shareware/demoware

Richard Gaskin ambassador at FourthWorld.com
Thu Jun 13 20:42:01 EDT 2002 

> In some cases, setting up something to query for pirated serials is a great
> way to reduce the number of illegally registered copies that are floating
> around.  That was one thing I implimented into my software, and I was able
> to pull their ip address and everything for prosecution.

With the majority of IPs being dynamic, finding out who was using a
particular IP at a given time will likely require a court order in most
states (or an FBI badge, as the new "anti-terrorism" laws give them carte
blanche to read any electronic transmission at will -- see
<http://www.pbs.org/cringely/pulpit/pulpit20000713.html>).

Also, anytime your software "phones home" it should ideally require explicit
user confirmation.  I've been told that overzealous privacy advocates who
misunderstand the nature of IP may be quick to file suit over perceived
privacy violations.   Yep, it's as silly as being sued by the burglar you
hit over the head in your own home, but sadly as relevant in this brave new
litigious world.

However, an explicit two-stage registration, in which the user gets a
temporary code until they log into your server, may have merit.  It's
basically what Ambrosia does, but carries a downside:  it creates an
inconvenient second step for the majority of your users who are legitimate
paying customers. 

For more tips on serious cracker prevention, see the Anti-Cracking FAQ:
<http://www.inner-smile.com/nocrack.phtml>

It's written by a Delphi programmer, but most of what's on that page is
useful for just about any developer.

One thing I learned from that and related pages:  serious crackers have
waaaay too much time on their hands, and spend a lot of that time stepping
through reg screens with a low-level debugger, often modifying binaries to
bypass reg checks.  There are tricky ways to prevent that, but really at the
end of the day you've only slowed them down, and at best by no more than a
few weeks.

Schemes dependent on hidden files seem to be the first to get cracked, so I
never bother.  Also, there's a good argument that making files invisible on
a customer's machine is simply impolite.   Besides, while enforcement of
stolen reg codes is still something of a gray area in terms of copyright law
(though much less so under the DMCA -- at least until it gets softened),
sharing binary files is a clear violation and very easy to prosecute.  That
is, if you're losing enough to warrant hiring a $200/hr attorney. :)

Probably the most effective method for prosecution is to let the big boys
handle it: if you stumble across a warez site with your apps or cracks on
it, chances are it has apps from large vendors.  Just drop a notification of
the violation to piracy at microsoft.com, piracy at adobe.com, and
piracy at macromedia.com and count the days until the site's taken offline.
For countries that aren't signers to the Berne Agreement enforcement may be
difficult or impossible, but a US site can be nabbed in hours by the bigger
software vendors.

Good news along those lines:  one of the biggest distributors of illegal reg
codes, Surfer Serials, is going bye bye.  Seems too many folks turned up the
heat and he felt them closing in, so according to his Read Me the June 02
edition will be the last one.  The DMCA may be as unethical, immoral, and
counterproductive as many of our colleagues suggest, but it sure makes it
easy to scare the pants off of petty thieves. :)

My own scheme is very simple: every character in the reg string is either
used in or dependent on a calculation involving some other set of
characters.  The exact scheme differs from product to product, and is
changed between major releases.  This merely makes it difficult to guess
what the next serialized number may be (most automated keygens will fail),
and prevents stolen codes (usually purchased through legitimate channels but
with a stolen credit card) from having a long shelf life.  It does little
else, but does allow me to get back to work on features.

You'll never convert most pirates into paying customers, so after a certain
point your bottom line gets more value from feature development than
security.  But as a hack, it is fun to ponder. :)

-- 
 Richard Gaskin 
 Fourth World Media Corporation
 ___________________________________________________________
 Ambassador at FourthWorld.com       http://www.FourthWorld.com

More information about the use-livecode mailing list