Category Archives: piracy

Why you should create a ‘honeypot’ page

Software piracy is a fact of life for vendors of desktop software. Take a look at Google’s helpful suggestions if you search on the name of one of my products:

google

Trying to make your software crack-proof is a fools errand. But one simple thing you can do is create a ‘honeypot’ page to try to convert people searching for a cracked version of your software. If you search for a crack for my software, here is what comes up in first place:

ptp_honeypot_page

Yep, it’s a page on my website. If you click the link you will be taken through to a page explaining the (very real) dangers of downloading cracks and why you should buy a licence. I did some basic on-page SEO to get it to rank for my product name and terms such as ‘crack’, ‘keygen’ and ‘warez’. Then I linked to it from the website sitemap. Nothing clever, but it works. I have averaged a sale per month for the last 10 years from people clicking through onto this page. Given the inadequacies of conversion tracking, the real number of sales could be significantly higher. And it didn’t take long to create the page.

I can’t remember where the idea for a honeypot page came from, but it wasn’t my idea. Feel free to make a version of the page for your own product, but please don’t copy the exact wording. That would be copyright infringement. ;0)

How to remove software cracks and keygens from file hosting sites

Software piracy is a real issue for every software company, large and small, and it isn’t going away any time soon. So when I heard that fellow microISV owner Nikos Bozinis had created a tool to help software vendors fight  piracy, I asked him to write a guest post. He kindly agreed to write this post about software piracy, the Digital Millennium Copyright Act and his CrackTracker product.

Why buy something when you can download it ‘for free’? Billions of dollars are lost every year from illegal downloads of music, movies and software. People around the world seem to have very lax morals when it comes to abusing digital content. Downloading the latest movie or windows software from rapidshare.com somehow doesn’t strike them as theft — it’s not like stealing a loaf of bread! The traditional music industry is already down on its knees as a result, and software may be the next to follow.

Software authors and music enterprises are fighting back by tightening the DRM (Digital Rights Management) of their products in a futile effort to stop online piracy. But usually crackers have no problem circumventing any protection system that we can dream up. To add insult to injury legitimate customers are usually hurt by such reinforced software protection and activation systems. A little bit like the war on terror, isn’t it?

A different line of defense for ailing copyright owners is the Digital Millennium Copyright Act (DMCA), a US law with global reach for copyright protection (the european EUCD equivalent is not as broadly known). This law is very broad, and not without controversy, but it works – closing down websites that distribute illegal content and removing copyright infringing downloads from file-hosting websites with summary procedures, among other things. So if you discover your software illegally distributed in some warez website, you can send a so called “DMCA section 512 takedown notice” to the website host and they are expected to remove that particular file from circulation — or risk the wrath of the law.

Software Piracy

I have been a microISV for over 10 years so lets forget about the entertainment industry and concentrate on my field, software. There are over 200,000 programs listed on download.com and that’s just for Windows. Many are created by very small to medium sized companies — many even run by a single programmer/webmaster/marketer/entrepreneur. I bet that all these programs are cracked in one way or another — at least those popular enough for crackers to care about them. If you search for warez or torrents you will find the software you want for free, either the latest or an older working version.

Piracy statistics from Business Software Alliance report 2009 (click image to enlarge).

I sell a file manager called xplorer². I track how many people install the program every day and also I have a good guesstimate for the number of people using cracked versions of xplorer². I estimate over 70% of the regular users use one of the known keygens. Imagine if this 70% didn’t exist or it was converted to regular paying customers!

How is it done?

Downloadable software falls into 2 categories: those that run in trial mode until you buy a key to unlock the full functionality; and those that are special downloads for customers that pay the registration fee. In all cases some sort of unlocking takes place using a plain key, or a license file, or online activation, or some combination thereof. Many ISVs write their own licensing code, while others rely on off-the-shelf protection and licensing products (Armadillo, WinLicense etc).

Imagine you shipped your source code along with your program, then it would be trivial for even amateur crackers to bypass your protection and run the program without paying. Very few vendors supply source code, but people in the know can read off your licensing logic like an open book using specialized reverse engineering tools (softICE, IDA and other debuggers and disassemblers). Then they can create a ‘patch’ or modification to your executable that bypasses the protection.

An even worse type of compromise is a keygen. When the cracker uncovers the logic of your unlock keys, he can create a program to generate such keys which look and behave exactly like the legitimate ones you sell to your customers. Then he doesn’t need to patch your program, he just supplies this keygen to the warez community and everyone can help themselves to your program. You can guard yourself against such attacks using asymmetric encryption algorithms for your keys.

Is there a perfect protection system?

In short, no. If you consider that your program is presenting its logic to anyone with moderate experience in machine language, then sooner or later any protection can be circumvented. Professional protection schemes utilize encryption to protect sensitive parts of your code, but even they won’t withstand the cracker test. And remember the harder your DRM the more likely your program will be mistaken for malware (!) as many viruses and trojans use encryption tricks.

Even if there was a perfect system, your sales would still be at risk. All that’s required is some of your customers to post their unlock key in a warez site, and the game is lost. You would then blacklist that serial, until another one was leaked and so on.

The warez scene

There are people who don’t spend any time in Facebook or YouTube. They surf the internet for free stuff. Cracked versions of commercial software (aka warez) circulate in some shady forums that bring together the crackers with the downloaders e.g. http://www.warez-bb.org.  Browse a warez site and you will find any software, movie or music you fancy, with an assortment of popups and dodgy advertisements of the usual internet 3P products (Pills, Poker and Girls [sic]). For your convenience there are even specialized search engines that search a number of such forums simultaneously, e.g. http://www.warez.com.

These forums do not host the actual files. They refer the traffic to specialized file hosting services like rapidshare.com. To make the most of warez you need to buy a subscription to access such file hosting sites (e.g. unlimited downloads from $9/month). Incurable cheapskates could get away without paying anything though, as you can download for free after a forced (nag) waiting of a minute or two.

A bit more up-market are download sites where to gain access you need to purchase a subscription, e.g. http://www.nowdownloadall.com. I have never paid to enter such a site, but they promise access to any download you can imagine. So you pay a monthly fee to download as much as you like. Note that this is different from paid-for hosting mentioned above. I suppose that you need a file hosting subscription on top to get the actual files downloaded. With so much stuff available for free I don’t know if this approach makes economic sense.

Finally there are traditional peer-to-peer file sharing networks, where people share their software music and video through torrents. After the demise of Napster torrents are still strong, with completely decentralized databases immune to legal intervention. The downside of torrents is their inherent unreliability, so people in a hurry will prefer the immediate gratification of a full download from rapidshare.com and the like.

Why do they do it?

It is easy to understand why someone will prefer ‘free’ software instead of paying up. But what about the crackers, the people who circumvent the DRM and distribute these warez. Why do they do it? Here are a few plausible motives:

  • For kicks. The traditional hacker stereotype is a geeky person whose pastime is breaking into computer networks. Cracking into a software’s protection and stripping it clean must be a pleasure in itself, a ritual destruction of the evil Death Star.
  • For glory. Marxist theory claims that private property is theft. This concept has struggled with real tangible property, but digital property is the ideal trophy. Many groups feel that software and music should be free (!) so taking down the big media and software corporations is a noble cause for them. But many small ISVs fall victims too, and the real motives are far less revolutionary…
  • For profit. Marx is dead; long live Das Kapital. Warez downloads are big business in a number of ways:
    • Direct subscriptions charges to access the downloads
    • Selling password unlockers (e.g. you download something in a ZIP archive which is locked and you need to buy some software to unlock it)
    • Distributing malware. Many downloads are packed with malware (sample report for a keygen), from straightforward scams and ransomware to trojans that turn your computer to a zombie, waiting for instructions to launch a DDoS attack or send spam.

You *can* remove illegal downloads

If your software is available to download from warez sites, either compromised (patched or keygened) or simply accompanied by a simple serial number to unlock it, you will definitely lose sales. The good news is that, using DMCA provisions, you can have these unauthorized downloads removed. Without these downloads prospective users will have no choice but to buy your software — or move on to your competitor’s cracked software.

Here is how to remove illegal downloads:

  1. Find your download links. All illegal downloads end up in a host like rapidshare.com or megaupload.com (I know of more than 100, but there are 10-20 big player websites). A standard Google search for your software name plus ‘crack’, ‘keygen’ or ‘rapidshare’ will find some hits, especially if you search in groups or blogs. Even better use specialized warez search engines like http://www.filestube.com with just your software name as a keyword — the results will be just downloads.
  2. Validate download URLs. Some of the download links you discover may be dead (e.g. very old). Click on each one to see if they are valid or 404.
  3. Send DCMA notices. Group the download links by provider (rapidshare, hotfile, etc), and send a DMCA notice to the abuse email address of each website. Usually this is abuse@website.com (e.g. abuse@rapidshare.com). Each website lists the steps for filing DMCA notices for file removal.

This sounds like a lot of hard work, and it can be, but it works. File sharing websites like rapidshare.com run a legitimate business — they are not responsible for cracks — so if you send them a polite DMCA takedown notice they will remove the copyright infringing downloads.

The DCMA takedown notice

Strictly speaking when you send a DMCA notice you are making allegations of copyright infringement, which is a serious crime. You would imagine that a formal complaint should be launched under the guidance of a solicitor/lawyer. Given the amount of copyright infringement that goes on, the red tape would bring everything to a standstill. The beauty of the DMCA law is that it simplifies the procedure. Sometimes a plain English email explaining the situation to the download site, along with a list of your download locations is all that’s required to have the links removed.

A few websites require a more formal DMCA email including details such as your company address, contact telephone numbers, and some boilerplate statements like “I swear, under penalty of perjury, that the information in the notification is accurate…”. You can find many sample DMCA notices online so I won’t repeat them here. The general idea is that you present yourself as the copyright owner and declare the download URLs as unauthorized, and therefore infringing your copyright.

Torrents slip by

DMCA is very good for removing illegal downloads hosted in popular file sharing websites, but it is powerless against torrents. There is no single source for the download, as the files are kept in many computers. You would have to contact each and every person who shares illegal copies of your software in the peer-to-peer network. This would be hopeless and a waste of effort. Thankfully for the ISV, torrent use is on the decline. People prefer direct downloads of the full package instead of slower peer-to-peer downloads.

The sales pitch

Anyone can search and remove illegal downloads manually. I was doing it the hard way for quite some time, each time I released a new version of my software tool (there’s a lot of cracker activity for each release as they need to update their patches and keygens). However this is very tedious, as you must:

  • enter shady warez forums to search for your keyword, facing annoying popups and adverts you wouldn’t want your wife to see
  • search many locations to ensure you get as many download URLs as possible
  • validate each download URL to see if it is still alive or dead
  • organize download URLs and write DMCA takedown emails for each file hosting website

Even if one wipes all the illegal downloads, new ones will appear over time. So the locate-report-remove cycle must be repeated regularly. This was the motivation for writing Crack Tracker, a tool that simplifies the removal of illegal downloads.

Crack Tracker is a desktop tool, with a meta search engine that securely scans warez databases for your downloads. You supply the search keyword (e.g. your software title or company name) then crack tracker will do an exhaustive search, collect a list of suspect download locations and verify the links with robotic efficiency. After you examine the results you just hit a button and the relevant DMCA emails are sent automatically. It doesn’t get any easier than that.

Crack Tracker doesn’t have a fancy user interface but it is very easy to use. It knows of more than 120 file hosting websites and works with 6 major warez search engines (the list is expanding). It is free to try as a search engine; to send the actual DMCA emails you need a registration, but I believe the price is very reasonable, especially if you consider the money you lose in pirated versions of your software.

Why don’t you try it for free and see how many cracks of your software it finds?

Download CrackTracker for Windows (318KB)

Nikos Bozinis ditched his Process Systems Engineering PhD to run his own microISV ZABKAT since 1999. He also writes a weekly blog focusing on file management and occasionally on programming, debugging and running a software business.

Selling your software in China

how to sell software in chinaI think a lot of people in the software business are wondering whether China will soon become a significant market for software and/or a source of competition in existing markets. So I was very interested to read a forum post about the realities of selling software in China from Felipe Albertao, an ex-Silicon Valley software engineer currently living in China. He kindly agreed to expand his forum post into an article for this blog.

Disclaimer: Although I live in China, I absolutely do not claim to be a China expert. I accepted Andy’s kind invitation because I have not seen anything at all written about the business of software in China for microISVs, and I humbly hope it will positively contribute to the discussion. This article is mainly based on my observations, and not on proven techniques. Use them at your own risk, and please report back your own findings!

Getting Paid

The first thing I need to say, right off the bat: Chinese users will not buy your software. Period. That does not mean that there is no money to be made, it simply means that they will not pay for your software license. The reasons are many, but for the sake of conciseness let’s suspend our “piracy is bad” mindset, and simply accept this fact as a reality. Think of the positive side: no payment processors or merchant accounts to worry about!

Chinese users will not buy your software, but Chinese companies might. Actually, let me clarify that: They will not buy the software license alone, but they are willing to pay for the license if it is part of a package that includes services (customization, installation, support, training, etc…). So, to get paid in China, you must offer services connected to your software. Of course, it would be very hard for westerners who do not speak the language nor have contacts in China to provide such services, but there are opportunities to partner with local independent professionals or small businesses in your target industry. More on that later.

Education is a huge business in China, especially for skills that give them a professional lead, like English language or IT. So, if you can somehow “plug-in” your software to an education-related service, that would also be another way to make money. For example, if you offer a component for ASP.NET, why not offer training on ASP.NET itself using your software? I am sure they will not pay for a self-paced course, but there is a good chance they will pay if you offer a hands-on remote live course. That is, a service rendered by a human, as there is no value perceived in the standalone immaterial software itself. Of course there is huge local competition, but one thing we have going for us is the fact that westerners enjoy a high degree of trust among Chinese people.

I suspect SAAS may be another way that Chinese users will pay for software (with a big question mark here). For example, today they do pay for services like site hosting, advertising and e-commerce presence, so we can assume there is at least a perceived value in subscription-based intangible products, though only the ones provided by well-known established companies, and not independent vendors. However, as the marketplace gets more fragmented and niche-oriented, I believe there will be opportunities for small players as well.

Web Site and Software Translation

Young Chinese people normally have a good grasp of written English, so I don’t think translation of the software itself is essential, although it always helps. IT professionals tend to be more English-proficient, as well as undergrad-level students. However, I do believe that the documentation must be translated, especially with IT-related software. Differently than western users, Chinese people actually have enough attention-span to thoroughly read a manual, and I have seen English-proficient programmers choosing frameworks and components based not only on the quality of the software itself, but whether the manual is in Mandarin Chinese or not (it’s always easier for them to read Chinese). So, translation here is not really a necessity, but a promotional strategy.

The “larger attention-span” assessment is also valid for the web site. We are used to the Web-2.0-ish recipe of a catchy one-liner plus 3 benefits and the big “Buy” orange button, and in China that probably works too, but users expect much more than that. I have observed that paid services almost always include some kind of workflow with arrows and circles and boxes explaining how the service works. Long explanations (not just a FAQ) are also quite common, and people actually read them! The fact is that here in China there is no such thing as “money back guarantee”, so people and companies normally think a lot before putting their hard-earned money into something. And forget the big “Buy” orange button: Instead, the call-to-action should be “Free Download” or “Free Sign Up”.

Sales

You are now probably asking yourself “Then where does the big ‘Buy’ orange button go?”, and the answer is: nowhere on your site! One fact you should be aware of is that here in China nothing happens without an established relationship (Google the keyword “guanxi” for more information). It is very unlikely that you will get any paid conversions originating from an ad or email. The goal of your conversion funnel should not be “sales” but instead “relationships”. Then, from the established relationship, the user can recommend your software to their boss, or whoever is the actual buyer. Of course the sales cycle is longer and it requires much more effort, but the rewards may be bigger too as you will be selling a package, and not only the license. Also, since guanxi is such an important part of making business, Chinese people are quite receptive when approached with a business proposition, differently than in the west where sales are normally met with resistance.

However, note that I have not suggested that you should be the one personally cultivating those relationships. Maybe it is possible to do it remotely and in English, but it would be more effective if you partner with locals and funnel the leads to them. They do not need to be sales professionals per se, but they need to know your software and be able to help prospects. They could be software students for example. Of course, at some point you must get involved, but your partner can help you to filter the good leads as they cultivate the relationship. The reward for them could be payment per hour or a percentage of the sale. Students might also be eager to help a foreign company, so they can add that experience to their resumes.

A word about consumer-oriented microISVs: I am extremely skeptical about independent microISV B2C sales in China, because I honestly cannot imagine an individual paying for independent software. That does not mean that microISV B2C cannot succeed in China. My point is that B2C sales are in fact B2B, because businesses who deal with consumers are more likely to pay. And B2B requires guanxi.

Approaching bloggers

As in the west, approaching bloggers is probably the most effective way to let users know about your product. You can use Google Translate to find sites and bloggers that you would like to contact: Google Translate does a good job in translating keywords (that you can use on searches on Baidu) as well as entire pages (so you can read the blog posts). For IT-related blogs, cnblogs.com (Microsoft-focused) and javaeye.com (you guessed correctly) are the most popular ones.

You can contact the bloggers directly in English, as most young Chinese people have a good grasp of written English. Foreigners in China are well-respected, especially in the IT industry, so this is a point in our favor.

Dealing with piracy

Actually “Dealing with piracy” is a misleading title, because in reality there is no way to deal with piracy. People will crack, copy and use your software as they wish, and they will not even feel guilty about it. Again, let’s not judge, but accept the fact that piracy is simply part of the culture (for some it is piracy, for others it is just sharing)

Instead of talking about code scramblers and licensing keys, let me offer here a contrarian (perhaps even controversial) point of view, in the wisdom of “if you can’t fight them, join them”. You should consider yourself lucky if your software gets pirated, because that means that it got traction. For every pirated software there is always a happy user behind it (after all, they chose to pirate your software, and not your competitor’s), and if this user convinces their employer to use your software, then there is a good chance that these companies will be your future clients.

SEM / SEO

By no means am I an SEO expert, let alone a China SEO expert. However, I can tell a little about the users’ search behaviors: Non-technical users very rarely use Google. In fact, my observation is that while Google is a somewhat known brand, people first turn to Baidu hands-down. Baidu has the best search results in Mandarin Chinese, and they have a service similar to AdWords (though you might need help to set-up an account, as the interface has not been translated to English)

Technical users have a different behavior: These are IT professionals and students, and because English is so pervasive in IT, they normally do have a good grasp of the language. So, for technical searches they might use both Mandarin and English keywords, but still Baidu is their first choice. However, interestingly enough, Gmail is also quite popular among Chinese techies. So, if you are selling IT-related software, your SEM/SEO strategy should include keywords in both Mandarin and English, and include both Baidu and Google (or more specifically, AdWords targeting Gmail).

Face

I cannot finish this article without mentioning such important part of the culture: Face. There is not enough space here to explain the concept (Google “mianzi” for more information), but it’s suffice to say that it’s basically the same as in the west (face as in reputation), except that in China face is much more important.

When it comes to software, always keep in mind that most (if not all) decisions are made based on face: Users will use your software to be more efficient in a certain job, and thus look better to the boss; or to show that they have knowledge that other colleagues don’t have; or to show to their clients what cool software they have, and not their competitor. The contrary (that is avoiding face lost) is also true: To finish a job quickly so they can deliver the project on time, and thus avoid getting the boss mad; or to learn a new skill that their colleagues already have; or to show their clients that they also have the same cool software their competitors use. In the west we also make decisions based on face, but in China it is so much more prevalent. Keep that in mind when creating your promotional material.

Conclusion

I have no doubts that China will become a major technology consumer in the very near future, not only because of the sheer size of its Internet user base (which today surpasses the size of the entire US population), but also due to the number of high-quality IT professionals graduating at their universities.

The key message I want to communicate is that your China strategy should be a long-term one. It takes time and effort, but the rewards are worthwhile. Even if you conclude that there are no opportunities to be pursued, at the very least you should have a strategy to protect your marketshare against competitors that decide to go to China.

You don’t necessarily need to be so enthusiastic like me and move to China (although I guarantee you would have an experience of a lifetime!), but at the same time you cannot simply ignore it. Chinese users will certainly knock on your door, and you can even ignore them, but your competitors won’t.

Felipe Albertao is a software engineer with more than 15 years of experience, and has been living in China since June 2009. He is a native from São Paulo, Brazil, and lived in Silicon Valley, USA for 8 years. Felipe blogs about software and China at shanzhaier.com.

Having a crack at the crackers

crack siteSoftware cracks are a real problem for software vendors large and small. I have discussed in a previous article some of the ways in which developers can try to mitigate their effects. A fellow ASP member (who might wish to remain nameless) has gone a step further by creating a fake crack site serialsgalore.com . It looks quite convincing, but when you try to download a crack it gives you an ominous message about the error of your ways and logs your IP address. I would have gone for a less confrontational message, but it will be interesting to see how effective this approach is.

I think serialsgalore.com is worthy of support by developers. Please consider giving the site some Google juice by linking to it from your site or blog using link words such as crack, keygen and/or serials. If you don’t want to do this on a main page of your site, link to it only from your site map page. Alternatively create a Google site map (a good idea anyway) and only reference the page with the links from there. I believe the site owner is going to try to cover his costs by donations, Google ads and possibly, referral fees. I certainly don’t begrudge him some return on his efforts. I also don’t feel bad about them playing a little trick on someone looking for illegal cracks. It might even save them from downloading malware.

Software piracy

barrier_reef_2.jpg‘Software piracy’ is a colourful term for people using your software without paying the appropriate fee for all your hard work. It includes using cracks (versions with the security removed), keygens (software that can generate valid licence keys) and sharing licence keys in contravention of the licencing terms. Parrots, eye patches and attacking ships rarely feature prominently.

You might think that software piracy is only an issue for the Microsoft’s and Adobe’s of this world. But it is a real issue for all sizes of software vendor, even for small companies selling niche products such as mine. If you don’t believe me check the logs for the crack ‘honey-pot’ page I created[1] (IP addresses obscured to protect the guilty), click the image to enlarge:

piracy_logs.gif

That’s only the people who clicked through on to my honey-pot page. It really isn’t very inviting when displayed in a search engine, so I am sure that there are many more that searched for a crack but didn’t click through.

piracy_search2.gif

A quick look at this small sample of traffic shows that people looking for cracks come from all over the world, not just poorer countries. It also shows that Mac users look for cracks just the same as Windows users. In fact Mac users are a larger proportion of visitors to this page than you would expect from market share alone. I’m not saying that Mac users are less honest than Windows users, just that you shouldn’t be complacent about piracy just because you write software for the Mac.

I know from cookie tracking that some of the people who look for cracks go on to buy a licence (yes, I know who you are). Ergo, if there is a crack for the latest version out there it would definitely be costing me sales. So what can a vendor do to minimise sales lost to piracy? The first step is to understand the motivations of the people involved.

People crack software for many reasons. Some undoubtedly do it for commercial profit, e.g. so they can illegally sell the cracked version. But I understand the main reason is the challenge of cracking the software and resulting kudos from the cracking ‘community’. Some of the crackers are skilled and use sophisticated tools that emulate the computer environment, allowing them to quickly find and remove your security code. Although there is quite a lot you can do to make a crackers job more difficult, this is just going to make cracking your software more of a challenge and therefore more desirable to some. It is highly unlikely that the best security is going to defeat a skilled cracker for long. If Microsoft and Adobe can’t write uncrackable applications, what chance have we got? Trying to defeat piracy from the supply side is a fools errand. Just make sure your security is good enough to foil an unskilled cracker – if your average customer can bypass your security you are really in trouble.

On the demand side people use cracked software simply because they don’t want to pay for it. But they can end up paying in other ways. If we look at the costs and benefits in the wider sense:

costs of legitimate purchase:

  • purchase price
  • time taken to purchase

benefits of legitimate purchase:

  • use of current version
  • free upgrades

costs of pirate version:

  • time taken to locate crack
  • risk of malware in crack
  • risk of prosecution
  • guilty conscience?

benefits of pirate purchase:

  • use of current version

If your software is successful it will almost certainly be cracked at some point. Perhaps repeatedly. Congratulations! Somebody thought your software was worth cracking. We can’t stop cracks appearing. The best we can do is to make sure the benefits minus costs is greater for a legitimate purchase than a pirate version. Ways in which we can tip this equation in our favour are:

  • having cracks removed – Demand that ISPs remove cracks as soon as they appear (likely to be a lot more successful if the ISP is in Europe or North America). To find out when cracks appear you need to check your web logs regularly for unusual activity. For example a sudden flurry of downloads from countries that don’t normally buy your software could signal that a crack has appeared. You can also set up a Google alert for ‘<app name> crack’.
  • make existing cracks hard to find – Register your software with lots of download sites. Many of them search engine optimise their pages for phrases such as ‘crack or ‘keygen’ making real cracks hard to find.
  • price appropriately – Price your software at a level people will consider fair. Perhaps offer a ‘lite’ version at a lower cost.
  • make your software easy to purchase – The slicker and simpler the purchase process the less temptation to stray.
  • display the user name – Deter casual key swapping by displaying the licencee name prominently, for example in the splash screen and status bar.
  • use a digital certificate – A digital certificate reassures users that your installer hasn’t been tampered with and is free from malware.
  • release regularly – Crackers generally don’t want to pay for the bandwidth of lots of people downloading your software. so they will usually post patches and direct people to download the original software from your site. The patch is useless as soon as you release a new version and remove the old version. Making new and improved releases available to legitimate users also makes buying a licence more attractive.
  • create a honey-pot page – Make the case for buying your software and try to win over potential pirates. Point out the dangers of using cracks and emphasize that it isn’t a victimless crime.

Whatever we do there is a certain number of people who are never going to pay for our software due to some combination of lack of means (e.g. people in developing countries) and lack of scruples. There is not much point worrying about these people. In fact we could look on them from a ‘glass half-full’ perspective as potential free marketing – even though they are never going to pay for a licence they might recommend the software to someone else who will.

We also need to do our own little bit to educate people that software piracy isn’t a victimless crime. That means doing our best to ensure that our family, friends and work colleagues don’t use pirated software. It also goes without saying that we shouldn’t use pirated software ourselves – that would be the height of hypocrisy.

What we mustn’t do is make life difficult for our paying customers. Complex, intrusive and restrictive security schemes may have a negative impact on piracy, but they will probably have a much larger negative impact on our honest customers. If you are going to use ‘phone home’ or hardware based licensing you had better be absolutely sure there is no chance of false positives. It is hard to think of a better way to annoy an honest customer than to disable the software they paid for and brand them a thief. That would be enough to make anyone turn to crime. Shiver me timbers!

[1] I got the idea of a honey-pot page from another site. Unfortunately I can’t remember the name of the site to give them the appropriate credit.