What's the Right Amount of Copy Protection? 561
WPIDalamar writes "I'm currently working on a piece of commercial software that will be available through a download and will use a license key to activate it. The software is aimed at helping people schedule projects and will be targeted mostly to corporate users. With the recent Windows Vista black screen of death, it got me thinking about what sort of measures I should go through to prevent unauthorized users from using the software. While I don't wish to burden legitimate users, I do want to prevent most piracy. How much copy protection is appropriate? Is it acceptable for the software to phone home? If so, what data is appropriate to report on? The license key? Software version? What about a unique installation ID? Should I disable license keys for small amounts of piracy, like when there's 3 active installations of the software? What about widespread piracy where we detect dozens or hundreds of uses of the same license key? Would a simple message stating the software may be pirated with instructions on how to purchase a valid license be sufficient?"
None at all (Score:5, Insightful)
This may not be what you want to hear but any copy-protection will burden legitimate users. Pirates will remove the copy protection from your software and the unprotected version they create will be more usable than the version you offer.
It doesn't just hurt your customers, it hurts you too. The time you waste trying to create some copy-protection and losing the arms race with the pirates (which you will lose) is time you could have spent making your product better.
The way to beat the pirates is to provide a better service to your customers than they do. The commonly advocated business model is to provide support on the software to paying users - and since your target is business customers this makes a lot of sense.
Businesses, by the way, tend not to pirate on the scale of the private user. Piracy is a big risk to business because businesses have very deep pockets.
In short, the answer is to have no copy protection at all and trust your customers. Trusting the customer is hard but they'll appreciate it.
Simon
What's the Right Amount of Copy Protection? (Score:1, Insightful)
Give it away for free (Score:1, Insightful)
Second, you don't have to charge for the software or limit the distribution of the software in any way. You wrote the software, so you have the most/best knowledge of it. You can make tons of money on service contracts.
--
All I need to know about life I learned on
Copy Protection is a Myth (Score:2, Insightful)
Don't phone home (Score:5, Insightful)
To use your product a pirate would either have to settle for an old version, or constantly get a new hacked version and new hacked keys. It's enough to eventually get them to be legal.
Remember if you make your product hard to use with lots of negatives like phoning home, them you'll learn the lessons the Record companies are learning. Nobody is bigger than their customers.
Phoning home (Score:1, Insightful)
Phoning home is _not_ an option (Score:5, Insightful)
"Phoning home" should never be done. Keep in mind that internet connection isn't flawless, sometimes it doesn't work for one reason or another, and would you really want to get a bunch of angry customers mailing/calling you when the software won't work/install because their internet connections went down for a while.
On top of that, if your main user base is business users, most of them will sit in a protected environment which probably won't let your program phone home even if it tries.
This is just an aside from the real problem with programs "phoning home", though. Integrity and privacy should not be taken ligthly.
Re:What's the Right Amount of Copy Protection? (Score:5, Insightful)
Re:None at all (Score:5, Insightful)
In the work place, most people might enter a fake installation code for example, but won't go as far as to apply a crack. If the software requires you to apply a crack to use it, then I think most people at work will get their company to buy it. If it just installs anyway with just a small nag screen or something, then most people won't buy it.
Use nothing, or hardware (Score:2, Insightful)
Be open about the phoning home. Noone likes a closed source software that phones home for no reason. Don't hassle customers, even the ones who install a copy that is known to be pirated. You can't really tell who's the legitimate customer and who is not.
If you discover that there is widespread piracy of your product, and you want to do something about it, then make the leap to hardware protection. Bear in mind that dongles are quite a hassle for the customer. But at least the hassle is effective. Other means of protection means a hassle for paying customers, and just a fun challenge for pirates.
Re:None at all (Score:5, Insightful)
Good points, but I can not completely agree with you. I personally never found it much of a burden to enter a license key. Even a one-time online activation is OK IMHO as long as it's painless. And I can understand why software companies put these measures in, not to stop pirating at all, but to keep the honest people honest.
I know that piracy is not so much of a problem when it comes to businesses, but consider the following: A company purchased 50 user licenses of a product, but the product has no copy protection whatsoever. Probably the people in charge won't even notice if more than 50 employees install the software - at least not in the companies I have worked so far. OTOH, if this software would have told the 51st user "Your company has no more licenses for you to install the software. You can use this program for another 30 days, but please contact your system admistrators to buy a license for you", the company probably will buy another 20 licenses.
So, IMHO, one-time activation is OK if it doesn't get too much in my way, but phoning home at every start or some annoying procedure like the Vista phone activation (I went through that once - took me more than 1.5 hours to activate a copy of Vista) is not OK.
Re:What's the Right Amount of Copy Protection? (Score:5, Insightful)
You will not get a sensible answer here on slashdot, as this post above me clearly illustrates. there are far too many people in the "stick it to the man!, lets torrent everything!, all software should be free!, information wants to be free! MAFIAAAAA! is dinner ready yet mom?" crowd on here.
Yes, copy protection will annoy a small fraction of legit customers.
Tough.
That's the price of doing business. Do security guards irritate people in shops? does having to get a security tag taken off clothes at the till slow down the sale and irritate the end user? We get sued to a small amount of hassle in return for businesses preventing casual theft in the real world, the software world should be no different. I'd like to see most of the anti-DRM people on here try to extend your theories to the meatspace world. Try leaving the right money on the counter and walking out of a store next time you go shopping, after all, that guy at the till is just an irritating bit of theft prevention in this case isn't he?
As for this lunacy that you should make it free and charge for support, that gives you zero incentive to ship a bug-free product, and makes you a wage slave again rather than a creator of new products.
Unrealistic expectations (Score:5, Insightful)
This will not happen. Cracks for very heavy-handed measures will be available to exactly the same people in exactly the same ways as a cracks for a simple serial-number check on installation, ergo a simple serial-check will get you 99.9% effectiveness of any other software system.
The only things I have seen that seem to work are the hardware usb-dongles; the earlier ones were cracked but the new versions seem to be quite safe. (but they cause a number of other issues and don't qualify as non-intrusive).
Re:None at all (Score:5, Insightful)
I agree, you just have to see the hundreds of computers I have seen in several different government offices that use WinZip, they invariably show the startup nag screen telling you how many thousands of files have you compressed and asking you to buy it... of course, you just have to click the continue button and keep using it..
Know thy customer (Score:3, Insightful)
You're writing project management software, so we're probably talking 150-200+ employees. Companies of this size are going to have some sort of security policy in this day and age, and potentially (depending on your market segments) may be on closed (meaning no or extremely limited external internet access) networks.
There's a good chance at the low end of your customer base that they will have some variety of managed software push in place where IT pushes down software and licenses to the workstation users, and it's almost a certainty at the high end of project management using companies (my primary contract fits into this category, and uses centrally managed software).
I'd therefore recommend a model that allows for central licensing, preferably with no need for IT management to install a license server (lower barrier to entry for your application) and does not need to phone home. I'd suggest a license key mechanism with an optional ability for volume licensees to share a single license database via a network connection.
Will it be hacked? Yep, naturally (but you sound like you're clued enough to have worked that out without my help) but you're trying to keep honest people honest here. Let's face it, do you really care if you have one or two users install it for free at home to hone their skills if you just sold 500 licenses to the multinational who employs them?
Large organizations have busy IT depts who appreciate it when software developers make their lives easier. Having an IT dept pushing your software over your competitors can only be perceived as a good thing, so take advantage of it! IT can put up very effective roadblocks if they perceive you as making their life more difficult and impeding things such as system imaging. The last thing you want to be is branded "incompatible with our environment" by your customer's IT dept.
Cheers,
Minupla
Re:None at all (Score:5, Insightful)
Any system that requires an active deactivation through a tool on the machines where it is installed is badly designed, because the host might not be available for deactivation. If a PC dies, and is replaced with a new one, you can't deactivate the old installation. Similarly if a PC is restored to a point before the installation occured -- then it's impossible to deactivate. (This is part of what bit the Biosphere users -- some people installed the software, ran into problems, and rolled back to pre-install, and tried again.)
Plus, then you have a potential loophole in that people can install on one machine, back it up, deactivate, install it on a second machine, et cetera, and then restore all the backups, and you have a park full of activated copies.
The only sensible approach that I can see for large scale installations is to count concurrent usage through a network server or appliance, and bill according to peak usage. Anything else is going to create a headache for the admins who have to deal with broken machines and reinstalls on a daily basis, and can't reasonably be expected to hang over people's shoulders to count who is using software either.
Re:None at all (Score:5, Insightful)
Even though you say that you have never had any problems with it, I would absolutely HATE using anything of the kind, and would actively avoid using any piece of software that uses that kind of activation.
Speaking as a very successful vendor: None. (Score:5, Insightful)
A much better question is, how can we maximize the rewards to our paying customers for providing us with the income we need to pursue our chosen path of software development?
The answers are:
You know the people who will insist on paying you when you mom their lawn, carry groceries, etc.? Those are the socialized, economically stable majority. They'll pay for good stuff as long as you price it sensibly and shovel value at them like it is going out of style (it actually seems to be in some cases, so use that instead of being part of it.) There is simply no need to go to war with everyone else - be a leg up instead of an obstacle to overcome.
I've done extremely well using this approach, as have my loyal employees. The only thing I would raise a flag about is you actually have to have something worthwhile; if you hand customers (and non-customers) bloated, cpu-hogging bugware, no amount of good will can counter the negative effects of the software itself.
Re:None at all (Score:3, Insightful)
Having worked on DB2 internally, even *I* needed to get help debugging error messages, and sometimes even the IBM veterans didn't even know what they meant.
This is what happens when you only have 16 error codes that read like "network failure" or "database failure". Ok I'm exaggerating, but in all honesty, most of their error codes map to at least a half-dozen DISTINCT and often MUTUALLY EXCLUSIVE problems.
Tom
Re:Not strictly true (Score:5, Insightful)
So if the customers want the product for free, you work for nothing?
It isn't that simple. Customers want unreasonable things. I want every pizza I ordered to be free, delivered instantly by a dozen naked supermodels. But just because my local pizza company will not provide such a service does not mean a new company will materialize to do so.
throwing out glib comments you read on some web forum does not equate to actual business experience. You cannot pay employees or bills with glib expressions, only profits earned from PAYING customers.
Re:Speaking as a very successful vendor: None. (Score:3, Insightful)
How about you price it based on it's value, not the size of the market? Just because the market is small, that does not make your software more valuable. Just because the market is small, it doesn't mean you should try to gouge your customers. It only takes one good competitor to destroy you. I would say, "Price software reasonably and competitively regardless of market size". Get rich by making and selling a good product to lots of people, not by trying to gouge in a small market. If the market is too small to be profitable with your product, you need to rethink your business strategy and expand into other markets.
Re:Not strictly true (Score:3, Insightful)
I would also like a pizza delivered by a dozen naked supermodels (if only to make my neighbor green with envy), but I'd expect to pay quite a lot for that service.
Speaking as an IT Director (Score:5, Insightful)
From the 3D software side (Score:2, Insightful)
Re:None at all (Score:5, Insightful)
Maybe he doesn't, but I do. And I completely agree with him. Installing a background task just to deal with license keys is bad juju. You recommend Elicense. How many other services are there? This isn't the only program I'm likely to install. How many different license key monitors do you think I want running on my machines? How are they all going to interact with each other?
Re:None at all (Score:3, Insightful)
Also remember, I think people tend to pay more willingly for obscure or specialized software. I don't buy WinZip (or WinRar) because I find them to be basic utilities. If I didn't use WinZip, I could just as easily use some other compression utility and be just as happy. However, I'll drop $25 for a well-built, quality SQL browser/editor. Why? It's more obscure, and more likely written by someone just like me.
If you write your program well, it performs well, and is targeted to corporate users, I don't think you'll run into much piracy that would've otherwise been sales. If you want it deployed in a corporate environment, market it as such -- make it easy for IT to deploy, update, and validate serial numbers or whatever other protections you enable. With any big sale (more than a few licenses) it'd do you well to communicate regularly with the IT department that deployed it to make sure they have no issues, no major user complaints, etc. While it may take time to make those calls, you can find great ideas from users that use it every day and don't think like a programmer.
Re:None at all (Score:3, Insightful)
One of the things I will not do, and it's something that causes me to no longer consider registering or paying for a piece of software, is if it has one of the complicated 'validation' schemes like you describe. I will NOT run a piece of software where I have to pass numbers back and forth from a live server somewhere to generate a 'key' and 'validate' the software. When I see that's how a piece of software works I drop it and move on to consider other packages. I've did so in several instances and it's always turned into money sunk down a hole that was a waste.
Don't tie my use of your software to your ability to stay in business. I can and will send you money for to register a piece of software. After doing so, I do not want to lose use of it because you happened to go out of business or changed your business plan.
When Microsoft started using this scheme for 'validating' software is when I decided Microsoft had ceased being an entity I wanted to do business with.
elicense marketing sucks (Score:5, Insightful)
So how do i get the creepy feeling that this guy isn't entirely honest, but actually an elicense marketing stooge?
The install is painless (it installs a license control service that in many years of using I've never had any sort of issue with), and it stops a LOT of piracy.
Err, yes. I have original software too, but somehow the companies failed to send me regular, detailed newsletters about the LOTS of piracy they stopped with their particiular brand of DRM.
It IS possible to "unwrap" the executable, but of all the Elicense protected software I've used, I've only ever seen one game cracked. (Ironically it is the most obscure of the ones I own.)
Yeah, shure, I too make regular searches on the web for cracked versions of the originals i own, especially when the DRM is soooo good that i dont't want a no-cd crack.
And by the way, what are the multiple(!) games that haven't been cracked? I would really like to buy them, if only for rarity value. After all, in the whole history of mankind they are likley to be the only pieces of software ever that weren't cracked....
I am vehemently opposed to DRM, copy protection, call it what you will, but I find Elicense extremely inoffensive due to it's ease of use.
Yeah, i'm opposed to DRM but happy to install extra software on my computer that monitors me. But i am vehemently against everything else DRM-related, trust me.
DRM should not impact legitimate consumers, and this one is the only one I've come across that has never caused me any sort of negative experience.
Software where you have to enter a code ONCE is really a pain in the ass, believe me. But elicense is soooo easy to use, i have to mention it five times. Please buy our product.
DRM-Companies, i beg you, if you let your marketing division run loose on slashdot, at least stop them from taking drugs. Thanks!
Re:And the is answer is none. (Score:3, Insightful)
Re:None at all (Score:5, Insightful)
Re:None at all (Score:3, Insightful)
One thing to note about Paradox is that they make complex strategy games. Their entire 'copy protection' seems to evolve around providing an excellent printed manual.
What kind of 'copy protection' to use depends in part on what kind of software it is. Ideally, you want to give the paying customer some sort of advantage over those using the cracked/pirated version. That can range from a cd-key that enable online multiplayer in games to a good printed manual to access to support/community forums on the manufacturers website.
Product activation is not appropriate for buisness (Score:4, Insightful)
Re:elicense marketing sucks (Score:4, Insightful)
Re:None at all (Score:3, Insightful)
>shareware' that has folders with all the shareware installers and the cd keys, license files, etc. that are collected with them.
'
1. I've outlived more than a couple of developers, both in the sense that individuals died and that companies vanished. I may or may not ever use their software again, but that's my decision not theirs.
2. I've used software in emulation of 20+ year old hardware, and not just for games.
I will buy software that gives me a license key which I am responsible for keeping.
I will not buy software that's tied to some specific device (e.g., Synchrosoft or ILok dongle, don't even assume "USB" or current architecture), nor will I buy anything that has to "call home" (will you still be answering in 20 years? I'm not willing to take the chance that you'll answer *tomorrow*.)
Re:None at all (Score:5, Insightful)
Working in a larger environment, the ONLY software we allow ANY kind of phone-home / activation shenanigans is from large vendors that have a proven business record - you know they will be around tomorrow / 3 years from now. Not thrilled about it in any case, but we will deal.
Any smaller vendor is required to put source code in escrow for any such eventuality, and none of that activation crap. We need to be able to move software from one machine to another without someone's blessing in order to handle EOL replacement, swapping out failing hardware, etc.
Re:Wheee, my first slashdot article! (Score:2, Insightful)
What might be appropriate is a simple email once every six months thanking each customer for their purchase of X number of licenses, and asking them to please get in touch if they have any questions at all. Make sure to prominently display the emails and phone numbers for sales and support. If you suspect someone might be pirating your software in a big way, include a special one-time offer to expand their licenses and/or support for a very good price. But don't suggest that they're pirating; it will be viewed as insulting and invasive even if it's true.
What type of corporate software do you mean? (Score:2, Insightful)
work on employee PCs it definitely won't work on servers that need to be able to reboot by themselves (and if the nag screen does not halt booting of the program than you have not accomplished anything as in many cases no-one will see it). In the same way you *MAY* get away with phone home software on a PC, but it definitely would not work on a server - especially one that may not have any direct internet access.
I would agree with previous posters that a one time installation code would be acceptable, and even perhaps one that expires over time (though that would certainly be annoying) as long as the process to upgrade is easily scriptable.
For employee PCs you might be able to get away with a call-in-on-boot type scheme as long as it uses standard protocols like http or ftp. But I would certainly understand people balking at this sort of thing.
It depends on where your software is intended to be installed.
Re:None at all (Score:2, Insightful)
Ok, I'll bite.
I'm a programmer, I make my living writing applications for various companies, and I get paid pretty well to do it because I posses specialized knowledge. I should point out also that at this time I don't work for a "software" company, but I'm writing applications for internal use. Assuming copyright was abolished, this would effectively kill off the entire software industry. Without copyright you would need to recoup the entire cost of an application on its first sale, which in the case of anything major could run into the millions. Effectively this means the only software that would ever be developed would be business applications. Take something like Halo 3, expected by all concerned to be a run away success, and with a huge development budget backing it on the assumption it will easily recoup all the invested money. Without copyright no one would be willing to fund it, because no consumers would be able to afford it. What's that, you want a Halo 3, no problem, just find a way to pay Bungie 10 million dollars, and you'll be the first kid on your block with a copy. Of course, after that you could easily just hand it out to all your friends for free, or you could try to sell it to them for I don't know, maybe 2 million a copy, but odds are they would then either resell it or give it away cheaper than you. It would ultimately turn into a pyramid game, first person to pony up the cash takes the biggest hit, tries to recoup by reselling, but ultimately gets undercut and never recoups the loss. Pretty quickly the ability to sell any given piece of software for more than $0 becomes impossible. Oh yes, this sounds like an excellent system.
Going to a system without copyright would quickly destroy any motivation to provide works not directly beneficial to major corporations (who could afford their huge development costs), or that aren't simple hobbyist pieces. The only thing of value would be physical goods, returning us to an industrial civilization. Way to bring back sweatshops. As an added bonus, medical research would be pretty useless as well. No point researching a drug to cure cancer, you couldn't sell it for more than 10 cents ultimately, so why bother. You seem to forget that people are greedy, and without motivation they don't work. There must be at least a reasonable hope of profit (either in the traditional sense, or as some sort of personal gratification) before someone is willing to undertake the effort.
Re:None at all (Score:2, Insightful)
How about this scenario. Abolish "copyright law" as it stands. Allow companies to develow a REAL, EFFECTIVE DRM system. To take your laughable Halo 3
Abolishing copyright laws would kill off many companies. Many others would take their place. How about a company (companies?) to provide real-time DRM, authentication, etc.? This way, if it's yours you're guaranteed to have access to install and use it where ever you go. Internet connectivity is not universally available yet but... i'm also not going to solve copyright/DRM for the world in a
Basically copyright has managed to re-direct the task of protecting a companies work from the company itself to the court system. "Well your honor, yes we made a full version available to download but it specifically stated that you had to pay $50 up-front or $50,000 after 60 days. As such, we're requesting $50,000 in damanged plus legal fees plus $billions in penalty.
Or how about "our laughable drm depended on microsoft's autorun feature in windows so we're going to sue someone for posting in a forum that holding the shift key 'breaks' our DRM. It's breaking encryption/DRM and thus illegal to publish via the DMCA."
The thought that an idea or information can be illegal is...just beyond stupid if you ask me.
Copyright is useful to some...in some ways...sometimes. It also has many bad aspects and could be replaced.
Re:None at all (Score:4, Insightful)
Same -- knowledge is traded for money.
> Assuming copyright was abolished, this would effectively kill off the entire software industry.
Nonsense. Copyright is only a RECENT invention, and other industries where it costs ZERO to copy something, are still around.
People would still pay (gasp!) for software, because most are under the moral law of supporting the authors. (There are a few above it, and a few who think they are above it, but that has always been the case.)
The whole concept of "ownership" is based on a system of greed, because people can't treat others how they want to be treated.
> Going to a system without copyright would quickly destroy any motivation to provide works not directly beneficial to major corporations
Did you forget the fact that BEFORE copyright, people CREATED because they ENJOYED it? Famous works such as The Bible, we written not because of some corporation, but because people wanted to share a different outlook on how to live.
I see tons of open source programs created because a developer found it interesting. Heck, myself I work on one, precisely because I find it fun.
> As an added bonus, medical research would be pretty useless as well. No point researching a drug to cure cancer,
So now you are going to put a price on SAVING a human life?! Yay for capitalism! Screw the long-term thinking of doing things for the greater good, and focus on the short term solution of making a quick buck.
> You seem to forget that people are greedy, and without motivation they don't work.
You seem to forget that money is not the only motivation.
> There must be at least a reasonable hope of profit (either in the traditional sense, or as some sort of personal gratification) before someone is willing to undertake the effort.
Tell me, do you have any hobbies? And you do them for profit??
Someday, the human race will look back at copyright for what it was, a necessary step along the way from when people were focused on controlling their expressions and thinking they determined the "value". I have a dream where someday people will willingly share their creative expressions, and the value of that is not only thought in terms of financial gain, but also by the lasting value it creates in people's lives.
Laws are created BY people, and by the number of people sharing music, videos, etc, more people are ready to acknowledge copyright is an archaic hold-over from when physical things (let alone information) was a form of power; its time to stop being so greedy and short sighted, and look towards the long term where people enjoy sharing (positive) things with each others, and not just focused on what they can get from others.
Peace
Re:None at all (Score:2, Insightful)
It's time to find another way besides the prohibition against distribution. And no, you don't have to wait for the work to be completed before you get paid, so the analogy you put forth is incorrect. However applying my analogy to copyright would mean that I should receive a royalty payment for 75 years after I change your oil. I could retire after five years of work. I can dig that.
Re:None at all (Score:4, Insightful)
Activation sucks--Broderbund ripped off a paying customer.