Ask Slashdot: Copy Protection Advice For ~$10k Software? 635
An anonymous reader writes I'm part owner of a relatively small video editing software company. We're not yet profitable, and our stuff turned up on thePirateBay recently. Some of our potential paying customers are using it without paying, and some non-potential customers are using it without paying. Our copy protection isn't that tough to crack, and I'd rather see the developers working on the product than the DRM (I'm convinced any sufficiently desirable digital widget will get copied without authorization). Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000? I feel like that would reduce the incentive to crack the paid version, and legit businesses (In the US anyway but we're trying to sell everywhere) would generally pay and maybe we could identify some of the people using it to make money without paying us (and then sue the one with the biggest pockets). What would you do?"
Comment removed (Score:5, Insightful)
Re:"does some spying and reporting on you" (Score:5, Interesting)
To the already great questions above, I would also add:
How will you feel when your product is flagged by Anti-Virus companies as malicious, and what will the impact be to your reputation?
Re:"does some spying and reporting on you" (Score:4, Interesting)
How will you feel when your product is flagged by Anti-Virus companies as malicious, and what will the impact be to your reputation?
Why would it be flagged for malicious? A lot of software reports back, that's how you're notified of new updates. Doesn't your firewall tell you when your software attempts to connect to the company's server?
Re: (Score:3)
A lot of software does report back, but to quote op "that does some spying and reporting on you." That doesn't sound like its going to be a legitimate implementation of some minor reporting back to the parent company. Especially given his goal of then filing a lawsuit against the violators with "big pockets". Of course firewalls should be able to identify outbound connections, but the point isn't that the implementation is weak. The point is that its a bad idea from the start.
Re:"does some spying and reporting on you" (Score:4, Insightful)
I have another question to the anonymous devloper: Have you considered NOT being an asshole about it?
Yes, your software turned up on TPB. So has software from Microsoft, and from Adobe, and from Bethesda, and from... well pretty much every software company on the fucking planet. So your first job is to get over yourself and realize that all that has to happen is for someone to crack or strip out your copy protection once, and that's that, the DRM is meaningless and a wasted cost to you.
Now, have you considered building up brand loyalty instead? Reward your paying customers with support, treat them well, maybe give them access to beta or updates if they want. Focus on making your software the best you can, and making your customers feel like their investment in your software is worth it.
Now let's look at your NEXT proposal: Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000? I feel like that would reduce the incentive to crack the paid version - Yes, it would be insane. Anyone who doesn't want to be spied on is going to block the damn thing via firewall, or they'll crack the unpaid version and route all its traffic to 127.0.0.1 or dev/null.
Or this: Some of our potential paying customers are using it without paying - face it, if they're not paying now, you are either charging too much or they'll be just as happy with freely available alternatives that either cost less or are completely free-to-them.
, and some non-potential customers are using it without paying. - If they're not a potential customer, why do you give a rat's ass? Again, they'll just go to some other source or use some other free (to them, whether actually free or not) program.
Chances are, 90% of the software's functions that these people are using are duplicated already by Virtualdub (Free/Opensource) and Windows Live Movie Maker (Not open source but free to anyone with Windows). If you want to make sales, try not being an asshole, price your program appropriately, and treat your customers as customers with whom you want to build loyalty.
Oh, and by the way: a legit copy of Adobe Premiere Elements 10, which probably does everything your software does and then some, is available for somewhere between $70 and $130 online right now. $10,000 for your suite? No fucking way it's even close to that cost.
Re:"does some spying and reporting on you" (Score:5, Insightful)
Re:"does some spying and reporting on you" (Score:4, Insightful)
I'd add another one here: Don't DRM, join the BSA, and if you have evidence that one of your potential customers is pirating your software, send the BSA to audit them. (fake an employee leak if you have to.) Odds are if they're pirating your software they're pirating someone else's and as terrible as it sounds, they'd be getting what they deserve.
While I have fewer problems with pirating at a personal level, pirating for-profit tools deserves no pity, especially if they're not hurting for cash.
Re:"does some spying and reporting on you" (Score:5, Insightful)
This will be the least popular (in /. terms) answer to your question; but, it's actually the best one for your business as it avoids adding DRM (or a dongle) to your software but gives you a lever to enforce compliance.
Step 1: Join the BSA.
Step 2: When you detect illegal use of your software, report those firms to the BSA so that the BSA can perform an audit.
I would recommend that you ignore individual users who wouldn't normally be your customers; as, the BSA isn't going to audit them and for those users you are probably not financially out of pocket. That said, if you find that there are lots of individual rogue users, maybe that is indicating demand for a "lite" version of your application that costs 1/10th the full version and is accessible to non-commercial individuals.
Re:"does some spying and reporting on you" (Score:5, Insightful)
EXACTLY this. I'll probably get stoned for this, but the one Software I *rally* like license-wise is the Oracle Database.
Download everything you like, use everything you like for prototyping and self education, no DRM at all, but God help you legal-wise if you are found to use it in production unlicensed somewhere. Either you will get sued into oblivion, or you will get hung out to dry if there is some problem someday and you can't get support when your business data is in jeopardy.
The *legal* copy protection is the only model out there where the customer has less problems than the pirate. With any *technical* DRM the customer has more problems than the pirate.
Re: (Score:3, Insightful)
It must be nice on your planet. I mean, not having to make a profit and having fair minded customers.
Here on Earth, people will steal whatever they can get their hands on if they think they need it and it's relatively easy to do without consequence. Granted, some vendors are unusually proud of their software and a charge of $10,000 for it may be far more in value than anyone gets out of the software. These folks need to re-evaluate their price point. This is tricky, however. If your market size is small, sa
Re:"does some spying and reporting on you" (Score:5, Funny)
Have you ever done any video editing? You do realize that video editing is resource intensive? If you tried to run the software from a remote server it would be an absolute performance nightmare. You'd be famous for creating the slowest video editing software known to man.
I agree, however, that remote execution is the only way to prevent your software from getting cracked. Essentially the program never leaves the company servers. Crackers can't crack what they don't have. Another "solution" is to release software that is so bad or that does something so useless that no one will bother to crack it. Or there is always security through obscurity. Don't tell anyone about the software. Keep it a secret. If people don't know about the existence of the software they can't crack it.
Re: (Score:3)
If your market size is small, say 3000 users total, you may have to charge that much to pay development staff a decent wage and keep the lights on.
If your market size is that small, finding out if they're using your software without paying is pretty damn easy without having to resort to spyware and nonsense.
That's just the economics of software. Niche market software is always more expensive and has to be. Ultimately, customers should be able to decide if your software is worth that much. If they can get it
Re:"does some spying and reporting on you" (Score:5, Insightful)
Here on Earth, people will steal whatever they can get their hands on
People, somewhat, businesses, generally no. The question of whether to spend $10k on a license or to defend a possible lawsuit in the future with lawyer fees, damages, and the license they should have bought in the first place isn't even a question for most businesses. All it takes is one (ex-)employee with a grudge. Sure, there are exceptions -- companies run by idiots who are penny wise and pound foolish -- but they tend not to last very long anyway.
And $10k isn't an outrageous price for commercially used software at all. Our software is very uncomplicated and starts at about $3k, and we sell tens to hundreds of programs to individual companies. Why? Because it costs a lot more than that for someone to hire a competent developer with the technical knowledge necessary to write the software themselves. Even if they hire a developer on contract, they need someone to support it, and support can get expensive when you're not pooling your resources with other clients and getting "free" updates and bug fixes (built in to the cost of the software, really).
What the original poster *should* do is accept that the people who aren't paying for the software are almost certainly people who never would or could, but that these people are still providing a service, because they'll eventually take their knowledge and (if it's worth pirating over, say, Sony Vegas or Adobe Whatever) love of your software to their job where they will extol its virtues, and where sales will potentially be made. The question would actually be much more difficult to answer if he were writing consumer oriented software, but he's not, so the answer is simple: ignore the piracy unless and until it's brought to his attention that a business is using it without a license, and then decide how to handle that separately. Running video editing software in a browser is particularly stupid given the bandwidth requirements, unless you're suggesting that the processing be done locally, which is also stupid because then you're creating unnecessary overhead versus a native app AND it can still be copied. There's nothing magical about running code locally just because it's running inside of a browser.
Re:"does some spying and reporting on you" (Score:5, Interesting)
You're the ones who are lost in space. As has been repeated many, many times: copying is not stealing. Maybe it's illegal, but if so, it's a different crime, just like vandalism is a different crime. As long as so many of you have difficulty with this basic fact, we can't move on. You refuse to see copying in any other light.
Copying is good! We all benefit from easy copying. But some of you have bought into the dream that you might create something of value yourself, and think you need copyright to protect your valuable work from exploitation. You're so afraid you might miss out on some profit you deserve, you'd strangle all creativity and ignore huge, huge savings just to prevent that possibility. Many also significantly overvalue their work, and feel that those who disagree with their valuation are just robbers, trying to lowball them. You think no one would pay if they didn't have to, that strong protections, harsh laws, and force is the only way to make it work, and that force can make it work. Yet no force can make it work. The current copyright system functions somewhat because there are lots of people who could pirate but choose not to. In other words, they didn't have to pay, but they did. They were not forced. There is another way, and it's called patronage. But you can't believe patronage could work. You believe in copyright, despite the many ways in which it is broken, but you won't give patronage a chance. You think if only we got serious and really clamped down on piracy with even harsher laws, more invasive surveillance, and harder locks, we could make copyright work. Except that can't be done. Even if all that could be put in place, it still would not stop piracy. The cloud is not a silver bullet that can fix all these problems either. There isn't anything that can. We'll all have to continue suffering with this costly, dysfunctional system.
Here on Earth, we obey the laws of nature. You cannot reasonably regulate copying. Copy protection simply does not work. Only has to be cracked once, and protection is always cracked. Software producers have been trying copy protection schemes for more than 30 years, and not one has remained uncracked, not even for long enough to wring all the value out of initial sales.
Re: (Score:3)
My hat is off to you, Moryath. Excellent reply.
I am somewhat curious what this ten thousand dollar per seat software does that an open source software can't do. Probably nothing. Ten thousand dollars. Crap, I could use ten thousand dollars to put a computer into as many as fifty classrooms in a third world country. Ten thousand, for just one license. That is ridiculously over priced. Sounds to me like the submitter has wasted his life developing something that no one in his right mind would pay for.
Re: (Score:3)
For $10K you would think the answer would be to hard code the customer's Logo and info into each custom build; at least that way the company that leaked the program would be known.
Re:"does some spying and reporting on you" (Score:4, Insightful)
Chances are, the "non-paying" customers who are "not potential customers" are people who are using the software to do something like clip videos of their 3 year old crawling around to send to the grandparents.
A dozen free or cheap alternatives, but they were told by a "tech-savvy buddy" that "this software is really kewl."
Note his example pricing - $10,000 a copy. Want to wonder why the potential pool of "non-paying customers" is so high, that's probably the reason. Same way that for the longest time, before their prices came down to something approximating reality, Adobe just kind of looked the other way when kids at home would get copies of Premiere or Photoshop; Adobe assumed that when/if the kids ever got into jobs where they would be doing that sort of work, they'd get the business to buy the software and convert into paying customers, and it was better (for Adobe) for the kids to be used to using pirated Adobe branded stuff rather than, say, GIMP or Paint.net and realizing that Adobe didn't need to be part of the equation.
Re:"does some spying and reporting on you" (Score:4, Insightful)
In my defense, I'm not saying the world is doomed because his software is TPB. My point was more to the effect that these companies can take that kind of loss, a small company has a much harder time loosing sales then megacorp.
The real question is this: Are you really charging the right price if someone is going elsewhere for your software (like TPB). It's part of the reason why most companies do either a "per person" or "per CPU" or etc type pricing model to make it far more affordable for small companies (plus vendor lock in) and profitable on much larger companies.
Keep in mind, pirating is always going to happen, even with fair prices, so back to my original post on helping slow that down even.
Re:"does some spying and reporting on you" (Score:4, Interesting)
4) Along with spying, enable ability to send pop-up to individual users if you notice non-paying business usage, and give them a way to contact you to negotiate. Maybe it's not worth $10,000 to them, but it's probably worth *something*. Maybe $1,000? Maybe $100 a month? Anything would be better than stealing and getting nothing from them.
I have downloaded software in the past and many times I didn't think it was worth full asking price but really wished I could give them some money for it. Unfortunately there's no way to do that right now, it's full price or nothing, and it's even worse when the item is no longer sold because you can't even pay full price for it, you're forced to download
I think every software company should have a "pay us something if you downloaded our software" option on their website somewhere.
Re:"does some spying and reporting on you" (Score:5, Interesting)
I have downloaded software in the past and many times I didn't think it was worth full asking price but really wished I could give them some money for it. Unfortunately there's no way to do that right now, it's full price or nothing, and it's even worse when the item is no longer sold because you can't even pay full price for it, you're forced to download
Have you tried? I've purchased several application from small-business vendors at a discount simply by sending an email saying "I like your product, but it's value to me is $X instead of your price at $Y. Would you be willing to sell me a copy at $X?" You'd be surprised, it works. I think some companies recognize that a sale made at a discount is better than a sale lost entirely.
Re:"does some spying and reporting on you" (Score:4, Insightful)
If you can make $10,000 by selling one copy at $10,000, but you could make $20,000 by selling 100 copies at $200 each (and enough customers exist that WOULD pay that but will never fucking pay $10,000), and your current price is $10,000, most people would say you're overpriced...
Re:"does some spying and reporting on you" (Score:5, Insightful)
Re:"does some spying and reporting on you" (Score:5, Insightful)
Of course, there would also be the option to sell the software with "Online User Community Support" for $100, and with "Work hour e-mail support" for $1000 and with "premium 24/365 phone support" for $10,000.
If the act of copying the software one more time is cheap, but support expensive, then charge for what really is expensive.
Re: (Score:3)
Dont even have to do that. Encode binary in the top scan line that states it's not licensed. easy to detect automatically and would be invisible to 99% of the pirates.
Re:"does some spying and reporting on you" (Score:4, Insightful)
You can also embed watermarks into each sold copy of the program, different for each customer, and use that to figure out who's uploading their copy to TPB. For a small company and $10k per copy, it might be worth it to sue the customer who let the cat out of the bag.
Comment removed (Score:3)
Re:dongle (Score:4, Insightful)
I don't think he's interested in stopping the piracy by forcing hardline anti-piracy methods. For one, it is made clear that non-customers are using the product, and if they are, it's like free advertising. I could imagine a full-fledged professional version requiring a dongle, though.
There are a number of business models that avoid piracy, like student edition software, low monthly subscription, or using a stripped down "free" versions.
Re: (Score:3)
I don't think he's interested in stopping the piracy by forcing hardline anti-piracy methods.
Dongles are not 'hardline anti-piracy methods'; Avid use dongles and their software is still available on pirate sites. Dongles are a way to keep honest customers honest, because they can't accidentally install the software on ten PCs when they only bought five copies.
They're mildly annoying to legitimate buyers, but far less annoying than crappy 'activation' schemes that deactivate at random and lock you out of the software you've paid for.
Comment removed (Score:5, Interesting)
Re:dongle (Score:4, Interesting)
Yeah, as far as I know, iLok 2 [ilok.com] hasn't been cracked yet. I have only heard of it being used for music software but I can't think of a reason why it couldn't be used for other varieties. No idea how much it costs though.
Can I suggest a counter argument though? It was piracy and ease of acquisition that made things Windows and Photoshop popular.
Re:dongle (Score:5, Insightful)
The problem is that you're running up against the software version of the analog hole. Before you feed it into the processor pipe, your application has to be in the standard machine code format that your processor is going to understand. You can dedicate some small portion of your codebase to refusing to work under certain circumstances, and you can make the binary inaccessible until right before it gets executed, but if the entire working application is on a cracker's computer, he's pretty well guaranteed a way to beat it. That leaves always-on style DRM schemes that constantly phone home to continue working, but if I buy $10,000 a seat software and I can't use it because one of your servers goes down, you can be pretty sure I'm not going to be very happy with you.
You also have to remember that hard to break DRM isn't a deterrent to your average pirate unless it is so hard that nobody does it. So what if it takes Sven The Reverse Engineering Scandinavian 30 hours of Monster and amphetamine-fueled thrashing about to circumvent your USB key DRM scheme? That will just make him even more of a hero when he posts the cracked copy of your software to The Pirate Bay for everybody to install. And at that point, the pirated version of your software is now easier to use as a consumer than the commercially released version; you are trying to sell an inferior product.
Re:dongle (Score:5, Insightful)
No better than DRM. As far as I know, it all comes down to one of two types of setups:
Now, I'm not an expert; I just develop software. I haven't tried to crack others' protection.
Re:dongle (Score:4, Interesting)
I have seen setups where the dongle contains a processor and code (quite a library actually) - the software then calls this dongle to perform certain critical calculations. Quite hard to hack if the algorithm is unknown...
Re: (Score:3)
The modern version of this technique is to remote the computation over tcp/http to a server you control. Then only allow licensed ip addresses to run.
Re:dongle (Score:4, Interesting)
But crackers are able to figure out unknown algorithms when they create key generators. Why would this be any different? In one case a unique key of some kind is created by a CPU attached to your USB port. In another it is created by a secret software program that only the developer or publisher has. Either way the cracker is left guessing what the algorithm is. Anyway, all of this ignores the possibility that the cracker could just remove the dongle checks entirely from the binary.
Re: (Score:3)
And most of those 35k checks are going to use the same idiom, right? Or did figure out how to make each one sufficiently unique that scanning the assembler code for a fingerprint wouldn't find it.
Did you call a function which performs the check? Patch the function. Did the compiler inline it? Find a few copies of the check, find the common sequence of instructions (or, if you're really clever, the semantic behavior of the instructions, so you don't get twigged by compiler optimizations), and scan the code f
Re:dongle (Score:5, Insightful)
The point is, nothing is 100%. The game is to make it sufficiently difficult that the number of people who have the skill and time and interest to crack the protection is small (for a suitable definition of small). Then people will have the choice of either a) lots of effort to steal code which will become obsolete or b) pay for it.
Did you see me arguing that anything was 100%?
Could anyone do it? No way
It only takes the one, who turns around and uploads it.
Is it something that one does in an afternoon? Certainly not. The level of effort to crack this sort of scheme is actually quite high
Sure. But most people I know who've ever done this kind of thing do it for personal entertainment and challenge.
at the end of the day you end up with one version of the product which one will have no support options for, and which will rapidly become obsolete.
Yup. I've taken support calls from people whose serial number matched that of a cracked version of one of our products which floats around being sold by a scam artist. You know what we do? We solve their problem, and then offer to sell them a legit copy at a discount. Having just gotten out of a time-sensitive jam, they're always quite happy to get things straightened out properly. I'd much rather distribute the software for free, and then go the support route. That'd clear off that scam artist, too.
Re: (Score:3)
That's an interesting idea, but what if one of your customers copies that code from the dongle and uploads it to the intertubes where cracker groups can just insert it back where it belongs. It might also slow down the program. For a word processor that might not be noticeable, but for something like video editing it probably would slow it down noticeably. Then you'd have the usual situation of even paying customers feeling pressure to download the noticeably faster version from TPB.
Two words: (Score:5, Insightful)
If your software is really worth that much, then I think it's justified.
Re:Two words: (Score:4, Insightful)
And if you use it, USE IT PROPERLY, bake in the encryption into your software so it becomes fiendishly difficult to crack (it will never be impossible.)
Guilt-ware doesn't work (WinZip, mIRC, anyone?) and I would ask a lawyer before attempting any kind of data collection.
Re: (Score:3)
And if you use it, USE IT PROPERLY, bake in the encryption into your software so it becomes fiendishly difficult to crack (it will never be impossible.)
You must be new to the internets. The crack will be up on pirate bay (etc etc) by the end of the week. Why waste the time and money on something guaranteed not to work?
Re:Two words: (Score:5, Funny)
And if you use it, USE IT PROPERLY, bake in the encryption into your software so it becomes fiendishly difficult to crack (it will never be impossible.)
You must be new to the internets. The crack will be up on pirate bay (etc etc) by the end of the week. Why waste the time and money on something guaranteed not to work?
Ah HA! What if they go with a hardware dongle and they ship said dongles using a method that takes longer than a week to get there?
Ha! See that? You little internet punks think you're soooooo clever, don't you?
Re: (Score:3)
The crack will be up on pirate bay (etc etc) by the end of the week.
I was crunching on an all-nighter once, just putting the finishing touches to a product prior to it's version 2.0 release. Whilst building the installer, I thought I'd browse the web to see if the first version had been cracked yet. Rather interestingly, I came across a download link for version 2.0 of the software, as well as a number of torrents for it. Most of those were only available if you bought some premium rate download service membership or some crap like that. I think that a small fee for a downl
Re: (Score:3)
Re:Two words: (Score:4, Interesting)
Better yet, bake some important core logic into the USB stick. This way, even if the encryption is discovered, the contents of the USB stick remain relevant.
Sure, given enough resources, someone will hack around that too, but it will be harder.
Re:Two words: (Score:5, Interesting)
A model I can live with is one in which a big watermark is placed over all print, and a pop up is presented occasionally to make the user aware that the copy is not licensed and how to get a license.
Years ago, before the internet was used for verification, I used software in which each copy appeared to be personalized. The company details could not be changed by the end user. Therefore the software could be loaded onto any machine, but it was not practical for another firm to use the software because all prints and interactions wold list the original firms information.
Just some ideas that might not cause the user to hate the software while still providing some incentive to pay for a product that presumable generates profit for a firm.
Re: (Score:3)
Re:Two words: (Score:5, Informative)
I agree. At $OLD_DAYJOB, we sold software for about the same price per perpetual floating license. Early versions of our software used password protection which was easily circumvented, then a software key based system (quickly cracked) and you could find those versions of our software all over TPB. After a major overhaul to the software, we incorporated WIBU key dongles and peppered our code with various kinds of dongle interactions. There were literally thousands of license checks. There was also encrypted data stored in the key itself that instructed the program how to run. In three years of working there, I never ran across a single instance of our new software being successfully cracked. We were very happy with this, especially considering we sold the full version (at huge discount) to students, and had several commercial and academic customers in China.
The only problems I ever had with piracy of our software included a guy who had the old version who came onto our forums asking for help, apparently not realizing we knew who every one of our customers were. We also had some students at a Canadian university install pirated software on lab computers. The installations phoned home to say "I've been installed!" (there was nothing nefarious, it was designed to do this as part of the registration process) and we noticed that the school wasn't licensed for that version. Their IT department was very helpful in tracking down those responsible.
Good luck.
Re: (Score:3)
We said very clearly in the installer that when installation was complete, the user would be taken to a registration page. Registration included name, organization, address, email, and software serial number. Upon successful registration, you were sent your unlock key (based on the serial number).
The registration page was hosted on our own web servers, so we knew when software was installed (and the IP of the machine it was on) based on when a registration page was loaded. No other data was transmitted,
Three words: I hate dongles. (Score:3)
My experience as both a user and a developer is that hardware dongles suck major donkey butt.
They are excellent at preventing customers and pirates alike from using your software.
The drivers for every brand we tried was buggy, and often had conflicts - *especially* when installed on the same machine as a different version of the same brand dongle from someone else's software.
It was a support nightmare, because it can easily turn into a problem that *you* can't fix - only the manufacturer of the dongle and t
Re:Two words: (Score:5, Interesting)
Re: (Score:3)
The encryption won't get cracked, that'd be quite silly methinks. Whatever key is used on the application side will get replaced with a different one, and then you can encrypt whatever you want and send it to the application. Then you use a filter driver that pretends to be the USB device, and that's it. Of course the saving code would need to be captured, but all you need for that is one working system: capture it from the memory (say a VM snapshot), roll into the hack, end of story. The only thing is: how
Re:Two words: (Score:4, Interesting)
Re: (Score:3)
Re: (Score:3)
Plus you'll annoy customers who'll inevitably lose/break dongles.
Either you build in a workaround that users with broken dongles can use until they get a new one shipped or they are SOL.
Option 1 - you've defeated the purpose of the dongle
Option 2 - Customer gets so pissed off they find a different product that just works.
Re: (Score:3)
There are simple dongles that do nothing more than identify themselves and the software checks for the presences. Those are easy to get around.
There are others that decrypt for an incredibly short period of time blocks of code in the program itself. Immediately upon exiting from that block of code it is re-encrypted. All of the encryption and decryption is done by code running in a processor on the dongle itself. If you don't start with a copy of the program with a dongle it is pretty much hopeless. As
Simple (Score:5, Insightful)
Well provide the paid version like you do now, and provide a stripped down version that has some really neat features that the pirates who would really want your software would use. There's no form of DRM that will stop anyone from taking it, none. Auth servers? Crackable. Dongles, about 8mins with a soldiering iron. Token keys, same deal, just longer. Rings, yep. And every bit of DRM that you use, will more than likely piss off your paying customer when it breaks the software.
Unique serials do work, especially if they're uniquely identified to who you're selling it to. Then you can at least go after them for copy infringement.
Re:To the cloud! (Score:5, Interesting)
Doing some of the processing server-side might work for some applications but not for video editing because of the immense amounts of data that would need to be uploaded.
Thats assuming you'd need to upload/download the whole works.
It would be hilarious if the app had no concept of how to create a simple .avi header each time it saved to a new file (made up example). You can't just NOP around that, and its not much bandwidth and its probably too much of a PITA for the crackers to write their own.
The only thing funnier is the support calls when your https avi header webserver is down, or when the paying $10K customer is having a momentary internet outage or firewall issue. ha ha funny.
Don't waste money. (Score:5, Informative)
Re:Don't waste money. (Score:5, Insightful)
NO! I've paid for software that does these stupid online serial number checks; and I wish I'd pirated the software instead.
Big fail there, to make a paying customer WISH he had a pirated version.
Too late (Score:5, Interesting)
you should have posted the spyware one to thepiratebay yourselves before it got cracked. Then nobody would've bothered to crack your commercial version, assuming it is indistinguishable feature-wise.
Re: (Score:3)
Being video editing software the real solution is video edited by an unauthorized unlicensed copy automatically uploads the edited video file to pirate bay.
That would scare the crap out of genuine commercial users, yet the future customers who are just experimenting or people who are experimenting and will never be customers simply won't care.
Re: (Score:3)
Even just posting a couple random stills converted to .jpg onto 4chan would freak out the commercial customers into paying up.
Actually, I'm pretty sure it would freak out the paying customers into switching to the competition's product ASAP.
Intellectual property is what pays the legitimate customers' paychecks. Keeping it off of pirate sites until it reaches the intended (revenue-producing) venues is job one. When they hear that their video editor has code in it to automatically upload their work product to a pirate site, they will drop that program so quick it will dent the floor. The fact that the shenanigans are only "suppos
contractual approach? (Score:3)
$10,000 is a lot. Maybe make real but effectively no-op customizations to each legit copy so each is unique, including a banner that says whose copy it is. If it later shows up stolen you know whom to sue. Add some phone-home statistics and you know how much to sue them for. Do a little runtime checking on the visible ID banner to make hard to remove.
non-commercial commercial (Score:5, Insightful)
Not for commercial use option would allow people to upskill using your product. Some of these guys may end up in the industry you sell to and in taking their skills into that industry raise your products profile. I would think that this is the easist way to become the defacto supplier of niche software. However, spying on these people might turn them away from you.
Re:non-commercial commercial (Score:5, Interesting)
Some of our potential paying customers are using it without paying
Exactly, how can you prove that potential paying customers are using it? I work at a rather large company and stuff is locked down. You're not going to be installing pirated versions of anything.
One example is Matlab. I pirate Matlab, I don't feel bad about it. I use it for random home projects (Especially since Simulink works with Arduino). I'm not a potential paying customer. I'd never be able to afford a seat. But I can put that on my resume and sell myself to a company. My COMPANY then buys it. That is your customer. I've even talked the powers that be to buy some additional licenses to toolkits that I taught myself to use on the pirated version. I know they have a 30 day trial but you never know when you're going to need that toolbox to experiment with.
Re: (Score:3, Interesting)
Re: (Score:3)
Complex applications require that people know how to use them, and it takes time and investment for people to get trained.An growing expert user base is the best advertising that you can get. Having your SW out there, in the hands of students and young people trying to figure out how to use it helps it remain relevant as they go to work for companies that end up purchasing the SW.
IMO, more than open source and the Internet and hosting (paradigm shift), this is what is actually killing off Microsoft. It used
Octave (Score:3)
Re: (Score:3)
Octave to Matlab is as a transvestite is to a real woman. Octave is a joke compared to Matlab. It'd be like me coming into a discussion about C and suggesting everyone just uses PHP, because it's practically the same syntax.
There is absolutely no Simulink equivalent, there aren't anywhere near the number of toolboxes. Matlab is expensive because Mathworks pays some top level PhDs to develop them. As far as I can tell you can' compile Octave to anything. Simulink will compile to one of a dozen embedded proce
$10K video editing? (Score:4, Interesting)
My point is, if someone wants to crack it, they will. The high price tag makes it more attractive.
Pirated goods (Score:3)
If I knew the commercial free version did any sort of spying I would not trust the company what-so-ever. There is a reason I am boycotting Sony.
Nickel and Dime (Score:3)
I certainly wouldn't pay the many thousands of dollars for Photoshop, but I might pay the hundred or so for the functionality I actually needed. Bolt-ons seem to make sense when appealing to many different markets.
Re: (Score:3)
It's not a
Do as you like (Score:3, Insightful)
Re:Do as you like (Score:5, Insightful)
Your flaw is to assume those "pirating" your software are "potential customers". They are not.
That's an incomplete assumption. Some of those who "pirate" the software are potential customers who won't pay $10,000 for the full product in order to use the two or three tools they actually want. These would maybe pay $50 for a basic version (home user), $200 for extended (mom and pop video editing, semi pro) etc. They may also be interested in paying only for certain features as modules instead of certain package types.
Making paying customers out of pirates is about offering a better service. If I can pay for what I want and have it conveniently offered to me, I more than likely will. I won't, however, pay $X,000 for a funky filter effect as (was?) is the way with Photoshop. Then again, Adobe have already said that those using unlicensed copies of Photoshop just lead to companies using PS as the standard because everyone was familiar with it. Guess that could work too.
Non-Commercial Free Version (Score:5, Insightful)
My recommendation would be to provide a not-for-commercial-use free version which is almost totally identical to the premium version. Have this version embed a digital watermark so you can identify if videos pop up commercially which haven't paid for a commercial license. Make it non-obtrusive so home users don't mind (I recommend it not being a visible logo or anything of that sort, just the digital watermark).
You're not going to be able to prevent a pirated version from cropping up except that you make the pirated version not attractive compared to the legitimate version. Those inclined to not pay for the software are not going to pay for the software. Provide it for free with the forensic ability to detect license violations. The paid version places no watermark, so you get the best quality and the legal right to use videos commercially after it's paid for.
Re:Non-Commercial Free Version (Score:4, Informative)
Digital watermarks survive re-encoding unless the re-encoding is very aggressive (at a substantial quality loss). You can use different strength watermarks which survive greater amounts of distortion. It's not impossible to remove them, but it can be challenging without really impacting image quality.
Also, couldn't pirates remove the "digital watermark" functionality from the executable file? (Theoretically?)
Yes, of course. That's why it's important to make the watermark not very intrusive (why I recommended not including a logo overlay). If the watermark just looks like film grain or ISO noise, most free uses of the software won't mind - maybe won't even notice - and so won't be compelled to find a pirated version. The commercial users who'd be inclined to find a pirated version because of the watermarking would have been inclined to pirate it either way; you'll never get a license fee out of them except through litigation. At least the watermark makes it likely they either don't notice they're leaving behind digital fingerprints, or don't care.
Watermark the files... (Score:5, Insightful)
Can also add in a quick reporting function, and check if the source IP is from a major studio.
Disclaimer: I am not your lawyer, this is not legal advice, but is simply for my own amusement and should not be relied upon.
Re:Watermark the files... (Score:4, Insightful)
Watermarking instead? (Score:4, Interesting)
Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000?
Watermarked as non-commercial use only? Hilarious if you run your water mark detector on a TV show or movie and it shows up and you start blogging about the pirates.
Another good laugh would be bait and switch the free version has 75% of the features removed at compile time. You can left align or right align all you want but if you want to center its $10K. Or you could use any font you want for $10K but for free its only possible to use... comic sans.
Another good laugh would be speed. Intentional slow down loops in the free version. While evaluating your software for possible purchase do I care if everything happens 20% slower? Heck no. But if I'm a bean counter at corporate, I'd be insane to reduce my employees productivity by 20% just to save $10K Unless said employee using the software for 2 years earned less than $25K/yr, which is probably the case outside the US...
The problem you're going to have is "free or $10K" is an absolutely insane market. It better be unimaginably amazing to be worth $10K in a world of 99 cent apps and $100 video editors. Rather than the revenue from 100 sales at 10K each, wouldn't you prefer a million app store sales at $20 each?
Would I download your software for free at home if its legal? Maybe. Why not a license of pure profit where any CC released work is a $10 software license with no support. The cost to you is minimal and you get "free" revenue. Or a license where its gotta be CC licensed work with a link to your company in the comments or credits screen or something, basically they pay you, to market for you. Or "please support us by purchasing an anonymous coward XXL tee shirt along with a software license for CC released works for only $50" Or the software is free for CC editing work, but the fine manual in printed and pdf form is only available for $50 along with a formal written license for CC-released work.
solved years ago... (Score:5, Funny)
FlexLM... (Score:3)
You've come to the right place (Score:5, Insightful)
Well, you certainly won't find a shortage of opinions on Slashdot. :-)
If you think the software is good enough, then a non-commercial version with limited registration information (e-mail, name), and some very privacy-thoughtful reporting (maybe to ensure that the registered serial numbers are only being used by one machine at a time), should only be a good thing. Getting your software into the hands of the people that might buy it will get them used to it, relying on it, and eventually make them customers. But (as others here have posted), don't abuse the "spying"... if you start to make money by pilfering the free registrations for ancillary information you're just going to annoy your users and they'll be more apt to pirate the software or use fake registration information. Giving them something in return, like forum access for very limited support, is helpful.
Other possible models include giving the software for free and asking payment for support -- nearly all profitable Open Source companies do this, and even if you leave the source closed the business model isn't terribly different. You could publish a "crippleware" version, which I find rather annoying, unless the limits are such that the home and non-commercial users needs are really satisfied, and the only people that need to pay $10k for the software are those to whom it's worth it. I give a nice shout out to Andrea Mosaic [andreaplanet.com] for doing this correctly (at a lower price point).
Lastly an option you may have missed may be to ignore it because it isn't a problem. A pirated version by a customer that wouldn't have paid anyway probably doesn't hurt you. A pirated version by a customer that would have paid may actually turn into a sale if they need assistance. When you upgrade, if the pirates liked it, they'll want the next version, so they may buy. It may be pirated by employees or students who years later may remember it and decide to buy it. You never can tell.
In those cases, you're getting your software out there and used; you could take an "all exposure is good exposure" attitude. The fact that you didn't list the name of your software in the original post here means that you may not think that way, or you may outright disagree.
Still, piracy is going to happen. At least you're asking the right questions. Don't let yourself get dragged into a fight with the anonymous masses on the internet, though -- you'll probably lose.
$10,000 for video editing software? (Score:4, Insightful)
WTF does it do?
Apple has Final Cut for the prosumer and wannabe pro
Avid is the pro software market
people like me use imovie or adobe something which is like $100 and includes the adobe version of iphoto whatever the name is
video editing software is a mature market. unless you are making some cool plug in or your software does something really cool that the big boys don't do you are screwed
Don't Fret (Score:3)
The only DRM you need is: Make sure that your users have a valid serial number before you start providing support for the product.
You're trying to compete with 'free'. The solution is to make the version you're selling for $10,000 worth that much. Add more features, innovate, and provide support to the users who have paid you.
Also, most of the people yanking your software off of the Pirate Bay are not your customers now - they either can't afford it, or they're not even sure if your software will meet your needs. In the future, they might have that same need AND the money to pay you, and at that point they'll know your name.
Partial Key Verification (Score:4, Interesting)
This is something that I have never dealt with directly, but I saw a similar post on StackOverflow a few months ago and bookmarked it because it seemed useful.
The answer it seems is something called "Partial Key Verification": http://stackoverflow.com/questions/3550556/ive-found-my-software-as-cracked-download-on-internet-what-to-do [stackoverflow.com]
In short, the software would still work, but re-direct people to a page letting them know that they've been "caught" pirating software and that they should really purchase it. This won't stop everyone, but some people (especially in a business environment) won't risk "being caught", so they will purchase the software knowing that you know that they know they are pirating your software.
worth $10K? (Score:3)
Is what the software does worth $10K? If it really is, then you'd be far better off hiring some in house editors and offering your services using your magic proprietary undistributed tools. After all, you'd be able to undercut all your competition by at least $10K/yr equivalent.
Its has to be worth more than that, like $25K/yr, otherwise your purchasing clients would not waste the time and money learning new software, they'd just throw more bodies/billable hours at the task and not have to deal with you. They're planning to save $25K using your software of which they're giving you $10K to keep it legal. Why not keep the whole $25K for yourself?
Its one of those put your money where your mouth is moments... if its really worth the dough, you'd make more money reselling video editing services than you'd make selling the tools to edit video.
My guess is, you're about to discover the appropriate price would be maybe $100 not $10K.
Who's stealing it exactly? (Score:4, Insightful)
I have a Reprap 3d printer. The software that seems to work the nicest for designing parts is Solidworks. But they only sell it in two ways: for business for about $4000 and for verified university students for $150 a year. I'm neither. They don't make an option for hobbyits. Which leaves me with the Pirate Bay option. That kind of sucks because I wish there was a way a hobbiest could use this software without stealing it.
So that's something to consider. Who's stealing it? If it's businesses then yeah you have a problem. If it's hobbyists then maybe it's because you don't have a deal for them.
Serialize (Score:3)
When your software is THAT expensive, then you can afford to compile each instance for each customer. By recompiling for each customer, you can make each release version they have unique to them so you know where the leaked copy came from. Secondly, you can also arrange and require a "license server" on the network where it will be run. This enables a machine to run without internet access but will need access to a licensing server. You can figure out the details to make it usable but the idea is that it won't run without licensing information available at any or even all times.
And since you are compiling each copy for each customer's site, "cracks" will be a bit harder to maintain, but in order to accomplish this feat, you would have to take some pages from virus writers' playbooks.
In the end, everything I have spelled out is defeatable. EVERYTHING. In the end, software is a series of instructions that the computer runs. It's not a magic box.
And this interpretation of "potential customers just getting it for free" is nonsense. If they use it professionally, they will pay. There will be incidents where some professionals will not want to pay. You will either have to live with it or spend a lot of money on investigators and lawyers. Is that really where you want your existing profits to go?
And are you SURE you're not charging too much in the first place?
DRM is SnakeOil, but I have a thought.. (Score:3)
Ok, I hate being pesimistic, but we need to face the facts. Money spent on DRM is wasted money. However, there are some ways others have spoken about that have some merit, but also problems. One such is the aways-online network model and also hardware dongles. Networks go down and standard dongles are easy to hack around. So, what to do?
The always-online model has the strong point that a portion of the processing can be off loaded so the central server, and user's software itself has code missing that can not be simply hacked around like in the dongle. The dongle can have some unique embedded features which can be tested for but is generally easy to hack around since its easy to bypass code. What about a mix of the two? What about a custome dongle that actually adds processing power to the software and the software is then sold as a "system".
If the dongle/board/unit has real functionality (e.g. FPGA accellerator board) the software without it is useless, and if the device is non-trivial it would be very hard to duplicate by the average hacker, and they couln'd just post the results of that hacked code online. You need both. It would be too costly to develop the replacement hardware for fun and impossible to sell it without being noticed. It would not be like a "standard" dongle that one can hack by putting in noop's and nonconditional jumps to deactivate it, as it actually does things the software side needs. A pirate would have to be *very* comitted, and with much more money and resources than the cost of one simple licensed unit to even think about trying to replicate it. As long as the coprocessor dongle unit adds functionality in the form of function or performance it may be acceptable to users, but not unless it actually gives them something for their money. So, can you product be decompoed into two peices where a portion is hardware accellerated?
Best DRM: the license agreement. (Score:3)
At $10,000 for a license, the software you sell is not a consumer product. That's not to say that a consumer may not want to use it, but that you've already discounted them as a customer. You should simply not trouble yourself with thwarting them because they would never be able to pay for it. They aren't your clients and by familiarizing themselves with your product, they may well turn their employer or future employers into clients. Some companies even embrace the idea by offering unsupported no-cost versions for non-commercial use.
Once you've decided that your customer base will only be professional / commercial customers, then the license is the important part. A commercial customer stands to loose A LOT if they are caught using unlicensed software. For them, they should consider the software part of their cost of doing business. If your product is too pricey, they should select another, otherwise, they need to purchase it and expense it. If you catch a customer using unlicensed copies, contact them and give them an opportunity to true up (after all, sometimes companies simply loose track of how many licenses they purchased - crappy license management is rampant). If a company still continues to use unlicensed versions of the software, then have a lawyer draft a demand for payment (and consider terminating their licenses; mind you, you'll loose them as a customer). When all else fails, file an infringement claim against them.
There's simply no DRM scheme that's 100% effective, and it only needs to be cracked once for it to become widely available. DRM schemes cost vendors like you lots of money to implement, and they are invariably a nuisance to the customers that legitimately license your software. Ultimately, DRM makes the pirated copies more valuable -- they are more portable between systems as they are upgraded, there are no dongles, issues with license key management, etc. It would be hard to make the case that DRM is likely to pay for itself.
Once a program becomes good enough (Score:4, Insightful)
How would this work for a product that's so reliable and so easy for most end users to figure out that it doesn't need a lot of support/services/consulting?
Re:Serial number that calls home (Score:5, Insightful)
And why would I allow a system housing my valuable, corporate pre-production video data, direct access to the internet?
Re:What is your software called (Score:5, Informative)
You obviously don't have much experience with software at the business level. The $10k usually includes support, upgrades, etc. It's not like they're charging $10,000 for a basic word processor.
Re:What is your software called (Score:4, Informative)
Re: (Score:3)
You are living on some cloud nine. We have seats of parametric 3D cad software: about $4500 per seat, with a discount, too. Yearly maintenance is $1500 or so per seat. It works out because there's no one else who provides it any cheaper than that, and the file formats are completely proprietary and their binary structure is intentionally obfuscated. We attempted to move to a different system, by writing scripts for the source software to export all the data to a human-readable text file, and then writing ot
Re: (Score:3)
Some software just costs that much. Hell, a lot of software used by businesses cost much more.
When a company needs a certain functionality that just plain doesn't exist anywhere else, it has to be paid for somehow. I'm not sure you have a good understanding of how much time is actually put into developing software--an engineer who gets paid $80k/year costs the company about $160k/year. If that engineer works on a problem for 3 lousy weeks, that software cost $10,000. Just to develop. That's $0.00 profit for
Re: (Score:3)
What makes it worth 10k? How about developing software that takes a team of 5 people 3-7 years to write, for a target market of 200-500?
You and 4 of your buddies may be willing to work for the next 7 years for a possible income of (500*100 = 50,000), and you can split it between yourselves. Sounds fair. What number can I call you to schedule when you can start?
Re: (Score:3)
The best way I've found to do this is to have a non-obvious component actually doing the licensing evaluation (periodically as part of some normal functional operation) and if that fails to subtly screw up the operation of the software. You still want to have standard 'relatively easy to tear out' protection so that legitimate users get notifications of a bad configuration or license, but what you're trying to do is make the software useless for people pushing it on a torrent/warez site.
Yes. AutoCAD did that, back in the DOS era. There were several levels of protection. The first level checksummed the program during loading to detect a corrupted executable. That prevented any accidental error from triggering the deeper checks. Anyone attacking the software would first have to bypass the checksum code. Further down were many other checks for changes to the protection code. These checks were executed randomly, based on the state of the program, at varying levels of odds. Some were exec