Software piracy

barrier_reef_2.jpg‘Software piracy’ is a colourful term for people using your software without paying the appropriate fee for all your hard work. It includes using cracks (versions with the security removed), keygens (software that can generate valid licence keys) and sharing licence keys in contravention of the licencing terms. Parrots, eye patches and attacking ships rarely feature prominently.

You might think that software piracy is only an issue for the Microsoft’s and Adobe’s of this world. But it is a real issue for all sizes of software vendor, even for small companies selling niche products such as mine. If you don’t believe me check the logs for the crack ‘honey-pot’ page I created[1] (IP addresses obscured to protect the guilty), click the image to enlarge:


That’s only the people who clicked through on to my honey-pot page. It really isn’t very inviting when displayed in a search engine, so I am sure that there are many more that searched for a crack but didn’t click through.


A quick look at this small sample of traffic shows that people looking for cracks come from all over the world, not just poorer countries. It also shows that Mac users look for cracks just the same as Windows users. In fact Mac users are a larger proportion of visitors to this page than you would expect from market share alone. I’m not saying that Mac users are less honest than Windows users, just that you shouldn’t be complacent about piracy just because you write software for the Mac.

I know from cookie tracking that some of the people who look for cracks go on to buy a licence (yes, I know who you are). Ergo, if there is a crack for the latest version out there it would definitely be costing me sales. So what can a vendor do to minimise sales lost to piracy? The first step is to understand the motivations of the people involved.

People crack software for many reasons. Some undoubtedly do it for commercial profit, e.g. so they can illegally sell the cracked version. But I understand the main reason is the challenge of cracking the software and resulting kudos from the cracking ‘community’. Some of the crackers are skilled and use sophisticated tools that emulate the computer environment, allowing them to quickly find and remove your security code. Although there is quite a lot you can do to make a crackers job more difficult, this is just going to make cracking your software more of a challenge and therefore more desirable to some. It is highly unlikely that the best security is going to defeat a skilled cracker for long. If Microsoft and Adobe can’t write uncrackable applications, what chance have we got? Trying to defeat piracy from the supply side is a fools errand. Just make sure your security is good enough to foil an unskilled cracker – if your average customer can bypass your security you are really in trouble.

On the demand side people use cracked software simply because they don’t want to pay for it. But they can end up paying in other ways. If we look at the costs and benefits in the wider sense:

costs of legitimate purchase:

  • purchase price
  • time taken to purchase

benefits of legitimate purchase:

  • use of current version
  • free upgrades

costs of pirate version:

  • time taken to locate crack
  • risk of malware in crack
  • risk of prosecution
  • guilty conscience?

benefits of pirate purchase:

  • use of current version

If your software is successful it will almost certainly be cracked at some point. Perhaps repeatedly. Congratulations! Somebody thought your software was worth cracking. We can’t stop cracks appearing. The best we can do is to make sure the benefits minus costs is greater for a legitimate purchase than a pirate version. Ways in which we can tip this equation in our favour are:

  • having cracks removed – Demand that ISPs remove cracks as soon as they appear (likely to be a lot more successful if the ISP is in Europe or North America). To find out when cracks appear you need to check your web logs regularly for unusual activity. For example a sudden flurry of downloads from countries that don’t normally buy your software could signal that a crack has appeared. You can also set up a Google alert for ‘<app name> crack’.
  • make existing cracks hard to find – Register your software with lots of download sites. Many of them search engine optimise their pages for phrases such as ‘crack or ‘keygen’ making real cracks hard to find.
  • price appropriately – Price your software at a level people will consider fair. Perhaps offer a ‘lite’ version at a lower cost.
  • make your software easy to purchase – The slicker and simpler the purchase process the less temptation to stray.
  • display the user name – Deter casual key swapping by displaying the licencee name prominently, for example in the splash screen and status bar.
  • use a digital certificate – A digital certificate reassures users that your installer hasn’t been tampered with and is free from malware.
  • release regularly – Crackers generally don’t want to pay for the bandwidth of lots of people downloading your software. so they will usually post patches and direct people to download the original software from your site. The patch is useless as soon as you release a new version and remove the old version. Making new and improved releases available to legitimate users also makes buying a licence more attractive.
  • create a honey-pot page – Make the case for buying your software and try to win over potential pirates. Point out the dangers of using cracks and emphasize that it isn’t a victimless crime.

Whatever we do there is a certain number of people who are never going to pay for our software due to some combination of lack of means (e.g. people in developing countries) and lack of scruples. There is not much point worrying about these people. In fact we could look on them from a ‘glass half-full’ perspective as potential free marketing – even though they are never going to pay for a licence they might recommend the software to someone else who will.

We also need to do our own little bit to educate people that software piracy isn’t a victimless crime. That means doing our best to ensure that our family, friends and work colleagues don’t use pirated software. It also goes without saying that we shouldn’t use pirated software ourselves – that would be the height of hypocrisy.

What we mustn’t do is make life difficult for our paying customers. Complex, intrusive and restrictive security schemes may have a negative impact on piracy, but they will probably have a much larger negative impact on our honest customers. If you are going to use ‘phone home’ or hardware based licensing you had better be absolutely sure there is no chance of false positives. It is hard to think of a better way to annoy an honest customer than to disable the software they paid for and brand them a thief. That would be enough to make anyone turn to crime. Shiver me timbers!

[1] I got the idea of a honey-pot page from another site. Unfortunately I can’t remember the name of the site to give them the appropriate credit.

14 thoughts on “Software piracy

  1. Tony Edgecombe

    Interesting article, I remember someone from SWReg telling me the better protected software was the more fraudulent orders they would get. If it couldn’t be cracked then someone would use a stolen credit card to buy it.

  2. nitinrohidas

    Grt article. I can understand the pain.But out there in the world..there are ppl who just cant afford to buy softwares which are sold in dollars.

    They find the easy find a crack.Photoshop a common utility for a desktop WHICH is not free…so ppl try to crack it..bcos their friends have it for why shud he pay…many more reasons……..

    A collective effort to stop piracy can only solve this problem..hope it never happens….

  3. Andy Brice Post author

    >bcos their friends have it for why shud he pay

    Because one person infringing copyright doesn’t make it ok for the second person.

    I would love a full copy of Photoshop. But I can’t justify the price so I make do with a legit copy of Photoshop Elements.

    By setting their price so high Adobe must realise that only business users are going to buy it and non-business users will use pirate copies. Maybe they are ok with that.

  4. Fransiscus Herry

    Hi Andy!

    Thank you for your sharing about this topic. I am grateful :)…..i’ll bookmark your blog and your software website.

  5. Derek Pollard

    Andy, thanks for the article.

    At the risk of asking a silly question, how do you get Google to index a crack honey-pot page that is not linked elsewhere on the site? Would that be using the Webmaster sitemap?

  6. Pingback: Having a crack at the crackers « Successful Software

  7. Simon

    Would you mind if I substantially copied your honeypot page? I don’t think I can word the sentiments any better than you’ve done.

    I’d be happy to acknowledge you as the original author.

    (Interesting blog btw, I’ve added you to my feed list.)

  8. Andy Brice Post author

    >Would you mind if I substantially copied your honeypot page?

    Feel free. No need to credit me (it wasn’t my idea in the first place) but please change the wording a bit.

  9. _maLn!m_

    this article is great….very useful…software piracy is properly addressed in this article…

    thanks alot

  10. Pi

    GROUPAMA (a large French insurer) was caught in a $200m PIRACY case where it used “bank secrecy” to ask Police not to investigate its computers…

    The fun part of the story is that the (Paris) General Prosecuter found no infraction in this (illegal) agreement!

    See the whole story on:

    Click to access groupama.pdf

  11. Pingback: How to remove software cracks and keygens from file hosting sites « Successful Software

Comments are closed.