Ask Slashdot: Copy Protection Advice For ~$10k Software?

An anonymous reader writes I'm part owner of a relatively small video editing software company. We're not yet profitable, and our stuff turned up on thePirateBay recently. Some of our potential paying customers are using it without paying, and some non-potential customers are using it without paying. Our copy protection isn't that tough to crack, and I'd rather see the developers working on the product than the DRM (I'm convinced any sufficiently desirable digital widget will get copied without authorization). Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000? I feel like that would reduce the incentive to crack the paid version, and legit businesses (In the US anyway but we're trying to sell everywhere) would generally pay and maybe we could identify some of the people using it to make money without paying us (and then sue the one with the biggest pockets). What would you do?"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Is it April Fools?

[Anonymous Coward]

Adding DRM won't stop people from pirating it, didn't you learn anything from being a Slashdot user?

Two words:

[kheldan]

Hardware dongle.
If your software is really worth that much, then I think it's justified.

Simple

[Mashiki]

Well provide the paid version like you do now, and provide a stripped down version that has some really neat features that the pirates who would really want your software would use. There's no form of DRM that will stop anyone from taking it, none. Auth servers? Crackable. Dongles, about 8mins with a soldiering iron. Token keys, same deal, just longer. Rings, yep. And every bit of DRM that you use, will more than likely piss off your paying customer when it breaks the software.

Unique serials do work, especially if they're uniquely identified to who you're selling it to. Then you can at least go after them for copy infringement.

non-commercial commercial

[symes]

Not for commercial use option would allow people to upskill using your product. Some of these guys may end up in the industry you sell to and in taking their skills into that industry raise your products profile. I would think that this is the easist way to become the defacto supplier of niche software. However, spying on these people might turn them away from you.

Some thoughts

[Anonymous Coward]

Release the software as free, open-source software. Then, use the community goodwill and appreciation to feed your family and pay rent.

Alternatively, identify the client who released the software into the wild and sue them for breach of contract.

Lastly, make your software so awesome that one of the big players can buy you out before the well runs dry.

Oh, and brace for the commenters calling shenanigans. People who pirate software don't like the thought that there may be actual, real-life negative consequences for small development houses.

Re:Two words:

[vinehair]

And if you use it, USE IT PROPERLY, bake in the encryption into your software so it becomes fiendishly difficult to crack (it will never be impossible.)

Guilt-ware doesn't work (WinZip, mIRC, anyone?) and I would ask a lawyer before attempting any kind of data collection.

Do as you like

[Stumbles]

Your flaw is to assume those "pirating" your software are "potential customers". They are not.

Once a program becomes good enough

[tepples]

How would this work for a product that's so reliable and so easy for most end users to figure out that it doesn't need a lot of support/services/consulting?

Re:dongle

[TemperedAlchemist]

I don't think he's interested in stopping the piracy by forcing hardline anti-piracy methods. For one, it is made clear that non-customers are using the product, and if they are, it's like free advertising. I could imagine a full-fledged professional version requiring a dongle, though.

There are a number of business models that avoid piracy, like student edition software, low monthly subscription, or using a stripped down "free" versions.

Non-Commercial Free Version

[nahdude812]

My recommendation would be to provide a not-for-commercial-use free version which is almost totally identical to the premium version. Have this version embed a digital watermark so you can identify if videos pop up commercially which haven't paid for a commercial license. Make it non-obtrusive so home users don't mind (I recommend it not being a visible logo or anything of that sort, just the digital watermark).

You're not going to be able to prevent a pirated version from cropping up except that you make the pirated version not attractive compared to the legitimate version. Those inclined to not pay for the software are not going to pay for the software. Provide it for free with the forensic ability to detect license violations. The paid version places no watermark, so you get the best quality and the legal right to use videos commercially after it's paid for.

Re:Don't waste money.

[samjam]

NO! I've paid for software that does these stupid online serial number checks; and I wish I'd pirated the software instead.

Big fail there, to make a paying customer WISH he had a pirated version.

Watermark the files...

[Theaetetus]

... and include in the license agreement that the user agrees to pay royalties of X% on gross revenues for work involving the files, but with the stipulation that you won't go after users earning less than $Y. Then offer an ability to purchase a royalty-free license for your $10k price. Big commercial users would want the royalty free license, small commercial users would want the percentage license, and non-commercial or educational users could use the program freely. Then, just watch for the watermark in videos of commercial entities that haven't paid.

Can also add in a quick reporting function, and check if the source IP is from a major studio.

Disclaimer: I am not your lawyer, this is not legal advice, but is simply for my own amusement and should not be relied upon.

Re:Serial number that calls home

[ArsonSmith]

And why would I allow a system housing my valuable, corporate pre-production video data, direct access to the internet?

You've come to the right place

[ZahrGnosis]

Well, you certainly won't find a shortage of opinions on Slashdot. :-)

If you think the software is good enough, then a non-commercial version with limited registration information (e-mail, name), and some very privacy-thoughtful reporting (maybe to ensure that the registered serial numbers are only being used by one machine at a time), should only be a good thing. Getting your software into the hands of the people that might buy it will get them used to it, relying on it, and eventually make them customers. But (as others here have posted), don't abuse the "spying"... if you start to make money by pilfering the free registrations for ancillary information you're just going to annoy your users and they'll be more apt to pirate the software or use fake registration information. Giving them something in return, like forum access for very limited support, is helpful.

Other possible models include giving the software for free and asking payment for support -- nearly all profitable Open Source companies do this, and even if you leave the source closed the business model isn't terribly different. You could publish a "crippleware" version, which I find rather annoying, unless the limits are such that the home and non-commercial users needs are really satisfied, and the only people that need to pay $10k for the software are those to whom it's worth it. I give a nice shout out to Andrea Mosaic [andreaplanet.com] for doing this correctly (at a lower price point).

Lastly an option you may have missed may be to ignore it because it isn't a problem. A pirated version by a customer that wouldn't have paid anyway probably doesn't hurt you. A pirated version by a customer that would have paid may actually turn into a sale if they need assistance. When you upgrade, if the pirates liked it, they'll want the next version, so they may buy. It may be pirated by employees or students who years later may remember it and decide to buy it. You never can tell.

In those cases, you're getting your software out there and used; you could take an "all exposure is good exposure" attitude. The fact that you didn't list the name of your software in the original post here means that you may not think that way, or you may outright disagree.

Still, piracy is going to happen. At least you're asking the right questions. Don't let yourself get dragged into a fight with the anonymous masses on the internet, though -- you'll probably lose.

$10,000 for video editing software?

[alen]

WTF does it do?

Apple has Final Cut for the prosumer and wannabe pro
Avid is the pro software market
people like me use imovie or adobe something which is like $100 and includes the adobe version of iphoto whatever the name is

video editing software is a mature market. unless you are making some cool plug in or your software does something really cool that the big boys don't do you are screwed

Re:dongle

[Short Circuit]

No better than DRM. As far as I know, it all comes down to one of two types of setups:

1. "Is this authorized? Then do stuff" However the sophisticated the rest of the setup, all a cracker needs to do is identify this if conditional and patch it. In this type of system, the rest is just obfuscation of where that clause is, and how it works.
2. "Decrypt necessary code or data, then execute." At some point, the encrypted material will be in the clear, at which point it can be snagged. Binary gets patched to use the snagged, unencrypted form rather than need to use the encrypted form.

Now, I'm not an expert; I just develop software. I haven't tried to crack others' protection.

Re:Do as you like

[L4t3r4lu5]

Your flaw is to assume those "pirating" your software are "potential customers". They are not.

That's an incomplete assumption. Some of those who "pirate" the software are potential customers who won't pay $10,000 for the full product in order to use the two or three tools they actually want. These would maybe pay $50 for a basic version (home user), $200 for extended (mom and pop video editing, semi pro) etc. They may also be interested in paying only for certain features as modules instead of certain package types.

Making paying customers out of pirates is about offering a better service. If I can pay for what I want and have it conveniently offered to me, I more than likely will. I won't, however, pay $X,000 for a funky filter effect as (was?) is the way with Photoshop. Then again, Adobe have already said that those using unlicensed copies of Photoshop just lead to companies using PS as the standard because everyone was familiar with it. Guess that could work too.

Re:Some thoughts

[Anonymous Coward]

Well for 10K software there aren't many negative real-life consequences for small development houses. That kinda of price tag (an insane one) is clearly aimed at large production companies, and most of those will pay for it because they do not want to get in trouble. The 50000 downloads you might see on TPB are most likely amateur and prosumer users that never ever could afford that price, which means you now have thousands of people using and talking about the product (free advertising) while your income loss due to piracy is close to %0.

The best thing to do in this case is to release a cheap ($100) consumer version with a license that permits non-commercial use. The market for $10K video editing software is abysmal at best. That kind of software will never be profitable unless it's through support contracts.

Who's stealing it exactly?

[DRMShill]

I have a Reprap 3d printer. The software that seems to work the nicest for designing parts is Solidworks. But they only sell it in two ways: for business for about $4000 and for verified university students for $150 a year. I'm neither. They don't make an option for hobbyits. Which leaves me with the Pirate Bay option. That kind of sucks because I wish there was a way a hobbiest could use this software without stealing it.

So that's something to consider. Who's stealing it? If it's businesses then yeah you have a problem. If it's hobbyists then maybe it's because you don't have a deal for them.

Re:"does some spying and reporting on you"

[Moryath]

I have another question to the anonymous devloper: Have you considered NOT being an asshole about it?

Yes, your software turned up on TPB. So has software from Microsoft, and from Adobe, and from Bethesda, and from... well pretty much every software company on the fucking planet. So your first job is to get over yourself and realize that all that has to happen is for someone to crack or strip out your copy protection once, and that's that, the DRM is meaningless and a wasted cost to you.

Now, have you considered building up brand loyalty instead? Reward your paying customers with support, treat them well, maybe give them access to beta or updates if they want. Focus on making your software the best you can, and making your customers feel like their investment in your software is worth it.

Now let's look at your NEXT proposal: Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000? I feel like that would reduce the incentive to crack the paid version - Yes, it would be insane. Anyone who doesn't want to be spied on is going to block the damn thing via firewall, or they'll crack the unpaid version and route all its traffic to 127.0.0.1 or dev/null.

Or this: Some of our potential paying customers are using it without paying - face it, if they're not paying now, you are either charging too much or they'll be just as happy with freely available alternatives that either cost less or are completely free-to-them.

, and some non-potential customers are using it without paying. - If they're not a potential customer, why do you give a rat's ass? Again, they'll just go to some other source or use some other free (to them, whether actually free or not) program.

Chances are, 90% of the software's functions that these people are using are duplicated already by Virtualdub (Free/Opensource) and Windows Live Movie Maker (Not open source but free to anyone with Windows). If you want to make sales, try not being an asshole, price your program appropriately, and treat your customers as customers with whom you want to build loyalty.

Oh, and by the way: a legit copy of Adobe Premiere Elements 10, which probably does everything your software does and then some, is available for somewhere between $70 and $130 online right now. $10,000 for your suite? No fucking way it's even close to that cost.

Re:dongle

[cforciea]

My guess is that's security through obscurity at work. That key hasn't been cracked because there hasn't been enough reason for anybody to bother cracking it. It's possible that $10k/copy software locked behind it would get people interested enough.

The problem is that you're running up against the software version of the analog hole. Before you feed it into the processor pipe, your application has to be in the standard machine code format that your processor is going to understand. You can dedicate some small portion of your codebase to refusing to work under certain circumstances, and you can make the binary inaccessible until right before it gets executed, but if the entire working application is on a cracker's computer, he's pretty well guaranteed a way to beat it. That leaves always-on style DRM schemes that constantly phone home to continue working, but if I buy $10,000 a seat software and I can't use it because one of your servers goes down, you can be pretty sure I'm not going to be very happy with you.

You also have to remember that hard to break DRM isn't a deterrent to your average pirate unless it is so hard that nobody does it. So what if it takes Sven The Reverse Engineering Scandinavian 30 hours of Monster and amphetamine-fueled thrashing about to circumvent your USB key DRM scheme? That will just make him even more of a hero when he posts the cracked copy of your software to The Pirate Bay for everybody to install. And at that point, the pirated version of your software is now easier to use as a consumer than the commercially released version; you are trying to sell an inferior product.

Re:"does some spying and reporting on you"

[Moryath]

If you can make $10,000 by selling one copy at $10,000, but you could make $20,000 by selling 100 copies at $200 each (and enough customers exist that WOULD pay that but will never fucking pay $10,000), and your current price is $10,000, most people would say you're overpriced...

Re:dongle

[Short Circuit]

The point is, nothing is 100%. The game is to make it sufficiently difficult that the number of people who have the skill and time and interest to crack the protection is small (for a suitable definition of small). Then people will have the choice of either a) lots of effort to steal code which will become obsolete or b) pay for it.

Did you see me arguing that anything was 100%?

Could anyone do it? No way

It only takes the one, who turns around and uploads it.

Is it something that one does in an afternoon? Certainly not. The level of effort to crack this sort of scheme is actually quite high

Sure. But most people I know who've ever done this kind of thing do it for personal entertainment and challenge.

at the end of the day you end up with one version of the product which one will have no support options for, and which will rapidly become obsolete.

Yup. I've taken support calls from people whose serial number matched that of a cracked version of one of our products which floats around being sold by a scam artist. You know what we do? We solve their problem, and then offer to sell them a legit copy at a discount. Having just gotten out of a time-sensitive jam, they're always quite happy to get things straightened out properly. I'd much rather distribute the software for free, and then go the support route. That'd clear off that scam artist, too.

Re:"does some spying and reporting on you"

[mhajicek]

I'd say you should have two versions of the software, like many high end developers do. One should be the "professional" full blown thing, and with the purchase price would come support, patches, and updates for a specified period, or indefinitely with maintenance. The other should be a stripped down "home" version which is either free or cheap. Don't put spyware in your software, it just sucks and makes people hate you.

Re:"does some spying and reporting on you"

[demonlapin]

Now you have 100 people to support, instead of one. Depending on his cost structure, that might be a losing proposition.

Re:"does some spying and reporting on you"

[Moryath]

Chances are, the "non-paying" customers who are "not potential customers" are people who are using the software to do something like clip videos of their 3 year old crawling around to send to the grandparents.

A dozen free or cheap alternatives, but they were told by a "tech-savvy buddy" that "this software is really kewl."

Note his example pricing - $10,000 a copy. Want to wonder why the potential pool of "non-paying customers" is so high, that's probably the reason. Same way that for the longest time, before their prices came down to something approximating reality, Adobe just kind of looked the other way when kids at home would get copies of Premiere or Photoshop; Adobe assumed that when/if the kids ever got into jobs where they would be doing that sort of work, they'd get the business to buy the software and convert into paying customers, and it was better (for Adobe) for the kids to be used to using pirated Adobe branded stuff rather than, say, GIMP or Paint.net and realizing that Adobe didn't need to be part of the equation.

Re:"does some spying and reporting on you"

[Anonymous Coward]

I'd add another one here: Don't DRM, join the BSA, and if you have evidence that one of your potential customers is pirating your software, send the BSA to audit them. (fake an employee leak if you have to.) Odds are if they're pirating your software they're pirating someone else's and as terrible as it sounds, they'd be getting what they deserve.

While I have fewer problems with pirating at a personal level, pirating for-profit tools deserves no pity, especially if they're not hurting for cash.

Re:"does some spying and reporting on you"

[gestalt_n_pepper]

It must be nice on your planet. I mean, not having to make a profit and having fair minded customers.

Here on Earth, people will steal whatever they can get their hands on if they think they need it and it's relatively easy to do without consequence. Granted, some vendors are unusually proud of their software and a charge of $10,000 for it may be far more in value than anyone gets out of the software. These folks need to re-evaluate their price point. This is tricky, however. If your market size is small, say 3000 users total, you may have to charge that much to pay development staff a decent wage and keep the lights on. That's just the economics of software. Niche market software is always more expensive and has to be. Ultimately, customers should be able to decide if your software is worth that much. If they can get it for free, of course, that process is totally short-circuited.

What the original poster should do is move the application to the cloud where it can be run in a browser. For legacy applications, spoon.net or Application Jukebox will do this with a minimum of hassle and expense. Hosting your application in this way basically makes it unhackable and controls licensing. Then let the market decide on the price.

Re:"does some spying and reporting on you"

[Grishnakh]

You can also embed watermarks into each sold copy of the program, different for each customer, and use that to figure out who's uploading their copy to TPB. For a small company and $10k per copy, it might be worth it to sue the customer who let the cat out of the bag.

Re:Watermark the files...

[Vegemeister]

The thing is, most people who crack DRM don't do it so some megacorp can avoid paying license fees to some other megacorp. If the copy protection scheme doesn't affect home users, nobody will give a fuck.

Re:"does some spying and reporting on you"

[crath]

This will be the least popular (in /. terms) answer to your question; but, it's actually the best one for your business as it avoids adding DRM (or a dongle) to your software but gives you a lever to enforce compliance.

Step 1: Join the BSA.
Step 2: When you detect illegal use of your software, report those firms to the BSA so that the BSA can perform an audit.

I would recommend that you ignore individual users who wouldn't normally be your customers; as, the BSA isn't going to audit them and for those users you are probably not financially out of pocket. That said, if you find that there are lots of individual rogue users, maybe that is indicating demand for a "lite" version of your application that costs 1/10th the full version and is accessible to non-commercial individuals.

Re:"does some spying and reporting on you"

[StikyPad]

Here on Earth, people will steal whatever they can get their hands on

People, somewhat, businesses, generally no. The question of whether to spend $10k on a license or to defend a possible lawsuit in the future with lawyer fees, damages, and the license they should have bought in the first place isn't even a question for most businesses. All it takes is one (ex-)employee with a grudge. Sure, there are exceptions -- companies run by idiots who are penny wise and pound foolish -- but they tend not to last very long anyway.

And $10k isn't an outrageous price for commercially used software at all. Our software is very uncomplicated and starts at about $3k, and we sell tens to hundreds of programs to individual companies. Why? Because it costs a lot more than that for someone to hire a competent developer with the technical knowledge necessary to write the software themselves. Even if they hire a developer on contract, they need someone to support it, and support can get expensive when you're not pooling your resources with other clients and getting "free" updates and bug fixes (built in to the cost of the software, really).

What the original poster *should* do is accept that the people who aren't paying for the software are almost certainly people who never would or could, but that these people are still providing a service, because they'll eventually take their knowledge and (if it's worth pirating over, say, Sony Vegas or Adobe Whatever) love of your software to their job where they will extol its virtues, and where sales will potentially be made. The question would actually be much more difficult to answer if he were writing consumer oriented software, but he's not, so the answer is simple: ignore the piracy unless and until it's brought to his attention that a business is using it without a license, and then decide how to handle that separately. Running video editing software in a browser is particularly stupid given the bandwidth requirements, unless you're suggesting that the processing be done locally, which is also stupid because then you're creating unnecessary overhead versus a native app AND it can still be copied. There's nothing magical about running code locally just because it's running inside of a browser.

Re:"does some spying and reporting on you"

[aix tom]

Of course, there would also be the option to sell the software with "Online User Community Support" for $100, and with "Work hour e-mail support" for $1000 and with "premium 24/365 phone support" for $10,000.

If the act of copying the software one more time is cheap, but support expensive, then charge for what really is expensive.

Re:"does some spying and reporting on you"

[Rasperin]

In my defense, I'm not saying the world is doomed because his software is TPB. My point was more to the effect that these companies can take that kind of loss, a small company has a much harder time loosing sales then megacorp.

The real question is this: Are you really charging the right price if someone is going elsewhere for your software (like TPB). It's part of the reason why most companies do either a "per person" or "per CPU" or etc type pricing model to make it far more affordable for small companies (plus vendor lock in) and profitable on much larger companies.

Keep in mind, pirating is always going to happen, even with fair prices, so back to my original post on helping slow that down even.

Re:"does some spying and reporting on you"

[aix tom]

EXACTLY this. I'll probably get stoned for this, but the one Software I *rally* like license-wise is the Oracle Database.

Download everything you like, use everything you like for prototyping and self education, no DRM at all, but God help you legal-wise if you are found to use it in production unlicensed somewhere. Either you will get sued into oblivion, or you will get hung out to dry if there is some problem someday and you can't get support when your business data is in jeopardy.

The *legal* copy protection is the only model out there where the customer has less problems than the pirate. With any *technical* DRM the customer has more problems than the pirate.

Re:"does some spying and reporting on you"

[Moryath]

Yawn.

#1 - get over yourself. I'm not a communist, and I pointed out that maybe their product is just fucking overpriced. Did I suggest giving it all away for free? No.

#2a - "Not profitable." So, their current model of selling only to a few people, at $10k per, is not working. My suggestion was that maybe, if their software did not cost $10k per, their market would enlarge and the increased sales would generate their needed revenue. How is this a communist thought? How does it demonstrate that I lack reading comprehension?

#2b - Where did I ever suggest support is free? But on the same token, you can approach support in multiple ways. Spend a small amount (relatively) on support forums, and charge money for phone support. Many other companies do it this way. If you have corporate customers, offer the option of a yearly support contract with upgrades and phone support bundled in.

Now, I did say that electronic distribution costs on producing extra units or licenses are close to "free." Once it's bits on a drive, once the "release package" has been finalized, making copies is low enough cost to be trivial - and the submitter is talking about electronic distribution of a "free" version anyways.