Ask Slashdot: What Is a Reasonable Way To Deter Piracy? 687
An anonymous reader writes "I'm an indie developer about to release a small ($5 — $10 range) utility for graphic designers. I'd like to employ at least a basic deterrent to pirates, but with the recent SimCity disaster, I'm wondering: what is a reasonable way to deter piracy without ruining things for legitimate users? A simple serial number? Online activation? Encrypted binaries? Please share your thoughts."
life-long updates (Score:5, Insightful)
You could choose to provide life-long updates for those that buy the tool. At least that made me pay for several programs.
Re:life-long updates (Score:5, Insightful)
Hear hear. You get vastly more with the carrot than an easily-circumvented stick.
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
Paranoid much???
So...you'll just give up your credit card info to anyone that says they're offering a good product?
Boy, do I have a deal for you!
Re:life-long updates (Score:4, Interesting)
I have had my CC stolen out of my mail and charged $3000 forcing me to be late on my fucking house payment, my car payment, my insurance payment, and my cable bill. The fraud was reported the day after and STILL it took over TWO MONTHS to give my money back during which time I had 30 day lates on some of my payments because even though I called the organizations I was late on payments for, two of them "forgot" to process my fraud report. I then had to go through 3 months of back and forth with the companies, police, my bank, and Experian/Transunion just to repair my credit.
I spent approx 110 hours of my time repairing something something you say takes 'one phone call to fixup 99% of the things that happen' which is a lot of my money lost because I make $14/hr for every single hour in the day if you average my pay across all 24 hours every day. That's fucking $1540 in damage to my personal income so you are out of your mind when you say he is entertaining paranoid fantasies. Btw before you say "well that was physical CC fraud and not online", I have two customers and one relative that have horror stories WORSE than mine because they all just ASSUMED that online sites are secure and it wouldn't be a problem if something happened. Since there is still a human element to fraud detection/credit repair, shit can always get fucked up...badly.
Responses to your other points:
Do you background check every single person you ever give your CC number to? No, you do not.
There is something to be said for physically handing your credit card to someone and WATCHING THEM SWIPE IT or even SWIPING IT YOURSELF. Kinda makes it inherently more secure even though fraud does sometimes happen using devices that store the #.
The only "background check" you should do is check if SSL is on and if the company actually is real. Beyond that, you're entertaining your own paranoid fantasies.
Completely agree with the SSL check and verification that the company is real...I think the original poster your replied to agrees too because I doubt he is contacting a fucking agency to do a background check on the companies he purchases from. If he is actually doing that, you're right...way unnecessary...in point of fact, however, you are making huge sweeping assumptions about what he is saying and you're being a dick at the same time. You are completely wrong in every bit of your attitude and your concept of credit fraud also.
Re: (Score:3)
Credit card fraud isn't usually that tough to deal with, if you have a decent bank. Unfortunately, you won't find out if they're decent until it happens.
I had a fraud issue once. I went down to the branch, and we called the merchant together. The merchant basically told me to fuck off. So the bank refunded me the full amount, and sent off a chargeback.
Someone else I knew at another bank had a fraudulent charge. Her transactions clearly showed what she did that day. Gas and groceries within an hour of
Re:life-long updates (Score:5, Insightful)
Most of America, it turns out.
Nearly half of America has less than $500 saved. http://www.huffingtonpost.com/2012/10/22/americans-savings-500_n_2003285.html [huffingtonpost.com]
The average American - including all those billionaires - has less than $6000. http://finance.zacks.com/much-money-average-american-family-savings-7304.html [zacks.com]
There's no need for this level of rage. Take it down several notches, please; we can be civil in disagreement.
Re:life-long updates (Score:5, Insightful)
Who doesn't save up at least a tiny bit of money (say 3 months salary) in case of a fucking emergency?
Your living in a bit of a bubble on that one, sure I personally have a years worth of salary in my rainy day account but I'm in my 50's and have been earning good money for the last 20yrs. My daughter is married with 3 kids, they are a typical middle class couple, her hubby is a qualified mechanic and has a decent job with plenty of overtime. Like millions of other families just like them they live for the next paycheck, they have no other choice, they simply cannot afford the luxury of a 3 week cash buffer, let alone 3 months. And all this is in Australia which has a much better social "safety net" than the US.
Unless you are either extraordinarily lucky or talented, it will take you a good 10-15yrs after leaving school before you have more assets than debts, especially if you decide to have children while your still young enough to enjoy them. Some people never get there, others experience some disaster that puts them back to square one after a lifetime of hard work. I personally know more than a few people over 40 who through no fault of their own are still living from paycheck to paycheck.
You and I are lucky to be in our current financial situations, I know this because I started my working life as a HS drop out and for a few months in my 20's found myself homeless while at the same time being employed full time on a fishing trawler working the southern ocean. Your post is lacking the requisite humility and empathy for the vast majority of people who are in a less comfortable financial position, many of whom have worked themselves to a level of physical and mental exhaustion that, judging by your comments, I very much doubt you have ever experienced.
Re:life-long updates (Score:4, Insightful)
It may not be easy, and may even be very hard but it simply isn't true to say it isn't possible; and dismissing it as such simply makes it easier for people who decide it is 'too hard' to justify not doing so because it's impossible. What I realised early on in life is that having money makes it easier to get more money. Living pay cheque to pay cheque means you make decisions based on cash flow rather than cost. $5 a day is $2000 in a year, after a couple of years you at least have enough saved that you can handle most one-off expenses and make decisions that are cheaper in the long run.
Yes there are people who have no savings through no fault of there own; there are vastly more who have no savings because they didn't take perfectly reasonable steps and viable steps to, where circumstances outside there control may affect them but not entirely determine them.
Re:life-long updates (Score:5, Funny)
Not giving your credit card info to some random person or "company" is paranoid now? Well shit, tell you what, I've got a lovely iPad I'll sell you for a nickle, just give me your credit card info...
Re: (Score:3)
Re:life-long updates (Score:4, Interesting)
Certainly. Then you need to go through the hassle of updating your CC information with every online retailer, recurring payment processor, etc. that has your old number before doing further business with them.
You know what's even easier? Not handing out your CC number to every fly-by-night company that asks for it. I've had to replace a CC exactly once in twenty years, and that was a cautionary event due to a large-scale breach of a major company's CC database.
Re: (Score:3)
Most cc harvesters get data directly from banking systems or brick and mortar stores. Mainly because of volume.
Those small business are worthless.
Re:life-long updates (Score:5, Insightful)
You've had to replace over 30 CARDS because they were compromised and yet have the balls to say it's paranoid to not give out your details to just anyone?
Fucking really? Are you insane?
I'm careful about who I trust with my card details and have never once had one of them compromised. I don't care how trivial you think it is to have to dispute the charges, then cancel & reissue the card. Most of us do not care to have such a blaise attitude about identity theft and fraud.
This fraud also costs the merchants and card companies real money--which you may not be on the hook for Mr Whogivesafuck, but we all end up paying eventually in price increases, fees, and higher interest rates.
Re: (Score:3, Interesting)
Apple hater here.
After "Clouds and Sheeps" game running on my android tablet managed to charge me 9 Euro (non-refundable) for "5000 happy stars" (some in game crap) without asking for password or anything like that, simply because I was silly enough to buy something from google's appstore USING A PC and google support said "oh uh, so what" I see quite a number of reasons to be paranoid with payment systems.
Apple at least asks for password.
Re:life-long updates (Score:5, Informative)
There is also an app store for the Mac. Microsoft also has an app store for Windows now.
Re:life-long updates (Score:5, Insightful)
The only problem is they all take at least 30% and some have some fairly strict limits on what can be put on there.
Re:life-long updates (Score:4, Informative)
But if it means you sell that many more, it's still a good idea.
Or you sell at a higher price in that app store. Whatever works.
Re:life-long updates (Score:5, Insightful)
In addition to the mac and ms stores, STEAM is now distributing non-game software. Admittedly most of it is currently aimed at artists and developers involved with producing games, but utility for graphic designers would still fit in just fine.
Re: (Score:3)
This really doesn't make any sense whatsoever. The app store does not give the author the power to revamp the application, or revoke the application, or any other such nonsense. This has never been the case, and I do not believe it will ever become the case in the future. Here's what the appstore does
Re:life-long updates (Score:5, Insightful)
The guy is asking the wrong question. He should be asking questions like "How can I maximize profits?" or "How can people find out about my utility?" not "What is a reasonable way to deter piracy?". One doesn't necessarily follow from the other.
In any case, coming back to his original question. Perhaps his utility could help his customers deter the piracy of the graphics they create with it (may be some kind of self-signing/watermarking/registration system for their own graphics). A customer who tries to protect his own assets will probably not want to try doing it with a pirated copy of the software. It would be too high a risk that whoever pirated that software also crippled/modified the functionality that would deter piracy of the images as well.
Re: (Score:3, Insightful)
Just remember that this is a graphics utility for graphics designers... and if they're graphics designers, they've already got Adobe CS with a bunch of plugins (many plugins possibly pirated).
Don't worry about piracy for the non-professionals; if they like/use your tool, that gives you mindshare. What you really want to be asking is "what will get graphics designers to lay down $5 to $10 for my product when they've already got CS?" When you've answered that question, piracy is no longer an issue (you want
Re: (Score:3)
You get vastly more with the carrot than an easily-circumvented stick.
How did that go over with your girlfriend/wife?
Re: (Score:3, Insightful)
I would have thought tackling pirates could be best handled by placing trained security personal on targeted ships in the affected zones, argh me hearty.
When it comes to copyright infringement, your content you choose, your customer will then make a choice. The most important thing is to make very, very clear your system to the customer and do not put the customers equipment at risk, nor force changes of use upon the customer.
The best method is to reward validated registered users in some manner. Obvio
Re:life-long updates (Score:5, Insightful)
Whose life? ;)
I can't see someone supporting a game for more than a year or so unless they have a revenue stream from downloadable content.
An OS I can see security updates being a requirement for a decade.
Some software packages dealing with finance will most likely need update and I don't expect those to be free.
The simplest mentioned is check the serial on a new install which I won't fuss with bypassing. Let me play it without the serial with either level or time restriction for a game. Let me do enough with other programs to get an idea how they work.
And as always, Don't Suck.
Re: (Score:3)
Which is really sad in my opinion. There are many games that could benefit from life long updates. Updating the engine, offer new content, new maps, new anything game related. I would gladly pay every year to get my favourite game updated with new content.
I don't really understand the current model. You develop for 4 years a game, and then you are expected to make a profit in the first weeks. Why not develop a game for 2 years and offer continued updates and new content for subscribers? Why that kind of bus
Re:life-long updates (Score:5, Interesting)
Most amusing (and effective) DRM I ever saw was actually a fairly loose and easily broken copy protection scheme... the program could detect when it had been "cracked" but still gave full functionality to the cracked version... just with some interesting bugs that only appeared late game on the cracked version. It was a game, and deliberately corrupted the load of certain textures on pirated version so the game was still playable, but had quality degradation. Is it possible you could do something like that with the utility?
The reality is that some people are going to pirate it, even if you only charge $0.05 for a copy. They're going to do it because they can. The best DRM schemes take that into mind, and give them something they can pirate while still making it worth actually paying for the product for those who want to. In the case of the game, for example, you could give it away for free, but only with low quality textures and low bitrate audio samples... if you pay for the game, you can download and install the hi res packs and get a better gameplay experience. If you have the bandwidth to spare, you could tag those hi res packs with a unique watermark and have the software check activation servers for the hi res packs on, say, a weekly basis... if you find them on a pirate site, you can nuke the activation for that particular hi res pack, leaving a functional game that defaults back to the low res textures for pirate users.
For the utility described, maybe limit the number of objects it can save in a render, for example (assuming that's what the software is), or limit the quality of JPEG it can save to 30% if it's saving images, or apply a watermark to work created with a pirated copy? If it's something people will use to interoperate with other users, maybe have it tag files created on a pirated copy with a randomly generated hash that's stored on the client PC, so that the files can be opened on that system but won't open on another computer? Or even just tweak it with artificial slowdowns in the code so that it's usable when it's pirated, but nowhere near as efficient to work with.
The possibilties are endless, once you accept that you won't stop people from pirating it, and start thinking of ways to fuck with pirates instead.
Re:life-long updates (Score:5, Funny)
On a similar note, I once saw a utility that, if unregistered, would let you use everything in it, the only catch being that all of the fonts in the tool switched to Comic Sans.
Re:life-long updates (Score:5, Funny)
Could be worse. Could be Wingdings.
Re:life-long updates (Score:4, Informative)
Here's a screenshot [finerthings.in] of the warning
Re:life-long updates (Score:4, Informative)
That reminds me of an early 1980s copy protection scheme I heard about- signing the (magnetic floppy) disk with a ball point pen before formatting, then using a special cataloging program to record and analyze bad sectors at bootup.
Worked well until hard drives came into play, but a sector copy program that ignored bad sector warnings could accurately defeat it.
Re: (Score:3, Funny)
I did this with my game. The code that checked the cd-key was easily bypassed, but that code also fixed a critical bug that happened on level 10. It was funny that we had people coming to our support forum asking for help, and we could easily call them out as pirates!
We actually manage to convince one of them to buy the game properly.
Re: (Score:3)
Spyro the Dragon had something similar in it. If you used a copied disc you could only get half way through the game :)
Re:life-long updates (Score:5, Insightful)
If you cripple the product in ways that could be mistaken for a bug, then they will think your products are shit, and never buy them even after they get a real job and move out of their parent house.
Re: (Score:3)
> The reality is that some people are going to pirate it, even if you only charge $0.05 for a copy. They're going to do it because they can.
Correct. To add to that: No matter what kind of copy protection / DRM you use, people WILL crack it.
I used to crack games in the '80s because it was fun -- plus one got to learn assembly language as a bonus. It was NEVER about "Sticking it to The Man", but about learning. i.e. The best way to motivate a geek is to tell him he can't do something.
Instead of wasting
Re:life-long updates (Score:4, Interesting)
The most amusing I saw renamed all objects to "oink!" and had NPC speech replaced with altered versions of famous quotes ("honor thy father and thy hoe, babycakes") if the player couldn't answer a few questions based on information in the printed manual correctly after two tries. That was in Ultima VII: Serpent Isle -- I always wondered just how the development team got the idea for that.
Oh, ouch... I just looked it up on Wikipedia [wikipedia.org], and found a nasty copy-protection approach used in one of the early games -- the floppy disk for Atari version of Ultima IV had an unformatted track the game was programmed to look for, and if it was absent, the the player's party would be slaughtered during every battle. Worse, the German distributor didn't know about the unformatted track, so all of the copies they sold had impossible-to-win battles.
Re: (Score:3)
Re:life-long updates (Score:5, Interesting)
http://www.baen.com/library/intro.asp [baen.com]
Jim Baen sold books, rather than software. But his views are pertinent to any digital distributor. Anyone who bothers to ask slashdot about digital rights has obviously given things some semi-serious thought. Include Jim's ideas in your thinking.
First few paragraphs of that page follow:
Baen Books is now making available — for free — a number of its titles in electronic format. We're calling it the Baen Free Library. Anyone who wishes can read these titles online — no conditions, no strings attached. (Later we may ask for an extremely simple, name & email only, registration. ) Or, if you prefer, you can download the books in one of several formats. Again, with no conditions or strings attached. (URLs to sites which offer the readers for these format are also listed. )
Why are we doing this? Well, for two reasons.
The first is what you might call a "matter of principle." This all started as a byproduct of an online "virtual brawl" I got into with a number of people, some of them professional SF authors, over the issue of online piracy of copyrighted works and what to do about it.
There was a school of thought, which seemed to be picking up steam, that the way to handle the problem was with handcuffs and brass knucks. Enforcement! Regulation! New regulations! Tighter regulations! All out for the campaign against piracy! No quarter! Build more prisons! Harsher sentences!
Alles in ordnung!
I, ah, disagreed. Rather vociferously and belligerently, in fact. And I can be a vociferous and belligerent fellow. My own opinion, summarized briefly, is as follows:
1. Online piracy — while it is definitely illegal and immoral — is, as a practical problem, nothing more than (at most) a nuisance. We're talking brats stealing chewing gum, here, not the Barbary Pirates.
2. Losses any author suffers from piracy are almost certainly offset by the additional publicity which, in practice, any kind of free copies of a book usually engender. Whatever the moral difference, which certainly exists, the practical effect of online piracy is no different from that of any existing method by which readers may obtain books for free or at reduced cost: public libraries, friends borrowing and loaning each other books, used book stores, promotional copies, etc.
3. Any cure which relies on tighter regulation of the market — especially the kind of extreme measures being advocated by some people — is far worse than the disease. As a widespread phenomenon rather than a nuisance, piracy occurs when artificial restrictions in the market jack up prices beyond what people think are reasonable. The "regulation-enforcement-more regulation" strategy is a bottomless pit which continually recreates (on a larger scale) the problem it supposedly solves. And that commercial effect is often compounded by the more general damage done to social and political freedom.
In the course of this debate, I mentioned it to my publisher Jim Baen. He more or less virtually snorted and expressed the opinion that if one of his authors — how about you, Eric? — were willing to put up a book for free online that the resulting publicity would more than offset any losses the author might suffer.
The minute he made the proposal, I realized he was right. After all, Dave Weber's On Basilisk Station has been available for free as a "loss leader" for Baen's for-pay experiment "Webscriptions" for months now. And — hey, whaddaya know? — over that time it's become Baen's most popular backlist title in paper!
And so I volunteered my first novel, Mother of Demons, to prove the case. And the next day Mother of Demons went up online, offered to the public for free.
Sure enough, within a day, I received at least half a dozen messages (some posted in public forums, others by private email) from people who told me that, based on hearing about the episode a
Re:life-long updates (Score:4)
I would agree with all of the above _EXCEPT_ point number three.
Screw the phone home stuff - build a serial number generator and call it good.
I used to work for a prominent software house that made plugins for Illustrator, Photoshop, etc, and that's all we ever had. The pirate networks had figured out our algorithm, but who cares? They were never our customers in the first place. And for support, we required our callers to give their serial number before we would help them - we kept an account of which serials had been sold, so it was easy to cut off the freeloaders.
Go with an offline serial scheme that is non-obvious, but simple to code and you will be fine.
Bonus points - if you are doing online sales only, use the customer's CC or PayPal ID or whatever as the salt against a serial number for validation... you can not only spot pirates, you know where they got their copy.
Extra bonus points if you embed that hash into the IPTC or EXIF data of exported images...
from an interview [japaninc.com] with Kai Krause in 1994:
Professional Piracy: 3rd-Party, Paid Obfuscator (Score:5, Interesting)
The biggest thing you should worry about is not customers ripping off your product, but shovelware firms rebadging your product and stealing your market with their superior ability to reach the customer.
Serial and calling home (Score:3, Insightful)
Serial number. "Call home" only on new install to check the serial.
Re:Serial and calling home (Score:5, Interesting)
I find the kind of drm Packtpub do with their ebooks more acceptable. i.e.: make sure the application displays the buyer's name and address somewhere at all times. That way, the users themselves will protect the application from getting into the wrong hands. And if it gets onto the internets, you know who leaked it.
I do understand this means more work for you (recompile a part of your app for every single customer) but it is also a lot less trouble for the user (not having to mess around with registrations, serials, etc).
Re:Serial and calling home (Score:5, Interesting)
You don't need to recompile. A signed key file with the user name in it should work.
Re:Serial and calling home (Score:4, Insightful)
This, plus if you're intending to limit the number of concurrent installs for your product *also* allow for a given install to be DE-registered:
Too obtrusive (Score:4, Interesting)
I have no problem paying for software that is useful, especially if it reasonably priced. However, there have been many times where I needed to get a job done and was hindered in doing so because of the hoops I had to jump through to get software activated on an offline machine, or didn't have access to the serial number at the time. This has burned me enough that I won't buy any software that requires activation, and am even leery of simple serial number activation.
Nearly all the software on pirate sites has been cracked, so the pirate's version won't require the user to enter a serial number or be calling home on the first install anyway. Even these simple anti-piracy methods hurt the user and not the pirate.
Re: (Score:3)
Your strategy reminds me of a vendor I had to work with. I dislike that particular vendor only for their draconian software licensing enforcement*.
Supporting an authorization scheme like that is reasonable if you're a big business company and your customers are also big business.
For everyone else, it's an undue hassle.
Frankly, for a $5 application, tying it that heavily to the hardware will cost more than the money you're making.
*I don't object to licensed software; but in this case, the software had no ut
No point asking here (Score:3, Insightful)
One side wants information to be free, the otherside wants market forcesto prevail. Eitherway you lose as the price will be $0
Re: (Score:3, Interesting)
I wish the grandparent had not posted AC, for he makes a very real point:
Supply/demand pricing structures simply do not work when the cost of creating the supply is nothing.
Re:No point asking here (Score:5, Insightful)
The cost of RE-creating the supply is nothing.
Don't even try (Score:5, Insightful)
Just don't. The people who want to pirate will, no matter what you do. Any DRM would only inconvenience legitimate customers. Just make it easy to buy your software for people who want to do so, and provide something worthwhile for the money (e.g. answer support questions, respond to bug reports, etc.)
Re:Don't even try (Score:5, Interesting)
Any DRM would only inconvenience legitimate customers.
As a customer who won't buy DRM-protected stuff, I don't consider the simple act of entering a license key to be DRM... What do you think? As long as the validation of the key happens locally, I don't mind doing this. In a way, it makes the purchase feel a bit more personalized.
Yeah, I know the license validation can be hacked around. That's not the point, it's kind of like signing your signature to something. I can forge someone else's signature, but I know I'm being dishonest if I do that.
Re:Don't even try (Score:4, Interesting)
The point here isn't to harass the people installing it on two or three machines - but to find out when a key has been compromised (ie: hundreds of installs). At that point it's up to submitter if he wants to disable the key or simply use it for tracking. Either way, you don't want to demonize the customer - offer them a new key (via email to the original registered address or some similar means).
Lastly (or firstly and foremostly) - accept that your product *will* be pirated. Accept that it's likely the majority of installations will be pirated. You can't let this get to you - after all, the more people use your software (even pirated), the more exposure you'll have and the more real sales you'll get. You know your software sucks if nobody wants to pirate it. When it comes down to it, if you have a good product which is convenient enough to buy legally, you'll get most of your potential customers to pay for it.
Re:Don't even try (Score:4, Interesting)
The purpose of the serial, in my mind, is not to prevent piracy but to identify the customer for purposes of support, enabling feature sets, etc. Basically, to register the product.
As a legitimate user, I *like* seeing my name show up in the "About this software" dialog box, along with information about the particular set of features I have purchased, info on how long my support contract is valid for, etc. I am not at all annoyed by it.
Re: (Score:3)
Just don't. The people who want to pirate will, no matter what you do. Any DRM would only inconvenience legitimate customers. Just make it easy to buy your software for people who want to do so, and provide something worthwhile for the money (e.g. answer support questions, respond to bug reports, etc.)
Don't be an EA. Be more concerned with keeping the people who do pay happy and less concerned with those that don't.
Re:Don't even try (Score:5, Insightful)
But that requires either a physical token (DVD) or activation servers, both of which instantly increase costs a lot over simple downloads and inconvenience legitimate users. It also won't stop the software from ending up on Pirate Bay.
Just live with the fact that some people will use your program for free. You can't stop it from happening, and will simply piss off your customers by trying. And besides, Joe Average emailing your program forward will probably end up increasing your profits - after all, your biggest challenge is going to be getting word of its existence out there, and it's always possible that whoever it is emailed to will decide to pay the $5 out of the goodness of his heart, or whoever he emails it will, or...
It is perfectly natural to get angry at the thought of someone benefiting from your hard work without paying you, but if you run a business you can't afford to let it affect your decisions.
Advice from a service technician (Score:5, Insightful)
Whatever you do, man, make it easy for people doing reinstalls to preserve the install key. A lot of times we redo a computer for a customer and we can't put back some software because there's no way to get the key. Something like an online system where you enter your e-mail address or something to re-register could be nice in those cases, assuming the worst case that whatever stored the registration was deleted.
Don't require online connectivity to run once registered though, that's just asking for trouble.
No need to go overboard (Score:5, Insightful)
Re:No need to go overboard (Score:5, Insightful)
Well, since after decades of trying nobody has ever managed to do more than delay the pirates for more than a few months I think groups 2 and 3 can be assumed to be permanent characteristics. And I seriously doubt your 1% figure, unless you're talking so far back that people didn't really think of software so much as the product as the reason people bought your hardware. Certainly in the late 80s I remember piracy being pretty rampant - software, music tapes, VHS, you name it. It just wasn't the sort of thing you would notice unless you actually saw somebody making a copy. It's more convenient now that you can copy stuff from people you've never met, but I think the bigger change is just that now the content creators can watch it happening.
And frankly group 3 is almost irrelevant. It doesn't matter if they're responsible for 99.99% of the copies in existence, nothing you do will make them buy it, so any attempt to stop them from copying is 100% wasted effort. In fact it probably *reduces* your sales because sometimes people from group 1 or 2 will learn about it through them and then pay you. So in a rational world the goal is then:
1) Don't seriously inconvenience goup 1 - these people are your bread and butter, you should be doing everything you can to make them happy.
2) Do everything you can to convince group 2 that they should pay rather than pirate. Just keep in mind that you're competing against your own product stripped of all copy protection, so more secure and annoying copy protection actually works against you. Possible strategies include leveraging guilt and/or minor inconvenience during install (serial numbers, please don't copy screens, etc), or providing incentives for legitimate customers. Major or ongoing inconveniences just provide large-scale pirates incentive to strip out your copy protection in exchange for some geek cred, while providing potential customer incentive to choose the pirated version over the legitimate one. Moreover a poorly or maliciously implemented copy protection bypass can compromise the integrity and stability of your software in ways that aren't obviously due to the bypass, damaging your brand image.
Don't (Score:5, Insightful)
Seriously. Don't. If your program is any good, people will pirate it. Actually even if your program is terrible people will pirate it, just because they can. And they can, no matter what steps you take. However people are vastly more likely to give money to a indie developer. Pirates can be classified people that are either compulsive/hoarder pirates and wouldn't pay for it anyhow, genuinely need your program but cannot afford it, and people that will pay for it after a "trial run" when the realize you are an indie developer and your program is reasonably priced.
Re: (Score:3)
Re: (Score:3)
Most pirates are casual pirates that wouldn't put much effort into it.
Some are determined, and you can't stop. But to say all are that way is ignorant of the pirate ecosystem.
True, but thanks to the miracle of software, it only takes one person to crack the DRM. Then everyone just follows suit. Most people couldn't figure out how to break DeCSS on their own, but it's pretty easy to use a DVD ripping program.
Re:Don't (Score:4, Insightful)
But all it takes is one determined person to put it up on the internet, and it'll spread immediately to all the other, lazier people. The only surefire way to avoid anyone pirating your software is to be so darn indie that nobody has heard of your software, and thus, nobody has heard of it to decide it would be fun to crack.
Going with the huge numbers of other people who say: a little bit of DRM (like a one-time key check, or looking something up in the manual or something) is infinitely better than none, but a lot of DRM (like phoning home randomly all the time, or analyzing the system's memory every time anything does anything, or anything that might break for legitimate users or force them to jump through a bunch of hoops to validate) is infinitely worse, and will drive people to piracy who might otherwise have paid, while not inconveniencing the serial pirates at all, because they would've pirated it anyway.
One-time online activation. (Score:4, Interesting)
Re:One-time online activation. (Score:4, Interesting)
Also tie the activation to updates. Make it so that the legitimate purchasers get something the pirates don't in exchange for their money.
KISS (Score:5, Insightful)
Re:KISS (Score:4, Interesting)
I agree. Have just enough a hurdle that the honest-but-lazy user doesn't just keep saying to himself "I'll just pay for it later".
Full disclosure: I've been that honest-but-lazy guy who kept meaning to pay for shareware and then never got around to it (even though I really meant to and wasn't really trying to avoid it).
Grapeshot as they board? (Score:5, Interesting)
Shiver their timbers.
Seriously though... you will get a variety of answers here on Slashdot, ranging from "open source it and give it all away" to "put in ads and give it away". Charging for things seems to be a sin to some slashdotters.
I think a CD key, for PC games, strikes a reasonable balance, so long as you have some traceability (online activation is nice). Have you considered Steamworks? You'd have a distribution platform (though it wouldn't limit where you could sell it), and a proven, relatively non-intrusive DRM strategy.
Of course, Steamworks games get cracked, but you can never really stop determined crackers or pirates. All you want to do is encourage legit buyers to remain legit buyers. Steam is a pretty decent ecosystem for developers and gamers.
Re: (Score:3)
Not anymore.
Comment removed (Score:5, Insightful)
Price it reasonably (Score:5, Insightful)
That's probably the easiest way to deter piracy: price it reasonably for it's job. Most people would rather get it legitimately than pirate it. Make it easy to download without going to shady download sites like CNet (I say shady because there's no way of telling where what they're hosting came from or who put it there, and I do not trust software where I can't trace it's provenance). Hosting downloads from your own domain will help, and leads into the next item: mark each copy you sell. Encode a serial number and buyer identity into each copy, making each one unique to the buyer. Make it clear when they buy that the copy's been stamped with their identity, and do the same on the initial splash screen if any and in the About dialog. This won't be seen by most people as anything particularly objectionable in itself, at the same time it'll make them skittish about just handing it out willy-nilly knowing that if someone they give it to uploads it to a torrent site or something it'll be them clearly identified as the source. It won't stop the hard-code pirates, but then very little will. It won't stop people from installing an extra copy for family. But it should be enough to convince the majority of people to tell their friends to just shell out the $15 for their own copy.
Re:Price it reasonably (Score:4, Interesting)
Of everything I've read, I thnk yours is the most reasonable idea. Just stamp it with the identity of who you sold it to. Brilliant.
"This copy licensed to....".
It's easily defeated, but as people said, someone determined will defeat anything you come up with.
Since I don't have mod points, this is what you get!
--PM
! deterrent (Score:4, Insightful)
Deterrent is the wrong goal. Give up on the folks who choose to steal it. They aren't worth your time or concern. Worry about making it both easy and encouraging for the folks who are inclined to pay you to do so.
Make people want to pay for your product, (Score:3)
then ask them to do it.
Many will, if it's valuable to them. Those that won't likely wouldn't have done so anyway.
There was a recent TED talk, "The Art of Asking," that made an argument along similar lines, though it was more concerned with digital music.
I pay for stuff I like if I feel that the price is fair. Most others are the same way.
Don't under estimate shaming (Score:5, Interesting)
I worked on a tool to be used by consultants. These people have very sticky fingers. Are issue was how to we prevent consultants taking the software to another firm?
We compiled a build for each customer with there logo inserted into various places. So when you run a report, no matter what there user entered, the embedded logo would appear on the reports.
Going to another accounting firm, and then generating reports for your boss with your previous companies logo on it tend to get you frowned upon.
Market Study (Score:3)
Unfortunately, you need to do a market study to determine that price - so as always you have to spend money to make (more) money. You may be surprised that what you thought was only a $5-$10 app may be a $50 app; OTOH, it could turn out to be a $1 app too.
Make it easier to buy (Score:4, Insightful)
Price it right, make sure ANYONE can download it (in other words, make sure you have a way of getting money from someone in the US and UK just as easily as you've got a way from a guy in China or India to download your game) and make it easy to find where you can buy it.
If someone really wants to pirate your software, they will. But make sure that the pirated version isn't a superior version to what you offer.
But above all else, you want users, its a whole lot better to be known for a game that everyone's heard of and played and 75% of the people didn't buy then it is to be the creator of a game that no one's heard of and played but the few users who did play the game bought it.
Read This (Score:4, Informative)
Read this. Memorize it. It tells you everything you need to know as a developer:
http://tommyrefenes.tumblr.com/post/45684087997/apathy-and-refunds-are-more-dangerous-than-piracy [tumblr.com]
Re:Read This (Score:5, Funny)
Read this. Memorize it.
I did, but now I've forgotten C++. Thanks a bunch!
Piracy can strengthen the brand (Score:4, Interesting)
I started and worked on a very successful iOS game with over 9,000,000 users (and now over 1m on Android).. In the earlier days, we saw that it's piracy was 3 to 1 (so there were at the time about 3m users per 1m paid).
We don't care. Every user who doesn't pay but enjoys the game spreads word about the game, which will work well for the sequel or for branded toys. Those who don't pay for it probably weren't going to, at least they've now heard of your brand and your game. Free marketing.
Quality, price, experience, demo. (Score:3)
1) Make a game that's worth buying.
2) Sell it at a price that people are willing to pay.
3) Don't make piracy a better experience than buying the real thing.
4) Give your customers a legitimate way to try the game for free.
Sure, there are and always will be people who pirate games just because they can. There really isn't a way to stop this.
The vast majority who do pirate usually fall into one of these categories, though.
For me, the only reason I've pirated since graduating HS is #3, and even then I have only used pirated versions of games I own, or for games that I legitimately can't find (especially Dreamcast games).
Re: (Score:3)
The scenario is a little different for games. Professionals don’t sweat the cost of the tools they use to do their jobs, within reason, as they’re either tax writeoffs or billable to a client. Adobe can charge $1300-2600 for individual copies of CS6 because a single freelance gig will more than cover that (unless you’re doing flyers for a local band or something.) $5-10 for a useful tool is nothing. Whereas very few people have the type of job that would allow them to deduct video game pur
Embrace Piracy (Score:3)
Embrace the Pirates, for they may be your salvation.
Release two versions, paid and pirate. Call them that, and have fun with it (pirate skin). Give them a reason to "buy" it, something emotional, tied to being a pirate (enhanced pirate skin, which they will pirate too). Tell the pirates you don't want their money, you want a Starbucks Gift Card (or whatever). Tell the Pirates you want them to tell their friends that you embrace their actions, as a means of publicity.
IF you product, service or whatever is good, then publicity is your friend. Then ask them to pay for it when they use it, just don't nag. Perhaps a reminder every month (30 days) of "hey, you like this app, please consider buying the Pirate version with the all new pirate skin".
If you fight the pirates, they will route around any attempt to block them. It is a fool's game of whack-a-mole.
And for those people that pirate apps, do you really think you're all that clever for going to Google and typing "Pirate Bag Android Apps". I really hope you all find hacked versions that steal your identity and money. Pay the damn $1.99 already.
Obscurity (Score:5, Insightful)
Piracy is a tax on being popular.
The less popular you are, the less of a tax it is.
It costs goodwill, it cost money, and it is for the most part not effective. What is effictive is to find a way to make money even with pircacy out there.
Read some posts at TechDirt. Find out if freeimum, or posting a comment or a product at thepiratebay or something else would work for your business.
There was an article about a director who made $60,000 last year on a project and spent $30,000 if it trying to deter piracy. She could have doubled her money by doing nothing. That was a case study. http://dilbert.com/strips/comic/1999-12-29/ [dilbert.com]
Seed it yourself (Score:4, Interesting)
Can you create an ad supported version? If so, create an ad supported version and seed it yourself.
The people who want to buy the software will come to your site and buy it from you (requires serial #). Those who go to your site and say "$5? F that noise, yo!" (because that's how pirates talk) will go start looking for torrents. Seed the ad-supported version yourself. Make sure it's the most popular torrent for your software. Anybody who decides they'd rather torrent it than pay you gets the ad-supported version and is probably none the wiser that the paid version doesn't have ads.
Now you get $5-$10 out of the people who were willing to pay for it, and you make some off the ads for the people who weren't.
Yes, somebody can crack the no-ads paid version and torrent that. Every month or so, look for it. When that happens, either try to out-seed them (so people who don't know the difference download your version) or just release a "patch" and seed that. So the currently cracked version might be 1.5, but you just released 1.6 ("now with more graphicals and improved performances!") and most people are going to download the most recent version. Now you're ahead until they crack 1.6.
Alternatively, you could also seed it yourself with a message that says "hey buddy, I know you got this off Pirate Bay, but come on, it's $5 and here's a picture of my starving kids. Help me out!" and a link to buy the full version.
Piracy is Free Marketing (Score:4, Insightful)
In business there is no good or evil, there is only money. Don't let yourself fall into the ideology trap that pirates are evil - that's a question for a philosophy class in college or a million arguments on the internet - but all that should matter to you as a businessman is the money.
The best possible case of DRM is to convert potential pirates into customers. There are lots of not-so-great cases, they generally involve pissing off your paying customers, something that should be avoided at all costs because paying customers who are unhappy will tell the world how unhappy your product has made them and that will discourage any new paying customers.
So, I am going to suggest that instead of DRM to punish pirates you should look for ways to identify pirates and upsell to them. Give them the carrot instead of the stick, that way you never have to worry about accidentally hitting a paying customer with the stick - worse case is just more carrots.
One option is to let the software run just fine without a serial number, but after some number of launches without a serial number, like maybe 20, start putting up a click-through start-up screen. On that screen you can nicely point out that they've used the software 20 times now and it is only fair that since they are getting so much value out of it, they should pay for it - remember you catch more flies with honey than vinegar. Then give the user three choices:
1) Enter their serial number
2) Go to a web page where they can buy a serial number
3) Click through and use the software anyway
If someone is inclined to pay this helps them to remember, if they are already a paying customer and they lost their serial number or whatever, this won't stop them from getting their work done and so won't piss them off and if they are a hardcore pirate who will never pay, you still haven't lost anything anyway.
Partial Key Verification is your answer. (Score:3)
I found this answer on SO a couple years ago and flagged it as a favorite because I figured I might need it some day.
The short version is a lot like what people have already said, have cracked keys be detectable and then decide from there what to do.
http://stackoverflow.com/questions/3550556/ive-found-my-software-as-cracked-download-on-internet-what-to-do [stackoverflow.com]
This guy decided to redirect the users to a website to inform them that they're using a cracked key and that they should really purchase the software.
His studies seem to indicate that it works well.
preventing free riders (Score:3)
So you want to stop free riders, huh? First of all DRM can work, but only in some situations and some element of luck is involved. Not that the purpose of these techniques is not profit maximization. The purpose is simply to reduce or stop free riders.
---The DRM Option---
1. Code the DRM yourself. Make sure that a cracker at last would require knowledge of assembly language to crack it. Anyone can use a hex editor. At least make sure that your cracker has to be somewhat competent.
2. Don't advertise the software too much. Try to keep it from getting too popular. As soon as a competent cracker sees it and thinks your software seems useful he's going to put your code on his to_disassemble_list and a crack could be released in just a few days.
3. Don't make the software too good or too useful. Ideally it should not do anything better than other software in its category. it should not be a best-in-class sort of thing. If it seems to be getting too popular introduce some subtle but annoying bugs in the next release.
---Bait and Switch---
With this method you introduce the software initially as freeware but not open source. Build a following. Let people get dependent on it. I'd recommend giving it a full year or two so that people basically think of it as free software.
Then go commercial. Give as little warning as possible. Quietly remove old versions from your web site beforehand A good time to do this is just before you fix an annoying bug. If you have to, leave a bug unfixed specifically for this purpose. Even introduce one if you have to. Just make sure to add a new feature when you do so.
At this point introduce the above homemade DRM and try to keep a low profile as noted in the first strategy. The delay between initial release and the implementation of DRM will discourage a large percentage of crackers. It just won't be on their radar anymore since it is old software at this point. Of course if your software has already become too popular then it is still hopeless, but you have to prevent that.
The basic idea behind these strategies is not to try to defeat the crackers. They are way smarter than you are. Just forget it. The idea is to stay below their radar and make your DRM just hard enough to stop the easy search and replace hex editor attacks.
Eventually your software may indeed be discovered by a competent cracker and then the game is over. Go work on some new software. Rinse and repeat.
---divide and conquer---
One tip for staying obscure is to break up your software into many smaller applications. Not only does that make more targets for the crackers for the same functionality, but it makes the software less useful which remember is a good thing. You don't need to get every customer in the world. Just enough to make some money. Don't get greedy or you will certainly fail.
If your software has a menu take a look at the different options and see if you can split them out into different applications.
---keep prices low---
A cracker is less likely to target you if you are only asking $5-$10. I see that this is already your strategy. It is an excellent way to both deter crackers and to deter potential pirates from even bothering to search for a cracked version. Cracking a $1000 application gives way more prestige than cracking a $5 one. Note that this merges quite nicely with the above divide and conquer strategy.
The key is to give me MORE. Not LESS (Score:4, Insightful)
It's something big studios don't get, but some indies got that one right, so you might want to try it too.
What's the big reason people buy "normal" goods in stores instead of, say, from the back of trucks for a fraction of the price? I mean, you can get a big screen TV for a few 100 instead of a few 1000 bucks, no really. Here it is, don't ask, don't tell. Don't want it? Gee, why could that be?
Could it be the warranty you get when you buy it in a store? Or the additional goodies that come with it?
Make sure that people who buy your software get MORE out of it than just the software they'd also get from a pirated copy. When they register their copy, how about gaining access to you for support? Certainly not full time and 24/7, but even knowing that I COULD mail you my problems is a big psychological issue. How about offering that you will hear their suggestions for future versions and the promise of some updates free/cheap when they are implemented? Having the ear of the maker of a tool I enjoy using and feeling my input is valued sure is worth 5 or 10 bucks. And you get free suggestions for improvement of handling for free, too.
One of the biggest assets for you (and it's amazing how many ignore this): If that tool allows the creation of plugins, offer a place where people can showcase and offer their plugins, or if it is used to create something these people could probably want to publish, offer them a place to do that. Of course only if they are paying customers. Webspace is cheap or even free, what's problematic is to get people to VISIT yours, and you having a customer base for this tool means that you're a hub for your customers when they are trying to reach like minded people.
YOU are the center of this tool, wherever you make this tool point everyone using this tool WILL know, whether they like to or not.
Even the ones that didn't pay for it.
This makes whatever webspace you offer (even if it's merely some sort of linking hub) critical for anyone who wants to publish what this tool creates, unless he has a better platform. It is very unlikely that they do, though.
Visibility, Not Inaccessibility (Score:3)
Rather than creating DRM concentrate on creating a community of loyal users. Have an open beta. Reward bug reports with credits.
Let users suggest new features in a forum. Keep up a dialog.
DRM is much less effective than perceived value. If the consumer believes your product is worth it they will buy it.
The ones that don't didn't intend to anyway.
2 things (Score:3)
Make it easy for me to buy (either in store availability guaranteed, or digital download - the latter is a lot easier to achieve) and PRICE APPROPRIATELY.
If you still have piracy, they were never going to be customers anyway (i.e., if it was too hard they wouldn't have purchased), but may encourage others to buy, by getting you free publicity.
Re: (Score:3)
Enlighten us. How should this indie developer release his $5 app the right way?
Don't try to deter piracy (Score:5, Insightful)
Trying to deter piracy with DRM is a losing battle. If people don't want to pay you, they won't pay. The trick is to get them to want to pay you.
The first step is to learn the art of asking: http://www.ted.com/talks/amanda_palmer_the_art_of_asking.html [ted.com]
Ask for money, don't demand it. Let them pay you whatever they think is reasonable, but communicate how much you want ($5 in this case) as a default.
And for all those freeloaders who decide not to pay you, and there will be plenty, show them some ads to recoup the cost. Better they see your ads than piratebay's.
Re:Don't try to deter piracy (Score:4, Interesting)
It bothers me a bit to see you propose the idea of asking people to pay what is reasonable, and then calling them freeloaders if they don't pay. Maybe it actually wasn't worth anything to them. In the case of the submitter, the application was something to do with graphic design. It's easy to imagine someone downloading a copy of this program if it were offered "by donation", playing with it for a bit, and abandoning it never having used it for any real commercial or hobby purpose. It is worth nothing to them, like much of the internet, they had a look at it because it was there.
If you walk by a street performer and don't pay them, are you a freeloader? What if you look at them for a minute and walk on? I would say no, you might look at them because they were there, but you didn't ask them to come there.
Asking people to pay what they want is a lot like being a street performer. You are offering something, but essentially appealing to people's sense of charity to try and get paid, rather than providing goods or services in exchange for money. It devalues the work you are doing (necessarily because people can legally get what you are offering for free) and it's hard to see this as a viable business model in most cases
Re:Don't try to deter piracy (Score:4, Insightful)
That might have been true before advertisers put themselves on the same operating level as malware.
Might have been, but I doubt it.
Re: (Score:3)
once the script hits the users' hardware, the developer doesn't get to decide what happens. Sorry.
Re: (Score:3)
Your fallacy is: https://yourlogicalfallacyis.com/anecdotal [yourlogicalfallacyis.com]
You can cite anecdotes in which the model I've proposed has failed and I can cite anecdotes in which the model I've proposed has succeeded (such as Amanda Palmer), but neither set of anecdotes are terribly relevant.
What's relevant is piracy cannot be stopped. So trying to stop it is simply a waste of time. If you assume that premise, then it logically follows that all you can do is ask for money, not demand it. To draw any other conclusion is simply
Re: (Score:3)
If can't run your business on anything less than $1000 per user, then you're better off reworking it into an internet service so you can enforceably control access to your software rather than making it a standalone downloadable software package.
Huge upfront prices are rarely a good way to run a business unless you're selling a large tangible asset like a TV, or a car, or a house. Software just isn't one of those kinds of things.
But you catch more flies with honey than with vinegar. If you offer it as a ser
Re:Sigh (Score:5, Insightful)
I like simple one-time online activation (if it's an open download), or put it up on app stores with a price but no other measures. It's not much of a barrier to a pirate, any more than the lock on my front door is a barrier to a thief, but it sends a clear message: "this isn't free software, you're supposed to pay for this". That message will deter almost anyone who can be deterred.
Re: (Score:3)
Not everything needs 'paid' support. A $5 application for graphic designers should be easy enough to use without having to pay to ask questions.
A full server OS with a large support team, yes. A small graphic app? No.
Re: (Score:3)
yeah hi, as a potential customer, 'web apps' are worth precisely $0. Why? I could wake up tomorrow and find that it's gone, or altered such that a much needed part of my workflow has been obliterated by your marketing department. No thanks.