More copy protection...

[PurpleSunray]

Copy protection is a losing game.

It happens in the audio dsp realm too, our sales drop consistently when a product belonging to the same segment from am other developer is cracked.

You have just observed the roots of the "I don't do copy-protection, cuz if ppl use my cracked plugin, they don't buy it from Zaphod" idea. If you now add some more ideas on how to convert the pirate to dollars, you have a strategy in place to address piracy - without the solution beeing to add more copy protection.

[Zaphod (giancarlo)]

Copy protection is a losing game.

It happens in the audio dsp realm too, our sales drop consistently when a product belonging to the same segment from am other developer is cracked.

You have just observed the roots of the "I don't do copy-protection, cuz if ppl use my cracked plugin, they don't buy it from Zaphod" idea. If you now add some more ideas on how to convert the pirate to dollars, you have a strategy in place to address piracy - without the solution beeing to add more copy protection.

We sell way more when a plugin of ourselves is cracked (it happens 3 times in the past, and in the short therm we had a boost of sales) more then when something else is cracked.
It works more or less this way:
- your thing is cracked but you get more exposure. So a lot of other people will know about your little plugins. It is anyway a game you cannot win in the long term, because it forces to keep your prices very low (there is competition with your own cracked software). Basically your company survives if your model is based on a very high number of customers (and dealers).
- when a product from an other company is cracked it is like a powerful free software is introduced in the market. The effect is very visible in the short term (I remember what happened in december 2015). Basically if everyone is doing a tape, but a powerful tape plugin is cracked, it is like a new powerful free tool is introduced in the market, but EVEN WORSE, it is a tool which was not PLANNED to be "free" so it is catching a viral interest (because the high number of servers reporting the news). Basically everybody tries to evaluate the "new" tool before purchasing EVERTYTHING ELSE in the same segment/sector (for the exception of few loyal customers, but they have a BIGGER problem, for example the loosing of value of tape plugins perceived by CLIENTS). Now the problem is about the evaluating period, which could be pretty long (20-30 days). If many plugins are cracked at the same time (basically they are sharing the same protection) it is a DISASTER for other companies. Yes, you will start selling things again, but it will be late, because you will never recover completely from the missing sales of the period. Just saying.

[Zaphod (giancarlo)]

Copy protection is a losing game.

It happens in the audio dsp realm too, our sales drop consistently when a product belonging to the same segment from am other developer is cracked.

You have just observed the roots of the "I don't do copy-protection, cuz if ppl use my cracked plugin, they don't buy it from Zaphod" idea. If you now add some more ideas on how to convert the pirate to dollars, you have a strategy in place to address piracy - without the solution beeing to add more copy protection.

your strategy will NOT win in the long term. Simply you are DECREASING the perceived value of software, till a point it will be a problem for your company too.
So it is true you could introduce crackable software for gaining exposure, but it is also true you are flooding the market with titles, and maybe a potential customer will not buy ANYTHING. In the long term it contributes to the market destruction.
I think everything is not part of the solution is part of the problem.

[audiothing]

Copy protection is a losing game.

Not really +1.

It depends on what you aim for. Under certain conditions piracy can actually help (more people see your product, and some may also buy it). But when you get cracked the day after a release, it just hurts your sales and hype. So, even if you can delay a crack for a few weeks, it can be worth it.

Our previous copy protection wasn't fully cracked and we got a spike of sales and support requests from people who got the "No license detected" popup, just a few days after the crack. Eventually it got fully cracked, but it was worth it.

Our new copy protection hasn't been cracked yet. I don't know how long it will last, but two products are actually several months old now and their sales haven't dropped as much as the cracked ones.
Just worth noting that I spent no more than a few days on that copy protection.

[PurpleSunray]

@ Zaphod:
We both agree on that
The approach on how to address it is just differnt.
On my previos company it was simply accepted that there is piracy and there is no way to solve it. That software had an installation-base of >100mio. Tons of cracker groups where jumping on it 5min after release. Improving copy protection was basicaly rated as waste of money / dev resources. Even if your software is un-crackable, you cannot protect others software from getting cracked - which can have same, if not worse effect on your sales.
So "our software will be cracked and pritated" was a given a fact. The strategies to monetize did build on top of that, but don't try to change that fact.

[Zaphod (giancarlo)]

@ Zaphod:
We both agree on that
The approach on how to address it is just differnt.
On my previos company it was simply accepted that there is piracy and there is no way to solve it. That software had an installation-base of >100mio. Tons of cracker groups where jumping on it 5min after release. Improving copy protection was basicaly rated as waste of money / dev resources. Even if your software is un-crackable, you cannot protect others software from getting cracked - which can have same, if not worse effect on your sales.
So "our software will be cracked and pritated" was a given a fact. The strategies to monetize did build on top of that, but don't try to change that fact.

ooooh yes I understood it perfectly, I know we are saying the same thing.
I agree sometimes you don't have a choice and you embrace the problem.
I don't think your company was evil, but I still think your company is part of the problem.
It's like people not paying correcty taxes in italy: they are not evil necessarily and the fiscal pressure is incredible, but they are a part of the problem for sure. It's like you are not running a fair game, and you have an advantage over other poeple tring to be fair.
Yes we agree on a lot of points especially this one:

Even if your software is un-crackable, you cannot protect others software from getting cracked - which can have same, if not worse effect on your sales.

I'm surprised there are so FEW great discussions on this matter, which is imho THE MOST RELEVANT point, at least for me.

Solutions:
- we give up and we release crackable software, so we become part of the problem
- we try to resist loosing potential hype and sales. A software which is difficult to crack receives less praises on public forums, because the lower number of users.

Someone else tried also:
- subscriptions, it is a way for being part of the solution, but it contributes to decrease the perceived value of the software, which also a problem

Said that, I really do NOT think someone is trying to be crackable in the audio software industry for being more competitive, your example is a reductio to absurdum.

[kevvvvv]

brilliant thread

thanks urs, richard, giancarlo, vertex, aciddose and all for such insight

And amazingly too, no bitching this thread, just good quality info, well told

It's not often I read every word of an 8 page thread

[PurpleSunray]

Said that, I really do NOT think someone is trying to be crackable in the audio software industry for being more competitive, your example is a reductio to absurdum.

I know this, I have just mentioned it to show that there are alternatives to the "add more protection" strategy.
The software I was talking about was Nero. So this is a very different markert indeed - basically you sell software to pirates (to copy theit dvds) and you can't really expect priates to pay for your software. So it is all about to make sure the pirate steals your software and not the software of your competitor. Otherwise you lost connection to that (potential) customer completly and your competitor can work on upsale instead.

It is about how you look at it from a high level.
For some, ppl that use cracked software are evil, a big problem to their bizz and this must be prohibited.
For some, ppl that use cracked software are potential customers, since they show interest on the product and have actually already installed it. No more marketing needed, sales guys need to show their skillz now.

Just to add an example from audio:
Some anonymous user, let's name him P.S., also used to pirate VSTs when he started making music.
He is kind of the lazy of guy, who prefers packages rather than single plugins. So he was looking for a package with all the basic stuff and found a zip with all of the FabFilter plugins.
Many years later, that user now has a job and money is willing to pay to for plugins.
Gues what the first VST license was which he actually bought. No it's nothing from acustica-audio. It is the FabFitler Bundle and this buying decision was directly related to the fact that getting the "FabFilter AllOnOnce Cr4cked" bundle was the easiest to get back then and P.S. is used to it now, it's on all of his projects and he likes it.
So FabFilter won P.S. as a paying customer, not because of marketing, but because the lastest and greatest version of their Bundle was cracked immediatly and spread to a lot of torrents.. and the crack was stable and had no virus. So P.S. was able to find and donwload and install within in 2min. If it wouldn't have been so easy, P.S. would now use products from a different company where it is easy.

[Kylotan]

Really? I have read different. The article I have in mind puts gamers into 3 categories: the 'nerd' ones that want to have the game asap after release and does not even look for cracks, but has pre-ordered the game already. Then there are the ones that never paid for anything. If they don't find a cracked version of your game, they simply play another game - no way to get any $$$ from them.
The last category are causal gamers that are interested on exactly your game - this one is complex, because it will depend on price ect pp. if they are going to look for a crack or not.

There are plenty of articles out there that are just plain wrong, because people like to write articles that defend their biases. It's not a coincidence that all the top selling games are linked to Steam or other similar services that are basically an online licence server with a store front attached - or better still, are on completely closed platforms like Xbox or PS4 where everything is linked to your hardware and identity and as a result infringement is very awkward.

Anyway, the problem with putting people in categories is that it makes blanket statements about a range of different situations.

For example, "nerds" that want the game ASAP after release. Some will pre-order, sure. Some can't, because they simply don't have the cash. They might save up for it, and it might take weeks, or months. But if a cracked version appears before their money does, they will often take that. So the longer you hold back the cracks, the more sales you make. (Probably not so applicable to VSTs or most non-entertainment software, but hey.)

Second group of people "that never paid for anything". These people don't actually exist; pretty much everybody on the planet pays for something. The trick is to convince them to pay for your thing. Many of these people will copy/pirate if they can, pay if they can't. They're not suddenly going to give up gaming/music production/film-watching if piracy stopped overnight. They'll probably cut back on Cheetos or beer or whatever and spend some of their money on what they used to just take for free.

Final group, where it depends on price (although it should be clear that it always depends on price for all groups, just like it depends on convenience, on attitudes towards crime, on the chance of being caught, etc) - copy protection helps to ensure a thriving market at all price points, because if the top-level stuff is hard to pirate, there's an opening for smaller companies to compete with cheaper products. The alternative is what you see in graphic design, where Adobe don't really bother protecting their product because they know that pirated versions of Photoshop have driven most of the lower-priced alternatives out of the market. As you say, "one that uses our cracked software, does not buy from competitor". That's a race to the bottom on effective pricing which doesn't end well for anyone - companies go out of business, or find other ways to squeeze cash out of people (subscriptions at best, ads or selling their data at worst).

And why not just offer a cut-down version, or a demo, if you really want to get the word out for free? Otherwise you're just hoping that you can somehow convert them to paying customers later, which usually requires some sort of trickery like we've seen with the serial numbers above. And it has the benefit of not encouraging the culture of software piracy.

[PurpleSunray]

econd group of people "that never paid for anything". These people don't actually exist; pretty much everybody on the planet pays for something. The trick is to convince them to pay for your thing.

Veto.
I can name at least 10 persons that only spent money for their PC hardware, but 0$ for software or content.
And it's not like they run a plain linux shell on it, but they need to stack HDDs to have engough space for their games, plugins, apps, movies..

And why not just offer a cut-down version, or a demo, if you really want to get the word out for free?

Try understand what I wrote above.
I'm not intersted on a demo or a cut-down version.
I don't want to test it, I want to make music with it.
But I don't want, or can't pay for it.
If there is no crack of that software, you are not on my list and I don't know about your company, and won't visit you hp to see if there are updates and won't see your promotion ofers and .. you can't convince me to buy from you, I don't even know you.

Otherwise you're just hoping that you can somehow convert them to paying customers later, which usually requires some sort of trickery like we've seen with the serial numbers above. And it has the benefit of not encouraging the culture of software piracy.

This is based on the asumpition, that if this guy cannot get a crack, he will pay for it.
Now we can fight about how many actualy do this. I think most simply look for an alternative that has a crack.
So you trade nothing (guy uses other plugin from other vendor) vs having an (stolen) installation and one that knows you and might even visit your hp from time to time.
I'm not talking about encouraging software piracy, not at all. I'm talking about how to address software piracy. Up to now the only discussed solution was "more copy protection". I don't think it's the only one.


Think I agree on the rest, have no real inside on the gaming industry, just read (possiblity plain wrong) articles about

[Vertion]

Oh my, this is a source of a lot of energy.

Real quick: PurpleSunray, love the name. Typo on your soundcloud info box "a pruple one". Also, check out Brite10 (brite1000).

I'm old now, but I was 12 when my uncle handed me a fresh copy of Peter Norton's Assembly Language Primer, and I ate it up. I had already been coding in Pascal for sometime at that point, oh dear borland. I was on the net via the local university browsing the then text-only internet with lynx, gophering around the world and finding my way around sysop access in BBSes abroad. Missing school to play Barren Realms Elite on every door game I could find. Ok enough flashback.

Least to say cracking is easy. If someone were to ask me to legitimately and legally reverse engineer their software and it's on a standard computer, no problem. Decades ago I was a little computer prodigy with way too much time on his hands and no money, so I understand this scene pretty well. Later becoming a professional developer, I learned it's best to buy the software you use or have used.

There is nothing that you can throw at me that I could not explain the process of how to reverse engineer considering it is standard software.

So, knowing that I am a developer just as you, with years of experience as well. Also a customer who has deeply invested in this field, I think I can connect the dots for you.

Let's keep it simple. Use a serial number, let me keep the software as a gem in a zip file where I can just place it where it needs to be, otherwise sit on my backup storage in case you ever call it quits. That means that I won't need the company around if I want to use it again in 15 years... yea.. I am sentimental about synths. No online crap, no dongle crap. This is a binary, not the crown jewels!!

Here is another thing. How do you know your competitors aren't undercutting you by releasing cracks for your software? Certainly, now here is a Nash equilibrium, or is it just plain attrition? Imagine all these companies attacking the each other's market share by releasing massive cracks. Now the market size shrinks, and demand goes down since it's all free. Prices drop. Less profit available. Stop wasting effort on copy protection beyond a basic lock and key (serial challenge). It WILL boost perceived value.

I have one more post to follow:

[Vertion]

V's 10 Golden Rules of Copy Protection

1. You create your cracker.
The better the copy protection mechanism, the better your cracker will be. Standard serial is okay.

2. Evolve faster than the cracker.
Focus on evolving your software, not copy protection.

3. Polymorphic compilation
Use header macros and hash the user identifier to compile a unique codebase for every customer.

4. Update weekly
Add new features every week, even tiny ones. Make these changes visible and beautiful for the user to see.

5. Crack your own code
Write your own cracks for (only) your own software and release. Design your software to extend on a flag being set given by a secondary program as a means for potential customers to further invest more time into your product.

6. Incomplete Demo
Keep 2 compilations, the demo has missing code from it's codebase, also should be a different codebase shape than the full version (no copy/paste in asm). This can also be used for early releasing.

7. Conserve Energy
Copy protection should require the least energy. Focus on your product and the features. No one will want to crack your software if it stinks.

8. Do not punish with Dongles
This will build negative reputation and hedging among your customers. Avoid.

9. Do not punish with Online Requirement or Downloaders
Customers have no idea how long your company or product will be available. If the means to validate online are unavailable, it will be a major disgrace to your company and it's products. Highly inadvisable.

10. Be The Jewel
The ideal plugin is small and dedicated to what it does best. It sits in a zip file until it is ready to be placed in the appropriate directory. It needs only the serial it came with. In 100 years, we can still use it and feel joy in your wonderful product that stood the test of time, and now you are a legend.

[paul.g.griffiths]

10. Be The Jewel
The ideal plugin is small and dedicated to what it does best. It sits in a zip file until it is ready to be placed in the appropriate directory. It needs only the serial it came with. In 100 years, we can still use it and feel joy in your wonderful product that stood the test of time, and now you are a legend.

100 years is a long time in tech world. I can pass on my speakers but doubt anyone will want my teeth.

[mystran]

Random thought about making programs harder to debug: write continuation passing style code (with tail-call elimination, using a trampoline or something) or something similar (eg. message passing co-routines is potentially even better) that takes away the explicit call-stack. I don't know how much this would actually affect copy-protection, but it does make traditional break-point debugging rather hostile, because (1) you need information about the data structures to find the actual call-stack and (2) you need call-trace logging to avoid missing the all the eliminated tail-call frames from said call-stack and (3) if you take this far enough, your "call-stack" turns into a directed graph.

It's unfortunately really annoying to do in C++ but it can actually also improve the modularity of programs, so it's not necessarily as bad as it sounds... and you can obviously combine this with "service modules" that do system calls and the like for you, except now you don't call them, rather you send a message and a continuation call-back.

[BertKoor]

If there is no crack of that software, you are not on my list and I don't know about your company, and won't visit you hp to see if there are updates and won't see your promotion ofers and .. you can't convince me to buy from you, I don't even know you.

True that... And that's what I find so brilliant about the approach of Urs: make your copy protection seemingly easy to crack with honeypots & whatever, but do delayed checks as well.

Use a serial number, let me keep the software as a gem in a zip file where I can just place it where it needs to be, otherwise sit on my backup storage in case you ever call it quits. That means that I won't need the company around if I want to use it again in 15 years...

I can agree on that. But I still have shitloads of floppy disks I never threw away. Can I still run that? Computers have changed drastically since, so I'd probably need to run it within a DosBox or whatever. Will I do that indeed? Hell no. Time is moving on, and the software I used some years ago on a daily basis is not anymore on my shortlist to install tomorrow on my new machine. Maybe with plugins it's a bit different, and some will age well. But might need a 32/64bit bridge ofcourse.

No one will want to crack your software if it stinks.

I don't agree on that principle. Yes, ofcourse be the jewel! But crackers will crack just because they can. In the past hackers were the natural enemy of the big software giants (ie Microsoft) who would still be earning shitloads even if more than half the world were only using cracks of their software. Later they just cracked whatever they could, even freeware! Just for the heck of it. Because they did not realise that some software (such as our beloved plugins) is not ownership of the big corporations but of small indies that are hit much harder by cracks.

Unawareness of the moral implications is imho one of the contributing factors. Some think they are Robin Hood, not realising they are robbing paupers instead of the filthy rich.