Ask Slashdot: What Is a Reasonable Way To Deter Piracy?

An anonymous reader writes "I'm an indie developer about to release a small ($5 — $10 range) utility for graphic designers. I'd like to employ at least a basic deterrent to pirates, but with the recent SimCity disaster, I'm wondering: what is a reasonable way to deter piracy without ruining things for legitimate users? A simple serial number? Online activation? Encrypted binaries? Please share your thoughts."

Professional Piracy: 3rd-Party, Paid Obfuscator

[Neuroelectronic]

The biggest thing you should worry about is not customers ripping off your product, but shovelware firms rebadging your product and stealing your market with their superior ability to reach the customer.

One-time online activation.

[kimgkimg]

One-time online activation seems to work pretty well and as an end-user I find this the least objectionable. Issue a unique code to the user and have them enter that into an online form and give them an activation code. Make sure the user can find this unique code/activation again if at some point in time they need to reinstall the product and limit the number of re-installs allowed to some reasonable number.

Grapeshot as they board?

[BenJeremy]

Shiver their timbers.

Seriously though... you will get a variety of answers here on Slashdot, ranging from "open source it and give it all away" to "put in ads and give it away". Charging for things seems to be a sin to some slashdotters.

I think a CD key, for PC games, strikes a reasonable balance, so long as you have some traceability (online activation is nice). Have you considered Steamworks? You'd have a distribution platform (though it wouldn't limit where you could sell it), and a proven, relatively non-intrusive DRM strategy.

Of course, Steamworks games get cracked, but you can never really stop determined crackers or pirates. All you want to do is encourage legit buyers to remain legit buyers. Steam is a pretty decent ecosystem for developers and gamers.

Don't under estimate shaming

[geekoid]

I worked on a tool to be used by consultants. These people have very sticky fingers. Are issue was how to we prevent consultants taking the software to another firm?

We compiled a build for each customer with there logo inserted into various places. So when you run a report, no matter what there user entered, the embedded logo would appear on the reports.
Going to another accounting firm, and then generating reports for your boss with your previous companies logo on it tend to get you frowned upon.

Piracy can strengthen the brand

I started and worked on a very successful iOS game with over 9,000,000 users (and now over 1m on Android).. In the earlier days, we saw that it's piracy was 3 to 1 (so there were at the time about 3m users per 1m paid).

We don't care. Every user who doesn't pay but enjoys the game spreads word about the game, which will work well for the sequel or for branded toys. Those who don't pay for it probably weren't going to, at least they've now heard of your brand and your game. Free marketing.

Re:Don't even try

[pclminion]

Any DRM would only inconvenience legitimate customers.

As a customer who won't buy DRM-protected stuff, I don't consider the simple act of entering a license key to be DRM... What do you think? As long as the validation of the key happens locally, I don't mind doing this. In a way, it makes the purchase feel a bit more personalized.

Yeah, I know the license validation can be hacked around. That's not the point, it's kind of like signing your signature to something. I can forge someone else's signature, but I know I'm being dishonest if I do that.

Re:Serial and calling home

[greenfruitsalad]

I find the kind of drm Packtpub do with their ebooks more acceptable. i.e.: make sure the application displays the buyer's name and address somewhere at all times. That way, the users themselves will protect the application from getting into the wrong hands. And if it gets onto the internets, you know who leaked it.

I do understand this means more work for you (recompile a part of your app for every single customer) but it is also a lot less trouble for the user (not having to mess around with registrations, serials, etc).

Re:Serial and calling home

[the+eric+conspiracy]

You don't need to recompile. A signed key file with the user name in it should work.

Re:life-long updates

[realityimpaired]

Most amusing (and effective) DRM I ever saw was actually a fairly loose and easily broken copy protection scheme... the program could detect when it had been "cracked" but still gave full functionality to the cracked version... just with some interesting bugs that only appeared late game on the cracked version. It was a game, and deliberately corrupted the load of certain textures on pirated version so the game was still playable, but had quality degradation. Is it possible you could do something like that with the utility?

The reality is that some people are going to pirate it, even if you only charge $0.05 for a copy. They're going to do it because they can. The best DRM schemes take that into mind, and give them something they can pirate while still making it worth actually paying for the product for those who want to. In the case of the game, for example, you could give it away for free, but only with low quality textures and low bitrate audio samples... if you pay for the game, you can download and install the hi res packs and get a better gameplay experience. If you have the bandwidth to spare, you could tag those hi res packs with a unique watermark and have the software check activation servers for the hi res packs on, say, a weekly basis... if you find them on a pirate site, you can nuke the activation for that particular hi res pack, leaving a functional game that defaults back to the low res textures for pirate users.

For the utility described, maybe limit the number of objects it can save in a render, for example (assuming that's what the software is), or limit the quality of JPEG it can save to 30% if it's saving images, or apply a watermark to work created with a pirated copy? If it's something people will use to interoperate with other users, maybe have it tag files created on a pirated copy with a randomly generated hash that's stored on the client PC, so that the files can be opened on that system but won't open on another computer? Or even just tweak it with artificial slowdowns in the code so that it's usable when it's pirated, but nowhere near as efficient to work with.

The possibilties are endless, once you accept that you won't stop people from pirating it, and start thinking of ways to fuck with pirates instead.

Re:life-long updates

[bdwebb]

You are obviously inexperienced with credit fraud and I really don't think you have any concept of what you are talking about. One phone call and months of hassle, not to mention possible negative marks on your credit history depending on the scale of the fraud. Credit fraud detection agencies don't always catch active fraud until sometimes thousands of dollars has been lost.

I have had my CC stolen out of my mail and charged $3000 forcing me to be late on my fucking house payment, my car payment, my insurance payment, and my cable bill. The fraud was reported the day after and STILL it took over TWO MONTHS to give my money back during which time I had 30 day lates on some of my payments because even though I called the organizations I was late on payments for, two of them "forgot" to process my fraud report. I then had to go through 3 months of back and forth with the companies, police, my bank, and Experian/Transunion just to repair my credit.

I spent approx 110 hours of my time repairing something something you say takes 'one phone call to fixup 99% of the things that happen' which is a lot of my money lost because I make $14/hr for every single hour in the day if you average my pay across all 24 hours every day. That's fucking $1540 in damage to my personal income so you are out of your mind when you say he is entertaining paranoid fantasies. Btw before you say "well that was physical CC fraud and not online", I have two customers and one relative that have horror stories WORSE than mine because they all just ASSUMED that online sites are secure and it wouldn't be a problem if something happened. Since there is still a human element to fraud detection/credit repair, shit can always get fucked up...badly.

Responses to your other points:

Do you background check every single person you ever give your CC number to? No, you do not.

There is something to be said for physically handing your credit card to someone and WATCHING THEM SWIPE IT or even SWIPING IT YOURSELF. Kinda makes it inherently more secure even though fraud does sometimes happen using devices that store the #.

The only "background check" you should do is check if SSL is on and if the company actually is real. Beyond that, you're entertaining your own paranoid fantasies.

Completely agree with the SSL check and verification that the company is real...I think the original poster your replied to agrees too because I doubt he is contacting a fucking agency to do a background check on the companies he purchases from. If he is actually doing that, you're right...way unnecessary...in point of fact, however, you are making huge sweeping assumptions about what he is saying and you're being a dick at the same time. You are completely wrong in every bit of your attitude and your concept of credit fraud also.

Re:life-long updates

[Runaway1956]

http://www.baen.com/library/intro.asp

Jim Baen sold books, rather than software. But his views are pertinent to any digital distributor. Anyone who bothers to ask slashdot about digital rights has obviously given things some semi-serious thought. Include Jim's ideas in your thinking.

First few paragraphs of that page follow:

Baen Books is now making available — for free — a number of its titles in electronic format. We're calling it the Baen Free Library. Anyone who wishes can read these titles online — no conditions, no strings attached. (Later we may ask for an extremely simple, name & email only, registration. ) Or, if you prefer, you can download the books in one of several formats. Again, with no conditions or strings attached. (URLs to sites which offer the readers for these format are also listed. )

Why are we doing this? Well, for two reasons.

The first is what you might call a "matter of principle." This all started as a byproduct of an online "virtual brawl" I got into with a number of people, some of them professional SF authors, over the issue of online piracy of copyrighted works and what to do about it.

There was a school of thought, which seemed to be picking up steam, that the way to handle the problem was with handcuffs and brass knucks. Enforcement! Regulation! New regulations! Tighter regulations! All out for the campaign against piracy! No quarter! Build more prisons! Harsher sentences!

Alles in ordnung!

I, ah, disagreed. Rather vociferously and belligerently, in fact. And I can be a vociferous and belligerent fellow. My own opinion, summarized briefly, is as follows:

1. Online piracy — while it is definitely illegal and immoral — is, as a practical problem, nothing more than (at most) a nuisance. We're talking brats stealing chewing gum, here, not the Barbary Pirates.

2. Losses any author suffers from piracy are almost certainly offset by the additional publicity which, in practice, any kind of free copies of a book usually engender. Whatever the moral difference, which certainly exists, the practical effect of online piracy is no different from that of any existing method by which readers may obtain books for free or at reduced cost: public libraries, friends borrowing and loaning each other books, used book stores, promotional copies, etc.

3. Any cure which relies on tighter regulation of the market — especially the kind of extreme measures being advocated by some people — is far worse than the disease. As a widespread phenomenon rather than a nuisance, piracy occurs when artificial restrictions in the market jack up prices beyond what people think are reasonable. The "regulation-enforcement-more regulation" strategy is a bottomless pit which continually recreates (on a larger scale) the problem it supposedly solves. And that commercial effect is often compounded by the more general damage done to social and political freedom.

In the course of this debate, I mentioned it to my publisher Jim Baen. He more or less virtually snorted and expressed the opinion that if one of his authors — how about you, Eric? — were willing to put up a book for free online that the resulting publicity would more than offset any losses the author might suffer.

The minute he made the proposal, I realized he was right. After all, Dave Weber's On Basilisk Station has been available for free as a "loss leader" for Baen's for-pay experiment "Webscriptions" for months now. And — hey, whaddaya know? — over that time it's become Baen's most popular backlist title in paper!

And so I volunteered my first novel, Mother of Demons, to prove the case. And the next day Mother of Demons went up online, offered to the public for free.

Sure enough, within a day, I received at least half a dozen messages (some posted in public forums, others by private email) from people who told me that, based on hearing about the episode a