views:

590

answers:

10

I've written a small utility that I wish to sell for less than $10.

My primary concern is "casual piracy". The scenario that plays out in my mind is this:

User buys the program, enjoys using it and tells their friends. The friends copy the application to their USB drives and take it home - using the application for free (maybe never realizing they should have purchased it.

Since I've got absolutely no protection built in, it would just be a simple copy'n paste to pirate the app. The users who would be using the app are in close proximity to each other (work in the same environment), so casual piracy would likely occur frequently.

Any ideas? Keeping in mind the app is cheap (partly to reduce casual piracy), and the level of effort to write the app hasn't been very demanding.

Update: the app will run on any system that supports .NET 3.5.

+3  A: 

If your app will run on Windows 2000 and later, you could use Windows Management Instrumentation (WMI) to get some sort of hardware info such as MAC address.

Store this with your application and whenever your app starts, check that the MAC address is the same. If it is not you could gently ask the user to buy your app and/or close your app.

Keep in mind that the user may replace their network card and so quite reasonably will expect to be able to continue to use your application. Make sure you allow for this scenario.

This is a very low tech and easily bypassed way of piracy prevention, but would be very simple to implement.

See this question on how to get the Mac address using WMI (and the WinAPI).

Ash
You mean the binary should edit itself the first time it ran? If this is not the point, than the MAC would be saved somewhere else. When the other user copied the binary, he would not copy the "somewhere else", and thus on first run on second computer, the binary would think it's a legit first run and duplicate the "somewhere else" MAC address.
Spidey
@Spidey: You would ideally, if you were using this solution, set this flag using the installer, I'd imagine. The person copying the program would not get the flag set, due to the installer not being run.
Brisbe42
@Spidey, that is one option see: http://stackoverflow.com/questions/1107912/programmically-embed-resources-in-a-net-assembly
Ash
An assembly signed with a strong key can not be changed without resigning it with the same private key again. A change in the compiled assembly requires that the private key is distributed with the installer for resigning.
Simon Svensson
@Simon, yes, this is clearly described in the linked question.
Ash
A: 

To prevent the simple case how about forcing them to have a valid key that is a hash of computer name or mac address or something. I imagine that this is something similar to what Mo Flannagan of WindowTabs does. When you pay for the application you get a code. You copy and paste that code into the app settings area and it tells you that the code is valid and unlocks certain features.

I think this is a good combination of no-hassle and piracy avoidance.

George Mauer
The problem here becomes key management. I store my Windows key carefully because it cost $300+ USD, and it's worth my time to engage with support if I need to change the computer my key activation is associated with. These things are more of an unreasonable burden at the $10 range, but the frustration of having to re-purchase a key every time the computer changes is probably just as high.
Rex M
@Rex M: as the vendor, you don't have to make customers re-purchase a key every time they change computers. I use this method, and I happily give out free replacement keys. If someone starts asking for 10-20 new keys per day, I stop giving them out for free.
MusiGenesis
@MusiGenesis certainly, but that's part of what I'm getting at - at $10 each, is it worth your time or theirs to have to apply for and wait for a new key each time? I'm not sure.
Rex M
@Rex: it's worth *my* time (at $20 a pop) for sure. Makes me feel wanted. :)
MusiGenesis
+7  A: 

A good place to start would be http://stackoverflow.com/questions/109997/. The main advice I'd give, is don't go in with the assumption that people are untrustworthy--assume trust, mostly. There will be pirating, but even if someone hits a red flag, don't attack them--otherwise, you may turn off any honest customers that hit weird situations. A light message just requesting 'please don't distribute this app' can do more to dissuade casual pirates than all the locks in the world--and strong locks can actually encourage people not to recommend your software.

Brisbe42
Exactly what was going through my mind. How to keep development demand low, price low and casual piracy low without causing trust issues with customers? I don't want protection to get in the way, but I don't want it to be a simple copy'n paste to "steal" the app... ;/
Chad
+1  A: 

I believe what you're looking for can be found in the Software Licensing and Protection services. There is documentation on MSDN here:

http://msdn.microsoft.com/en-us/library/bb931699.aspx

David Stratton
Just in my personal opinion, this approach probably is overkill for the described problem. But it's a worthwhile read anyway. Thanks! :)
Scott Ferguson
Thank you. While it is way to much for what my app involves, it's good to know.
Chad
A: 

You could build the concept of an "account" system into your application that logs in with the "mothership" and then store their IPs for uniqueness.

ddc0660
too much for $10 app imo. extra burden to keep the 'mothership' server available for connections. also think about those users who don't have 24/7 internet connections ..
Lukman
Having to downvote you for recommending IPs as any form of uniqueness. They are not, and should never be used to identify anything other than a given gateway/node. They do not identify people or even endpoints.
Noon Silk
I don't think INinja would approve of using IPs for such a purpose. The idea is good, send something unique back to said mother-ship, but IPs are way too transitive
NitroxDM
A: 

This has been covered on SO before -- see here, here and here. Basically, the general consensus is that if people want to pirate your software, they will do so and there's really nothing you can do to absolutely prevent it. You can make their job more difficult, but ultimately if they're determined enough they're going to win. Even Microsoft can't stop illegal copies of Windows being distributed, despite having vast amounts of resources (both intellectual and monetary). I'd say to implement a few simple countermeasures (see above links) to at least make sure that copying your software is discouraged, and spend the rest of your time improving the software itself (rather than spending loads of time trying to devise a totalitarian piece of software that doesn't trust its users).

Donut
A: 

Here is my answer to a similar question: http://stackoverflow.com/questions/1417848/create-an-application-that-will-expire-after-a-trial-period/1417872#1417872.

Basically it (and the comments) advocate crippling your app in a way that prevents it from being used effectively but still allows it to be evaluated successfully (for example, by not allowing the user's work to be saved), and then allowing users to purchase a code that unlocks the full functionality.

Because each unlocking code is unique to each installed copy, it prevents casual piracy such as you describe.

MusiGenesis
My app doesn't have a trial period. Here's what I'm planning to do: User pays for the app, license and download link become available, user enters the license key which makes a registry key that the app will check each time it loads. Doesn't prevent someone from simply sharing the key, but a simple copy'n paste of the app won't work. Thanks for your answers on this subject, much appreciated.
Chad
@Chad: why can't someone send a friend the app *and* the license key?
MusiGenesis
+6  A: 

The most trivial system I'd recommend for you is to set a registry key.

Then, on the running of your app, you check for the key. If it's not there, you recommend that they 'register' your app; and prevent whatever access you like on the basis of this being done. This will mean a simple copy of the file will still allow them to use it, and potentially buy it via the (possibly optional) 'register' option.

The registration would have them enter a name, and your server would then map this to a new unique ID it comes up with. Then, when the app is run on subsequent requests, if the server is online, it will check that the details they've provided match the key your server says they should have.

And, as is obvious, it won't protect against anyone who really cares to try; but that's not what you're asking for. The implementation I've described will also (to a degree) prevent someone writing a keygen. They could write a program that will query your own server for new keys, but you can prevent that, again, if you wish, via a trivial system of passing a key to the actual call to generate keys, before you process it (and have the facility to update this in all your legitimate apps).

In your case I think it's a quite trivial solution, and pretty easy.

Noon Silk
+1 Reg Key approach is definitely an easy tidy way to stop casual inadvertent file copy piracy. And you can implement it with just a few lines of code.
Scott Ferguson
I think the reg key approach is a good step. Just enough to prevent copy'n paste... however the user could give the reg key to other users, it prevents casual piracy decently.
Chad
+6  A: 

As others have said, your best bet is to trust and respect your paying customers.

  1. Consider pirated copies as adverising Unless your potential market is limited and you think your penetration will be very high, it's likely that even some of those who don't pay you will end up recommending your app to others who might.

  2. Make buying your app easy and painless. Either make sure you sell through a reputable vendor, or if you sell/release it yourself make sure that they can pay with (something like)PayPal during the download or registration process. Many would never give you their credit card info.

  3. Spend most of your time improving the app. As someone said, make your customers want to pay for your software. You'll enjoy it more, and ultimately probably do more for your success.

NOTE: I'm one of the few people I've ever met who bought licenses for WinZIP, mostly because it was so far ahead of any competition. But I only tried it based on a recommendation of an admin who never bought his license.

NVRAM
I'm completely in agreement, especially #2. Most people *want* to be honest if you don't make them jump through hoops to do so, and don't break their piggy bank. Better to have a $5 app with 100% license compliance than a $20 with 10% compliance.
richardtallent
Exactly, I agree. In this case, where everyone works together, it would very easy to provide a copy to a co-worker...
Chad
+1  A: 

I have a simple solution for this. Send user key and CPU ID, MAC address and HDD serial (or more so if a part of the computer changes it will not cause problems) to an preferably https website which is logged to a simple database. A simple GET request will suffice and should be easy to implement. You can hash these data to protect customer identity. A single query can list shared use of keys. You should check in long time frames (weeks or months) to avoid problems that might occur from changes in computer. If you detect same key is used in more than one PC you can warn your customer. If he claims he doesnt know the pirate, send a new serial blacklisting the other.

Cem Kalyoncu
That's a little over-the-top for this situation, but good to keep in mind. Thanks.
Chad