Online Activation

[Bombadil]

I'm only really getting my head around the implications of it. 10 years late, is normal for me re these things.

So, what are these implications?

Only use the software when connected to the www?

Company knows how often and when you use their products?

Anything else I'm missing?

[chk071]

I'm not sure what you mean. There are different ways of online activation. Challenge/response, for example (Google for it, if you're not familiar with it). Then there are authorization methods where you actually have to be online to be able to start the software (Reason, for example), and software which occasionally has to be authorized online (Avenger e.g.).

I haven't come across an authorization method which requires you to be online the whole time you use the software (maybe iLok Cloud, I don't know), and, the implication that companies "know how often and when you use their product" is just that: An implication. Although NI for example has an opt-in data usage tracking. What exactly is being tracked, I don't know. Probably functions of the plugins, so that NI can "listen to the users", something which I often read here, and which usually means "What I specifically want", and which is supposed to be something good.

[Bombadil]

Yep, iLock cloud disables without an internet connection. Seems daft to me, because I've already jumped through the necessary hoops to not have to deal with that limitation.

IK does it. I see the green light in Amplitube and I want to disable it, but can't.
XLN Audio also does it.

I simply have an instinctive distate for being monitored (even by a bot) and wish to use the software as, when, and where I pleae without worrying about being tethered to the internet.

[chk071]

I simply have an instinctive distate for being monitored (even by a bot) and wish to use the software as, when, and where I pleae without worrying about being tethered to the internet.

Most software does that (as I mentioned, I don't have a single audio software or plugin which requires me to be online the whole time).

I remember using a XLN plugin in the past (I don't remember which one, something from Addictive Keys I think), and, I didn't have to be online to use it either.

[osiris]

The keyword is Activation. Usually, if it's a good company they will have some sort of offline activation also.

[thecontrolcentre]

Most of my software has the possibility to activate offline via keyfile or serial ... and there's no requirement to be online in order to use it. Thing is, you have to go online to buy/download/update the software anyway.

I have heard some real horror stories about iLok being unreliable in live situations, but no personal experience with it.

[Bombadil]

Yeah, someone brought that up a few months ago, either here, or LPHelp.

I've seen people state that they wouldn't buy software that used online activation, and that they found it unnecessary and intolerable.
To me, my computer is an extension of my private space.
I have an iLock dongle, somewhere.
So, really I just wanted to know what the angst is about.

[ghettosynth]

I've stopped buying anything C/R from new vendors. It's the first thing I check. If we don't already have a relationship then you have to be no copy protections, iLok, serial, or keyfile, nothing else. The keyfile can't be locked to a specific computer either.

[Bombadil]

You'd think that would be enough. It was a nice experience buying from Valhalla and Scuffham Amps, though the older I get, the less willing I am to jump through hoops and pay for the privilege.

[ghettosynth]

You'd think that would be enough. It was a nice experience buying from Valhalla and Scuffham Amps, though the older I get, the less willing I am to jump through hoops and pay for the privilege.

Right? I've lost a few plugins over the years. I'm over it, but I don't care enough anymore to jump through hoops for you. Oh, and if you even suggest that subscription is on the table and I haven't already purchased something from you, I never will.

[Bombadil]

Yup. No chance from me, either.
AFAIK, I think I have 3 companies' instruments that need iLock. If I go offline, I was told I'd need the dongle. Since I don't use a laptop, it's academic, unless my ISP goes offline.
I'd like to use my desktop for music only. And I'd like to turn off the wifi, except to get updates. Everything else I can use my iPad.

[ghettosynth]

Yup. No chance from me, either.
AFAIK, I think I have 3 companies' instruments that need iLock. If I go offline, I was told I'd need the dongle. Since I don't use a laptop, it's academic, unless my ISP goes offline.
I'd like to use my desktop for music only. And I'd like to turn off the wifi, except to get updates. Everything else I can use my iPad.

Dongle is worth it IMO. It gives me peace of mind.

[BertKoor]

NI for example has an opt-in data usage tracking. What exactly is being tracked, I don't know. Probably functions of the plugins, so that NI can "listen to the users", something which I often read here, and which usually means "What I specifically want", and which is supposed to be something good.

From such data they may get an idea which controls & menus are used often and which are a candidate for removal.

With all the data (of this kind) in the world it is not possible for them to know what you really want. The most effective form for that is you just tell 'em. But we all got tired from feedback forms, so... ehm... well... next idea please.

[i need Help]

Anything else I'm missing?

I think people don’t understand just how big the “data collection” industry is nowadays. You are literally the product that various companies pay good money for (data about).

Some dev knowing which music software you use is the absolute least of your worries, trust me.

I think it’s safe to say you use the internet since you, you know, post on KVR? I guarantee you there are gigabytes of data about you on some server(s) somewhere.

Even if they don’t know who you are, there’s oodles of information about you, just with a blank space for the user name. You probably have some random number or identifier assigned to you.

All your devices are being tracked online, and they get associated as being linked to the same user via geolocation, device identifiers, IP addresses, browsing/ behavior patterns, URL headers (ever wonder what that little or mile-long string of characters after the “?” is in the URL when browsing the web?), on and on and on.

You really don’t have any privacy online unless you’re religiously doing tinfoil-hat-levels of online privacy mitigation. And even then you still aren't completely anonymous in terms of people knowing what you do online. I mean sure the FBI probably isn't gonna bother to figure out who you are, but go to Facebook if you don’t already use it and click the “Find Friends” button, then sit back and wonder how they know who you use to date, who you went to school with, and that person you chatted with at the coffee shop that one time.

I’d suggest just activating your music software online and get on with your day.

[sjm]

I've seen people state that they wouldn't buy software that used online activation, and that they found it unnecessary and intolerable.
So, really I just wanted to know what the angst is about.

I obviously can't speak for others, but the main issue with these things is that they aren't future proof. If you are dependent on a server to use the software, it also means that if the server disappears, so does your ability to use the software.

In other words, if the company goes bust, gets bought up by someone else who isn't interested in certain products markets, or the company simply decides that switching off the servers is more economical than maintaining them, your software goes poof and disappears.

If the software only requires a one-time activation, that means that once the servers go down, you basically have until your machine dies to continue using the software. If it requires periodic license checks where it phones home, then you've got until the next license check until everything stops working.

Basically, it introduces a point of failure that at some point is guarantted to fail - no company lasts forever, after all. What's unnerving is that you have no idea when that point is going to be.

You don't have that problem with serial/keyfile, because as long as you back up the key or file, and keep an installer hanging around, you can use the software until you are no loger running a compatible OS.

The difference here is that of handing over the keys to your software to a third party, where the ability to use it is outside of your control, vs keeping the keys yourself, and being responsible for not losing them. If you mess up, that's on you, and I think that's much easier for people to accept than to be beholden to a third party.

Any setup that is reliant on a third party has this vulnerability. Some people are more risk-averse or have already been burnt. Others are unaware that this is baked in to the design as a feature, not a bug, and don't realise until it all goes to hell. If you are aware of the issues, and choose to go with it anyway, that's a calculated risk that you take, and it's up to every individual to choose how much risk they want to take. There's no real right or wrong here, just a question of whether you are willing to take that risk, and which companies you are willing to take that risk with.

To get on my soapbox for just a moment, I would really like to see legislation introduced that mandates that vendors must ensure that the licenses are still usable in the case of them going out of business/switching off the servers etc., meaning that they need to have the ability to disable the copy protection, e.g. roll out a final release with the CP stripped out. There are rumours that Valve have something like this in place for steam. I don't know if that's true, but I'd like to see it as being the standard model. The vendor gets to protect their IP for as long as they are selling it. The paying user gets to use the software they bought for as long as they have a machine that can run it. It takes into account both parties' needs. And by mandating that a version must be made available in the case of something going wrong, developers are forced to wrestle with this issue before it becomes a problem. It is probably going to be a lot more work to strip out the copy protection completely at a later date than it is to just push out a build that is ready to go without the copy protection code. That should be as simple as setting a build flag and hitting compile.