Slashdot Mirror
Ask Slashdot: Copy Protection Advice For ~$10k Software?
An anonymous reader writes I'm part owner of a relatively small video editing software company. We're not yet profitable, and our stuff turned up on thePirateBay recently. Some of our potential paying customers are using it without paying, and some non-potential customers are using it without paying. Our copy protection isn't that tough to crack, and I'd rather see the developers working on the product than the DRM (I'm convinced any sufficiently desirable digital widget will get copied without authorization). Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000? I feel like that would reduce the incentive to crack the paid version, and legit businesses (In the US anyway but we're trying to sell everywhere) would generally pay and maybe we could identify some of the people using it to make money without paying us (and then sue the one with the biggest pockets). What would you do?"
Please do clarify as to:
1) What would the program actually collect about users?
2) What would you do with the data?
3) Would you do that without informing the users of this or not?
You see, whether or not that is even LEGAL in the first place depends on the answers of yours.
Why aren't you using one already?
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Girls prefer men comming second :)
Adding DRM won't stop people from pirating it, didn't you learn anything from being a Slashdot user?
Hardware dongle.
If your software is really worth that much, then I think it's justified.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Well provide the paid version like you do now, and provide a stripped down version that has some really neat features that the pirates who would really want your software would use. There's no form of DRM that will stop anyone from taking it, none. Auth servers? Crackable. Dongles, about 8mins with a soldiering iron. Token keys, same deal, just longer. Rings, yep. And every bit of DRM that you use, will more than likely piss off your paying customer when it breaks the software.
Unique serials do work, especially if they're uniquely identified to who you're selling it to. Then you can at least go after them for copy infringement.
Om, nomnomnom...
No matter how much DRM you put on it it will always be removed. The best thing to do is concentrate on adding value for paying customers. Do an on-launch check against the serial number over the Internet. If no Internet is available up to X number of times then launch without it. This is similar to what DOOM 3 by id Software does. If the same serial number is showing up too often then ban it. Basically: you're a niche - put a little DRM on it, enough so that a normal user wouldn't notice it at all ideally but at the same time that just enough that it would need to be cracked for every version for illegitimate users.
Shh.
you should have posted the spyware one to thepiratebay yourselves before it got cracked. Then nobody would've bothered to crack your commercial version, assuming it is indistinguishable feature-wise.
Not for commercial use option would allow people to upskill using your product. Some of these guys may end up in the industry you sell to and in taking their skills into that industry raise your products profile. I would think that this is the easist way to become the defacto supplier of niche software. However, spying on these people might turn them away from you.
I thought all the $10K video editing programs had gone away except a couple of holdovers from yesteryear. Use a hardware dongle and piss people off like Autodesk did. Or use an online authentication scheme that will piss off other users. Hell, for $10K, fly a lackey there to install it personally.
My point is, if someone wants to crack it, they will. The high price tag makes it more attractive.
Have the system call home with a serial number periodically and return with an encrypted expiration date. (I would go 30-45 days to avoid issues with loss of Internet connectivity)...also log the time, date, and ip address of the registrations so you can find "shared" serial numbers that can be disbaled... Or you can open source your software and be in the services business, supporting the software, helping people install, configure, and use the software.
Release the software as free, open-source software. Then, use the community goodwill and appreciation to feed your family and pay rent.
Alternatively, identify the client who released the software into the wild and sue them for breach of contract.
Lastly, make your software so awesome that one of the big players can buy you out before the well runs dry.
Oh, and brace for the commenters calling shenanigans. People who pirate software don't like the thought that there may be actual, real-life negative consequences for small development houses.
If I knew the commercial free version did any sort of spying I would not trust the company what-so-ever. There is a reason I am boycotting Sony.
by Anonymous Coward: I, for one, welcome the shift from car analogies to pizza analogies. um.. overlords?
Is there potential for offering a basic product for a nominal amount, and selling modules which improve functionality to those willing to pay?
I certainly wouldn't pay the many thousands of dollars for Photoshop, but I might pay the hundred or so for the functionality I actually needed. Bolt-ons seem to make sense when appealing to many different markets.
Finally had enough. Come see us over at https://soylentnews.org/
Your flaw is to assume those "pirating" your software are "potential customers". They are not.
My karma is not a Chameleon.
How would this work for a product that's so reliable and so easy for most end users to figure out that it doesn't need a lot of support/services/consulting?
If someone is really a potential customer, like in would be willing to pay ~10k for your software, then support, improvements, fixes, and all the help they could get to successfully run it is a good part of the reasons they would, and that won't be in the pirate bay. It gives your software a bit of visibility, and if it lands in an operation big enough to have that kind money available to buy it, they will, and it the operation isnt big enough, then they wouldnt buy it anyway.
One of my favorite pieces of software is an audio editing and recording suite called "Reaper". Reaper is very cheap for personal use, and requests a reasonable sum from professionals. There's no copy protection - just a nag screen in the tradition of old school shareware. I know several people who have purchased it for their own personal use, and at least one "professional" who has as well. I think you touched on the real point here. If it's big and expensive, and people want it, then the pirates will crack it anyway. I mean look at Adobe's Photo Shop. You're absolutely correct in that you're better off writing the software than protecting against piracy.
A lock just keeps an honest man honest.
If your software is highly desired, identify what people want most of all. Sell a 'dumbed down' version for next to nothing. Get people hooked. Those that want more will pay. It's always good to have a demo version but make sure to give people the option to NOT send you anonymous data. Privacy is a make or break it subject right now.
Stage your software in multiple versions. Package it into modules, or versions that make sense. Most people just want the software to cut and paste video bits together. Give them a taste at what your software can do. Release it at price ranges those who are stealing it can afford. Keep the expert features for the experts who will pay for it.
You'll be amazed at the adoption rate. When your name gets out there and is affordable by smaller studios, then you have more weight. Focus on quality, configuration and features and avoid DRM. DRM does not work. I know. There isn't anything out there that can't be cracked in under a week... so don't challenge them. Otherwise you'll face the Streisand Effect.
Use something similar to Apple's USB key for Logic Pro 7.
Whatever they used, AFAIK it was never cracked, unlike Syncrosoft.
Or I could be wrong.
I chose to end my comments, not with a rim shot, but a long decaying F#7sus4
There are two methods I would suggest to do - first, leave the modest DRM in and do not offer a 'free for non-commerical use' option. If your software has real value, people (students and those casually interested) will grab a copy and learn to use it. When/If they take these new skills to an employer, their employer will purchase the software. (Adobe method?)
The second is to offer a trial, but extend the length beyond 30 days. I never thought 30 days was long enough to get accustomed to using a piece of software - you want to have the user get into a routine when using your software and then yank the rug out from under them 90-180 days later. Cruel/mean, perhaps, but you're trying to sell software at $10,000 a license. That generally isn't something someone will purchase on a whim.
Stay away from the 'spying' method.
My recommendation would be to provide a not-for-commercial-use free version which is almost totally identical to the premium version. Have this version embed a digital watermark so you can identify if videos pop up commercially which haven't paid for a commercial license. Make it non-obtrusive so home users don't mind (I recommend it not being a visible logo or anything of that sort, just the digital watermark).
You're not going to be able to prevent a pirated version from cropping up except that you make the pirated version not attractive compared to the legitimate version. Those inclined to not pay for the software are not going to pay for the software. Provide it for free with the forensic ability to detect license violations. The paid version places no watermark, so you get the best quality and the legal right to use videos commercially after it's paid for.
Slay a dragon... over lunch!
have tons of updates, features, reasons for they to upgrade constantly. Change the DRM constantly. Make smaller products, not large ones.
1) keep a list of your 30 valid customers and their IP range.
2) make the program require a network connection
3) You could load portions of the program from the net, you could validate against a server, you could load key data and then remove it afterwards, you could request a validation key from the server. Best way would be for part of the calculations be on your server. So a few key routines are never present on the customers computers.
4) When the same software starts asking from a new IP range, don't support it.
All bug patches and versions of the program for new O/S and new video drives has to be the patch version.
You'd lose some customers over this policy but it would be uncrackable. You would need someone who could run servers and your programmers would have to think about the design every time.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Doing some of the processing server-side might work for some applications but not for video editing because of the immense amounts of data that would need to be uploaded.
It's as simple as that.
You MUST require always-on Internet connection for your software to be usable. It's not only ubiquitous and accepted by the paying clients nowadays but it's also a feature paying clients do *WANT* (because you can tell them, for example, when they launch their software that a new update is out).
So the first step is this : always-on Internet connection. There's is no issue here: we're living in a connected world and virtually all your users are already always connected.
Then make part of the computation your software does happen on the server side. We've got servers that we call "licensing servers" up since four years. They do more than just "verify the licence": they do actually do things that the software doesn't. So should a pirate want to crack our software, he'd have to re-implement what is done on the server (or pirate our servers directly but good luck with that ; )
Needless to say: make sufficient computation happen on the server-side and your software becomes unintersting to pirates.
Now you have to decide how much information you want to send and how much CPU you're willing to use on your servers.
It takes some work... But we haven't seen any "crack" nor any "keygen" (impossible seen that we're signing all the keys we're emitting and that our server is verifying that the key are actually signed with our key) appearing on any rogue sites.
Now of course if our users don't like the fact that there's no crack / no keygen and that they need to have an always-on Internet connection to use our $$$ software, they can GTFO and use inferior product from our (lame) competitors.
; )
Can also add in a quick reporting function, and check if the source IP is from a major studio.
Disclaimer: I am not your lawyer, this is not legal advice, but is simply for my own amusement and should not be relied upon.
Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000?
Watermarked as non-commercial use only? Hilarious if you run your water mark detector on a TV show or movie and it shows up and you start blogging about the pirates.
Another good laugh would be bait and switch the free version has 75% of the features removed at compile time. You can left align or right align all you want but if you want to center its $10K. Or you could use any font you want for $10K but for free its only possible to use... comic sans.
Another good laugh would be speed. Intentional slow down loops in the free version. While evaluating your software for possible purchase do I care if everything happens 20% slower? Heck no. But if I'm a bean counter at corporate, I'd be insane to reduce my employees productivity by 20% just to save $10K Unless said employee using the software for 2 years earned less than $25K/yr, which is probably the case outside the US...
The problem you're going to have is "free or $10K" is an absolutely insane market. It better be unimaginably amazing to be worth $10K in a world of 99 cent apps and $100 video editors. Rather than the revenue from 100 sales at 10K each, wouldn't you prefer a million app store sales at $20 each?
Would I download your software for free at home if its legal? Maybe. Why not a license of pure profit where any CC released work is a $10 software license with no support. The cost to you is minimal and you get "free" revenue. Or a license where its gotta be CC licensed work with a link to your company in the comments or credits screen or something, basically they pay you, to market for you. Or "please support us by purchasing an anonymous coward XXL tee shirt along with a software license for CC released works for only $50" Or the software is free for CC editing work, but the fine manual in printed and pdf form is only available for $50 along with a formal written license for CC-released work.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Any copy protection will be broken. It always has, always will. The only thing you can do is to make it a pain for the people that try to crack your software. Completely changing your copy protection every release you build seems to be the only way around that. I used to work for a company that had a similar problem as yours (they were legally required by the copyright holder of their material to do DRM and the contract specified some pretty strict guidelines and penalties). It was all Java code, so they created a library of functions - some doing checksums, others doing online serial number queries, and so forth. Each copy protection class had a frequency and weight to it - how often should it be called and how resource intense is that check. Then there was a piece of code that would use that information and insert calls to the copy protection code fairly randomly in the code. Would change class names and packages and such too to make the copy protection code harder to spot. Then run it all through the profiler, measure the overhead when going through the junit tests and then verify that not too much overhead was introduced...
Yeah, overall a mess and a lot of effort, but it did work. Each version required so much effort from the cracker that only one version of the sw was ever cracked. Also, the developer that was hired purely for that purpose was simply cheaper than the penalties for violating the copyright owner's content restrictions...
Making sure you get paid is important, but spying on your customers is not legal, regardless of your intentions. Remember Sony's rootkit and the fiasco that caused? You just don't want to go there. I'm a CISSP and am well versed in this area.
That said, you still need to make sure you get paid for what you do. PC software history has shown that the harder you make it for customers to copy your software, the harder people will work to break it, because you are taking away "reasonable use" rights, an action that many find morally objectionable. That doesn't mean you shouldn't implement a licensing scheme, but understand that how you do it and how you enforce it is very important. You want to make it controllable without taking away rights or making updating/moving your software difficult. Simple measures are effective. Anyone who has the expertise and time to attach a debugger is going to break your protection, period. So don't bother with those people. The two simplest and most effective measures are:
1. License key
2. Unique identifier or dongle
For expensive apps with a small number of customers, most companies choose a dongle because it doesn't annoy customers, no install/update or machine move issues, etc. Your only hole there is that customers can have it installed on multiple machines, but not running simultaneously. Normally, this is perfectly acceptable and falls within what customers want anyone. If you need to control that, you combine a dongle with a machine-specific key identifier or just use that. But if you do this, you have to support people moving licenses from broken machines to new machines. You can use the Windows Activation mechanism to do this - they have an SDK for it and it is used in many programs. A simple license key is sufficient for a $10,000 app, though.
after 10 min just pop up a random passage from the user manual and make the user find the correct page. the longer the manual, the more effective this is. alternatively, devise a strange set of symbols and provide the user with a high tech spinning paper wheel so they can "decode". this isn't rocket science here ; )
I think you should simply release free version for non profit use (no strings attached, no support) and paid one for for profit use (with support). Take bug reports and suggestions from both, but prioritize those from paying customers. Sue those who use free version for making profit.
Use FlexLM (license server tied to a hardware address - defeatable, but annoying) like the the majority of other vendors. Also, try to remember that you're company is in it's infancy. The more publicity and use your product gets the better. Better to lock it down after more people use it than before.
Don't worry about the "non-potential customers" that are using it, since I assume you mean they are not producing commercial video form it.
If their are legitimate educational institutions using it, offer to work out a licensing deal. They get levi copes and you get a broader user base. if it's a non-profit that truly can't afford it but is using it, consider the benefits of a donation in terms of good-will and publicity. Turn these into win-wins.
For those that you can prove are using your product to produce commercial video, go after them. They have no more right to pirate your software than someone has to pirate what they produce from it. Their customers may think twice about using them if they get embroiled in a lawsuit. Some of course, will be essentially unusable - follow your lawyers advice and pick battles that, if you win, will pay off.
Finally, consider a light version that has some features but really isn't strong enough to be used for professional work. For your pro product, consider a dongle but asses it's impact on your paying customers - will it make your software a PITA to use and chase them away?
I'm a consultant - I convert gibberish into cash-flow.
Spyware sucks, look if "they" want to crack it it isn't going to make much difference what scheme you use including spyware.
"If any question why we died, Tell them because our fathers lied."
Seriously. You'll only annoy the people that pay.
The hardware dongle might help for a while, but I'm willing to bet even that doesn't work for very long. make your extra money on support. Make sure the software is so customized to a single business (hey, $10k) that it wouldn't do anyone else any good, or would be so obvious they wouldn't try. If the software isn't custom and would potentially be useful to people who can't (or wont') pay, then your copy protection won't work. Doesn't really matter what you pick. Paying customers will pay either way, don't punish them.
Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
If you're releasing a fairly specialized toolset, which I imagine you are for $10k, you might want to look at how people like AutoDesk handle things like that. They USED to provide semi-feature-limited versions for the self starter.. otherwise they worked great. (GMax and Maya's Personal Learning Edition).
Alternatively, you could go the UDK (and Crysis, and whomever else now) route of just saying 'have it.. merry xmas.. free for personal use.. but if we catch you using it commercially (or for a certain value of commercial), we'll find you.. you need to license it'..
The advantage of both is you're creating a brand-name awareness and educated user base, which is good for the long-term outlook of your product.. but it might be hard to justify or pay the bills in the short-term to your business people.. As others have said, you might be able to shift into a Support-for-dollars-only model as well.
----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
Well, you certainly won't find a shortage of opinions on Slashdot. :-)
If you think the software is good enough, then a non-commercial version with limited registration information (e-mail, name), and some very privacy-thoughtful reporting (maybe to ensure that the registered serial numbers are only being used by one machine at a time), should only be a good thing. Getting your software into the hands of the people that might buy it will get them used to it, relying on it, and eventually make them customers. But (as others here have posted), don't abuse the "spying"... if you start to make money by pilfering the free registrations for ancillary information you're just going to annoy your users and they'll be more apt to pirate the software or use fake registration information. Giving them something in return, like forum access for very limited support, is helpful.
Other possible models include giving the software for free and asking payment for support -- nearly all profitable Open Source companies do this, and even if you leave the source closed the business model isn't terribly different. You could publish a "crippleware" version, which I find rather annoying, unless the limits are such that the home and non-commercial users needs are really satisfied, and the only people that need to pay $10k for the software are those to whom it's worth it. I give a nice shout out to Andrea Mosaic for doing this correctly (at a lower price point).
Lastly an option you may have missed may be to ignore it because it isn't a problem. A pirated version by a customer that wouldn't have paid anyway probably doesn't hurt you. A pirated version by a customer that would have paid may actually turn into a sale if they need assistance. When you upgrade, if the pirates liked it, they'll want the next version, so they may buy. It may be pirated by employees or students who years later may remember it and decide to buy it. You never can tell.
In those cases, you're getting your software out there and used; you could take an "all exposure is good exposure" attitude. The fact that you didn't list the name of your software in the original post here means that you may not think that way, or you may outright disagree.
Still, piracy is going to happen. At least you're asking the right questions. Don't let yourself get dragged into a fight with the anonymous masses on the internet, though -- you'll probably lose.
WTF does it do?
Apple has Final Cut for the prosumer and wannabe pro
Avid is the pro software market
people like me use imovie or adobe something which is like $100 and includes the adobe version of iphoto whatever the name is
video editing software is a mature market. unless you are making some cool plug in or your software does something really cool that the big boys don't do you are screwed
$10,000 is a lot. Maybe make real but effectively no-op customizations to each legit copy so each is unique, including a banner that says whose copy it is. If it later shows up stolen you know whom to sue. Add some phone-home statistics and you know how much to sue them for. Do a little runtime checking on the visible ID banner to make hard to remove.
You obviously don't have much experience with software at the business level. The $10k usually includes support, upgrades, etc. It's not like they're charging $10,000 for a basic word processor.
Simply suing everyone who casually pirates your software is only going to turn the public against you and worst of all it could succeed by getting people to stop using your software and to use a competitors instead. I can't think of a single successful case of companies suing the public for pirating their IP and coming out ahead in the long run.
Instead make your software free for non-commercial use. Students and the curious / casual user can safely use the software without worry. After a few years of using the software they will insist on having it when they make the transition to professionals. It's like Microsoft Office, people use it because it is what they are used to.
Meanwhile if there is someone using the software commercially without paying, that is when you get the lawyers involved.
The only DRM you need is: Make sure that your users have a valid serial number before you start providing support for the product.
You're trying to compete with 'free'. The solution is to make the version you're selling for $10,000 worth that much. Add more features, innovate, and provide support to the users who have paid you.
Also, most of the people yanking your software off of the Pirate Bay are not your customers now - they either can't afford it, or they're not even sure if your software will meet your needs. In the future, they might have that same need AND the money to pay you, and at that point they'll know your name.
So you are willing to turn your program into the equivalent of a cheap slut looking for framing some rich guy into a rape lawsuit? Isn't this illegal in the U.S?
This is something that I have never dealt with directly, but I saw a similar post on StackOverflow a few months ago and bookmarked it because it seemed useful.
The answer it seems is something called "Partial Key Verification": http://stackoverflow.com/questions/3550556/ive-found-my-software-as-cracked-download-on-internet-what-to-do
In short, the software would still work, but re-direct people to a page letting them know that they've been "caught" pirating software and that they should really purchase it. This won't stop everyone, but some people (especially in a business environment) won't risk "being caught", so they will purchase the software knowing that you know that they know they are pirating your software.
With low volume high price software, it's easy to tag copies provided to each customer with some unique pattern. Then you can deal with the company that's "losing" the software. Then, remove the copy protection measures entirely so that your above-board customers aren't inconvenienced.
You can deal with the losers with a relatively light touch: "Warning: Your copy of the prior version appeared on software pirate sites. This most likely means that one of your employees stole it from you. If your copy of the current version we're giving you now also slips your control, the next version will cost you double."
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Wholeheartedly. There are people who would benefit from it for not for profit tinkering, who wouldn't shell out 10k for the program anyway, but for corporate use they should be paying and there should be a way to track it. I'd suggest put reporting on both though, to keep track of all users, and track through forums for support to link them to paying customers. No support for a free program other than help and tutorials, but if you can track a real customer, then support as much as you can - they'll be back for more. I wish all software providers would do something similar - all corporate software should be payed for, and severely punished if broken, to the point of stopping the business to prevent misuse. This allows the tinkerers to provide a free community and larger user base to pull ideas and information from as well, and just maybe they will get a job somewhere and be evangelical enough to make a corporate sale down the line. Good plan.
Is what the software does worth $10K? If it really is, then you'd be far better off hiring some in house editors and offering your services using your magic proprietary undistributed tools. After all, you'd be able to undercut all your competition by at least $10K/yr equivalent.
Its has to be worth more than that, like $25K/yr, otherwise your purchasing clients would not waste the time and money learning new software, they'd just throw more bodies/billable hours at the task and not have to deal with you. They're planning to save $25K using your software of which they're giving you $10K to keep it legal. Why not keep the whole $25K for yourself?
Its one of those put your money where your mouth is moments... if its really worth the dough, you'd make more money reselling video editing services than you'd make selling the tools to edit video.
My guess is, you're about to discover the appropriate price would be maybe $100 not $10K.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Very good idea too. There's always one employee who will do this in the end.
Most people who pirate things do so for two reasons:
a) can't afford it or the cost is so high the software loses it's actual value (e.g. Photoshop)
b) want to try it without a monetary investment.
You can fix both of these problems by:
a) stop charging stupid high prices for your software so regular businesses can afford to invest in your company
b) make alimited use version available for people to use before spending 10K on your TEH AWESOME software
Make a special version of your software that is loaded with the nastiest viruses available and seed it onto pirate boards. On your website warn people to only use software downloaded directly from you. Give away a limited free version so people can give it a test drive.
- For the complete works of Shakespeare: cat
Basically the only thing you can do is host your program as a cloud service, with dongles. That doesn't mean you should host users files (depends on what exactly the software does and for whom) necessarily, but core parts of your software should be online only.
Sell or give a away a free 'thin' client, that should always let users open files, convert them to another format, that sort of thing. But any actual functionality should require authenticating with your service.
If you're in the 10k/copy space you can set up the licence keys such that you directly track who has them, and where they're from, and if someone tries to access the software from out of a valid range you can simply block them.
There are a couple of ways you could do it, one is to have the client send data to your server to execute, the other is to dynamically pull down modules of the program as needed, and then clean them up once they finish executing. Keeping the data on your servers is the most secure from your perspective, but the least desirable from your customers perspective. Downloading program modules in real time shouldn't be too hard, but someone really determined could probably grab all of the modules and then disable the web check or redirect it, that's a fairly significant pain in the arse though, especially if you're a legitimate business then you're very clearly working hard to pirate the software, and that could land you in trouble, and anyone illegitimate well, they weren't customers anyway.
lots and lots of "bugs".
Then charge $10K/year for support.
The sweet thing about this approach is obvious -- most software houses already implement it.
Oh, and downloadable updates. It gives you an excuse to spy on your users.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
'Cause you're asking entirely too much for nothing more than a single piece of software. To whit:
Here is your competition.
Perhaps a lower price point would keep you from going tits up...
An enigma, wrapped in a riddle, shrouded in bacon and cheese
You can't beat pirates with better DRM, The crackers always look at that as a challenge, and they have the time and resources you don't.
Use a basic DRM to "keep people honest", then embed a serial number and client name in each copy you sell. Make it appear prominently in a splash-screen, or menu-bar for the software. Put a few routines deep inside your code that cause it to fail in subtle ways if someone messes with the embedded info:
-Cause an "out of memory error" with a code number specific to a license problem (could be a problem because if the crackers catch-on, they'll have a traceable element to identify your testing routine).
-Generate flash/corrupt frames during renders occasionally
-Modify keyframe values or parameters randomly enough to corrupt the output
If copies get out, you'll know which client leaked them and you can cut-off their support and black-list them, plus others will have unusable copies. The only risk is that if people think the corruption is due to your lousy coding rather than using a cracked copy...
"Nothing strengthens authority so much as silence." - Charles de Gaulle
Trying to be a douche about it with DRM and spyware is simply going to cause someone, somewhere, to crack your product and rip out the spyware code. You will waste a lot of money and time playing this game, and you will never win.
Instead, learn from those who have figured out that if someone's pirating your program, that someone is a possible customer. WHY didn't they buy it? Was it too expensive? Was it not available? What was their reason?
Go find out. Go ask them. Use this as a market research exercise and figure out what you're doing wrong -- because you ARE doing something wrong.
And then fix it. Maybe the fix is a free "only some of the features" version. Maybe the fix is "100 free copies to people who are working for nonprofits and doing good things for the world". Maybe the fix is...something else that you and I can't even imagine yet. But if you fix it, you will turn some of those pirates into customers, you will build good will, you will find OTHER customers, and you will avoid falling into the every-pirated-copy-is-a-lost-sale fallacy that has crippled so many companies.
This won't stop the piracy, of course. Nor is it intended to. You'll just have to accept that it CANNOT be stopped no matter what you do. But since it's inevitable, you should figure out how to profit from it. Others have.
Your spyware should be marketed as a corporate metric service where someone (da bossman?) gets an email listing how many hours per week per install or whatever.
Nothing bad, no legal documents, no permissions or guarantees, but you'd be insane not to track down and crack down upon an ip addrs from a major studio using it 60 hours per week every week for months, and you'd be equally insane to crack down on a residential cablemodem who used it once or twice for a couple hours.
Market it as a performance metric evaluation tracking value added feature, not a DRM problem.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
As an IT person who has supported software like what you're using, I always insist on paying for software because, for professionals, it's not worth the legal (and technical) liabilities that come with pirated software. Yes, your software will be pirated; that cannot be helped. If your software is worthwhile, you will not prevent copyright infringement.
However, many companies try to fight piracy by requiring product activation or hardware dongles. When I run across software with their of these kinds of protections, I always recommend looking for another solution. In other words, if you make me use a dongle, I will be looking to replace your product with something that does not require a dongle, or to rearrange our workflow so we simply don't need your product.
I know, people *think* that dongles and activation and other copy protection shouldn't cause problems, but I've been supporting software that uses them for well over a decade now, and they *always* end up being a headache. It's true that in some cases, I was not able to replace software that required dongles or activation, but do you really want to rely on me being "stuck" using your product? Do you want to run your business by relying on your customers to be locked-in and forced to use your product, or would you rather have your users be happy with their purchases?
In short, if you have some very minimal DRM, that's not a huge problem. One option might be to have forced registration-- i.e. when you install, it checks a serial number online and won't install without verifying that the serial number is legitimate. But the main problems with this sort of scheme (i.e. activation) is that it tends to block imaging solutions in businesses, and it tends to break down when an admin needs to move licenses between computers. Make sure you consider both of these needs before implementing DRM.
...in order to defeat someone seriously interested in breaking your copy protection. Misdirection is key.
Dongles, node locked licenses, networked licenses - all rather easily crackable and to be honest - primarily seemed to be designed to eke out maximum revenue from people who actually bought the software.
The only thing likely to give you some serious protection is to obfuscate your licensing scheme. The best way I've found to do this is to have a non-obvious component actually doing the licensing evaluation (periodically as part of some normal functional operation) and if that fails to subtly screw up the operation of the software. You still want to have standard 'relatively easy to tear out' protection so that legitimate users get notifications of a bad configuration or license, but what you're trying to do is make the software useless for people pushing it on a torrent/warez site.
For example, let's say this is Windoze software and you've got some COM+/MTS components in it. Don't have the main executable do anything other than the standard license checking. The DCOM/COM+ object will actually do the quiet validation, and if the licensing fails, it doesn't warn the user, it simply signals another DCOM/COM+ object to operate slightly differently, then that one does something wonky to screw up the experience.
Ultimately, there's no ultimate protection possible, but if you make it hard enough, people will likely avoid trying until the benefits outweigh the effort. Hopefully by that time you're profitable ;).
Loading...
If it's just individuals, let 'em go or reach out to them in an innovative way. Maybe add code that detects a pirated version and change all the menus to pirate-speak. If it's a company, then sue. I seriously have no problem with vendors suing businesses within reason if they are blatantly pirating software.
Integrate an invincible red scorpion in all videos produced with cracked version of your software.
Should be detrimental enough !
The only REAL way to prevent software from being copied/cracked is to include a hardware dongle. A simple USB device that has some hardcoded information included that must be plugged into the machine that is running the software. This has been done for years by high-end vendors. Nortel did it. AutoCAD did it. There are also ways to circumvent dongles. They are much more difficult to implement, however, and as such your software should be safer. If you are making a product that has such a high retail value the additional cost of a dongle (and the associated code) could easily be built in to the purchase price.
.sig
What makes it worth 10k? How about developing software that takes a team of 5 people 3-7 years to write, for a target market of 200-500?
You and 4 of your buddies may be willing to work for the next 7 years for a possible income of (500*100 = 50,000), and you can split it between yourselves. Sounds fair. What number can I call you to schedule when you can start?
In my (admittedly not-comprehensive experience) the more expensive the software the more likely that the 'DRM' was fairly minimal; but the greater the risk of real lawyers really going after you, personally, not as part of some shock-and-awe attempt fishing expedition...
For software that expensive, the sorts of ghastly DRM that get used on consumers and their $60 EA shovelware are mostly going to piss off your customers, their tech people, and your phone support drones. As much as this isn't the correct Slashdot answer, 'Bring in the lawyers' is likely both the best and least alienating technique.
That said, BSA bullshit tactics make more enemies than friends, you Do Not Want a situation where somebody who would be just fine with cutting the check fails to do so because license tracking is byzantine and then gets jumped. Similarly, you burn both legal hours and goodwill hitting people who aren't customers-who-underpay or customers-not-paying. If some warez kiddie is downloading it to justify his 6TB piracy server, or somebody's English class documentary is getting cut on your software instead of iMovie, that may be 'piracy'; but it isn't exactly a potential sale...
Do what you can to make license tracking and compliance easy(speaking as "IT" we have no enthusiasm for being the go-to piracy hatchetman when the higher-ups want to save some cash, so even token DRM can be useful in that it allows us to shrug and say 'Oh, sorry, I tried to install 5 extra copies, like you asked; but I can't get it to activate, and I read on CNET that bittorrent is a haven of viruses and rootkits.' if asked. However, at the same time, I'll be damned if I have to grovel through some mess of PDFs attached to vendor emails to figure out exactly how many 'Foo' licenses I have, whether they are 'person', 'seat', 'network', concurrent' CAL, whatever, and then grovel through N computers to figure out where the software is installed. Sometime I do, because sometimes it's my job; but it isn't at the top of the list(either of what I like to do, or of 'things I could be doing that would make users happier now'). If that is set, the honest and ethically-lazy-but-risk-averse customers are covered.
If you have people doing serious business stuff with cracked copies, nuke 'em from orbit. As for the rest of the cracked versions out there, it is unlikely that trying to win an arms race against people who crack software for fun is going to be profitable, and it is similarly unlikely that any amount of force is going to convert casual pirates without commercial use for your product into customers(worst case, they never give you a dime and get some use out of your product; best case, they get experience now and buy later; but you'll be lucky to make back the legal fees if you try to extract by force now...)
You seem to have done your homework about the "potential paying customer" you have lost with TPB (At ~10k$ software, I really doubt there's many), but what about potential paying customers you'll lose by pissing off customer with DRM?
Anything that is close to online DRM will result in lost of client, and all offline DRM is easily crackable. By asking the question, you already gave the answer : There's no magic DRM that'll do everything. Trust me, if it existed, you'll be already using it.
The real mistake you did was spying on TPB. The same way celebrity avoid Star magazine, developer should avoid looking on demonoid or TPB because the only thing they'll achieve is pissing you off. Stop wasting time on this and concentrate on making your software better and save your money for advertisement.
Elok
I have a Reprap 3d printer. The software that seems to work the nicest for designing parts is Solidworks. But they only sell it in two ways: for business for about $4000 and for verified university students for $150 a year. I'm neither. They don't make an option for hobbyits. Which leaves me with the Pirate Bay option. That kind of sucks because I wish there was a way a hobbiest could use this software without stealing it.
So that's something to consider. Who's stealing it? If it's businesses then yeah you have a problem. If it's hobbyists then maybe it's because you don't have a deal for them.
Specialized software can be very expensive especially when there is no alternative around. I've seen this happen many times with businesses looking for some special iventory database, or software to run specialized equipment. The problem is that other software companies catch on to these specialized programs and start selling similar software for a much lower cost. It's like tapping into a new idea, charging a crazy amount for it until someone else jumps on, and the price falls down from $10,000 to $100.
-- By all means let's be open-minded, but not so open-minded that our brains drop out.
When your software is THAT expensive, then you can afford to compile each instance for each customer. By recompiling for each customer, you can make each release version they have unique to them so you know where the leaked copy came from. Secondly, you can also arrange and require a "license server" on the network where it will be run. This enables a machine to run without internet access but will need access to a licensing server. You can figure out the details to make it usable but the idea is that it won't run without licensing information available at any or even all times.
And since you are compiling each copy for each customer's site, "cracks" will be a bit harder to maintain, but in order to accomplish this feat, you would have to take some pages from virus writers' playbooks.
In the end, everything I have spelled out is defeatable. EVERYTHING. In the end, software is a series of instructions that the computer runs. It's not a magic box.
And this interpretation of "potential customers just getting it for free" is nonsense. If they use it professionally, they will pay. There will be incidents where some professionals will not want to pay. You will either have to live with it or spend a lot of money on investigators and lawyers. Is that really where you want your existing profits to go?
And are you SURE you're not charging too much in the first place?
That's just not how the enterprise market works. As price goes up, generally complexity goes up, and therefore the need for support goes up. People don't generally pay $10k to solve simple problems.
-- the computer doesn't want any beer, no matter how much you think it does. NEVER, EVER feed your computer beer.
People will always pirate software. The trick is for you to make it worth their while to pay - support, features, bug fixes, etc. Look into some of the FLEX licensing code (IIRC Macrovision) where you can assign specific keys. I'm sure that's also crackable, but you're raising the bar. Consider a cheapware version too.
I want to delete my account but Slashdot doesn't allow it.
Although I like the concept and the relative ease-of-use from an end user standpoint, avoid the iLok. I thought I was having problems with Pro-stools. Turns out it was the iLok driver that was crashing and occasionally bluescreening windows. Narrowed it down to iLok when it caused plugins to crash in other DAWs, including DAWs without evil license management.
Ultimately, people will pirate your software. Remember that it's generally a service problem. You simply need to keep your customers engaged, and offer deep discounts on multi-seat licensing. Have minimal, non-intrusive license enforcement (read: brand the software with license ID, and that's it). Offer site licenses. If that doesn't cut it, chances are your $10,000 software is really $10 software.
The genie is out of the bottle. The version that people have downloaded will be eternally freely available and there is absolutely nothing you can do about it. You might modify future versions of the product, but unless the future version adds significant value to the product, it will not dillute the availability of the other version (and even then, it still might not change things).
If you add DRM, somebody, somewhere, will take it as some sort of personal challenge to strip it, so... in a nutshell, you are hooped. You cannot stop piracy, and it is futile to even try.
About the only thing you might be able to do is, when you create a new version of the software (that adds significant value to the product), create a process at your location that automatically makes a complete custom build (as in, a custom build from source) for each and every customer, so that each unique copy of the software that each customer gets is somehow distinctive from every other customer's copy. Keep the details of what you do a secret... but make it pervasive, and make it complex - ideally extending in some way through every file that is part of your software.
If (or, more probably, when) a pirated version does turn up on some pirate web site somewhere, you could then download it yourself and check to see which customer the pirated version corresponds to (perhaps starting by comparing md5 hashes to narrow down the choices, and then to cover the remote possibility of md5 hash collisions, comparing the pirated version with each individual potential matching customer's build). This won't stop pirated copies from appearing, but it will at least give you tools to find the customer who initially copied the software illegally. Since your software is so expensive, it's a reasonable bet that the customer would be in a position to pay restitution. Even then, however, there is the possibility that none will match, so this still isn't a guarantee, but I think it's the best shot you might have.
File under 'M' for 'Manic ranting'
My suggestion: Forget copy protection. Use piracy as free advertisment. Make a special "pirate edition" of the software that will lack some functionality (by lacking functionality I really mean conditional compilation of the underlying code but keep the disabled interface widgets in place) and display information about where to buy the full version.
True, WinZip is another example of a program that has become "good enough" to not need support, but it's easily replaced with free software. When the choice is WinZip or free software, one can avoid both payment and piracy by choosing the free software. The choice isn't so easy with a video game.
What I was getting at was that they don't talk about 10k including all of those "extras". I took it instead as a way to offset their "losses" from the spy version. It sounded to me like they were increasing the prices to try to make a profit off of the few customers they may have.
You are living on some cloud nine. We have seats of parametric 3D cad software: about $4500 per seat, with a discount, too. Yearly maintenance is $1500 or so per seat. It works out because there's no one else who provides it any cheaper than that, and the file formats are completely proprietary and their binary structure is intentionally obfuscated. We attempted to move to a different system, by writing scripts for the source software to export all the data to a human-readable text file, and then writing other scripts for the target software to read it in. It turned out that the underlying representation of data in both pieces of software differed enough that we'd need to license a not-cheap 3D geometry engine just to massage the data. Overall cost of migration looked like it'd pay itself back in the per-seat difference savings over ~15 years. IOW: they know exactly what they are doing with their pricing. You'd need a 100 seats to have payback in a reasonable amount of time (3 years), and then you're still betting on other things (lack of new killer features on the more expensive end, etc).
A successful API design takes a mixture of software design and pedagogy.
Unfortunately in the world that we live in the copying of software can not be avoided. Trying to prevent it is futile at this point. Instead my recommendation is to build your business around the idea of supporting your software. You wrote the software, no one will ever know it as well as you do, so capitalize on that. Look at the model set forth by companies such as Red Hat, they sell free software and grossed 1 billion dollars last year. Let me repeat that, Red Hat was paid one billion dollars in a year for free software products. Why? Because they emphasized the support that you receive along with the software and provided value above and beyond what could be obtained by downloading the software for free. Just my two cents, but I feel like trying to stop copying is a losing proposition and the development hours and money spent on that fight could be better purposed by using it to develop your product and support your customers to a level where they want to pay you.
10k is pretty cheap for a lot of specialised software. The support you get tends to involve having an engineer actually solve your problem.
Whether it's cheap for video editing software depends on what useful features it has, and whether that can save several days' work over the course of a year
I'm not saying I care to even try it, just wondering if this is even real.
If your software does something unique, what you really want to do is move that computation to your own servers, and have the client call an API to get the result. That way you can make sure that every IP address that is running the software is licensed. This is how basically everyone who has successfully defeated piracy has done it. Nothing done purely on the client side can't be defeated.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Another "FTFY" that's actually a fix? This trend needs to be nipped in the bud! :)
Dongles are quite difficult to crack. You need to access to an actual physical dongle to crack it if protection is done properly, and you cannot download the dongle off the net.
.exe file, but doing that is not trivial.
/whatever.
Multiple locations in the code that check for presence of dongle will make it even harder. If you have a serial number or something, validate different digits of the number or use different algorithms in each check so that there are no common patterns in your software. Or better yet, store some critical code or data on the dongle, that way it's completely impossible to use your software without a dongle. Well, until someone extracts that critical code or data from the dongle and patches it into your
Anyway, if a dedicated cracker wants to pirate your software, you won't be able to protect it. If it can be executed on a computer- it can be duplicated. Things like this will only buy you more time and scare away newbie crackers. On the other hand, now you need to deal with extra cost of distributing dongles, and making sure dongle hardware provider has up to date drivers for all platforms you need to support. And that these dongles keep working with next release of Windows/Linux/Mac OS
--Coder
For 10k, you can afford some odd DRM. I've seen such programs require USB dongles be inserted into the computer running it. As others suggested, you could require an Internet connection to have it work, though if requiring the connection every time it runs is inconvenient, you could have the requests every calendar week and disable the program after that time "unable to contact licensing server, please connect to the Internet and try again" The plus being that perhaps the pirated version will end up phoning home, even if operational on failure, allowing you to collect some statistics on unauthorized use.
Or drift into fully evil DRM where an online connection is required to use the software (not just once or once a time period for licensing), with some calculations being done "in the cloud" and returning necessary operations. If you leave that connection completely open, then the pirated version will still work fine without modification, letting you track everyone.
The answer is more about what you are willing to do, rather than what you "can" do. at $10k per software, make each unique. That way, if one does make it out in the wild, you know who to go after. Code a serial number into the MD5 of the EXE or something. Though professional pirates don't generally pirate until they have more than one copy, for that exact reason.
Learn to love Alaska
My software company sells software in a similar price bracket. We don't bother with hard-core DRM or protection. We aren't aware of any widespread piracy (admittedly that might be an artefact of working in a fairly narrow niche. Most people just wouldn't care to use the software.). We encourage legal licensing through two mechanisms:
1) The stick. We do have a simple licensing system, but it is easy to defeat if you have the desire to do so. Honestly, it is more to act a as reminder to customers that licenses have expired and need renewal or that they've installed it on too many PCs.
2) The carrot. Make it worth the money. The customer gets support from us that is worth the cost of the software. One of our scientists will happily work with you to get results from the software and employing an outside consultant to do that work would definitely cost more.
You could say that our business is customer support, and the software is the hook to bring custom to us. With that mind-set, piracy is mostly irrelevant to us.
You have to sell software to commercial customers. In order to do that it has to be competitive with comparable offerings, but be better overall. It also needs a large user base, so that it becomes an industry standard piece of equipment. Music, design and video editing folks at the low end of the industry are notorious for pirating software. But who cares? It's not like they can afford it in the first place. They're not making any money. They're not customers, but potentially later on their ability to work fluently with the software might help them get a job with one of your commercial customers. $10k software doesn't just sell itself. You need a sales and marketing staff to get the commercial interest. the pirating part is just free crack for potential users.
Four completely different ideas:
1. Make sure people register before they have any sort of chance of downloading/using the software. If you're downloading a trial version of a $10k piece of software, this is fairly standard practice. Then, make sure your sales department follows up in a few days to find out how the software is working. Offers of a free demo are mandatory.
2. Your $10k price point needs to be addressed. $10k is not a huge amount for medium/large sized businesses. However, it's above the purchasing level for a lot of managers. It firmly puts it in the capital expenditure realm. What you really need is something like a $850 a month plan, which puts it under that magic $1000 purchasing threshold and into the realm of something that could be snuck into an operations budget. Also, offer financing through some third party software licensing company.
3. Have a database necessary for the app to run, encrypt and reencrypt key components of it via keys that get downloaded or generated off some unique piece of data. Each month when the customer pays their bill, supply the key needed to unencrypt it. If a customer doesn't pay, hold their data hostage. We have a vendor that did this, and although I hate them for many other reasons, it did keep us paying for their software for many months after we stopped using it.
4. I really like the idea of base software being cheap and modules costing more. At some point everyone needs to purchase more functionality, even if it's for a limited project. At that point, you have an opportunity to sell services to train people how to use it. Companies don't mind spending $1000 on a training session for a $2500 module.
----- obSig
When you start asking multiple thousands of dollars for a software package, no matter WHAT it claims to be capable of doing, you're setting yourself up for a predictable chain of events:
1. You attract the interest of crackers and pirates, who get cheap thrills or bragging rights simply from saying they were able to copy and distribute something so valuable.
2. You lock out a number of potential customers for your product because the price tag is simply too high for them to consider it.
3. You create expectations from those who DO buy your product that they'll receive a superior amount of support and even "hand-holding" long after the sale.
I'm not saying these are reasons you're "charging too much" for your application. Only you can really determine if that's true or not. I'm simply saying these are practically guaranteed side-effects of doing so. In most cases, you see the folks selling such high priced packages implementing all sorts of copy-protection schemes, precisely out of fear about items 1 and 2, but the most effective schemes will put a severe crimp in your ability to deliver on expectations for item 3.
I work for a steel fabricator, a business where very niche (and costly) software is found all over the place. In every single instance, the copy protection schemes included with these programs we've used has caused us considerable hassle in the long haul. For example, many years ago, they spent tens of thousands on a steel detailing package which was loaded on a PC given to an outside detailer, as part of a long-term arrangement. (He'd do detailing of our drawings for us at a greatly reduced rate, in exchange for us supplying the hardware/software -- and he was free to use the equipment to do other peoples' work too, as long as ours too precedent.) That was great, except he suddenly became unreliable (personal/family problems, we assume), and we wound up having to reclaim our hardware/software. Problem is, nobody in-house is currently able to use the software, nor do we really want to hire or train anyone. (At this point, it's cheaper for now to just send the work out and pay regular rates ... We have far less need to detail drawings than we used to anyway.) Meanwhile though, the software maker requires we keep paying thousands annually to maintain a contract on the package, or lose all upgrade rights down the road -- rendering it pretty worthless. Without a current maintenance agreement, we can't even call up and get the key code transferred over if we wanted to migrate the app to different hardware.
In another case (our document management package), we were getting absolutely reamed on annual support costs, but again, were trapped between a rock and a hard place because we had so much data in the package already, and migration costs to use someone else's produce were huge too. We got lucky and found a guy who used to work for the place, who now has his own consulting business. He was able to give us a far cheaper support contract to help us with any issues we had in the program (software crashes, questions about custom coding, etc.) - but was unable to provide us with any update patches. He bailed us out of a serious database problem the software developed at one point ... but again, we're trapped if we ever need the features or fixes put in newer service packs. (They want to back charge us for all previous unpaid years of support to "get current" before we can even buy a new contract from the original vendor!)
Still another situation involves a vendor who has to email us new, lengthy key codes to copy/paste into the application every so often, so it then "phones home" to verify it's allowed to keep legally operating. It could be worse, but it still stinks. If someone isn't available with administrator rights who can get the emails in a timely manner and take care of it, the whole package shuts down on everyone. And you can't update the key code while anyone is actually IN the software either, meaning it's best done after hou
What makes it worth 10k? How about developing software that takes a team of 5 people 3-7 years to write, for a target market of 200-500?
You and 4 of your buddies may be willing to work for the next 7 years for a possible income of (500*100 = 50,000), and you can split it between yourselves. Sounds fair. What number can I call you to schedule when you can start?
Large software projects do not turn a profit through sales.
They turn a profit through licensing / support / "value add" / etc.
Unless you're an "industry standard" (Adobe's shit, MS Office, 3DS Max), you can't charge out the ass.
If it takes you 3 - 7 years to build something for a niche market of a couple hundred customers, and you try to sell it for $10,000 a pop, you're going to go bankrupt fast.
It's ongoing licensing and support contracts that make money in those small markets.
Ok, I hate being pesimistic, but we need to face the facts. Money spent on DRM is wasted money. However, there are some ways others have spoken about that have some merit, but also problems. One such is the aways-online network model and also hardware dongles. Networks go down and standard dongles are easy to hack around. So, what to do?
The always-online model has the strong point that a portion of the processing can be off loaded so the central server, and user's software itself has code missing that can not be simply hacked around like in the dongle. The dongle can have some unique embedded features which can be tested for but is generally easy to hack around since its easy to bypass code. What about a mix of the two? What about a custome dongle that actually adds processing power to the software and the software is then sold as a "system".
If the dongle/board/unit has real functionality (e.g. FPGA accellerator board) the software without it is useless, and if the device is non-trivial it would be very hard to duplicate by the average hacker, and they couln'd just post the results of that hacked code online. You need both. It would be too costly to develop the replacement hardware for fun and impossible to sell it without being noticed. It would not be like a "standard" dongle that one can hack by putting in noop's and nonconditional jumps to deactivate it, as it actually does things the software side needs. A pirate would have to be *very* comitted, and with much more money and resources than the cost of one simple licensed unit to even think about trying to replicate it. As long as the coprocessor dongle unit adds functionality in the form of function or performance it may be acceptable to users, but not unless it actually gives them something for their money. So, can you product be decompoed into two peices where a portion is hardware accellerated?
1> What could your software do that would possibly be worth paying $10k for it?
2> Did you know that your DRM would be cracked in time?
3> Who is your market and are they using cracked versions?
4> Do you understand that spyware is just as hated as DRM?
5> Is this your first time in the software industry, really?
1. You would have to provide some pretty spectacular functionality that isn't provided elsewhere to justify that price tag. Customers do research these days before buying. They also look at finding open source alternatives first to save money. You do understand you're going against adobe, apple, and sony among others?
2. If you knew this would happen and you made the decision to put it in anyway, you just wasted a lot of money spent a lot of brand capital. If you didn't know, then you didn't do your due diligence. You really have to understand what happened. Customers or otherwise, don't view your software as being worth $10k and so they will wait for a crack to evaluate it themselves.
3. Perhaps you don't understand who your market really is. The majority of people downloading pirated versions of a $10k video editing suite couldn't ever pay for it to begin with. Perhaps the people downloading it are students or indies. If someone uses a pirated version of your software to make the next great indie film and wins a bunch of awards and gains recognition, I believe that is acceptable. Because copyright is used to promote the useful arts and sciences. You should really understand, you shouldn't be trying to sell your software to that type of market. Your market has to be those using the software for commercial purposes ongoing: The type of customer who will see sustained value in buying the software. Let's put it this way, if a guy in his mom's basement downloads your software, learns it, uses it to make a demo reel, and then gets a job, you benefit. That person is trained in your software and will be more likely to recommend or promote it to his or her employer.
4. Try doing some research on spyware and DRM in other types of software. I mean research from a customer point of view. Read some forum posts about UBISoft's DRM. Google when apple's iphone secretly phoned home or when android phones were using the secret carrierIQ software. Usability metrics are one thing. They provide valuable intel on how your software is being used. By whom should be obtainable only by seeking permission.
5. Piracy happens. Sometimes for no reason other than some dude really likes cracking software. It shouldn't have been a surprise. You should have planned for it. It should have been an opportunity to learn about your business and your product.
They're using their grammar skills there.
Don't waste time and money on trying to keep 14 year olds from using your product illegally and in the process irritate legit customers. Build a licensing/activation scheme that requires a key and gets automated updates from your online repository. This is a common enough act that it shouldn't irritate your average consumer. Keep track of the keys that show up over and over again and which registered users are leaking their keys. Do some light analysis and if it is a corporation violating your license confront them and if that doesn't work sue them. If it's a hobbyist who downloaded it from TPB ignore them or shut down their access to online updates but don't waste time and money on DRM that will only frustrate paying users and not even slow down the pirate community. You don't care about the end users (or you shouldn't) you care about the guys leaking their legit keys and enabling the end users.
This is especially true of your software if it really specialized software in the $10K range. You have a niche market and every legit customer you alienate is devastating to the bottom line. Any petty thief you catch doesn't help your bottom line anyway. You have to make decisions through an economic lens not a principle of ownership lens. Unless the goal of your business is to uphold a principle rather than make money.
(Note: Developer, small dev shop, higher-priced software, same situation.)
If you distribute an "unlimited" version, this will be what is pirated; there's no value in having different versions. Also, if you have a key which allows "unlimited" access without secondary verification, this is what will be distributed on pirate sites.
In our experience, it took about a week from changing the key format to a new crack key being distributed. Obviously, this is for software which is "in-demand", but don't expect that implementing a new scheme with the same underlying characteristics will buy you much time.
For "good" protection, you basically need secondary verification which is "hard" to fake. Currently, that is hardware dongles or an online verification loop. Both of these can be pains for the users, costly for you, and/or prohibitive in some environments (online, in particular, doesn't play nice with classified government envs).
Keep in mind also: most people who pirate are not potential customers, at least at anything close to full price, but their experience using the tool may turn into a sale at a company later.
My suggestion: do what you can to track usage, but don't be overly obtrusive and/or try to prevent all piracy usage. Being able to watch and track, and act when appropriate, is much better than trying to prevent all piracy.
Some software just costs that much. Hell, a lot of software used by businesses cost much more.
When a company needs a certain functionality that just plain doesn't exist anywhere else, it has to be paid for somehow. I'm not sure you have a good understanding of how much time is actually put into developing software--an engineer who gets paid $80k/year costs the company about $160k/year. If that engineer works on a problem for 3 lousy weeks, that software cost $10,000. Just to develop. That's $0.00 profit for the company.
Some special functionality is very easy. Huge changes from a user perspective can be made in minutes with just a couple lines of code. On the other hand, stuff that seems like it should take no time at all can require an entire re-architecture of a project and take years. Now, your first instinct if you're not a software developer, or a new one, will be to say "if it was made right it wouldn't require re-architecture", but that's just not true in a lot of cases. The only absolutely flexible architecture is an unwritten program, every line of code is a constraint.
Microsoft Office costs so little because it's used by millions of people, but if only 25 developers worked on it (a lot more did) for only 5 years (it's been around for twice that long, and Microsoft doesn't like to throw out code), and they had no managers (they had lots), no testers (there were lots), and no corporate scaffolding (more than you can probably imagine), there are more than a hundred years of human effort in that piece of software. When you look at it, does it look like the culmination of hundreds of years of effort? Not intuitively, not even to me, and I have a very good idea of how hard it was. Specialized software costs a lot. It might sound silly to you, but that's just because you are--don't take this the wrong way I'm not trying to be insulting, it's just the word that best fits--ignorant of the actual costs.
<xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
My experience as both a user and a developer is that hardware dongles suck major donkey butt.
They are excellent at preventing customers and pirates alike from using your software.
The drivers for every brand we tried was buggy, and often had conflicts - *especially* when installed on the same machine as a different version of the same brand dongle from someone else's software.
It was a support nightmare, because it can easily turn into a problem that *you* can't fix - only the manufacturer of the dongle and the other software you from who knows where can.
You can also very quickly require a separate USB hub just for all of your dongles.
Many products have trials that are limited in functionality in some way, and it seems to work well. You need to walk a fine line; allowing casual use for people who might turn into customers if they are sufficiently impressed with what your software can do for them. Given the expense of a license, it is understandable why "potential customers" would attempt to get a free copy. Your job is to convince those people who already have a free copy to go legit, and you're not going to do that by spying on them.
I have a compiler suite for microcontroller work that is fully functional up to a 64K compiled code size. Enough for the casual user to get a few things done, and not broken in a way that hinders a potential professional user's ability to evaluate how it will really work if they were to purchase it.
Another toolchain I have is fully operational for 30 days before requiring activation. A good thing, too, since "activation" entails faxing some license details to the company's office half-way around the world and waiting for them to get around to generating a license key and e-mailing it back to you.
Maybe with your video editor, you could allow saving only 3 minutes of finished video? Or only one audio channel? CoolEdit Pro, a sound editor, used to present a dialog on startup asking you which 2 of the following 6 features you would like active for this session. I forget exactly what your choices were, but included things like clipboard usage, saving files, waveform generation, etc. Enough of a hassle to encourage springing for a license, but gentle enough that the casual user could actually try out all the features of the software.
Here's the thing about 'cracked' software. They remove it's ability to report to home, that's part of the crack, so you can't update and aren't aware that it's running.
So even if it was legal, it's not going to do you any good. Plus it would have to be in the end user license agreement that people accepted before you could legally collect identifiable information.
If someone else removes that EULA and then distributes the software, that one person is bad, but everyone who downloads the software with no EULA wouldn't be liable. They didn't agree to anything.
I don't know if this will work for you, but it works for some big companies:
Just post the full unprotected software for download on your web site. Make it clear that if they want security updates, bug fixes, permission to use it for production, or any other kinds of support, that they must purchase a license. (And be sure to post scary sounding security bulletins periodically, with the actual updates only being available if they have a paid license account with you)
The advantage is that with an official download source any torrents will likely dry up over night. This also makes it easier for people to evaluate your software for possible use, potentially bringing in new customers. You will get some a-holes who try to use it for unlicensed production, but hopefully they will eventually want security updates, fixes and other support from you.
A $10k price for "video editing software" is like a 10k price for "word processing software." It just isn't going to work out.
Don't be so certain. Usually the reason why these things cost that sort of money is they include a number of features that nobody who works outside the relevant industry would ever need in a million years. Quite often they're features that you or I simply don't know exist.
For that reason, the potential market is drastically limited.
We faced a similar problem once upon a time and used a USB key from Wibu as the solution (http://www.wibu.com/wibukey.html - they have a newer product out now). It's been a few years since I worked on the project but in general what we did was used the key to decrypt small, critical portions of the code. The software couldn't run without the key and it was non-trivial to patch the code to an unencrypted state. No solution is perfect but that worked for us.
Show me a video game that is worth $10,000 a copy.
For one thing, I was trying to describe something that doesn't need support, not necessarily something that both doesn't need support and is worth $10,000 a copy. I was under the assumption that what is effective for something that costs $20 a copy can be applied at least in part to something that costs $10,000 a copy. For another, how much does an arcade cabinet+PCB cost again?
At $10,000 for a license, the software you sell is not a consumer product. That's not to say that a consumer may not want to use it, but that you've already discounted them as a customer. You should simply not trouble yourself with thwarting them because they would never be able to pay for it. They aren't your clients and by familiarizing themselves with your product, they may well turn their employer or future employers into clients. Some companies even embrace the idea by offering unsupported no-cost versions for non-commercial use.
Once you've decided that your customer base will only be professional / commercial customers, then the license is the important part. A commercial customer stands to loose A LOT if they are caught using unlicensed software. For them, they should consider the software part of their cost of doing business. If your product is too pricey, they should select another, otherwise, they need to purchase it and expense it. If you catch a customer using unlicensed copies, contact them and give them an opportunity to true up (after all, sometimes companies simply loose track of how many licenses they purchased - crappy license management is rampant). If a company still continues to use unlicensed versions of the software, then have a lawyer draft a demand for payment (and consider terminating their licenses; mind you, you'll loose them as a customer). When all else fails, file an infringement claim against them.
There's simply no DRM scheme that's 100% effective, and it only needs to be cracked once for it to become widely available. DRM schemes cost vendors like you lots of money to implement, and they are invariably a nuisance to the customers that legitimately license your software. Ultimately, DRM makes the pirated copies more valuable -- they are more portable between systems as they are upgraded, there are no dongles, issues with license key management, etc. It would be hard to make the case that DRM is likely to pay for itself.
Instead of pirating Matlab you should take a look at Octave. It's fairly similar to Matlab and heavy duty enough for regular work, not just the home projects you mention pirating Matlab for.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Legacy Windows apps can be hosted on spoon.net or via Application Jukebox. Your app is essentially unhackable and license control is all yours.
Please do not read this sig. Thank you.
http://www.safenet-inc.com/
Many, many, MANY industrial software companies use hardware copy protection. You can build several layers of copy protection around and in lieu of the key (in case a dongle emulator come around).
The software company I worked for used them ($10-15k per copy of the software) and my little print shop computer has 5 plugged in as I type this. Pretty common stuff, and way better than DRM, which just pisses your customers off. They key, at least, makes sense to them; just make sure to inform them that it is the heart of their software; it should be insured against damage, loss, and theft (otherwise, all your customers could claim they "lose" their key every time they need a new copy of the software).
Consider selling the next version as coming with a "plug-in USB computer" that does some of the more important processing and which self-destructs when tampered with.
OR consider making the service contract so valuable that the software isn't useful in a production environment without a support contract.
Consider shipping a feature-limited or demo version at a much-reduced cost or even free. For example, limit the size, color palette, or frame-rate of the videos that can be saved, or watermark the saved videos.
Also, make your full version available on a "piece of the action" basis: No fee for the first $1000 in gross revenue of any project using videos created by this software and 10% of the rest up to a maximum of $15,000. This will allow college students and experimenters to create student films and charge admission without paying until they collect $1000, then pay on a sliding scale if they rake in more than that.
Consider annual licenses for institutions and trade associations for members to use on a "non-commercial-scale" basis under the institution's or association's license.
As far as current user of the illegal versions go, handle them on a case-by-case basis. If they are clearly not "potential customers" then treat them gently. If they are potential customers, then insist they buy a license at full cost and donate a $5000 (half the cost of the license) penalty to charity, but give them an affordable payment plan. Not all businesses can cough up $10K+ all at once.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Use a common license manager like FlexNet (FlexLM) from Macrovision. Another alternative is Sentinel. Most of the big commercial packages use it. You can license the software per computer, per seat, concurrent or time-limited. It's your choice.
There is no hardware solution to a socioeconomic problem. How can you charge $10k when the competition (your stolen software and/or Blender) is free?
By selling in volume at a smaller margin you produce the same net income and create a much larger user base, which increases your popularity and sells more copies. In the end it's a more profitable move.
How about you charge $500 for the full version, and $100 for the educational version with 50% of the features. Make a second revenue stream with training courses. Get some colleges & universities (esp film schools) to run courses in your software.
There's so many ways to judo your opponents instead of trying to punch them over the internet.
You clearly have no idea how things work in the professional field.
There is video enhancement software - not editing - for dealing with surveilance video that the starting price is $50,000.
There is quality testing software for CDs and DVDs which require specialized hardware to use and starts around $80,000 with basic hardware. You can easily spend $250K on it but if it keeps you from sending a bad batch of DVDs to your customer it is worth it.
These are just two areas I am familiar with. You can bet a lot of medical diagnostic software is really, really pricey as well. And people are paying for it every day - unless they can pirate it.
If your product is $10,000 a license then you need to close up shop. AVID already OWNS The market you are thinking of going into and no shop will use your podunk software over an industry Standard like AVID or FCP.
Honestly if you guys are the app I think you are, You guys are way, way, WAY behind Adobe Premiere and Sony Vegas, both does more and are far more supported out there at a lower price.
Your real solution is to give your software away and charge for support, if you want any chance at all becoming a standard out there and used on any large projects.
Do not look at laser with remaining good eye.
Look, you and I probably aren't in the exact same field of software design or anything, but you come to Slashdot and ask for some help deaing with your proprietary software that uses DRM.
Most (many?) of the people on Slashdot are interested in FOSS and generally like to think that Ask Slashdot is an interesting forum for people to share ideas about how to improve something or how to do XYZ better. What benefit do we get if you lock down your proprietary video editor? Did we actually improve the situation? Maybe some people who would use a cracked version of your stuff now consider Kino or some other FOSS video editor, but generally speaking we've just helped you lock you and your users (both the paying and the piratical varieties) into a weird, constrained dance wherein it seems like the more you try to head-off cracked versions of the software, the more you frustrate and inconvenience the people who want to pay you for your work.
It just seems like nobody wins.
I'm not going to tell you that you have to open-source your software, but what I will say is that I don't know of another really good way to combat unauthorized distribution of software without inconveniencing the users. The FOSS solution to the problem is very interesting: You avoid the "unauthorized user" problem by basically letting the users do whatever they want with the software. It's much easier to go after the distributors in a one-to-many situation, and there's no need to "crack" anything if the source is available for a program.
In any case, software won't succeed without an audience. Remember that if you build up a devoted userbase that's willing to pay you to work on the software, it doesn't matter how you license it or how much it's being used by those who don't pay for it. From just the financial standpoint, as long as your business takes in enough to pay all of the employees and remain soluble. then your business has succeeded.
coding is life
I would say if you have a small customer base it may be the best policy to change a string somewhere in your code that doesn't really do much. When you compile the program that string is there. For each customer recompile the program and give them a different string.
Download the pirated version it check the string and see which customer did it, and sue them. None of this destructive DRM stuff. However you can track who did it.
Sure this can easily be defeated, however being that the program works fine after it copied and moved most people will not think of really looking trying to crack it. And if you put it in a different spots with different codes, and do a little bit of different logic to each string, it will take them a while, In the mean time you will be raking in the money suing your bad customers for copyright infringement.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Forget copy protection. I know it's hard to sit there and see someone using your work without paying for it, but you're not going to coerce anyone into paying. You're only going to inconvenience your legitimate customers. The pirates aren't going to be inconvenienced at all. Someone will inevitably crack it and post it. Now the pirates have a better product than you have -- all the features, none of the inconvenience. Remember, you're not losing money because someone pirates your product. Even if they're using it to gain money, you're not losing it. If they're willing to pirate your stuff now, they'll be willing to no matter what you do. No one's going to buy your stuff because it's too hard to copy. The pirates outnumber you and they're undoubtedly more devious than you. They will find a way to crack your software if it's at all useful to them. If you're going to spend time and effort fighting them, do it in court.
Whether you release a "non-commercial-use" version of your product is completely orthogonal to the piracy question. If it fits your business plan, do it. If it doesn't, don't. The pirates aren't your customers. They're not even potentially your customers. Don't let them dictate how you run your business.
For the most part, people are honest. Most (most) companies will pay for software, or find alternatives if the software is too expensive (or if the licensing terms are too onerous). Those are your customers and potential customers. Treat them right and they'll treat you right.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
money is made in software through support. the software can be given away and if a good product the support contracts will be bought. Microsoft makes money this way, Redhat makes money this way. Get a clue.
You could even give away the software for free and sell the dongle. It will work as long as the encryption doesn't get cracked.
Why crack the encryption when I can just insert some machine code that returns "true" whenever
your isDongleConnected(); function runs?
This is MY machine. I control ALL instructions it operates on, bytes in RAM, EVERYTHING it does. If I give you the privilege of running your code on my hardware, I may pay you for the bit-twiddling benefits it provides -- Because you saved me the time of programming it myself, and I'm funding your future improvements... At the very first instance your code tries to make my computing life more difficult, or "hide" what it's doing in any way. I will delete your software, I'll want my money back, and will never purchase anything of yours ever again.
We had a deal. Your software would be useful, not deceitful or wasteful; What business does it have running crypto algorithms in secret? That's very suspicious behaviour, especially for a video editor. If we were countries then your software would be a worker in my country; The first time they do something treacherous on your behalf, they get deported or otherwise eliminated, and your betrayal of trust through or malicious actions may be seen as an act of WAR.
There is much valuable personal information in my systems. I have to know I can trust you to do what you say you'll do, and nothing more. If I find out that the worker is a spy -- especially if you show blatant disregard for trust and tell me up-front that they're a spy -- then we'll have a trade embargo in place in a heartbeat blocking ALL goods and services between you, and myself as well as any other countries I can influence.
We can have a good diplomatic and business relationships, but this requires trust on both our parts. Piss me off and you're pissing off a country who's main export is reverse engineering skills. I just might make it my mission to tell other folk how simple it is to remove the malicious parts of your software.
It's time to look at WHAT you do as a company. What is it? Do you develop software? Well so do I, only I get paid when I actually do work; You're getting paid repeatedly for working once. Copyright infringement is the cost of doing business in the artificial scarcity market. If you're a software developer then look for ways to get paid when you are developing the software: support, features, upgrades -- The reasons I PAID YOU for.
I surely can't be the only one who understands it's folly to build a business around artificial scarcity -- basic economics says that if the supply is Infinite then the price is Zero, regardless the cost to produce. THINK FOOLS, would YOU invest in a business who sells freely available dirt, their sole strategy being to proclaiming they're the only ones who can sell that precise mixture of dirt, and trying to hide what the mixture contains while also distributing it? Instead, you should strive to get paid to actually do work: Come up with better combinations of dirt [bits].
That's the general rule. The point is: is it worth cracking it?
Some software pieces from Steinberg are so hard to crack with the Syncrosoft dongle that the pirates themselves cracked it once and then said they will not do it again for relevant updates since:
From their FAQ:
Q: But we had to wait so damn long for this release - Why?
A: The amount of time to analyze and reverse the current syncrosoft implementation was just that high. Think about it like this: around 25% of the program code is MCFACT protected and therefore protection-related. As you can imagine the effort to analyze and reverse such a target is incredibly high. This time it took us almost 4000 man hours to emulate the little beast!
And that also means that the cracked version works 25% faster. Literally.
Now, back to your question. The best way to protect your software is to either make it not-worthy to be cracked (i.e., making a really bad program or a really good software protection, but the latter will be expensive also to you), or make it hard to leak:
This already covers 98% of your bases. Still, there will be leaks. The only thing you can do is to limit them.
Sure you can continue to add DRM, dongles, licensing, etc. to help prevent un-authorized copying...
However, to really survive you must be continually improving the software thus giving incentive for customers to pay/license the new version. That's how you can keep ahead of the game and if the older version gets pirated... well at least you get a fresh start with the new release.
If this isn't the case then your static software probably isn't going to keep its $10k value for long and no matter what protections you put inside it'll get cracked/hacked eventually.
Can your potential customers easily get in contact with your support staff before the sale? Once they get in contact with live human beings, the piracy rate should drop.
No data, no cry
After the last unpopular comment, I've come to a conclusion. It doesn't matter if what I'm saying is true so long as it is popular.
For that reason my untruthful but popular advice is for you to man up, realize that people who aren't buying it wouldn't buy it anyway, and not put any copy protection on it. See if you can build rapport with your customers instead. They'll buy it just because they like you.
On a more practical note, if the software is $10K you're probably going to end up selling consulting services and licensing the software as a prerequisite to those.
You might as well release it under an open source license and concentrate on selling support packages. That way every pirate becomes a potential customer instead. Getting your hands on software is easy, using it can be hard! That is where your market should be.
Wow, I've seen companies pay Millions of dollars for software that was buggy, difficult to use, and extremely dangerous. And then, once they've spent the millions, managers would require its use, and defend the purchased to the (corporate) death.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
Did Adobe raise the price on Creative Suite again?
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
This isn't as simple as adding "return true;" to "isDongleConnected()". Clearly you've never tried to add copy protection to anything.
First there's the challenge/response model. Imagine this as "sometimes you should return false instead of true".
Second there's the dongle processor. Imagine "int DoDongleCalculation(int x, int y)". The dongle then calculates x and y and returns a value. What do you propose to return in those cases?
Oh, what's that, you want to peek inside the CPLD and extract the code and reverse engineer it so you know what DoDongleCalculation is doing? lol, good luck buddy.
:(){
When installing, the software checks the serial number on the motherboard or something. The customer has to contact you for an activation key based on the hardware hash key. Your customer changes its hardware? They contact you and you give them a new activation. If you ever close business, you ought to send out the activation key generator to your customers.
Of course, this can be cracked. You confuse the crackers by uploading your own cracked version with some defects. The cracked version should watermark anything saved. Perhaps include a phone-home function disguised as an automatic updater. Show a splash screen/demo with "cracked by _____" so any employee using the software knows it ain't legit. The cracked version would be good enough for a hobbyist, but it would dissuade use from your target market.
I don't think you understood what I wrote. My suggestion was to move the Save(); procedure to the dongle. Obviously this couldn't be circumvented with a simple return true;
Nobody said anything about encryption running in secret. Just say you use it, how you use it and why you use it. And your statement about act of war is a wee bit over the top. Encryption is very common for video (think DRM.) By your definition, any DRM protected content is an act of war. Good luck with that.
In that price range, you probably know each of your customers anyway, sou you can use registrations. Have your support hand out simple registration codes (md5 of salted username, xored by some secret string). With a pricetag like that, you need to offer excellent support anyway and are not aiming at a wide enough userbase to become popular among crackers.
bickerdyke
For big accounts you may want to spare your client the hassle of local hardware keys (or you might even find yourself loosing sales), but you may still be able to negotiate some form of DRM that's palatable to them (e.g. floating licenses or a server hardware key or (if you trust your client) even a simple agreement not to spread the goods plus a demonstration that the software contains hidden keys that make it traceable).
Harware keys aren't that hard to bind in: you can sprinkle your code with function calls to the library that comes with the hardware key.
If you release a free spyware version pirates will still pirate the full version because it's far more convenient to have free software that also isn't spyware.
I think the traditional way to handle your problem is with accounting so that the majority of your "losses" are in sales lost to piracy instead of, say, an inability to pay your own vendors or your paychecks. Build up huge tax write-offs that you can defer to future years and never pay taxes again.
Are you sure you're at the optimal price on the supply-demand curve? Maybe $10k per copy is totally appropriate for your market, but it sounds high. Neither DRM nor any other action on your part is going to magically create $10k in the pockets of your potential customers and if they currently can't (or won't) afford your product then DRM or spyware isn't going to drastically alter their budget or their demand for your product (except perhaps reduce it). How are you determining your market size and which potential customers have bought, pirated, or simply don't use your software? Assume 75% to 90% of people are honest (even the BSA says US piracy rates are about 20%). If more than 10% to 25% of your installed software is pirated it means it's overpriced. If you can't make a living from the three quarters of your users who are honest then your product is unnecessary in the current market.
I would guess that at $10k a pop there aren't all that many people that have actually purchased it.
I think you stumbled upon one problem I have found with demo versions that unintentionally encourages piracy. If you disable the versions too much, like your 3 minute limit example, people will just go to TPB to get a fully functional trial version. Or, if the software is sufficiently obscure that TPB doesn't have a crack then you might try to crack it yourself if you have the skill. I would say that at least half the demo software I download is too disabled to give you any real sense of how the software compares to its competitors. If no crack is available I just end up using and in some cases buying software from the competition. I'm not going to buy software that I can't test properly first.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
You do not realize just how many markets you're writing off here.
At the niche levels (e.g. something highly specialized, and/or that meets regulatory requirements), a company is paying to have the expert support and business knowledge. The company will be able to issue a patch quickly when you find a new scenario. They have a close relationship with the regulatory body in question. The GUI may be secondary to ensuring that the correct workflows are encapsulated within the system - if a number of use cases are missing or incomplete, the lawyers won't care how pretty it is.
Not that such conditions would stop most others from stealing it outright.
Therein lies the problem. There are other comments saying the guy needs to build up a solid customer base, needs to build up a reputation, etc. All the responses you'd expect from a piracy-friendly forum such as /. The submitter (to me, at least) comes across as someone who wants to do the best and most customer friendly thing. But getting to that point takes a lot of time and money. Piracy makes it awfully difficult to get to that point. It really could end up killing the next great genius idea.
But hey, you're okay - at least you get your stuff for free, right? And there's no cost to anyone, because you wouldn't have bought it in any case. Screw this guy if he goes bankrupt...
It is literally impossible to keep a piece of software from being cracked if there's a demand. No matter how draconian a DRM scheme you implement, the software will be pirated, and the cracked version will be completely DRM-free, leaving you with pirated copies that treat the user better than the legit copies do.
Even software packages that utilize hardware security dongles are cracked between a week before, and a day after release.
For the most part, the people who don't pay for software wouldn't have paid in the first place. So what's the point? You just end up screwing your paying userbase.
Friend: "The NIC is misconfigured..." Me: "No prob, I'll just telnet in and fix it." *Silence*
Apple's Final Cut Studio costs $1.2k (and includes not only video editing but also DVD / BD authoring, sound mixing, compositing and muti-format compression).
Adobe's CS Production Premium costs $1.4k (and includes all the above plus Photoshop, Illustrator, and a few other well-established applications).
Avid's Media Composer costs 2.3k (that's about $2.2k for the Avid logo and $100 for the software - still slightly overpriced).
All three packages above are production-proven, well-established in the professional market, supported by most relevant equipment manufacturers, and have hundreds of high quality plug-ins available from 3rd parties. And you say you're trying to sell (unknown) "video editing software" for $10k? Good luck with that.
Even assuming you're including some high-end compositing software (not that you'd need to; After Effects has come a long way), you can get Production Premium + Nuke (or Fusion) for $6.3k, and that would give you access to both AFX and OFX plug-ins. You could even throw in 3DS Max or Maya ($3.5k) and still be under $10k.
Did this article somehow get lost in the depths of the Slashdot queue for 20 years?
Yes, and as I said, if it was fabulous and specifically addressed a need I couldn't address any other way, then sure, but this is video editing software. There is FInal Cut. There is Premiere. There are other lesser known and very inexpensive options. You could buy a Macpro AND several kinds of video AND audio editing software for $10k, and still have enough left over for a night with a high-end escort. We're not talking about the custom software that keeps the B2 bomber stable, or a specialized chemical plant controller here. It's just.... video editing software.
I've fallen off your lawn, and I can't get up.
And this compares with video editing software... how?
I've fallen off your lawn, and I can't get up.
Yes, and as I said, if it was fabulous and specifically addressed a need I couldn't address any other way, then sure, but this is video editing software. There is FInal Cut. There is Premiere. There are other lesser known and very inexpensive options. You could buy a Macpro AND several kinds of video AND audio editing software for $10k, and still have enough left over for a night with a high-end escort. We're not talking about the custom software that keeps the B2 bomber stable, or a specialized chemical plant controller here. It's just.... video editing software.
And yet, Autodesk Smoke and Inferno seem to sell well, for those who need it.
Ezekiel 23:20
LOL... yes, and there are wooden knobs that sell for hundreds of dollars that "enhance" your audio, too. As PT Barnum said, there's a sucker born every minute.
For free or under $100, you can do noise reduction and clarification by image stacking. You can warp and you can morph standard likenesses, and you can do aging estimation. You can apply all manner of noise reduction algorithms and tricks. You can add and remove hair. You can change color; remove objects; focus stack; do image subtraction of geometrically aligned fields to locate motion in otherwise complex and initially unmatched images, even when those fields are ultra high resolution. You can develop an excellent 3D pan around a subject's face where you only have a few 2D frames to work with. You can use window and level to slide a high contrast region through the (otherwise) normal contrast range and spot tiny variations in contrast that indicate anything from broken bones and tumors in xrays to the fact that the subject is wearing underwear. You can selectively illuminate dark corners, pull detail out of shadows and highlights, geometrically normalize images in nonlinear reflections such as a car bumper or someone's sunglasses (though you'd better have a high resolution source, or your result will be made from too few pixels to be very useful), You can identify and track faces, you can apply any of the above *to* video so that the effects and actions themselves track; and of course, every "standard" effect such as myriad ways to sharpen, blur, remove isolated pixel / streak / chunk, luma-tracking blurring, dejitter, bring many basic layer modes (70+) and channel controls into play as required... and, of course, much more. Image enhancement has been within reach of the wallet of just about anyone for many years.
Although I retired in 2011, I wrote this stuff (yes, everything I mentioned above) for a living for decades. For more than a few of those things I mentioned above, my company was the first to market, sometimes by years. So I do actually know what I'm talking about.
$50k is not a reasonable price for image enhancement software. Period. Not these days.
Which is not to say that PT Barnum didn't have it exactly right. I'm sure there *is* $50k image enhancement software, somewhere. That's not even surprising. Wooden knobs adding audio warmth and all that. What is surprising is that there would be buyers.
I've fallen off your lawn, and I can't get up.
We're talking about video editing software. I'm not writing off any "niche" markets. And as I indicated, 10k is possible if the software justifies it. Video editing software, however, is pretty much commodity stuff. Premiere. Final Cut. etc. Not to mention a whole slew of lesser known tools, all priced to undercut those two.
If you go back and read my post, you'll see that I'm not against 10k software; I'm just not behind the idea that video editing software can reasonably land in the category (or, for that matter, that crummy software would land there either -- hence my comments about usability, reliability and so on.)
I'm not writing anything reasonable off. It's just that this case... simply isn't reasonable.
Speak for yourself. I've been writing commercial software for decades. There are exactly zero copies of stolen software on any machine in my house, and likewise, in my business. There are zero copies of stolen music; zero copies of stolen videos, dvds, bds... I've never even returned a library book late. I grew up the son of an author and a literary agent, currently own that literary agency, and I have thoroughly respected intellectual property since before most people here were even born. IMHO, a solid appreciation of the value of IP is the basis for one of the most sound underpinnings of a healthy society -- and it's really too damned bad that recent generations have lost that appreciation, generally speaking.
HOWEVER, that doesn't mean that IP that is overpriced ($10k video editing software, lol) is worthy of the price being asked. It just means I won't buy it unless I'm absolutely cornered. There is zero chance that I would steal it. And yes, it's stealing, despite the protestations to the contrary of the entitlement-bewildered children around here. As far as I'm concerned, the only IP that anyone is entitled to for free is IP the authors willingly made available for free.
I've fallen off your lawn, and I can't get up.
So do oxygen-free copper cables to "audiophiles." Nuff said.
I've fallen off your lawn, and I can't get up.
Movie studios don't buy oxygen-free copper cables, yet they do not hesitate to buy flexible film editing solutions, even if they cost a bit more. I wonder why is that...
Ezekiel 23:20
GPL.
Escher was the first MC and Giger invented the HR department.
This is the 21st century. 1) Make your software the highest quality possible 2) Advertise it well to your target demographic. 3) Make it cross platform (optional, a lot users generally prefer cross-platform though, Windows, OS X, Linux) 4) Sell it for a low price that is reasonable (tiered pricing is good, student price, etc to get users hooked) 5) Charge for support plans. 6) Support your customers well. If you follow these 6 steps, people will want to *buy* your software. As others have said: "Large software projects do not turn a profit through sales."
Digital film editing, until recently, was a separate category from digital video editing. So until recently, you'd have been moving the goalposts there. However, instead, the goalposts have moved out from under the film editing people, and they're going to find (or have already found) that video editors have well and thoroughly encroached upon their area of expertise. Because the difference, such as it is, was defined by resolution and bit depth, and nothing more. HD and modern computers have walked right across that bridge. My recent vintage desktop can edit film resolutions just fine.
And actually, there are quite a few Hollywood types that do buy into audiophile nonsense -- from the wholly imaginary superiority of tubes in hi-fi roles, to ridiculous cables, to silly LP worship (notable exceptions being when the specific recording isn't available on higher performance media, or has been compressed or otherwise compromised to what would otherwise be a much higher quality format), to whatever other fakery and foolery is the current fad.
Sometimes people simply trust the wrong advisors. For instance, let's say you have a 24-bit image, obtained from a good quality source. You have a need to adjust its basic contrast, brightness, exposure. There are those out there that will point you to Photoshop and insist that such is the only right answer. But in fact, you can make these adjustments just as well, and for free, with the GIMP. Having bought Photoshop on what is really not very good advice (presuming the above was your only need), you are now in possession of a very powerful tool you have little use for. Likewise, there are people out there who will hand you an amazingly detailed series of (wholly incorrect) justifications for tube amps "over" semiconductor designs for hi-fi reproduction (not talking about musical amps used in distortion regimes -- that's something else entirely.) You'll pay more, and you'll get less, than you could have if you knew what you were doing, or, if your advisor knew what they were doing (or wasn't trying to swindle you.) That's the way of the world. None of which changes the fact that commodity items sold at rarified price levels generally aren't justifiable when the smoke clears.
I've fallen off your lawn, and I can't get up.
Obfuscate the code.
Then drop the price, and go in for the kill (profit by volume). As stated before, piracy is typically a result of a poor business plan: if they like it enough to pirate it, then wait a while, and put forth a real deal. See piracy as free advertizement, the same way B. Gates once did.
You don't want to get into the DRM game: it's a fool's game, up there with playing the lottery. Finally, make it so if the license is invalid, or the program patched, it outputs the video with a nice transparent watermark with a silly pirate in the background. The trick is to make unwinding / decompiling the code a hassle, not a challenge (or you'll attract the kinds of people who will crack it just because it's a challenge).
Finally, e-mail the various warez groups, and ask them (politely) to please stop cracking your software. Surprisingly, that has been known to work in a few cases. However, if you threaten them with legal action, or LEOs, they'll laugh at you from whatever country they're hiding in, and place your software at the top of all subsequent to-do crack lists. No, you do not need to pay them anything, aside from some small token of respect and the general civility which has been known to avert major wars.
The above may be more difficult today than several years ago, as the actions of various 'do-gooder' organizations and legislation have driven these people even further underground, so just getting an audience with them may require several months of work. Thank your leaders for their foresight in cashing in on some cheap political capital, and cutting the lines of communication necessary to keep the wheels on the cart.
I am John Hurt.
proof that a 5-digit id means nothing
insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT
a business model based on selling binaries is nowadays moot if sales are not in the tens of thousands at least. if that's your business model, be happy to be on the pirate bay. it may help you succeed. every big seller is on p2p for a reason. grab the free reputation it provides and keep going.
if you don't want to go the wall mart way, you could change your business model. and if you have to change anything, change the right thing: forget copy protection, it's not only waste, it will be probably counterproductive. general directions: add value to yourself, your company and your sw (current well known options boil down to saas, support, service), target specific segments naturally predisposed/demanding to pay to feel some value (mac users spring to mind, for instance (hey, i'm serious!)), find strategic niches.
typo: 6. i can count, but i have fat fingers. girls prefer men with fat fingers too.
insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT
At a $10K price point, you could afford to do what I've long been expecting to see widely adopted: online activation, with the serial number / key validated against a whitelist of known good (i.e., paid-for) keys.
The cycle is always the same: require key to install or activate; hackers determine algorithm and make keygens; keys known to be used in the wild get blacklisted. Validating against a whitelist breaks this cycle, but normally wouldn't be cost-effective. At $10K, you can go for it.
Yes, there will be some hiccups (what to do if / when a *second* user tries to validate using the same key and you need to determine who's legit, etc.), but they should be solvable in low volume / high price-point scenarios.
-Zirbert
http://zirbert.blogspot.com/
No, that isn't why they do it. They do it that way because activation and shit like that frustrates the crud out of the target market of Visual Studio - developers. VS 2002 and VS 2003 had activation, and it annoyed so many developers that they no longer do it. What they do for mindshare and market penetration is give away VS Express editions. They have the functionality you need to make apps, they just can't load plugins (who cares) or use stuff like IntelliTrace (cool, but if you're using it you're probably doing so in a pro capacity so can afford it).
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Odd because that is exactly what I did for the first few years out of college and built a multimillion dollar company around it. Guess your theory was wrong.
Provide deep educational discounts, do a reasonable effort at protecting but not excessively much (because any technical protection will be cracked no matter what you do, it's a sport for tech kids out there), and finally don't freak about non-paying users... realise that they help you by making your software popular, and quite some of them will eventually pay, once they become heavy users and get in a position with funds available. Two cents from an academic user.
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
I'd consider the advice from the AC and @crath to be spot on.
To help you gather the intel on who is ripping you off, I'd suggest adding an on-line update feature, if you don't have it already. It helps you get the patches out, it helps the customer keep the product up to date, and - even if you gather nothing else but a serial number and an IP address - it lets you know where you stand, pirate-wise. An iOS developer wrote an excellent post within the last year (which I can't manage to dig up in a couple minutes) which laid out his strategy:
> Collect data on serial number use vs. IP address.
> In subsequent patches, incorporate nag-ware, keeping the nag to a dull roar.
> Consider offering a pricing scheme to get some of the unlicensed users in from the cold... in your case, as an alternative to a BSA audit.
Is collecting a serial number and IP address spyware, in exchange for software updates? I don't think so, YMMV. I'd consider it legitimate marketing data, which you can use to attempt to convert some non-paying users.
For the hard core that won't convert, a bit of sleuthing is required. If some Google and Manta search shows they're probably some bozo editing very high quality vids of their cat for YouTube, write 'em off. If it's a profitable shop turning over more than (say) US$600,000 in business a year, sic the BSA on 'em.
Luke, help me take this mask off
Congratulations are in order, your on TPB: YOU'VE MADE IT.
Can a person program a new solution to a problem? Why should anyone be able to stop such a thing? -Richard Stallman
Except for very large bases, $10K is a bit of money. What is the program, what does it do? Who (not names, but what sector/level) are your clients? Everyone else discussed various strategies and such, I want to know what the baseline for this question is.
Vote monkeys into Congress. They are cheaper and more trustworthy.
If the video editing software would have a feature set comparable in scope and complexity to the cad software, then I'm sure it shouldn't be any cheaper. I wouldn't expect it to be, at least. Just to give you an idea: Final Cut Pro 7 is a toy in comparison.
A successful API design takes a mixture of software design and pedagogy.
We were in the same boat as you and now we got a complete solution. Our software TorApp Guilloche Designer is for security printing and the equivalents usually costs more than $200K. We choosed to build it as a service and we are free of any piracy issues now. You may take the same route as us, you can check out www.torapp.info to find out more details on our techs.
We use very expensive software/hardware combinations in a Govt/Military environment. I would not be surprised to see the actual cost upwards of 10000K for say just a couple of licenses. Several of the Companies use a hardware licence model. That being a usb key which is easily moved from computer to computer when we upgrade.
As much as I dislike DRM, this isn't so very bad. If our users would just take care of the damned things!
As others have said, spyware brings its own problems, and might actually be counter-productive.
Nobody here is going to like this, but...
I've seen the following policy make a significant impact on piracy and it did so in a revenue positive way.
The licensing scheme was changed to one that was not so easily cloned. A simple MAC address or DISKID won't cut it. Hash a few factors and put some work into the hash so it makes sense after users do basic things that users do. Where the hash will fail, offer new licenses under update contract or something, and they just deal. That stuff costs a little, and they need to respect the license, and you need to service them when things happen.
From there, you know it will get cracked right? So let that happen!
When the system operates normally, all is good. That's a paying customer, entitled to their use rights, privacy and all that jazz. They have a maintenance contract that gets them license service too, accounting for dead machines and what not. In practice, setup and licensing isn't typically onerous, and the problems with that hash have been few.
So, if it's crackable, what's the deal?
For somebody who has cracked the software, it works just great! But, it also collects use info, and the data needed to identify the machine, and it sends it home, in the form of a running log, and it's done in a sporadic way too. The user isn't going to know, unless they are really looking. That's the twist. A paying user is entitled to their use and privacy, information security, etc... no worries. The infringing user? There are no expectations of any kind. Leverage that.
This monitor capability is built into the software on various levels, and it watches for various license use cases and stays silent to respect the users who bought in and are getting their stuff done, seeing the value. Where the software is operating on an unknown use case, it phones it in.
What has been the impact?
For paying users, none really. Everybody was informed, and we had a few folks call in wanting to know details. We provided them, and they have no worries.
For the infringers, it's been quite interesting. I've been involved with this kind of software for years, and casual piracy has always been at issue, but it's not really a revenue problem. People get up to speed in various ways, and one of those is running some stuff to get experience for a job. Education versions are out there, as are trials, and they are not hard to get, and they are basically full featured too. That was a nice balance, because...
Some of the infringers are a revenue problem. The people running stuff for hobby, learning, etc... weren't prospects because the economics are not there. However, we have found that a pretty fair number of prospects do choose to run stuff to profit, and they often do so without the owner of the business even aware!
Over time, instances of piracy that were resolved were few, and those were often done by local sales who were in the know, and deals got done. Last year alone, the instances of infringers who stepped up to buy a license after being tagged hard were very high.
Typical response is to analyze the log, research the entity infringing, have legal draft it up, then send out the letter. That can very easily be cookie cutter, based on a few use cases derived from the logs. From there, the people infringing are made aware of the problem, and the assumption is some kind of error, or management issue at first. That's easy. Buy a license, or licenses depending, and from there, become a customer, no worries, no discussion. Easy.
If it needs to escalate, various things are done, always offering the simple out of a license at list, with full contract rights, and renewals, etc... no penalties.
The vast majority of people will get the letter, phone up sales, and just buy in as if nothing happened. I think that's the key there. They have the out, and when they take it, it's a good experience, the same good experience everybody gets. They need to know the remedy is complete. Just get on the bus, an
Blogging because I can...
There are national laws and international treaties dealing with the particular issue of copying because, guess what, it is not stealing and it is recognized by the legal codes of most nations and th respective international treaties.
Frankly to have to keep labouring this point is like discussing if the Earth is flat or not.
IANAL but write like a drunk one.
Basically a Hardware Dongle.
I remember plenty of GIS software using them. They have been in use for literally decades. If you want to really get cute, don't use an interface easily copied like USB (though it would be by far the easiest to implement and cost less). I have had stuff with a SCSI interface, where you had to have a SCSI PCI card installed if your MB didn't have one. Danger in going to archaic is that if you start using serial or parallel ports, you won't find them on many MB anymore. One modern equivalent will be the Firewire port. Again less computers have these so beware. Your best bet is USB, as while it is easily subverted, it is a lot more work to do than a simple crack for most people and will get rid of most casual hackers. Just know, is someone REALLY wants to crack your security, they will. You can make it authenticate with online servers as well of course, but then you are limited the usability to users which is a no-no. Depends on what your software does. I know we worked on a project where one software was rejected out of hand because it required USB hardware dongles, and this was to be on mobile laptops where the USB ports were to be used by other things, etc...
Anyway just be careful you don't reduce your possible clients to nil by security.
10k is nothing for a specialist piece of software. I've worked for companies that have spent millions setting up and customising SAP to work the way they want it. You can't get that on TPB.
Odd because that is exactly what I did for the first few years out of college and built a multimillion dollar company around it. Guess your theory was wrong.
Odd because that is exactly what you didn't do.
Unless you're an "industry standard" (Adobe's shit, MS Office, 3DS Max), you can't charge out the ass. If it takes you 3 - 7 years to build something for a niche market of a couple hundred customers, and you try to sell it for $10,000 a pop, you're going to go bankrupt fast.
It's ongoing licensing and support contracts that make money in those small markets.
Not even close to true. I've experienced more than one situation where a company has been looking to buy software to help them with the core of what they did. They'd already developed a system that did most of the same things in house, but some of those hard to reach items were worth the money. Not only the money to buy the software, but worth the money it was going to cost to switch from their own software products to a purchased product from a third party.
I've seen the same "basic" software being sold for between $200k and $500k. The $200k was without support. The $500k was with support and source code to play with as you please (but not release to anyone else). There are a limited number of customers in this niche (probably in the low 100s), and so the developers have to charge a lot to make it worth it.
To propose that you can't sell software that does something someone NEEDS (or thinks they need) for $10k just makes me wonder if you've ever actually been a part of that type of decision making process.
My present is the activity I am currently engaged in with the purpose of turning the future into a better past.
Unless you're an "industry standard" (Adobe's shit, MS Office, 3DS Max), you can't charge out the ass.
If it takes you 3 - 7 years to build something for a niche market of a couple hundred customers, and you try to sell it for $10,000 a pop, you're going to go bankrupt fast.
It's ongoing licensing and support contracts that make money in those small markets.
Not even close to true. I've experienced more than one situation where a company has been looking to buy software to help them with the core of what they did. They'd already developed a system that did most of the same things in house, but some of those hard to reach items were worth the money. Not only the money to buy the software, but worth the money it was going to cost to switch from their own software products to a purchased product from a third party.
I've seen the same "basic" software being sold for between $200k and $500k. The $200k was without support. The $500k was with support and source code to play with as you please (but not release to anyone else). There are a limited number of customers in this niche (probably in the low 100s), and so the developers have to charge a lot to make it worth it.
To propose that you can't sell software that does something someone NEEDS (or thinks they need) for $10k just makes me wonder if you've ever actually been a part of that type of decision making process.
It's not the 70s or 80s anymore. No one with profit in mind sells software to a limited audience. They license it and push support contracts.
To point out that selling software for $X or for $10 * X sometimes occurs just makes me wonder if you've actually been paying attention the industry.
1) Sell cheap for a large number of users rather than selling expensive for a small group of users. And the first option have the bonus of possibly make your software in a reference, this is priceless.
2) Do not use DRM, period. Is only wasted money.
3) Make it easy to pay, and remember that you are now global with the Internet. You may have many more users overseas than in your country of origin. Paypal is a good option now, as an example.
4) Many users are not professionals and just want an efficient way to do a simple edit in the video (eg, remove advertisements from a TV capture), make a version of your software that makes it and sell cheap, leaving the more complete version - and more expensive - for those who really need it.
Religion: The greatest weapon of mass destruction of all time
This is interesting, since the history of science and geekdom in general has involved those who defied groupthink and went on to invent solutions based on the problem itself.
Then again, I have learned that the internet today accumulates the audience who were active with daytime television in the 1980s, not the ones who were calling bulletin boards. People who have a lot going on in their lives do not hover around internet sites and learn the ins and outs of geek culture. Those who have achieved almost nothing except attending a job and installing Linux on their TVs are going to spend a lot of time at those internet sites. With this mind, the problem may not be Slashdot, but the 2000s+ internet.
Dog whistle is a new term for me, but I like it. It's very descriptive. Thank you.