Ask Slashdot: What Is a Reasonable Way To Deter Piracy? 687
An anonymous reader writes "I'm an indie developer about to release a small ($5 — $10 range) utility for graphic designers. I'd like to employ at least a basic deterrent to pirates, but with the recent SimCity disaster, I'm wondering: what is a reasonable way to deter piracy without ruining things for legitimate users? A simple serial number? Online activation? Encrypted binaries? Please share your thoughts."
Professional Piracy: 3rd-Party, Paid Obfuscator (Score:5, Interesting)
The biggest thing you should worry about is not customers ripping off your product, but shovelware firms rebadging your product and stealing your market with their superior ability to reach the customer.
One-time online activation. (Score:4, Interesting)
Grapeshot as they board? (Score:5, Interesting)
Shiver their timbers.
Seriously though... you will get a variety of answers here on Slashdot, ranging from "open source it and give it all away" to "put in ads and give it away". Charging for things seems to be a sin to some slashdotters.
I think a CD key, for PC games, strikes a reasonable balance, so long as you have some traceability (online activation is nice). Have you considered Steamworks? You'd have a distribution platform (though it wouldn't limit where you could sell it), and a proven, relatively non-intrusive DRM strategy.
Of course, Steamworks games get cracked, but you can never really stop determined crackers or pirates. All you want to do is encourage legit buyers to remain legit buyers. Steam is a pretty decent ecosystem for developers and gamers.
Re:KISS (Score:4, Interesting)
I agree. Have just enough a hurdle that the honest-but-lazy user doesn't just keep saying to himself "I'll just pay for it later".
Full disclosure: I've been that honest-but-lazy guy who kept meaning to pay for shareware and then never got around to it (even though I really meant to and wasn't really trying to avoid it).
Don't under estimate shaming (Score:5, Interesting)
I worked on a tool to be used by consultants. These people have very sticky fingers. Are issue was how to we prevent consultants taking the software to another firm?
We compiled a build for each customer with there logo inserted into various places. So when you run a report, no matter what there user entered, the embedded logo would appear on the reports.
Going to another accounting firm, and then generating reports for your boss with your previous companies logo on it tend to get you frowned upon.
Re:Price it reasonably (Score:4, Interesting)
Of everything I've read, I thnk yours is the most reasonable idea. Just stamp it with the identity of who you sold it to. Brilliant.
"This copy licensed to....".
It's easily defeated, but as people said, someone determined will defeat anything you come up with.
Since I don't have mod points, this is what you get!
--PM
Piracy can strengthen the brand (Score:4, Interesting)
I started and worked on a very successful iOS game with over 9,000,000 users (and now over 1m on Android).. In the earlier days, we saw that it's piracy was 3 to 1 (so there were at the time about 3m users per 1m paid).
We don't care. Every user who doesn't pay but enjoys the game spreads word about the game, which will work well for the sequel or for branded toys. Those who don't pay for it probably weren't going to, at least they've now heard of your brand and your game. Free marketing.
Re:Don't even try (Score:5, Interesting)
Any DRM would only inconvenience legitimate customers.
As a customer who won't buy DRM-protected stuff, I don't consider the simple act of entering a license key to be DRM... What do you think? As long as the validation of the key happens locally, I don't mind doing this. In a way, it makes the purchase feel a bit more personalized.
Yeah, I know the license validation can be hacked around. That's not the point, it's kind of like signing your signature to something. I can forge someone else's signature, but I know I'm being dishonest if I do that.
Re:Serial and calling home (Score:5, Interesting)
I find the kind of drm Packtpub do with their ebooks more acceptable. i.e.: make sure the application displays the buyer's name and address somewhere at all times. That way, the users themselves will protect the application from getting into the wrong hands. And if it gets onto the internets, you know who leaked it.
I do understand this means more work for you (recompile a part of your app for every single customer) but it is also a lot less trouble for the user (not having to mess around with registrations, serials, etc).
Re:Serial and calling home (Score:5, Interesting)
You don't need to recompile. A signed key file with the user name in it should work.
Re:life-long updates (Score:5, Interesting)
Most amusing (and effective) DRM I ever saw was actually a fairly loose and easily broken copy protection scheme... the program could detect when it had been "cracked" but still gave full functionality to the cracked version... just with some interesting bugs that only appeared late game on the cracked version. It was a game, and deliberately corrupted the load of certain textures on pirated version so the game was still playable, but had quality degradation. Is it possible you could do something like that with the utility?
The reality is that some people are going to pirate it, even if you only charge $0.05 for a copy. They're going to do it because they can. The best DRM schemes take that into mind, and give them something they can pirate while still making it worth actually paying for the product for those who want to. In the case of the game, for example, you could give it away for free, but only with low quality textures and low bitrate audio samples... if you pay for the game, you can download and install the hi res packs and get a better gameplay experience. If you have the bandwidth to spare, you could tag those hi res packs with a unique watermark and have the software check activation servers for the hi res packs on, say, a weekly basis... if you find them on a pirate site, you can nuke the activation for that particular hi res pack, leaving a functional game that defaults back to the low res textures for pirate users.
For the utility described, maybe limit the number of objects it can save in a render, for example (assuming that's what the software is), or limit the quality of JPEG it can save to 30% if it's saving images, or apply a watermark to work created with a pirated copy? If it's something people will use to interoperate with other users, maybe have it tag files created on a pirated copy with a randomly generated hash that's stored on the client PC, so that the files can be opened on that system but won't open on another computer? Or even just tweak it with artificial slowdowns in the code so that it's usable when it's pirated, but nowhere near as efficient to work with.
The possibilties are endless, once you accept that you won't stop people from pirating it, and start thinking of ways to fuck with pirates instead.
Too obtrusive (Score:4, Interesting)
I have no problem paying for software that is useful, especially if it reasonably priced. However, there have been many times where I needed to get a job done and was hindered in doing so because of the hoops I had to jump through to get software activated on an offline machine, or didn't have access to the serial number at the time. This has burned me enough that I won't buy any software that requires activation, and am even leery of simple serial number activation.
Nearly all the software on pirate sites has been cracked, so the pirate's version won't require the user to enter a serial number or be calling home on the first install anyway. Even these simple anti-piracy methods hurt the user and not the pirate.
Re:No point asking here (Score:3, Interesting)
I wish the grandparent had not posted AC, for he makes a very real point:
Supply/demand pricing structures simply do not work when the cost of creating the supply is nothing.
Re:One-time online activation. (Score:4, Interesting)
Also tie the activation to updates. Make it so that the legitimate purchasers get something the pirates don't in exchange for their money.
Seed it yourself (Score:4, Interesting)
Can you create an ad supported version? If so, create an ad supported version and seed it yourself.
The people who want to buy the software will come to your site and buy it from you (requires serial #). Those who go to your site and say "$5? F that noise, yo!" (because that's how pirates talk) will go start looking for torrents. Seed the ad-supported version yourself. Make sure it's the most popular torrent for your software. Anybody who decides they'd rather torrent it than pay you gets the ad-supported version and is probably none the wiser that the paid version doesn't have ads.
Now you get $5-$10 out of the people who were willing to pay for it, and you make some off the ads for the people who weren't.
Yes, somebody can crack the no-ads paid version and torrent that. Every month or so, look for it. When that happens, either try to out-seed them (so people who don't know the difference download your version) or just release a "patch" and seed that. So the currently cracked version might be 1.5, but you just released 1.6 ("now with more graphicals and improved performances!") and most people are going to download the most recent version. Now you're ahead until they crack 1.6.
Alternatively, you could also seed it yourself with a message that says "hey buddy, I know you got this off Pirate Bay, but come on, it's $5 and here's a picture of my starving kids. Help me out!" and a link to buy the full version.
Re:Don't try to deter piracy (Score:4, Interesting)
It bothers me a bit to see you propose the idea of asking people to pay what is reasonable, and then calling them freeloaders if they don't pay. Maybe it actually wasn't worth anything to them. In the case of the submitter, the application was something to do with graphic design. It's easy to imagine someone downloading a copy of this program if it were offered "by donation", playing with it for a bit, and abandoning it never having used it for any real commercial or hobby purpose. It is worth nothing to them, like much of the internet, they had a look at it because it was there.
If you walk by a street performer and don't pay them, are you a freeloader? What if you look at them for a minute and walk on? I would say no, you might look at them because they were there, but you didn't ask them to come there.
Asking people to pay what they want is a lot like being a street performer. You are offering something, but essentially appealing to people's sense of charity to try and get paid, rather than providing goods or services in exchange for money. It devalues the work you are doing (necessarily because people can legally get what you are offering for free) and it's hard to see this as a viable business model in most cases
Re:life-long updates (Score:1, Interesting)
let's be clear what you are saying: you are saying that the developer must provide EXTRAORDINARY value (life long updates on a $5-$10 product?) for you to consider not pirating it. Behold, the entitled snowflake consumer.
Subby: don't listen to this and other snowflakes that will permeate this thread and mark me 'troll.'. You'll get a lot of advice here which amounts to not much more than you subsidizing their greed and limitless expectation.
You'll also get crapola "sage advice" like "Trying to deter piracy with DRM is a losing battle" here on slashdot. It gets "+5 insightful", but it's not. Sure, everything will get hacked, but the dirty little secret is DRM works. DRM works because it reduces the RATE of piracy. Behold the PS3. People DESPERATELY tried to hack it for years with great rewards to the cracker, but it wasnt cracked until many years after the fact, and even then it was more trouble than it was worth. I refer you again to the dictum "don't listen to the snowflakes." They will try to mislead you and in fact are doing so on this thread.
This is what I suggest:
1. charge a fair price for your product. compete on quality, not price.
2. NOTHING is unhackable, but use mechanisms that will lead to you getting a good income stream. the better known appstores are a good start. Far from perfect, but you'll reach plenty of honest people too.
3. if you want to sell it yourself (or if the product demands it), make the product 'phone home' regularly to validate its license. make it part of your license that the app MUST phone home every so often and cannot be blocked by firewall, etc. You'll get longwinded speeches here and elsewhere from customers who claim they would buy but for your evil, crazy DRM, but, again, ignore the snowflakes.
4. make regular updates. if you're particularly fussed, find out how your stuff is hacked, make it conditional that users must have current version for benefit X, and work against any hacks found. or, don't bother. I honestly think it's pretty much ethically perfectly fair to retaliate against those who pirate your stuff, but we don't and you shouldn't (oh, here come the responses!).
5. have a thick skin when it comes to entitled snowflakes and the Tech Profits and Futurists who will tell you that DRM is dead, that you should sell T-Shirts but give your app away, that you should FOSS it and live off of the sweet dew of reputation, or any other such idealistic crapola.
/ yes, this is a voice of relatively successful experience talking here.
Re:life-long updates (Score:4, Interesting)
Certainly. Then you need to go through the hassle of updating your CC information with every online retailer, recurring payment processor, etc. that has your old number before doing further business with them.
You know what's even easier? Not handing out your CC number to every fly-by-night company that asks for it. I've had to replace a CC exactly once in twenty years, and that was a cautionary event due to a large-scale breach of a major company's CC database.
Re:Don't even try (Score:4, Interesting)
The point here isn't to harass the people installing it on two or three machines - but to find out when a key has been compromised (ie: hundreds of installs). At that point it's up to submitter if he wants to disable the key or simply use it for tracking. Either way, you don't want to demonize the customer - offer them a new key (via email to the original registered address or some similar means).
Lastly (or firstly and foremostly) - accept that your product *will* be pirated. Accept that it's likely the majority of installations will be pirated. You can't let this get to you - after all, the more people use your software (even pirated), the more exposure you'll have and the more real sales you'll get. You know your software sucks if nobody wants to pirate it. When it comes down to it, if you have a good product which is convenient enough to buy legally, you'll get most of your potential customers to pay for it.
Re:life-long updates (Score:3, Interesting)
Apple hater here.
After "Clouds and Sheeps" game running on my android tablet managed to charge me 9 Euro (non-refundable) for "5000 happy stars" (some in game crap) without asking for password or anything like that, simply because I was silly enough to buy something from google's appstore USING A PC and google support said "oh uh, so what" I see quite a number of reasons to be paranoid with payment systems.
Apple at least asks for password.
Re:Make it easier to buy (Score:2, Interesting)
I keep reading "game" in the replies for this post, which starts by stating the software is a graphics utility. Are slashdotters so game-centric that all apps are games or not apps at all?
Re:life-long updates (Score:4, Interesting)
I have had my CC stolen out of my mail and charged $3000 forcing me to be late on my fucking house payment, my car payment, my insurance payment, and my cable bill. The fraud was reported the day after and STILL it took over TWO MONTHS to give my money back during which time I had 30 day lates on some of my payments because even though I called the organizations I was late on payments for, two of them "forgot" to process my fraud report. I then had to go through 3 months of back and forth with the companies, police, my bank, and Experian/Transunion just to repair my credit.
I spent approx 110 hours of my time repairing something something you say takes 'one phone call to fixup 99% of the things that happen' which is a lot of my money lost because I make $14/hr for every single hour in the day if you average my pay across all 24 hours every day. That's fucking $1540 in damage to my personal income so you are out of your mind when you say he is entertaining paranoid fantasies. Btw before you say "well that was physical CC fraud and not online", I have two customers and one relative that have horror stories WORSE than mine because they all just ASSUMED that online sites are secure and it wouldn't be a problem if something happened. Since there is still a human element to fraud detection/credit repair, shit can always get fucked up...badly.
Responses to your other points:
Do you background check every single person you ever give your CC number to? No, you do not.
There is something to be said for physically handing your credit card to someone and WATCHING THEM SWIPE IT or even SWIPING IT YOURSELF. Kinda makes it inherently more secure even though fraud does sometimes happen using devices that store the #.
The only "background check" you should do is check if SSL is on and if the company actually is real. Beyond that, you're entertaining your own paranoid fantasies.
Completely agree with the SSL check and verification that the company is real...I think the original poster your replied to agrees too because I doubt he is contacting a fucking agency to do a background check on the companies he purchases from. If he is actually doing that, you're right...way unnecessary...in point of fact, however, you are making huge sweeping assumptions about what he is saying and you're being a dick at the same time. You are completely wrong in every bit of your attitude and your concept of credit fraud also.
Re:Don't even try (Score:4, Interesting)
The purpose of the serial, in my mind, is not to prevent piracy but to identify the customer for purposes of support, enabling feature sets, etc. Basically, to register the product.
As a legitimate user, I *like* seeing my name show up in the "About this software" dialog box, along with information about the particular set of features I have purchased, info on how long my support contract is valid for, etc. I am not at all annoyed by it.
Re:life-long updates (Score:4, Interesting)
The most amusing I saw renamed all objects to "oink!" and had NPC speech replaced with altered versions of famous quotes ("honor thy father and thy hoe, babycakes") if the player couldn't answer a few questions based on information in the printed manual correctly after two tries. That was in Ultima VII: Serpent Isle -- I always wondered just how the development team got the idea for that.
Oh, ouch... I just looked it up on Wikipedia [wikipedia.org], and found a nasty copy-protection approach used in one of the early games -- the floppy disk for Atari version of Ultima IV had an unformatted track the game was programmed to look for, and if it was absent, the the player's party would be slaughtered during every battle. Worse, the German distributor didn't know about the unformatted track, so all of the copies they sold had impossible-to-win battles.
Re:life-long updates (Score:5, Interesting)
http://www.baen.com/library/intro.asp [baen.com]
Jim Baen sold books, rather than software. But his views are pertinent to any digital distributor. Anyone who bothers to ask slashdot about digital rights has obviously given things some semi-serious thought. Include Jim's ideas in your thinking.
First few paragraphs of that page follow:
Baen Books is now making available — for free — a number of its titles in electronic format. We're calling it the Baen Free Library. Anyone who wishes can read these titles online — no conditions, no strings attached. (Later we may ask for an extremely simple, name & email only, registration. ) Or, if you prefer, you can download the books in one of several formats. Again, with no conditions or strings attached. (URLs to sites which offer the readers for these format are also listed. )
Why are we doing this? Well, for two reasons.
The first is what you might call a "matter of principle." This all started as a byproduct of an online "virtual brawl" I got into with a number of people, some of them professional SF authors, over the issue of online piracy of copyrighted works and what to do about it.
There was a school of thought, which seemed to be picking up steam, that the way to handle the problem was with handcuffs and brass knucks. Enforcement! Regulation! New regulations! Tighter regulations! All out for the campaign against piracy! No quarter! Build more prisons! Harsher sentences!
Alles in ordnung!
I, ah, disagreed. Rather vociferously and belligerently, in fact. And I can be a vociferous and belligerent fellow. My own opinion, summarized briefly, is as follows:
1. Online piracy — while it is definitely illegal and immoral — is, as a practical problem, nothing more than (at most) a nuisance. We're talking brats stealing chewing gum, here, not the Barbary Pirates.
2. Losses any author suffers from piracy are almost certainly offset by the additional publicity which, in practice, any kind of free copies of a book usually engender. Whatever the moral difference, which certainly exists, the practical effect of online piracy is no different from that of any existing method by which readers may obtain books for free or at reduced cost: public libraries, friends borrowing and loaning each other books, used book stores, promotional copies, etc.
3. Any cure which relies on tighter regulation of the market — especially the kind of extreme measures being advocated by some people — is far worse than the disease. As a widespread phenomenon rather than a nuisance, piracy occurs when artificial restrictions in the market jack up prices beyond what people think are reasonable. The "regulation-enforcement-more regulation" strategy is a bottomless pit which continually recreates (on a larger scale) the problem it supposedly solves. And that commercial effect is often compounded by the more general damage done to social and political freedom.
In the course of this debate, I mentioned it to my publisher Jim Baen. He more or less virtually snorted and expressed the opinion that if one of his authors — how about you, Eric? — were willing to put up a book for free online that the resulting publicity would more than offset any losses the author might suffer.
The minute he made the proposal, I realized he was right. After all, Dave Weber's On Basilisk Station has been available for free as a "loss leader" for Baen's for-pay experiment "Webscriptions" for months now. And — hey, whaddaya know? — over that time it's become Baen's most popular backlist title in paper!
And so I volunteered my first novel, Mother of Demons, to prove the case. And the next day Mother of Demons went up online, offered to the public for free.
Sure enough, within a day, I received at least half a dozen messages (some posted in public forums, others by private email) from people who told me that, based on hearing about the episode a