence*
Apple's Final Cut Studio costs $1.2k (and includes not only video editing but also DVD / BD authoring, sound mixing, compositing and muti-format compression).
Adobe's CS Production Premium costs $1.4k (and includes all the above plus Photoshop, Illustrator, and a few other well-established applications).
Avid's Media Composer costs 2.3k (that's about $2.2k for the Avid logo and $100 for the software - still slightly overpriced).
All three packages above are production-proven, well-established in the professional market, supported by most relevant equipment manufacturers, and have hundreds of high quality plug-ins available from 3rd parties. And you say you're trying to sell (unknown) "video editing software" for $10k? Good luck with that.
Even assuming you're including some high-end compositing software (not that you'd need to; After Effects has come a long way), you can get Production Premium + Nuke (or Fusion) for $6.3k, and that would give you access to both AFX and OFX plug-ins. You could even throw in 3DS Max or Maya ($3.5k) and still be under $10k.
Did this article somehow get lost in the depths of the Slashdot queue for 20 years?
Your video editing software, as cool and as powerful as it may be, doesn't do anything that makes it worth $10,000 to a teenager editing youtube videos, but more importantly, it is not important to your business model to prevent them from using it. What you need to do instead is focus on the corporations who actually are your potential customers, not the people that you wish were your potential customers. Rather than don the yoke of DRM and all the problems inherent with it, focus instead on stego algorithms to periodically watermark video frames with the serial number of the software license that produced it. Now, you can detect and prosecute unauthorized use without any hassle to your legitimate customers and without any hassle to those who you really don't want to bother hassling.
I'll add another voice here saying that you have to just accept the fact that your software will be pirated if for nothing more than it costs a bunch(it's all relative I know) and it can be pirated. The reality is that it is literally impossible to prevent it. You are giving your customers everything needed for the program to be able to function. No amount of hiding or encrypting or hardware dongles or checking in with your servers can prevent piracy. It only makes it more challenging. The only way you can actually have full proof protection is if accessing your servers is critical to the function of the program (think mmo's like World of Warcraft). I've done support for Adobe, Autodesk and other software providers so I am familiar with these issues in real world situations.
Ultimately, you are best off making sure that what ever DRM/Activation/What ever you use is not too difficult or annoying for your actual paying customers and that it helps keep your honest customers honest by letting them know they might be breaking their license and might need to buy another copy. There is nothing worse than a horrible, over the top DRM solution that makes your paying customers want to pirate the software just so they don't have to deal with it. Anyone who really wants to pirate the software will do so. Also make sure that actually buying the software provides useful benefits besides just a copy of the software. It could be access to updates, notifications about updates, basic support, access to an users only form (not the only forum), voting on new features, what ever makes sense for your software.
You must think video never gets transcoded to other formats or recompressed at different levels, even if the same format.
You must also think that video professionals would be OK with having some pixels of their video frames changed when those values can be critical for things like level checks (ex., all pixels must have exactly a certain brightness) or chroma-keys.
Two supposedly identical copies of the same application must produce absolutely identical results, or you have no chance of making it in the pro market.
if you can honestly say "Some of our potential paying customers are using it without paying, and some non-potential customers are using it without paying." then you're already spying otherwise how else would you know?
The real problem is that your software is priced incorrectly. Some people will pirate it just to collect it - they'll never install it or use it at all. You don't have to worry about them one bit because they weren't going to buy it, and they're not going to use it. Hell, they may not even give it to anyone else.
The problem you have is with people who use your software but don't pay for it. So ask yourself - why don't they want to pay for it? If the cost is too high, then you can bet that a certain class of people will pirate the software because they need it, but CAN'T pay for it. Students. New companies. People who need the product in a company that won't free up the funds to buy it and require them to use something else that's somehow inferior.
You will NEVER prevent software piracy. DRM is a crock of shit - what one fool can invent, another can crack. Stop wasting money on that worthless shit.
Instead: Have a student version at a very low cost that students can afford - $25, $50. Make them fax in a valid student ID or have an .EDU email address to send the license to... Chalk it up to ADVERTISING because when these students get out of school, they'll know your product, want to use it, and will be experienced in using it. They'll recommend it to their employers. You will have a base of customers that you can grow with.
New companies: Have a low-cost, less featured version. Maybe one with some ads in the side. Or some kind of watermark that links to your site,etc. MS does this with the "Starter" version of Office 2010. Want to get the ads off or the watermark out? Pay some nominal amount of money that does that AND adds features. Then as the new company grows, they can afford more pricey products and they can choose to stick with the Starter version or trade up for something that helps them make money. Give them a value-add.
Existing companies: Offer a 1 week license version. Let it check an NTP server out on the net. Give it a couple of days more than the license just to cover crazy timezone issues so you don't have to code for it or deal with complaints from people claiming that. Then an employee will use this software version, and you might get full version sales after the boss sees the results of the skunkworked product usage...
Remember: You have to add VALUE above and beyond what the pirate price is. That's effectively zero, or pretty close to it (if they charge for a DVD or download site subscription). So if you make it so it's less expensive, and less troublesome to get your software than going the pirate route - you've got points. Once you add actual value above and beyond the pirate version - you get more points (and more sales).
And the "adding value" thing never stops. You have to constantly innovate and develop new things to continue to add value above the pirate version.
Don't follow my advice at your own peril. I've been around since the copy protection wars of the Apple ][ and I've seen how this always turns out.
GPL.
Escher was the first MC and Giger invented the HR department.
This is the 21st century. 1) Make your software the highest quality possible 2) Advertise it well to your target demographic. 3) Make it cross platform (optional, a lot users generally prefer cross-platform though, Windows, OS X, Linux) 4) Sell it for a low price that is reasonable (tiered pricing is good, student price, etc to get users hooked) 5) Charge for support plans. 6) Support your customers well. If you follow these 6 steps, people will want to *buy* your software. As others have said: "Large software projects do not turn a profit through sales."
Obfuscate the code.
Then drop the price, and go in for the kill (profit by volume). As stated before, piracy is typically a result of a poor business plan: if they like it enough to pirate it, then wait a while, and put forth a real deal. See piracy as free advertizement, the same way B. Gates once did.
You don't want to get into the DRM game: it's a fool's game, up there with playing the lottery. Finally, make it so if the license is invalid, or the program patched, it outputs the video with a nice transparent watermark with a silly pirate in the background. The trick is to make unwinding / decompiling the code a hassle, not a challenge (or you'll attract the kinds of people who will crack it just because it's a challenge).
Finally, e-mail the various warez groups, and ask them (politely) to please stop cracking your software. Surprisingly, that has been known to work in a few cases. However, if you threaten them with legal action, or LEOs, they'll laugh at you from whatever country they're hiding in, and place your software at the top of all subsequent to-do crack lists. No, you do not need to pay them anything, aside from some small token of respect and the general civility which has been known to avert major wars.
The above may be more difficult today than several years ago, as the actions of various 'do-gooder' organizations and legislation have driven these people even further underground, so just getting an audience with them may require several months of work. Thank your leaders for their foresight in cashing in on some cheap political capital, and cutting the lines of communication necessary to keep the wheels on the cart.
I am John Hurt.
proof that a 5-digit id means nothing
insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT
a business model based on selling binaries is nowadays moot if sales are not in the tens of thousands at least. if that's your business model, be happy to be on the pirate bay. it may help you succeed. every big seller is on p2p for a reason. grab the free reputation it provides and keep going.
if you don't want to go the wall mart way, you could change your business model. and if you have to change anything, change the right thing: forget copy protection, it's not only waste, it will be probably counterproductive. general directions: add value to yourself, your company and your sw (current well known options boil down to saas, support, service), target specific segments naturally predisposed/demanding to pay to feel some value (mac users spring to mind, for instance (hey, i'm serious!)), find strategic niches.
typo: 6. i can count, but i have fat fingers. girls prefer men with fat fingers too.
insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT
At a $10K price point, you could afford to do what I've long been expecting to see widely adopted: online activation, with the serial number / key validated against a whitelist of known good (i.e., paid-for) keys.
The cycle is always the same: require key to install or activate; hackers determine algorithm and make keygens; keys known to be used in the wild get blacklisted. Validating against a whitelist breaks this cycle, but normally wouldn't be cost-effective. At $10K, you can go for it.
Yes, there will be some hiccups (what to do if / when a *second* user tries to validate using the same key and you need to determine who's legit, etc.), but they should be solvable in low volume / high price-point scenarios.
-Zirbert
http://zirbert.blogspot.com/
Hey, look, it is another asshole who doesn't understand business period. Why don't you come back and talk to me when you get out of school, shithead. And, that is assuming you graduate.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Provide deep educational discounts, do a reasonable effort at protecting but not excessively much (because any technical protection will be cracked no matter what you do, it's a sport for tech kids out there), and finally don't freak about non-paying users... realise that they help you by making your software popular, and quite some of them will eventually pay, once they become heavy users and get in a position with funds available. Two cents from an academic user.
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
I'd consider the advice from the AC and @crath to be spot on.
To help you gather the intel on who is ripping you off, I'd suggest adding an on-line update feature, if you don't have it already. It helps you get the patches out, it helps the customer keep the product up to date, and - even if you gather nothing else but a serial number and an IP address - it lets you know where you stand, pirate-wise. An iOS developer wrote an excellent post within the last year (which I can't manage to dig up in a couple minutes) which laid out his strategy:
> Collect data on serial number use vs. IP address.
> In subsequent patches, incorporate nag-ware, keeping the nag to a dull roar.
> Consider offering a pricing scheme to get some of the unlicensed users in from the cold... in your case, as an alternative to a BSA audit.
Is collecting a serial number and IP address spyware, in exchange for software updates? I don't think so, YMMV. I'd consider it legitimate marketing data, which you can use to attempt to convert some non-paying users.
For the hard core that won't convert, a bit of sleuthing is required. If some Google and Manta search shows they're probably some bozo editing very high quality vids of their cat for YouTube, write 'em off. If it's a profitable shop turning over more than (say) US$600,000 in business a year, sic the BSA on 'em.
Luke, help me take this mask off
Congratulations are in order, your on TPB: YOU'VE MADE IT.
Can a person program a new solution to a problem? Why should anyone be able to stop such a thing? -Richard Stallman
Except for very large bases, $10K is a bit of money. What is the program, what does it do? Who (not names, but what sector/level) are your clients? Everyone else discussed various strategies and such, I want to know what the baseline for this question is.
Vote monkeys into Congress. They are cheaper and more trustworthy.
We were in the same boat as you and now we got a complete solution. Our software TorApp Guilloche Designer is for security printing and the equivalents usually costs more than $200K. We choosed to build it as a service and we are free of any piracy issues now. You may take the same route as us, you can check out www.torapp.info to find out more details on our techs.
I've come to the conclusion that desktop, ad-free software is essentially worth $0 thanks to the infinite replication potential of the internet.
Doesn't matter if its an expensive specialty app, Windows, or some cute little dollarware app.
Software as a Service seems to be the future of software to make money on it.
Or $1.00 phone apps (example: Angry Birds).
The sorta off topic post starts below as it dealt with the ACTA copyright issue.
from an article about ACTA
voidchalice | a day ago | permalink
+Griz wrote:
“When plunder becomes a way of life for a group of men living in society, they create for themselves, in the course of time, a legal system that authorizes it and a moral code that glorifies it.”
right. just like those who glorify piracy, indiscriminate hacking and infringement now legalize and justify these as being in the name of "freedom"...
you're just as bad as the "empire" you're trying to fight, i'd vote for more control...
Quote:
I've heard it said before by a very wise person...
"...The more you tighten your grip, Lord RIAA, the moar stah systems will slip through your fingahs..."
from someone sacrificed their own world for the sake of the 'rebellion,' she's as bad as the emperor... (emphasis mine for relevance to following remarks)
Last edited by voidchalice on Mon Feb 20, 2012 2:52 pm
[SPOILERS! (In case there are STILL some people that haven't seen STAR WARS (Episode IV: A New Hope) {1977} yet....]
.
.
.
.
.
.
.
.
In-world, in-context, Leia was cool as a cucumber even under EXTREME duress.
I'm sure, deep down inside of her, she knew Alderaan was toast and lied to Tarkin anyway to buy the Rebellion more time.
That scene occured after she was tortured by the pain droid...with her FATHER overseeing the process no less!!!
She realized the sky was the limit for atrocity with the Empire.
Her reaction to Tarkin giving the order to fire the Death Star's superlaser was a shining moment in Carrie Fisher's acting career--You could palpably FEEL the fear and dread Leia faced watching her homeworld being destroyed on a whim by a Complete Monster superbly acted by the late Peter Cushing
(from memory from relavent--TVTropes page can't find it anymore or it got changed/deleted.... :( )
Tarkin is a complete monster...When Tarkin told Vader to stop choking one of his men [in ANH] Vader stopped.
FUN FACT: When ANH was being filmed, Cushing found the boots his character, Govenor Tarkin, wore hurt his feet. So he did his part in comfortable slippers when he wasn't seen head to toe on screen.
CAPTCHA: monotony [Tarkin's atrocities were monstrous and delivered with a sense of banality due to the 'softspoken, even-toned menace' Cushing brought to the role.]
We use very expensive software/hardware combinations in a Govt/Military environment. I would not be surprised to see the actual cost upwards of 10000K for say just a couple of licenses. Several of the Companies use a hardware licence model. That being a usb key which is easily moved from computer to computer when we upgrade.
As much as I dislike DRM, this isn't so very bad. If our users would just take care of the damned things!
As others have said, spyware brings its own problems, and might actually be counter-productive.
Make each version a unique copy with a digital watermark. If you're selling it for $10k, you can afford to put some personal touches into each copy.
Nobody here is going to like this, but...
I've seen the following policy make a significant impact on piracy and it did so in a revenue positive way.
The licensing scheme was changed to one that was not so easily cloned. A simple MAC address or DISKID won't cut it. Hash a few factors and put some work into the hash so it makes sense after users do basic things that users do. Where the hash will fail, offer new licenses under update contract or something, and they just deal. That stuff costs a little, and they need to respect the license, and you need to service them when things happen.
From there, you know it will get cracked right? So let that happen!
When the system operates normally, all is good. That's a paying customer, entitled to their use rights, privacy and all that jazz. They have a maintenance contract that gets them license service too, accounting for dead machines and what not. In practice, setup and licensing isn't typically onerous, and the problems with that hash have been few.
So, if it's crackable, what's the deal?
For somebody who has cracked the software, it works just great! But, it also collects use info, and the data needed to identify the machine, and it sends it home, in the form of a running log, and it's done in a sporadic way too. The user isn't going to know, unless they are really looking. That's the twist. A paying user is entitled to their use and privacy, information security, etc... no worries. The infringing user? There are no expectations of any kind. Leverage that.
This monitor capability is built into the software on various levels, and it watches for various license use cases and stays silent to respect the users who bought in and are getting their stuff done, seeing the value. Where the software is operating on an unknown use case, it phones it in.
What has been the impact?
For paying users, none really. Everybody was informed, and we had a few folks call in wanting to know details. We provided them, and they have no worries.
For the infringers, it's been quite interesting. I've been involved with this kind of software for years, and casual piracy has always been at issue, but it's not really a revenue problem. People get up to speed in various ways, and one of those is running some stuff to get experience for a job. Education versions are out there, as are trials, and they are not hard to get, and they are basically full featured too. That was a nice balance, because...
Some of the infringers are a revenue problem. The people running stuff for hobby, learning, etc... weren't prospects because the economics are not there. However, we have found that a pretty fair number of prospects do choose to run stuff to profit, and they often do so without the owner of the business even aware!
Over time, instances of piracy that were resolved were few, and those were often done by local sales who were in the know, and deals got done. Last year alone, the instances of infringers who stepped up to buy a license after being tagged hard were very high.
Typical response is to analyze the log, research the entity infringing, have legal draft it up, then send out the letter. That can very easily be cookie cutter, based on a few use cases derived from the logs. From there, the people infringing are made aware of the problem, and the assumption is some kind of error, or management issue at first. That's easy. Buy a license, or licenses depending, and from there, become a customer, no worries, no discussion. Easy.
If it needs to escalate, various things are done, always offering the simple out of a license at list, with full contract rights, and renewals, etc... no penalties.
The vast majority of people will get the letter, phone up sales, and just buy in as if nothing happened. I think that's the key there. They have the out, and when they take it, it's a good experience, the same good experience everybody gets. They need to know the remedy is complete. Just get on the bus, an
Blogging because I can...
There are national laws and international treaties dealing with the particular issue of copying because, guess what, it is not stealing and it is recognized by the legal codes of most nations and th respective international treaties.
Frankly to have to keep labouring this point is like discussing if the Earth is flat or not.
IANAL but write like a drunk one.
Basically a Hardware Dongle.
I remember plenty of GIS software using them. They have been in use for literally decades. If you want to really get cute, don't use an interface easily copied like USB (though it would be by far the easiest to implement and cost less). I have had stuff with a SCSI interface, where you had to have a SCSI PCI card installed if your MB didn't have one. Danger in going to archaic is that if you start using serial or parallel ports, you won't find them on many MB anymore. One modern equivalent will be the Firewire port. Again less computers have these so beware. Your best bet is USB, as while it is easily subverted, it is a lot more work to do than a simple crack for most people and will get rid of most casual hackers. Just know, is someone REALLY wants to crack your security, they will. You can make it authenticate with online servers as well of course, but then you are limited the usability to users which is a no-no. Depends on what your software does. I know we worked on a project where one software was rejected out of hand because it required USB hardware dongles, and this was to be on mobile laptops where the USB ports were to be used by other things, etc...
Anyway just be careful you don't reduce your possible clients to nil by security.
to put things in perspective: Avid media composer is $649.00, final cut pro is $300, the adobe CS 5.5 production premium collection (with premiere pro) is $1700 or $585.00 for just premiere pro. even the top 3D packages, maya and softimage don't even come close to $10000 a seat. does your soft come with a gold mouse? or a fluffer?
Our products start at about $15K. We've used an Aladdin USB Time key but we're switching to new keys that allow significant portions our code to be loaded on the key cryptographically. It's become pretty standard now. Our customers are all B2B and Fortune 500 sized.
FlexNet Publisher Named Best Digital Rights Management Solution by SIIA
http://www.flexerasoftware.com/company/awards/awards_8844.htm
Cut the price to 1000$
Recipes for USA bankrupt - http://tinypaste.com/0d66f dd = dollar deluge (printed in the infinity)
So this is a proof that 7-digit ids don't know correlation does not imply causation?
1) Sell cheap for a large number of users rather than selling expensive for a small group of users. And the first option have the bonus of possibly make your software in a reference, this is priceless.
2) Do not use DRM, period. Is only wasted money.
3) Make it easy to pay, and remember that you are now global with the Internet. You may have many more users overseas than in your country of origin. Paypal is a good option now, as an example.
4) Many users are not professionals and just want an efficient way to do a simple edit in the video (eg, remove advertisements from a TV capture), make a version of your software that makes it and sell cheap, leaving the more complete version - and more expensive - for those who really need it.
Religion: The greatest weapon of mass destruction of all time
This is interesting, since the history of science and geekdom in general has involved those who defied groupthink and went on to invent solutions based on the problem itself.
Then again, I have learned that the internet today accumulates the audience who were active with daytime television in the 1980s, not the ones who were calling bulletin boards. People who have a lot going on in their lives do not hover around internet sites and learn the ins and outs of geek culture. Those who have achieved almost nothing except attending a job and installing Linux on their TVs are going to spend a lot of time at those internet sites. With this mind, the problem may not be Slashdot, but the 2000s+ internet.
Dog whistle is a new term for me, but I like it. It's very descriptive. Thank you.
I worked on software that had a $20,000 license to use. It wasn't copy-protected. We didn't have to, because to use the software you really needed to have access to a supercomputing cluster. Kind of limited the number of people who'd be interested in using the product.
Anyways, the point is, if your product can be installed and used on a regular old PC then there's no good reason to *NOT* copy your software and use it. Essentially, while you have spent time and money to develop your product, it costs nothing to make copies of it. You should be happy people are using your product, and then get out now. Your startup is doomed, they picked a failing business strategy.