Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What Is a Reasonable Way To Deter Piracy?

Posted by Soulskill on from the go-to-their-house-and-verify-them-personally dept.

An anonymous reader writes "I'm an indie developer about to release a small ($5 — $10 range) utility for graphic designers. I'd like to employ at least a basic deterrent to pirates, but with the recent SimCity disaster, I'm wondering: what is a reasonable way to deter piracy without ruining things for legitimate users? A simple serial number? Online activation? Encrypted binaries? Please share your thoughts."

70 of 687 comments (clear)

  1. life-long updates by Anonymous Coward · · Score: 5, Insightful

    You could choose to provide life-long updates for those that buy the tool. At least that made me pay for several programs.

    1. Re:life-long updates by newcastlejon · · Score: 4, Insightful

      Hear hear. You get vastly more with the carrot than an easily-circumvented stick.

      --
      If God forks the Universe every time you roll a die, he'd better have a damned good memory.
    2. Re:life-long updates by MagPulse · · Score: 3, Insightful

      Along these lines, make the program available in an App Store. This makes it easier for paying customers. It's tiring when I want to buy a program to have to do some background research on payment processors to see if a developer chose one that is trustworthy. But Apple already has my credit info, buying is easy and safe.

    3. Re:life-long updates by mrmeval · · Score: 4, Insightful

      Whose life? ;)

      I can't see someone supporting a game for more than a year or so unless they have a revenue stream from downloadable content.

      An OS I can see security updates being a requirement for a decade.

      Some software packages dealing with finance will most likely need update and I don't expect those to be free.

      The simplest mentioned is check the serial on a new install which I won't fuss with bypassing. Let me play it without the serial with either level or time restriction for a game. Let me do enough with other programs to get an idea how they work.

      And as always, Don't Suck.

      --
      I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
    4. Re:life-long updates by Anonymous Coward · · Score: 3, Funny

      Paranoid much???

      So...you'll just give up your credit card info to anyone that says they're offering a good product?

      Boy, do I have a deal for you!

    5. Re:life-long updates by realityimpaired · · Score: 4, Interesting

      Most amusing (and effective) DRM I ever saw was actually a fairly loose and easily broken copy protection scheme... the program could detect when it had been "cracked" but still gave full functionality to the cracked version... just with some interesting bugs that only appeared late game on the cracked version. It was a game, and deliberately corrupted the load of certain textures on pirated version so the game was still playable, but had quality degradation. Is it possible you could do something like that with the utility?

      The reality is that some people are going to pirate it, even if you only charge $0.05 for a copy. They're going to do it because they can. The best DRM schemes take that into mind, and give them something they can pirate while still making it worth actually paying for the product for those who want to. In the case of the game, for example, you could give it away for free, but only with low quality textures and low bitrate audio samples... if you pay for the game, you can download and install the hi res packs and get a better gameplay experience. If you have the bandwidth to spare, you could tag those hi res packs with a unique watermark and have the software check activation servers for the hi res packs on, say, a weekly basis... if you find them on a pirate site, you can nuke the activation for that particular hi res pack, leaving a functional game that defaults back to the low res textures for pirate users.

      For the utility described, maybe limit the number of objects it can save in a render, for example (assuming that's what the software is), or limit the quality of JPEG it can save to 30% if it's saving images, or apply a watermark to work created with a pirated copy? If it's something people will use to interoperate with other users, maybe have it tag files created on a pirated copy with a randomly generated hash that's stored on the client PC, so that the files can be opened on that system but won't open on another computer? Or even just tweak it with artificial slowdowns in the code so that it's usable when it's pirated, but nowhere near as efficient to work with.

      The possibilties are endless, once you accept that you won't stop people from pirating it, and start thinking of ways to fuck with pirates instead.

    6. Re:life-long updates by Immerman · · Score: 4, Funny

      Not giving your credit card info to some random person or "company" is paranoid now? Well shit, tell you what, I've got a lovely iPad I'll sell you for a nickle, just give me your credit card info...

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
    7. Re:life-long updates by Stormy+Dragon · · Score: 5, Funny

      On a similar note, I once saw a utility that, if unregistered, would let you use everything in it, the only catch being that all of the fonts in the tool switched to Comic Sans.

    8. Re:life-long updates by Marxist+Hacker+42 · · Score: 3, Informative

      That reminds me of an early 1980s copy protection scheme I heard about- signing the (magnetic floppy) disk with a ball point pen before formatting, then using a special cataloging program to record and analyze bad sectors at bootup.

      Worked well until hard drives came into play, but a sector copy program that ignored bad sector warnings could accurately defeat it.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    9. Re:life-long updates by grantspassalan · · Score: 4, Informative

      There is also an app store for the Mac. Microsoft also has an app store for Windows now.

      --
      A sufficiently advanced simulation is indistinguishable from reality.
    10. Re:life-long updates by Nadaka · · Score: 4, Insightful

      In addition to the mac and ms stores, STEAM is now distributing non-game software. Admittedly most of it is currently aimed at artists and developers involved with producing games, but utility for graphic designers would still fit in just fine.

    11. Re:life-long updates by ericloewe · · Score: 4, Funny

      Could be worse. Could be Wingdings.

    12. Re:life-long updates by hh10k · · Score: 3, Funny

      Most amusing (and effective) DRM I ever saw was actually a fairly loose and easily broken copy protection scheme

      I did this with my game. The code that checked the cd-key was easily bypassed, but that code also fixed a critical bug that happened on level 10. It was funny that we had people coming to our support forum asking for help, and we could easily call them out as pirates!

      We actually manage to convince one of them to buy the game properly.

    13. Re:life-long updates by stephanruby · · Score: 5, Insightful

      The guy is asking the wrong question. He should be asking questions like "How can I maximize profits?" or "How can people find out about my utility?" not "What is a reasonable way to deter piracy?". One doesn't necessarily follow from the other.

      In any case, coming back to his original question. Perhaps his utility could help his customers deter the piracy of the graphics they create with it (may be some kind of self-signing/watermarking/registration system for their own graphics). A customer who tries to protect his own assets will probably not want to try doing it with a pirated copy of the software. It would be too high a risk that whoever pirated that software also crippled/modified the functionality that would deter piracy of the images as well.

    14. Re:life-long updates by Kaenneth · · Score: 5, Insightful

      If you cripple the product in ways that could be mistaken for a bug, then they will think your products are shit, and never buy them even after they get a real job and move out of their parent house.

    15. Re:life-long updates by Immerman · · Score: 3, Interesting

      Certainly. Then you need to go through the hassle of updating your CC information with every online retailer, recurring payment processor, etc. that has your old number before doing further business with them.

      You know what's even easier? Not handing out your CC number to every fly-by-night company that asks for it. I've had to replace a CC exactly once in twenty years, and that was a cautionary event due to a large-scale breach of a major company's CC database.

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
    16. Re:life-long updates by jasen666 · · Score: 4, Insightful

      You've had to replace over 30 CARDS because they were compromised and yet have the balls to say it's paranoid to not give out your details to just anyone?
      Fucking really? Are you insane?

      I'm careful about who I trust with my card details and have never once had one of them compromised. I don't care how trivial you think it is to have to dispute the charges, then cancel & reissue the card. Most of us do not care to have such a blaise attitude about identity theft and fraud.
      This fraud also costs the merchants and card companies real money--which you may not be on the hook for Mr Whogivesafuck, but we all end up paying eventually in price increases, fees, and higher interest rates.

    17. Re:life-long updates by Kartu · · Score: 3, Interesting

      Apple hater here.

      After "Clouds and Sheeps" game running on my android tablet managed to charge me 9 Euro (non-refundable) for "5000 happy stars" (some in game crap) without asking for password or anything like that, simply because I was silly enough to buy something from google's appstore USING A PC and google support said "oh uh, so what" I see quite a number of reasons to be paranoid with payment systems.

      Apple at least asks for password.

    18. Re:life-long updates by bdwebb · · Score: 4, Interesting
      You are obviously inexperienced with credit fraud and I really don't think you have any concept of what you are talking about. One phone call and months of hassle, not to mention possible negative marks on your credit history depending on the scale of the fraud. Credit fraud detection agencies don't always catch active fraud until sometimes thousands of dollars has been lost.

      I have had my CC stolen out of my mail and charged $3000 forcing me to be late on my fucking house payment, my car payment, my insurance payment, and my cable bill. The fraud was reported the day after and STILL it took over TWO MONTHS to give my money back during which time I had 30 day lates on some of my payments because even though I called the organizations I was late on payments for, two of them "forgot" to process my fraud report. I then had to go through 3 months of back and forth with the companies, police, my bank, and Experian/Transunion just to repair my credit.

      I spent approx 110 hours of my time repairing something something you say takes 'one phone call to fixup 99% of the things that happen' which is a lot of my money lost because I make $14/hr for every single hour in the day if you average my pay across all 24 hours every day. That's fucking $1540 in damage to my personal income so you are out of your mind when you say he is entertaining paranoid fantasies. Btw before you say "well that was physical CC fraud and not online", I have two customers and one relative that have horror stories WORSE than mine because they all just ASSUMED that online sites are secure and it wouldn't be a problem if something happened. Since there is still a human element to fraud detection/credit repair, shit can always get fucked up...badly.

      Responses to your other points:

      Do you background check every single person you ever give your CC number to? No, you do not.

      There is something to be said for physically handing your credit card to someone and WATCHING THEM SWIPE IT or even SWIPING IT YOURSELF. Kinda makes it inherently more secure even though fraud does sometimes happen using devices that store the #.

      The only "background check" you should do is check if SSL is on and if the company actually is real. Beyond that, you're entertaining your own paranoid fantasies.

      Completely agree with the SSL check and verification that the company is real...I think the original poster your replied to agrees too because I doubt he is contacting a fucking agency to do a background check on the companies he purchases from. If he is actually doing that, you're right...way unnecessary...in point of fact, however, you are making huge sweeping assumptions about what he is saying and you're being a dick at the same time. You are completely wrong in every bit of your attitude and your concept of credit fraud also.

    19. Re:life-long updates by AmiMoJo · · Score: 4, Insightful

      The only problem is they all take at least 30% and some have some fairly strict limits on what can be put on there.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    20. Re:life-long updates by TheSeatOfMyPants · · Score: 3, Interesting

      The most amusing I saw renamed all objects to "oink!" and had NPC speech replaced with altered versions of famous quotes ("honor thy father and thy hoe, babycakes") if the player couldn't answer a few questions based on information in the printed manual correctly after two tries. That was in Ultima VII: Serpent Isle -- I always wondered just how the development team got the idea for that.

      Oh, ouch... I just looked it up on Wikipedia, and found a nasty copy-protection approach used in one of the early games -- the floppy disk for Atari version of Ultima IV had an unformatted track the game was programmed to look for, and if it was absent, the the player's party would be slaughtered during every battle. Worse, the German distributor didn't know about the unformatted track, so all of the copies they sold had impossible-to-win battles.

      --
      Now mostly at Usenet:comp.misc & SoylentNews.org (it's made of people!)
    21. Re:life-long updates by Runaway1956 · · Score: 4, Interesting

      http://www.baen.com/library/intro.asp

      Jim Baen sold books, rather than software. But his views are pertinent to any digital distributor. Anyone who bothers to ask slashdot about digital rights has obviously given things some semi-serious thought. Include Jim's ideas in your thinking.

      First few paragraphs of that page follow:

      Baen Books is now making available — for free — a number of its titles in electronic format. We're calling it the Baen Free Library. Anyone who wishes can read these titles online — no conditions, no strings attached. (Later we may ask for an extremely simple, name & email only, registration. ) Or, if you prefer, you can download the books in one of several formats. Again, with no conditions or strings attached. (URLs to sites which offer the readers for these format are also listed. )

      Why are we doing this? Well, for two reasons.

      The first is what you might call a "matter of principle." This all started as a byproduct of an online "virtual brawl" I got into with a number of people, some of them professional SF authors, over the issue of online piracy of copyrighted works and what to do about it.

      There was a school of thought, which seemed to be picking up steam, that the way to handle the problem was with handcuffs and brass knucks. Enforcement! Regulation! New regulations! Tighter regulations! All out for the campaign against piracy! No quarter! Build more prisons! Harsher sentences!

      Alles in ordnung!

      I, ah, disagreed. Rather vociferously and belligerently, in fact. And I can be a vociferous and belligerent fellow. My own opinion, summarized briefly, is as follows:

      1. Online piracy — while it is definitely illegal and immoral — is, as a practical problem, nothing more than (at most) a nuisance. We're talking brats stealing chewing gum, here, not the Barbary Pirates.

      2. Losses any author suffers from piracy are almost certainly offset by the additional publicity which, in practice, any kind of free copies of a book usually engender. Whatever the moral difference, which certainly exists, the practical effect of online piracy is no different from that of any existing method by which readers may obtain books for free or at reduced cost: public libraries, friends borrowing and loaning each other books, used book stores, promotional copies, etc.

      3. Any cure which relies on tighter regulation of the market — especially the kind of extreme measures being advocated by some people — is far worse than the disease. As a widespread phenomenon rather than a nuisance, piracy occurs when artificial restrictions in the market jack up prices beyond what people think are reasonable. The "regulation-enforcement-more regulation" strategy is a bottomless pit which continually recreates (on a larger scale) the problem it supposedly solves. And that commercial effect is often compounded by the more general damage done to social and political freedom.

      In the course of this debate, I mentioned it to my publisher Jim Baen. He more or less virtually snorted and expressed the opinion that if one of his authors — how about you, Eric? — were willing to put up a book for free online that the resulting publicity would more than offset any losses the author might suffer.

      The minute he made the proposal, I realized he was right. After all, Dave Weber's On Basilisk Station has been available for free as a "loss leader" for Baen's for-pay experiment "Webscriptions" for months now. And — hey, whaddaya know? — over that time it's become Baen's most popular backlist title in paper!

      And so I volunteered my first novel, Mother of Demons, to prove the case. And the next day Mother of Demons went up online, offered to the public for free.

      Sure enough, within a day, I received at least half a dozen messages (some posted in public forums, others by private email) from people who told me that, based on hearing about the episode a

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    22. Re:life-long updates by stonecypher · · Score: 4, Insightful

      Who doesn't save up at least a tiny bit of money (say 3 months salary) in case of a fucking emergency?

      Most of America, it turns out.

      Nearly half of America has less than $500 saved. http://www.huffingtonpost.com/2012/10/22/americans-savings-500_n_2003285.html

      The average American - including all those billionaires - has less than $6000. http://finance.zacks.com/much-money-average-american-family-savings-7304.html

      What the fuck would you have fucking done if your fucking roof had fucking leaked?

      There's no need for this level of rage. Take it down several notches, please; we can be civil in disagreement.

      --
      StoneCypher is Full of BS
    23. Re:life-long updates by Em+Adespoton · · Score: 3, Insightful

      Just remember that this is a graphics utility for graphics designers... and if they're graphics designers, they've already got Adobe CS with a bunch of plugins (many plugins possibly pirated).

      Don't worry about piracy for the non-professionals; if they like/use your tool, that gives you mindshare. What you really want to be asking is "what will get graphics designers to lay down $5 to $10 for my product when they've already got CS?" When you've answered that question, piracy is no longer an issue (you want to saturate your target market; whether anyone else uses it or not is only useful as advertising, unless it opens up an unforeseen market).

      So if your product is for a specific market, make your protection such that they get some sort of a productivity-hindering reminder if they haven't paid, but don't bother going much further than that.

      Some people I know had the bright idea of doing "dongleware" -- where the core functionality of the product was free, but training, support and help (including everything but the most rudimentary built-in help) required registration. At $10, this is a no-brainer for anyone trying to get something done. The dongles could still be pirated, but why bother?

    24. Re:life-long updates by Anarchitect · · Score: 3

      I would agree with all of the above _EXCEPT_ point number three.

      Screw the phone home stuff - build a serial number generator and call it good.

      I used to work for a prominent software house that made plugins for Illustrator, Photoshop, etc, and that's all we ever had. The pirate networks had figured out our algorithm, but who cares? They were never our customers in the first place. And for support, we required our callers to give their serial number before we would help them - we kept an account of which serials had been sold, so it was easy to cut off the freeloaders.

      Go with an offline serial scheme that is non-obvious, but simple to code and you will be fine.

      Bonus points - if you are doing online sales only, use the customer's CC or PayPal ID or whatever as the salt against a serial number for validation... you can not only spot pirates, you know where they got their copy.

      Extra bonus points if you embed that hash into the IPTC or EXIF data of exported images...

      from an interview with Kai Krause in 1994:

      CJ: Japan has traditionally had a problem with software piracy on a home user level: users passing along copies of programs to their friends. Do you have problems with this, and what do you do about it ?

      Krause: Yes, many people do steal the software and copy it. It's a very tricky problem for software manufacturers. But what we keep saying to people is, it's OK for their friends to use something, and play with it to see what it's like. But we appeal t o them that, "If you use it more than once a week, or if you do a serious project with it, then you should invest in your tools, and help those that make the tools to make better tools." So with that ethics angle, we find a lot of people understand that a nd buy the software. We get a lot of letters from people who say it's the only program they ever paid for. It's OK with me if they give it to a friend so they can at least see what it is like -- but it is a little tricky in Japan.

      --
      QA implies some kind of quality to begin with.
    25. Re:life-long updates by shvytejimas · · Score: 3, Informative

      That would be Chocolat, a text editor for Mac.
      Here's a screenshot of the warning

    26. Re:life-long updates by TapeCutter · · Score: 5, Insightful

      Who doesn't save up at least a tiny bit of money (say 3 months salary) in case of a fucking emergency?

      Your living in a bit of a bubble on that one, sure I personally have a years worth of salary in my rainy day account but I'm in my 50's and have been earning good money for the last 20yrs. My daughter is married with 3 kids, they are a typical middle class couple, her hubby is a qualified mechanic and has a decent job with plenty of overtime. Like millions of other families just like them they live for the next paycheck, they have no other choice, they simply cannot afford the luxury of a 3 week cash buffer, let alone 3 months. And all this is in Australia which has a much better social "safety net" than the US.

      Unless you are either extraordinarily lucky or talented, it will take you a good 10-15yrs after leaving school before you have more assets than debts, especially if you decide to have children while your still young enough to enjoy them. Some people never get there, others experience some disaster that puts them back to square one after a lifetime of hard work. I personally know more than a few people over 40 who through no fault of their own are still living from paycheck to paycheck.

      You and I are lucky to be in our current financial situations, I know this because I started my working life as a HS drop out and for a few months in my 20's found myself homeless while at the same time being employed full time on a fishing trawler working the southern ocean. Your post is lacking the requisite humility and empathy for the vast majority of people who are in a less comfortable financial position, many of whom have worked themselves to a level of physical and mental exhaustion that, judging by your comments, I very much doubt you have ever experienced.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    27. Re:life-long updates by mcvos · · Score: 3, Informative

      But if it means you sell that many more, it's still a good idea.

      Or you sell at a higher price in that app store. Whatever works.

    28. Re:life-long updates by N1AK · · Score: 3, Insightful

      Like millions of other families just like them they live for the next paycheck, they have no other choice, they simply cannot afford the luxury of a 3 week cash buffer, let alone 3 months. And all this is in Australia which has a much better social "safety net" than the US.

      It may not be easy, and may even be very hard but it simply isn't true to say it isn't possible; and dismissing it as such simply makes it easier for people who decide it is 'too hard' to justify not doing so because it's impossible. What I realised early on in life is that having money makes it easier to get more money. Living pay cheque to pay cheque means you make decisions based on cash flow rather than cost. $5 a day is $2000 in a year, after a couple of years you at least have enough saved that you can handle most one-off expenses and make decisions that are cheaper in the long run.

      Yes there are people who have no savings through no fault of there own; there are vastly more who have no savings because they didn't take perfectly reasonable steps and viable steps to, where circumstances outside there control may affect them but not entirely determine them.

  2. Professional Piracy: 3rd-Party, Paid Obfuscator by Neuroelectronic · · Score: 5, Interesting

    The biggest thing you should worry about is not customers ripping off your product, but shovelware firms rebadging your product and stealing your market with their superior ability to reach the customer.

  3. Serial and calling home by longk · · Score: 3, Insightful

    Serial number. "Call home" only on new install to check the serial.

    1. Re:Serial and calling home by greenfruitsalad · · Score: 4, Interesting

      I find the kind of drm Packtpub do with their ebooks more acceptable. i.e.: make sure the application displays the buyer's name and address somewhere at all times. That way, the users themselves will protect the application from getting into the wrong hands. And if it gets onto the internets, you know who leaked it.

      I do understand this means more work for you (recompile a part of your app for every single customer) but it is also a lot less trouble for the user (not having to mess around with registrations, serials, etc).

    2. Re:Serial and calling home by the+eric+conspiracy · · Score: 4, Interesting

      You don't need to recompile. A signed key file with the user name in it should work.

    3. Re:Serial and calling home by scdeimos · · Score: 3, Insightful

      This, plus if you're intending to limit the number of concurrent installs for your product *also* allow for a given install to be DE-registered:

      1. provide a de-register menu/setting using the same "call home" service - people periodically upgrade or replace their machines, or
      2. using a web interface on your site to delete a registration - sometimes machines crash and can't be restored from backups.
  4. No point asking here by Anonymous Coward · · Score: 3, Insightful

    One side wants information to be free, the otherside wants market forcesto prevail. Eitherway you lose as the price will be $0

    1. Re:No point asking here by Jeng · · Score: 4, Insightful

      The cost of RE-creating the supply is nothing.

      --
      Don't know something? Look it up. Still don't know? Then ask.
  5. Don't even try by leromarinvit · · Score: 4, Insightful

    Just don't. The people who want to pirate will, no matter what you do. Any DRM would only inconvenience legitimate customers. Just make it easy to buy your software for people who want to do so, and provide something worthwhile for the money (e.g. answer support questions, respond to bug reports, etc.)

    --
    Proud member of the Ferengi Socialist Party.
    1. Re:Don't even try by pclminion · · Score: 4, Interesting

      Any DRM would only inconvenience legitimate customers.

      As a customer who won't buy DRM-protected stuff, I don't consider the simple act of entering a license key to be DRM... What do you think? As long as the validation of the key happens locally, I don't mind doing this. In a way, it makes the purchase feel a bit more personalized.

      Yeah, I know the license validation can be hacked around. That's not the point, it's kind of like signing your signature to something. I can forge someone else's signature, but I know I'm being dishonest if I do that.

    2. Re:Don't even try by ultranova · · Score: 4, Insightful

      I disagree with you, you should at least have a soft protection to prevent the average Joe from emailing the program to his BFF which just has to run the exe after.

      But that requires either a physical token (DVD) or activation servers, both of which instantly increase costs a lot over simple downloads and inconvenience legitimate users. It also won't stop the software from ending up on Pirate Bay.

      Just live with the fact that some people will use your program for free. You can't stop it from happening, and will simply piss off your customers by trying. And besides, Joe Average emailing your program forward will probably end up increasing your profits - after all, your biggest challenge is going to be getting word of its existence out there, and it's always possible that whoever it is emailed to will decide to pay the $5 out of the goodness of his heart, or whoever he emails it will, or...

      It is perfectly natural to get angry at the thought of someone benefiting from your hard work without paying you, but if you run a business you can't afford to let it affect your decisions.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    3. Re:Don't even try by yurtinus · · Score: 3, Interesting

      Local validation has a drawback - one user's validation could be spread far and wide. I can see somebody saying "I bought this neat program, here's the install key!" Sort of like locking up your bike but leaving the key in the lock. I suspect submitter is looking just to prevent casual piracy - get those who aren't going to go to Pirate Bay to pay for the product - which is tough to do without keeping some track of the number of installs per key. I personally have no problem with a one-time online activation (with a reasonable grace period), but I understand a lot of people aren't. You could just as easily validate the key before allowing a software update - perhaps a "Validate Online" prompt during install extolling the benefits of your future updates, access to user forums, etc.

      The point here isn't to harass the people installing it on two or three machines - but to find out when a key has been compromised (ie: hundreds of installs). At that point it's up to submitter if he wants to disable the key or simply use it for tracking. Either way, you don't want to demonize the customer - offer them a new key (via email to the original registered address or some similar means).

      Lastly (or firstly and foremostly) - accept that your product *will* be pirated. Accept that it's likely the majority of installations will be pirated. You can't let this get to you - after all, the more people use your software (even pirated), the more exposure you'll have and the more real sales you'll get. You know your software sucks if nobody wants to pirate it. When it comes down to it, if you have a good product which is convenient enough to buy legally, you'll get most of your potential customers to pay for it.

      --
      +1 Disagree
    4. Re:Don't even try by pclminion · · Score: 3, Interesting

      The purpose of the serial, in my mind, is not to prevent piracy but to identify the customer for purposes of support, enabling feature sets, etc. Basically, to register the product.

      As a legitimate user, I *like* seeing my name show up in the "About this software" dialog box, along with information about the particular set of features I have purchased, info on how long my support contract is valid for, etc. I am not at all annoyed by it.

  6. Advice from a service technician by Anonymous Coward · · Score: 5, Insightful

    Whatever you do, man, make it easy for people doing reinstalls to preserve the install key. A lot of times we redo a computer for a customer and we can't put back some software because there's no way to get the key. Something like an online system where you enter your e-mail address or something to re-register could be nice in those cases, assuming the worst case that whatever stored the registration was deleted.

    Don't require online connectivity to run once registered though, that's just asking for trouble.

  7. No need to go overboard by mattventura · · Score: 4, Insightful

    You can divide people into 3 categories: those that WILL buy it, even if they could pirate it, those that might pirate it or might buy it, and those that will not use it at all if they can't pirate it. The second group of people is going to be the only ones that you might convert from pirates to customers by imposing DRM and that group might be quite small. Don't screw over the first group with overintrusive DRM.

    1. Re:No need to go overboard by Immerman · · Score: 5, Insightful

      Well, since after decades of trying nobody has ever managed to do more than delay the pirates for more than a few months I think groups 2 and 3 can be assumed to be permanent characteristics. And I seriously doubt your 1% figure, unless you're talking so far back that people didn't really think of software so much as the product as the reason people bought your hardware. Certainly in the late 80s I remember piracy being pretty rampant - software, music tapes, VHS, you name it. It just wasn't the sort of thing you would notice unless you actually saw somebody making a copy. It's more convenient now that you can copy stuff from people you've never met, but I think the bigger change is just that now the content creators can watch it happening.

      And frankly group 3 is almost irrelevant. It doesn't matter if they're responsible for 99.99% of the copies in existence, nothing you do will make them buy it, so any attempt to stop them from copying is 100% wasted effort. In fact it probably *reduces* your sales because sometimes people from group 1 or 2 will learn about it through them and then pay you. So in a rational world the goal is then:
      1) Don't seriously inconvenience goup 1 - these people are your bread and butter, you should be doing everything you can to make them happy.
      2) Do everything you can to convince group 2 that they should pay rather than pirate. Just keep in mind that you're competing against your own product stripped of all copy protection, so more secure and annoying copy protection actually works against you. Possible strategies include leveraging guilt and/or minor inconvenience during install (serial numbers, please don't copy screens, etc), or providing incentives for legitimate customers. Major or ongoing inconveniences just provide large-scale pirates incentive to strip out your copy protection in exchange for some geek cred, while providing potential customer incentive to choose the pirated version over the legitimate one. Moreover a poorly or maliciously implemented copy protection bypass can compromise the integrity and stability of your software in ways that aren't obviously due to the bypass, damaging your brand image.

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
  8. Re:Sigh by longk · · Score: 3

    Enlighten us. How should this indie developer release his $5 app the right way?

  9. Don't by nitehawk214 · · Score: 5, Insightful

    Seriously. Don't. If your program is any good, people will pirate it. Actually even if your program is terrible people will pirate it, just because they can. And they can, no matter what steps you take. However people are vastly more likely to give money to a indie developer. Pirates can be classified people that are either compulsive/hoarder pirates and wouldn't pay for it anyhow, genuinely need your program but cannot afford it, and people that will pay for it after a "trial run" when the realize you are an indie developer and your program is reasonably priced.

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
    1. Re:Don't by neminem · · Score: 3, Insightful

      But all it takes is one determined person to put it up on the internet, and it'll spread immediately to all the other, lazier people. The only surefire way to avoid anyone pirating your software is to be so darn indie that nobody has heard of your software, and thus, nobody has heard of it to decide it would be fun to crack.

      Going with the huge numbers of other people who say: a little bit of DRM (like a one-time key check, or looking something up in the manual or something) is infinitely better than none, but a lot of DRM (like phoning home randomly all the time, or analyzing the system's memory every time anything does anything, or anything that might break for legitimate users or force them to jump through a bunch of hoops to validate) is infinitely worse, and will drive people to piracy who might otherwise have paid, while not inconveniencing the serial pirates at all, because they would've pirated it anyway.

  10. One-time online activation. by kimgkimg · · Score: 4, Interesting

    One-time online activation seems to work pretty well and as an end-user I find this the least objectionable. Issue a unique code to the user and have them enter that into an online form and give them an activation code. Make sure the user can find this unique code/activation again if at some point in time they need to reinstall the product and limit the number of re-installs allowed to some reasonable number.

    1. Re:One-time online activation. by DMUTPeregrine · · Score: 3, Interesting

      Make sure the "reasonable number" is unreasonably large if you must limit reinstalls. If the software can only be installed 5 times I probably won't buy it, if it can be installed 128 times I'd have much less of an issue with it. It's a small enough number that it won't be a significant source of piracy (someone will take the effort to crack the activation) and large enough that few people (if any) will run into it in normal use.

      Also tie the activation to updates. Make it so that the legitimate purchasers get something the pirates don't in exchange for their money.

      --
      Not a sentence!
  11. KISS by niado · · Score: 4, Insightful

    The simpler the better. My philosophy on this is that anyone with a moderate amount of determination will pirate your software. This is unlikely to heavily impact your bottom line, and (especially from an indie standpoint) you might not be able to afford the time, energy, and money required to implement a draconian DRM method anyway. Just use serial numbers or something equally mundane and then don't worry about anything beyond that, because you literally can't prevent determined piracy.

    1. Re:KISS by Chuckstar · · Score: 3, Interesting

      I agree. Have just enough a hurdle that the honest-but-lazy user doesn't just keep saying to himself "I'll just pay for it later".

      Full disclosure: I've been that honest-but-lazy guy who kept meaning to pay for shareware and then never got around to it (even though I really meant to and wasn't really trying to avoid it).

  12. Grapeshot as they board? by BenJeremy · · Score: 4, Interesting

    Shiver their timbers.

    Seriously though... you will get a variety of answers here on Slashdot, ranging from "open source it and give it all away" to "put in ads and give it away". Charging for things seems to be a sin to some slashdotters.

    I think a CD key, for PC games, strikes a reasonable balance, so long as you have some traceability (online activation is nice). Have you considered Steamworks? You'd have a distribution platform (though it wouldn't limit where you could sell it), and a proven, relatively non-intrusive DRM strategy.

    Of course, Steamworks games get cracked, but you can never really stop determined crackers or pirates. All you want to do is encourage legit buyers to remain legit buyers. Steam is a pretty decent ecosystem for developers and gamers.

  13. Think of your paying customers foremost by Gaygirlie · · Score: 5, Insightful

    You have seemingly already decided that you're going to implement DRM, so the next question you should ask yourself is: "How much am I willing to inconvenience my paying customers?" Also in similar vein is the question: "How much time am I willing to spend on a protection scheme that will be circumvented anyways?" The problem with DRM is that it doesn't stop dedicated people at all, it merely stops the "let me borrow the CD and I'll install it, too" - crowd, nothing else, and therefore it's waste of both your and your customers' resources to use much time or effort on it.

    A simple install-time-only online activation is probably the best of both worlds as long as you can ensure that your activation servers are always accessible. Anything else is just a losing game.

  14. Price it reasonably by Todd+Knarr · · Score: 5, Insightful

    That's probably the easiest way to deter piracy: price it reasonably for it's job. Most people would rather get it legitimately than pirate it. Make it easy to download without going to shady download sites like CNet (I say shady because there's no way of telling where what they're hosting came from or who put it there, and I do not trust software where I can't trace it's provenance). Hosting downloads from your own domain will help, and leads into the next item: mark each copy you sell. Encode a serial number and buyer identity into each copy, making each one unique to the buyer. Make it clear when they buy that the copy's been stamped with their identity, and do the same on the initial splash screen if any and in the About dialog. This won't be seen by most people as anything particularly objectionable in itself, at the same time it'll make them skittish about just handing it out willy-nilly knowing that if someone they give it to uploads it to a torrent site or something it'll be them clearly identified as the source. It won't stop the hard-code pirates, but then very little will. It won't stop people from installing an extra copy for family. But it should be enough to convince the majority of people to tell their friends to just shell out the $15 for their own copy.

    1. Re:Price it reasonably by PeterM+from+Berkeley · · Score: 3, Interesting

      Of everything I've read, I thnk yours is the most reasonable idea. Just stamp it with the identity of who you sold it to. Brilliant.

      "This copy licensed to....".

      It's easily defeated, but as people said, someone determined will defeat anything you come up with.

      Since I don't have mod points, this is what you get!

      --PM

  15. ! deterrent by Spazmania · · Score: 3, Insightful

    Deterrent is the wrong goal. Give up on the folks who choose to steal it. They aren't worth your time or concern. Worry about making it both easy and encouraging for the folks who are inclined to pay you to do so.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  16. Don't try to deter piracy by Kethinov · · Score: 4, Insightful

    Trying to deter piracy with DRM is a losing battle. If people don't want to pay you, they won't pay. The trick is to get them to want to pay you.

    The first step is to learn the art of asking: http://www.ted.com/talks/amanda_palmer_the_art_of_asking.html

    Ask for money, don't demand it. Let them pay you whatever they think is reasonable, but communicate how much you want ($5 in this case) as a default.

    And for all those freeloaders who decide not to pay you, and there will be plenty, show them some ads to recoup the cost. Better they see your ads than piratebay's.

    --
    You're right, I wouldn't steal a car. But if it were possible, I sure as hell would download one!
    1. Re:Don't try to deter piracy by geminidomino · · Score: 3, Insightful

      That might have been true before advertisers put themselves on the same operating level as malware.

      Might have been, but I doubt it.

    2. Re:Don't try to deter piracy by lurker1997 · · Score: 3, Interesting

      It bothers me a bit to see you propose the idea of asking people to pay what is reasonable, and then calling them freeloaders if they don't pay. Maybe it actually wasn't worth anything to them. In the case of the submitter, the application was something to do with graphic design. It's easy to imagine someone downloading a copy of this program if it were offered "by donation", playing with it for a bit, and abandoning it never having used it for any real commercial or hobby purpose. It is worth nothing to them, like much of the internet, they had a look at it because it was there.

      If you walk by a street performer and don't pay them, are you a freeloader? What if you look at them for a minute and walk on? I would say no, you might look at them because they were there, but you didn't ask them to come there.

      Asking people to pay what they want is a lot like being a street performer. You are offering something, but essentially appealing to people's sense of charity to try and get paid, rather than providing goods or services in exchange for money. It devalues the work you are doing (necessarily because people can legally get what you are offering for free) and it's hard to see this as a viable business model in most cases

  17. Don't under estimate shaming by geekoid · · Score: 4, Interesting

    I worked on a tool to be used by consultants. These people have very sticky fingers. Are issue was how to we prevent consultants taking the software to another firm?

    We compiled a build for each customer with there logo inserted into various places. So when you run a report, no matter what there user entered, the embedded logo would appear on the reports.
    Going to another accounting firm, and then generating reports for your boss with your previous companies logo on it tend to get you frowned upon.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  18. Make it easier to buy by Darkness404 · · Score: 3, Insightful

    The answer is to make it easier to buy your product then it is to pirate it.

    Price it right, make sure ANYONE can download it (in other words, make sure you have a way of getting money from someone in the US and UK just as easily as you've got a way from a guy in China or India to download your game) and make it easy to find where you can buy it.

    If someone really wants to pirate your software, they will. But make sure that the pirated version isn't a superior version to what you offer.

    But above all else, you want users, its a whole lot better to be known for a game that everyone's heard of and played and 75% of the people didn't buy then it is to be the creator of a game that no one's heard of and played but the few users who did play the game bought it.

    --
    Taxation is legalized theft, no more, no less.
  19. Read This by rudy_wayne · · Score: 3, Informative

    Read this. Memorize it. It tells you everything you need to know as a developer:

    http://tommyrefenes.tumblr.com/post/45684087997/apathy-and-refunds-are-more-dangerous-than-piracy

    1. Re:Read This by wonkey_monkey · · Score: 4, Funny

      Read this. Memorize it.

      I did, but now I've forgotten C++. Thanks a bunch!

      --
      systemd is Roko's Basilisk.
  20. Piracy can strengthen the brand by Anonymous Coward · · Score: 4, Interesting

    I started and worked on a very successful iOS game with over 9,000,000 users (and now over 1m on Android).. In the earlier days, we saw that it's piracy was 3 to 1 (so there were at the time about 3m users per 1m paid).

    We don't care. Every user who doesn't pay but enjoys the game spreads word about the game, which will work well for the sequel or for branded toys. Those who don't pay for it probably weren't going to, at least they've now heard of your brand and your game. Free marketing.

  21. Obscurity by fwarren · · Score: 4, Insightful

    Piracy is a tax on being popular.

    The less popular you are, the less of a tax it is.

    It costs goodwill, it cost money, and it is for the most part not effective. What is effictive is to find a way to make money even with pircacy out there.

    Read some posts at TechDirt. Find out if freeimum, or posting a comment or a product at thepiratebay or something else would work for your business.

    There was an article about a director who made $60,000 last year on a project and spent $30,000 if it trying to deter piracy. She could have doubled her money by doing nothing. That was a case study. http://dilbert.com/strips/comic/1999-12-29/

    --
    vi + /etc over regedit any day of the week.
  22. Too obtrusive by pavon · · Score: 3, Interesting

    I have no problem paying for software that is useful, especially if it reasonably priced. However, there have been many times where I needed to get a job done and was hindered in doing so because of the hoops I had to jump through to get software activated on an offline machine, or didn't have access to the serial number at the time. This has burned me enough that I won't buy any software that requires activation, and am even leery of simple serial number activation.

    Nearly all the software on pirate sites has been cracked, so the pirate's version won't require the user to enter a serial number or be calling home on the first install anyway. Even these simple anti-piracy methods hurt the user and not the pirate.

  23. Re:Sigh by lgw · · Score: 5, Insightful

    I like simple one-time online activation (if it's an open download), or put it up on app stores with a price but no other measures. It's not much of a barrier to a pirate, any more than the lock on my front door is a barrier to a thief, but it sends a clear message: "this isn't free software, you're supposed to pay for this". That message will deter almost anyone who can be deterred.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  24. Seed it yourself by meta-monkey · · Score: 3, Interesting

    Can you create an ad supported version? If so, create an ad supported version and seed it yourself.

    The people who want to buy the software will come to your site and buy it from you (requires serial #). Those who go to your site and say "$5? F that noise, yo!" (because that's how pirates talk) will go start looking for torrents. Seed the ad-supported version yourself. Make sure it's the most popular torrent for your software. Anybody who decides they'd rather torrent it than pay you gets the ad-supported version and is probably none the wiser that the paid version doesn't have ads.

    Now you get $5-$10 out of the people who were willing to pay for it, and you make some off the ads for the people who weren't.

    Yes, somebody can crack the no-ads paid version and torrent that. Every month or so, look for it. When that happens, either try to out-seed them (so people who don't know the difference download your version) or just release a "patch" and seed that. So the currently cracked version might be 1.5, but you just released 1.6 ("now with more graphicals and improved performances!") and most people are going to download the most recent version. Now you're ahead until they crack 1.6.

    Alternatively, you could also seed it yourself with a message that says "hey buddy, I know you got this off Pirate Bay, but come on, it's $5 and here's a picture of my starving kids. Help me out!" and a link to buy the full version.

    --
    We don't have a state-run media we have a media-run state.
  25. Piracy is Free Marketing by Jah-Wren+Ryel · · Score: 3, Insightful

    In business there is no good or evil, there is only money. Don't let yourself fall into the ideology trap that pirates are evil - that's a question for a philosophy class in college or a million arguments on the internet - but all that should matter to you as a businessman is the money.

    The best possible case of DRM is to convert potential pirates into customers. There are lots of not-so-great cases, they generally involve pissing off your paying customers, something that should be avoided at all costs because paying customers who are unhappy will tell the world how unhappy your product has made them and that will discourage any new paying customers.

    So, I am going to suggest that instead of DRM to punish pirates you should look for ways to identify pirates and upsell to them. Give them the carrot instead of the stick, that way you never have to worry about accidentally hitting a paying customer with the stick - worse case is just more carrots.

    One option is to let the software run just fine without a serial number, but after some number of launches without a serial number, like maybe 20, start putting up a click-through start-up screen. On that screen you can nicely point out that they've used the software 20 times now and it is only fair that since they are getting so much value out of it, they should pay for it - remember you catch more flies with honey than vinegar. Then give the user three choices:

    1) Enter their serial number
    2) Go to a web page where they can buy a serial number
    3) Click through and use the software anyway

    If someone is inclined to pay this helps them to remember, if they are already a paying customer and they lost their serial number or whatever, this won't stop them from getting their work done and so won't piss them off and if they are a hardcore pirate who will never pay, you still haven't lost anything anyway.

    --
    When information is power, privacy is freedom.
  26. The key is to give me MORE. Not LESS by Opportunist · · Score: 3, Insightful

    It's something big studios don't get, but some indies got that one right, so you might want to try it too.

    What's the big reason people buy "normal" goods in stores instead of, say, from the back of trucks for a fraction of the price? I mean, you can get a big screen TV for a few 100 instead of a few 1000 bucks, no really. Here it is, don't ask, don't tell. Don't want it? Gee, why could that be?

    Could it be the warranty you get when you buy it in a store? Or the additional goodies that come with it?

    Make sure that people who buy your software get MORE out of it than just the software they'd also get from a pirated copy. When they register their copy, how about gaining access to you for support? Certainly not full time and 24/7, but even knowing that I COULD mail you my problems is a big psychological issue. How about offering that you will hear their suggestions for future versions and the promise of some updates free/cheap when they are implemented? Having the ear of the maker of a tool I enjoy using and feeling my input is valued sure is worth 5 or 10 bucks. And you get free suggestions for improvement of handling for free, too.

    One of the biggest assets for you (and it's amazing how many ignore this): If that tool allows the creation of plugins, offer a place where people can showcase and offer their plugins, or if it is used to create something these people could probably want to publish, offer them a place to do that. Of course only if they are paying customers. Webspace is cheap or even free, what's problematic is to get people to VISIT yours, and you having a customer base for this tool means that you're a hub for your customers when they are trying to reach like minded people.

    YOU are the center of this tool, wherever you make this tool point everyone using this tool WILL know, whether they like to or not.

    Even the ones that didn't pay for it.

    This makes whatever webspace you offer (even if it's merely some sort of linking hub) critical for anyone who wants to publish what this tool creates, unless he has a better platform. It is very unlikely that they do, though.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.