Ask Slashdot: Copy Protection Advice For ~$10k Software? 635
An anonymous reader writes I'm part owner of a relatively small video editing software company. We're not yet profitable, and our stuff turned up on thePirateBay recently. Some of our potential paying customers are using it without paying, and some non-potential customers are using it without paying. Our copy protection isn't that tough to crack, and I'd rather see the developers working on the product than the DRM (I'm convinced any sufficiently desirable digital widget will get copied without authorization). Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000? I feel like that would reduce the incentive to crack the paid version, and legit businesses (In the US anyway but we're trying to sell everywhere) would generally pay and maybe we could identify some of the people using it to make money without paying us (and then sue the one with the biggest pockets). What would you do?"
Too late (Score:5, Interesting)
you should have posted the spyware one to thepiratebay yourselves before it got cracked. Then nobody would've bothered to crack your commercial version, assuming it is indistinguishable feature-wise.
$10K video editing? (Score:4, Interesting)
My point is, if someone wants to crack it, they will. The high price tag makes it more attractive.
Watermarking instead? (Score:4, Interesting)
Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000?
Watermarked as non-commercial use only? Hilarious if you run your water mark detector on a TV show or movie and it shows up and you start blogging about the pirates.
Another good laugh would be bait and switch the free version has 75% of the features removed at compile time. You can left align or right align all you want but if you want to center its $10K. Or you could use any font you want for $10K but for free its only possible to use... comic sans.
Another good laugh would be speed. Intentional slow down loops in the free version. While evaluating your software for possible purchase do I care if everything happens 20% slower? Heck no. But if I'm a bean counter at corporate, I'd be insane to reduce my employees productivity by 20% just to save $10K Unless said employee using the software for 2 years earned less than $25K/yr, which is probably the case outside the US...
The problem you're going to have is "free or $10K" is an absolutely insane market. It better be unimaginably amazing to be worth $10K in a world of 99 cent apps and $100 video editors. Rather than the revenue from 100 sales at 10K each, wouldn't you prefer a million app store sales at $20 each?
Would I download your software for free at home if its legal? Maybe. Why not a license of pure profit where any CC released work is a $10 software license with no support. The cost to you is minimal and you get "free" revenue. Or a license where its gotta be CC licensed work with a link to your company in the comments or credits screen or something, basically they pay you, to market for you. Or "please support us by purchasing an anonymous coward XXL tee shirt along with a software license for CC released works for only $50" Or the software is free for CC editing work, but the fine manual in printed and pdf form is only available for $50 along with a formal written license for CC-released work.
Comment removed (Score:5, Interesting)
Re:To the cloud! (Score:5, Interesting)
Doing some of the processing server-side might work for some applications but not for video editing because of the immense amounts of data that would need to be uploaded.
Thats assuming you'd need to upload/download the whole works.
It would be hilarious if the app had no concept of how to create a simple .avi header each time it saved to a new file (made up example). You can't just NOP around that, and its not much bandwidth and its probably too much of a PITA for the crackers to write their own.
The only thing funnier is the support calls when your https avi header webserver is down, or when the paying $10K customer is having a momentary internet outage or firewall issue. ha ha funny.
Re:Two words: (Score:5, Interesting)
Re:"does some spying and reporting on you" (Score:5, Interesting)
To the already great questions above, I would also add:
How will you feel when your product is flagged by Anti-Virus companies as malicious, and what will the impact be to your reputation?
Re:non-commercial commercial (Score:5, Interesting)
Some of our potential paying customers are using it without paying
Exactly, how can you prove that potential paying customers are using it? I work at a rather large company and stuff is locked down. You're not going to be installing pirated versions of anything.
One example is Matlab. I pirate Matlab, I don't feel bad about it. I use it for random home projects (Especially since Simulink works with Arduino). I'm not a potential paying customer. I'd never be able to afford a seat. But I can put that on my resume and sell myself to a company. My COMPANY then buys it. That is your customer. I've even talked the powers that be to buy some additional licenses to toolkits that I taught myself to use on the pirated version. I know they have a 30 day trial but you never know when you're going to need that toolbox to experiment with.
Partial Key Verification (Score:4, Interesting)
This is something that I have never dealt with directly, but I saw a similar post on StackOverflow a few months ago and bookmarked it because it seemed useful.
The answer it seems is something called "Partial Key Verification": http://stackoverflow.com/questions/3550556/ive-found-my-software-as-cracked-download-on-internet-what-to-do [stackoverflow.com]
In short, the software would still work, but re-direct people to a page letting them know that they've been "caught" pirating software and that they should really purchase it. This won't stop everyone, but some people (especially in a business environment) won't risk "being caught", so they will purchase the software knowing that you know that they know they are pirating your software.
Re:dongle (Score:4, Interesting)
Yeah, as far as I know, iLok 2 [ilok.com] hasn't been cracked yet. I have only heard of it being used for music software but I can't think of a reason why it couldn't be used for other varieties. No idea how much it costs though.
Can I suggest a counter argument though? It was piracy and ease of acquisition that made things Windows and Photoshop popular.
Re:Two words: (Score:5, Interesting)
A model I can live with is one in which a big watermark is placed over all print, and a pop up is presented occasionally to make the user aware that the copy is not licensed and how to get a license.
Years ago, before the internet was used for verification, I used software in which each copy appeared to be personalized. The company details could not be changed by the end user. Therefore the software could be loaded onto any machine, but it was not practical for another firm to use the software because all prints and interactions wold list the original firms information.
Just some ideas that might not cause the user to hate the software while still providing some incentive to pay for a product that presumable generates profit for a firm.
Re:"does some spying and reporting on you" (Score:4, Interesting)
4) Along with spying, enable ability to send pop-up to individual users if you notice non-paying business usage, and give them a way to contact you to negotiate. Maybe it's not worth $10,000 to them, but it's probably worth *something*. Maybe $1,000? Maybe $100 a month? Anything would be better than stealing and getting nothing from them.
I have downloaded software in the past and many times I didn't think it was worth full asking price but really wished I could give them some money for it. Unfortunately there's no way to do that right now, it's full price or nothing, and it's even worse when the item is no longer sold because you can't even pay full price for it, you're forced to download
I think every software company should have a "pay us something if you downloaded our software" option on their website somewhere.
Re:"does some spying and reporting on you" (Score:4, Interesting)
How will you feel when your product is flagged by Anti-Virus companies as malicious, and what will the impact be to your reputation?
Why would it be flagged for malicious? A lot of software reports back, that's how you're notified of new updates. Doesn't your firewall tell you when your software attempts to connect to the company's server?
Re:"does some spying and reporting on you" (Score:5, Interesting)
I have downloaded software in the past and many times I didn't think it was worth full asking price but really wished I could give them some money for it. Unfortunately there's no way to do that right now, it's full price or nothing, and it's even worse when the item is no longer sold because you can't even pay full price for it, you're forced to download
Have you tried? I've purchased several application from small-business vendors at a discount simply by sending an email saying "I like your product, but it's value to me is $X instead of your price at $Y. Would you be willing to sell me a copy at $X?" You'd be surprised, it works. I think some companies recognize that a sale made at a discount is better than a sale lost entirely.
Re:Two words: (Score:4, Interesting)
Better yet, bake some important core logic into the USB stick. This way, even if the encryption is discovered, the contents of the USB stick remain relevant.
Sure, given enough resources, someone will hack around that too, but it will be harder.
Re:dongle (Score:4, Interesting)
I have seen setups where the dongle contains a processor and code (quite a library actually) - the software then calls this dongle to perform certain critical calculations. Quite hard to hack if the algorithm is unknown...
Re:Two words: (Score:4, Interesting)
Re:dongle (Score:2, Interesting)
Do you have locks on your doors? Why? Anyone can break a window and get into your house or car. And yet, we all have locks on our houses and cars. And yet, when it comes to DRM, the computer geeks (of which I am one) love to decry any technique with the argument that the protection could, in theory, be circumvented.
The point is, nothing is 100%. The game is to make it sufficiently difficult that the number of people who have the skill and time and interest to crack the protection is small (for a suitable definition of small). Then people will have the choice of either a) lots of effort to steal code which will become obsolete or b) pay for it.
In terms of the actual technologies, there are lots of third party libraries out there to do this. And no, they are not, in general, trivial to defeat. No DRM library worth its salt has a single 'if' condition to check for a proper license. The logic gets woven into the executable in multiple places in multiple ways.
In terms of encryption, most packages that do this only keep a small portion of the code decrypted at any given time, with complicated logic to dynamically find and decrypt other blocks of code as needed. There is an obvious performance penalty for doing so, but for many applications the penalty (at least on modern computers) is acceptible. Could you try to grab all the decrypted code segments from memory? Sure. Could then then try to piece them all back together in the right order? Sure. Could you then reverse engineer the executable image (with suitable reloc and library linkage info)? Sure. Could anyone do it? No way. Is it something that one does in an afternoon? Certainly not. The level of effort to crack this sort of scheme is actually quite high, and at the end of the day you end up with one version of the product which one will have no support options for, and which will rapidly become obsolete.
Then you can go the dongle route. I've seen dongles that actually execute the encrypted code inside the dongle - meaning you never get a chance to see the decrypted code. Short of cracking open the dongle, these are very effective. There is the burden of shipping dongles and the tracking/management of the dongles, but for a high end package (which $10K would qualify as) the trade off seems acceptable.
Re:non-commercial commercial (Score:3, Interesting)
Re:dongle (Score:4, Interesting)
But crackers are able to figure out unknown algorithms when they create key generators. Why would this be any different? In one case a unique key of some kind is created by a CPU attached to your USB port. In another it is created by a secret software program that only the developer or publisher has. Either way the cracker is left guessing what the algorithm is. Anyway, all of this ignores the possibility that the cracker could just remove the dongle checks entirely from the binary.
Re:"does some spying and reporting on you" (Score:5, Interesting)
You're the ones who are lost in space. As has been repeated many, many times: copying is not stealing. Maybe it's illegal, but if so, it's a different crime, just like vandalism is a different crime. As long as so many of you have difficulty with this basic fact, we can't move on. You refuse to see copying in any other light.
Copying is good! We all benefit from easy copying. But some of you have bought into the dream that you might create something of value yourself, and think you need copyright to protect your valuable work from exploitation. You're so afraid you might miss out on some profit you deserve, you'd strangle all creativity and ignore huge, huge savings just to prevent that possibility. Many also significantly overvalue their work, and feel that those who disagree with their valuation are just robbers, trying to lowball them. You think no one would pay if they didn't have to, that strong protections, harsh laws, and force is the only way to make it work, and that force can make it work. Yet no force can make it work. The current copyright system functions somewhat because there are lots of people who could pirate but choose not to. In other words, they didn't have to pay, but they did. They were not forced. There is another way, and it's called patronage. But you can't believe patronage could work. You believe in copyright, despite the many ways in which it is broken, but you won't give patronage a chance. You think if only we got serious and really clamped down on piracy with even harsher laws, more invasive surveillance, and harder locks, we could make copyright work. Except that can't be done. Even if all that could be put in place, it still would not stop piracy. The cloud is not a silver bullet that can fix all these problems either. There isn't anything that can. We'll all have to continue suffering with this costly, dysfunctional system.
Here on Earth, we obey the laws of nature. You cannot reasonably regulate copying. Copy protection simply does not work. Only has to be cracked once, and protection is always cracked. Software producers have been trying copy protection schemes for more than 30 years, and not one has remained uncracked, not even for long enough to wring all the value out of initial sales.