‘Software piracy’ is a colourful term for people using your software without paying the appropriate fee for all your hard work. It includes using cracks (versions with the security removed), keygens (software that can generate valid licence keys) and sharing licence keys in contravention of the licencing terms. Parrots, eye patches and attacking ships rarely feature prominently.

You might think that software piracy is only an issue for the Microsoft’s and Adobe’s of this world. But it is a real issue for all sizes of software vendor, even for small companies selling niche products such as mine. If you don’t believe me check the logs for the crack ‘honey-pot’ page I created[1] (IP addresses obscured to protect the guilty), click the image to enlarge:

That’s only the people who clicked through on to my honey-pot page. It really isn’t very inviting when displayed in a search engine, so I am sure that there are many more that searched for a crack but didn’t click through.

A quick look at this small sample of traffic shows that people looking for cracks come from all over the world, not just poorer countries. It also shows that Mac users look for cracks just the same as Windows users. In fact Mac users are a larger proportion of visitors to this page than you would expect from market share alone. I’m not saying that Mac users are less honest than Windows users, just that you shouldn’t be complacent about piracy just because you write software for the Mac.

I know from cookie tracking that some of the people who look for cracks go on to buy a licence (yes, I know who you are). Ergo, if there is a crack for the latest version out there it would definitely be costing me sales. So what can a vendor do to minimise sales lost to piracy? The first step is to understand the motivations of the people involved.

People crack software for many reasons. Some undoubtedly do it for commercial profit, e.g. so they can illegally sell the cracked version. But I understand the main reason is the challenge of cracking the software and resulting kudos from the cracking ‘community’. Some of the crackers are skilled and use sophisticated tools that emulate the computer environment, allowing them to quickly find and remove your security code. Although there is quite a lot you can do to make a crackers job more difficult, this is just going to make cracking your software more of a challenge and therefore more desirable to some. It is highly unlikely that the best security is going to defeat a skilled cracker for long. If Microsoft and Adobe can’t write uncrackable applications, what chance have we got? Trying to defeat piracy from the supply side is a fools errand. Just make sure your security is good enough to foil an unskilled cracker – if your average customer can bypass your security you are really in trouble.

On the demand side people use cracked software simply because they don’t want to pay for it. But they can end up paying in other ways. If we look at the costs and benefits in the wider sense:

costs of legitimate purchase:

• purchase price
• time taken to purchase

benefits of legitimate purchase:

• use of current version
• free upgrades

costs of pirate version:

• time taken to locate crack
• risk of malware in crack
• risk of prosecution
• guilty conscience?

benefits of pirate purchase:

• use of current version

If your software is successful it will almost certainly be cracked at some point. Perhaps repeatedly. Congratulations! Somebody thought your software was worth cracking. We can’t stop cracks appearing. The best we can do is to make sure the benefits minus costs is greater for a legitimate purchase than a pirate version. Ways in which we can tip this equation in our favour are:

• having cracks removed – Demand that ISPs remove cracks as soon as they appear (likely to be a lot more successful if the ISP is in Europe or North America). To find out when cracks appear you need to check your web logs regularly for unusual activity. For example a sudden flurry of downloads from countries that don’t normally buy your software could signal that a crack has appeared. You can also set up a Google alert for ‘<app name> crack’.
• make existing cracks hard to find – Register your software with lots of download sites. Many of them search engine optimise their pages for phrases such as ‘crack or ‘keygen’ making real cracks hard to find.
• price appropriately – Price your software at a level people will consider fair. Perhaps offer a ‘lite’ version at a lower cost.
• make your software easy to purchase – The slicker and simpler the purchase process the less temptation to stray.
• display the user name – Deter casual key swapping by displaying the licencee name prominently, for example in the splash screen and status bar.
• use a digital certificate – A digital certificate reassures users that your installer hasn’t been tampered with and is free from malware.
• release regularly – Crackers generally don’t want to pay for the bandwidth of lots of people downloading your software. so they will usually post patches and direct people to download the original software from your site. The patch is useless as soon as you release a new version and remove the old version. Making new and improved releases available to legitimate users also makes buying a licence more attractive.
• create a honey-pot page – Make the case for buying your software and try to win over potential pirates. Point out the dangers of using cracks and emphasize that it isn’t a victimless crime.

Whatever we do there is a certain number of people who are never going to pay for our software due to some combination of lack of means (e.g. people in developing countries) and lack of scruples. There is not much point worrying about these people. In fact we could look on them from a ‘glass half-full’ perspective as potential free marketing – even though they are never going to pay for a licence they might recommend the software to someone else who will.

We also need to do our own little bit to educate people that software piracy isn’t a victimless crime. That means doing our best to ensure that our family, friends and work colleagues don’t use pirated software. It also goes without saying that we shouldn’t use pirated software ourselves – that would be the height of hypocrisy.

What we mustn’t do is make life difficult for our paying customers. Complex, intrusive and restrictive security schemes may have a negative impact on piracy, but they will probably have a much larger negative impact on our honest customers. If you are going to use ‘phone home’ or hardware based licensing you had better be absolutely sure there is no chance of false positives. It is hard to think of a better way to annoy an honest customer than to disable the software they paid for and brand them a thief. That would be enough to make anyone turn to crime. Shiver me timbers!

[1] I got the idea of a honey-pot page from another site. Unfortunately I can’t remember the name of the site to give them the appropriate credit.