How your keycodes get onto a warez site..
-
John, One piece of advice I want to give you: Have the ability to disable any activation key at any time. This is a golden feature and it will give you great satisfaction using it when someone cracks or leaks an activation key. Also you can fool hackers into thinking that they have broken your key. Just wait several days after you get cracked and then disable it. By that time they have already posted the cracked key all over the internet and have moved to something else. The only way to stop a hacker is to make him think that he has succeeded. Ivor S. Sargoytchev
Ivor S. Sargoytchev wrote: Have the ability to disable any activation key at any time. We do and have done so for some time, but we can't do it any time, the problem is that we can only disable it in a new release, i.e. it's compiled (in encrypted form) in the executable. We posted fresh copies of our software that zapped that license key, but we can't do anything about the people that downloaded before we did that unless they decide to upgrade. If I could find a reliable way to do that automatically without having to post a new executable, and in a way that wouldn't scare people because the software was automatically connecting to the internet etc it would be sweet. Unfortunately I don't think there is any realistic option for doing it automatically that doesn't start to have negative consequences.
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
With the software protection system I've built into ED (see sig) a license key can only be used for up to two weeks to activate the software. After that the user needs to contact us for a new key. This causes some pain all round, but the benefits are enormous. In essence your problem and many others go away. I have no idea why this isn't common practice. Neville Franks, Author of ED for Windows. Free Trial at www.getsoft.com
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
John Cardinal wrote: we're out USD$20,000.00+ worth of licenses from the people that downloaded Uhm, you said that the downloads increased 1000-fold after the warez site put the link up on their site. So basically all these people would not have bought your program anyway. While I can feel your pain, the truth of the matter is that you really did not lose any customers who would actually have bought it. Well maybe a few - 5 or 6 people perhaps - who might have legally purchased it might have got distracted by the warez site. I am not justifying them, okay? Dont get me wrong on that point. I think what they did totally sucks! But I am trying to tell you that you did not lose anything financially as you seem to have convinced yourself. had the wzarez site not put up that link with the free serial number, 99.999% of those downloaders wouldnt have even touched your site. As you said, there are people who love downloading something if they feel its a commercial app that they are getting for free. Nish
Extending MFC Applications with the .NET Framework [NW] (coming soon...) Summer Love and Some more Cricket [NW] (My first novel) Shog's review of SLASMC [NW] Come with me if you want to live
-
John Cardinal wrote: we're out USD$20,000.00+ worth of licenses from the people that downloaded Uhm, you said that the downloads increased 1000-fold after the warez site put the link up on their site. So basically all these people would not have bought your program anyway. While I can feel your pain, the truth of the matter is that you really did not lose any customers who would actually have bought it. Well maybe a few - 5 or 6 people perhaps - who might have legally purchased it might have got distracted by the warez site. I am not justifying them, okay? Dont get me wrong on that point. I think what they did totally sucks! But I am trying to tell you that you did not lose anything financially as you seem to have convinced yourself. had the wzarez site not put up that link with the free serial number, 99.999% of those downloaders wouldnt have even touched your site. As you said, there are people who love downloading something if they feel its a commercial app that they are getting for free. Nish
Extending MFC Applications with the .NET Framework [NW] (coming soon...) Summer Love and Some more Cricket [NW] (My first novel) Shog's review of SLASMC [NW] Come with me if you want to live
Bandwidth costs money.
-
John Cardinal wrote: we're out USD$20,000.00+ worth of licenses from the people that downloaded Uhm, you said that the downloads increased 1000-fold after the warez site put the link up on their site. So basically all these people would not have bought your program anyway. While I can feel your pain, the truth of the matter is that you really did not lose any customers who would actually have bought it. Well maybe a few - 5 or 6 people perhaps - who might have legally purchased it might have got distracted by the warez site. I am not justifying them, okay? Dont get me wrong on that point. I think what they did totally sucks! But I am trying to tell you that you did not lose anything financially as you seem to have convinced yourself. had the wzarez site not put up that link with the free serial number, 99.999% of those downloaders wouldnt have even touched your site. As you said, there are people who love downloading something if they feel its a commercial app that they are getting for free. Nish
Extending MFC Applications with the .NET Framework [NW] (coming soon...) Summer Love and Some more Cricket [NW] (My first novel) Shog's review of SLASMC [NW] Come with me if you want to live
Nishant S wrote: But I am trying to tell you that you did not lose anything financially as you seem to have convinced your Sorry but that's plain wrong, even if you disregard the value of the licenses, here's why: In expenses we're down the price of a license, the price of lost time and productivity of two of our senior staff dealing with this, a few hundred dollars lawyers fees to find out what's involved, lot's of long distance calls all over the U.S., bandwidth charges from our ISP, lost revenue when our site went down while the ISP was trying to block that referrer and real paying customers couldn't get through, delays for downloads of legit people because the file was being hammered so heavily on our site etc. In real expense just to deal with this, completely ignoring the lost sales potential we're probably out a few thousand at least which is big for us.
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
John, Thanks (well maybe thanks isn't the right word, especially given all the hassle involved) for a really fascinating post. What about setting up a CP contest to come up with the a secure anti-piracy lib that could be used by others? The final test would be to try and attract people to hack it, and the one that lasts longest wins. Perhaps even start a new section, dedicated to copy-protection etc solutions. Surely this is something other people have to deal with as well? ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned
-
With the software protection system I've built into ED (see sig) a license key can only be used for up to two weeks to activate the software. After that the user needs to contact us for a new key. This causes some pain all round, but the benefits are enormous. In essence your problem and many others go away. I have no idea why this isn't common practice. Neville Franks, Author of ED for Windows. Free Trial at www.getsoft.com
Excellent idea! Thank you, aside from all the other stuff that we do that would be very beneficial. We currently have a temporary keycode system that we use for purchase orders in case they don't get paid, but we don't use that for credit card purchases, I'm also thinking of making that more widespread as well. (I.E. the initial keycode is a temporary one and we email a replacement when we actually get paid, but it could be extended to any order after a couple of weeks get the final keycode) What we also do and something that I don't know why more people don't do is we don't have anywhere in the program a visible way to enter a keycode. The enter keycode dialog doesn't contain any static text related to keycodes all that text is encrypted in the program and it's a hidden option you can only bring up with a certain set of mouse clicks on a certain screen which the users so far have had no problem with, but it means that you don't know how to enter a keycode unless you get the official registration email which is the only place we publish that information. The person that posted the keycode didn't include those instructions so we've been amused to see replies to their message saying that there is no way to enter the key. It doesn't take a genius to find an alternative way to do it, but it probably stopped a number of people right off the bat.
-
John, Thanks (well maybe thanks isn't the right word, especially given all the hassle involved) for a really fascinating post. What about setting up a CP contest to come up with the a secure anti-piracy lib that could be used by others? The final test would be to try and attract people to hack it, and the one that lasts longest wins. Perhaps even start a new section, dedicated to copy-protection etc solutions. Surely this is something other people have to deal with as well? ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned
I agree but it would have to be a system that doesn't work through obscurity for obvious reasons. I'd love to see all the ideas for a system that works even though the method is plainly obvious and documented. There is a *lot* of good info on other techniques and about the problem in general here: http://inner-smile.com/nocrack.phtml[^] But as the title says those methods just make it harder, not impossible.
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
It happened to me recently, I am sure none of the people who downloaded would have bought it anyway and most probably won't use it. Just increases my bandwidth and I have to spend time trying to stop them accessing my site! Actually there is a freeware version of this software on my site, which for 99.9% of people is more than adequate!
Hell, there are no rules here-- we're trying to accomplish something. - Thomas A. Edison
-
Ivor S. Sargoytchev wrote: Have the ability to disable any activation key at any time. We do and have done so for some time, but we can't do it any time, the problem is that we can only disable it in a new release, i.e. it's compiled (in encrypted form) in the executable. We posted fresh copies of our software that zapped that license key, but we can't do anything about the people that downloaded before we did that unless they decide to upgrade. If I could find a reliable way to do that automatically without having to post a new executable, and in a way that wouldn't scare people because the software was automatically connecting to the internet etc it would be sweet. Unfortunately I don't think there is any realistic option for doing it automatically that doesn't start to have negative consequences.
What about something that discretely "checks online for updates," and while it's "checking" it also checks to make sure that the activation key is still valid? That way, even if you have a very sophisticated user who can sniff the packets and, somehow, figure out that you are sending data back to a server, you can say it's all part of the update process...plus, if there is an update you can tell them so (maybe even prompt to pay for additional upgrades). D Daniel Larsen, Professional Casanova Blood, Sweat, Toil and Tears
-
What about something that discretely "checks online for updates," and while it's "checking" it also checks to make sure that the activation key is still valid? That way, even if you have a very sophisticated user who can sniff the packets and, somehow, figure out that you are sending data back to a server, you can say it's all part of the update process...plus, if there is an update you can tell them so (maybe even prompt to pay for additional upgrades). D Daniel Larsen, Professional Casanova Blood, Sweat, Toil and Tears
Yes, I think that could work if it's something they initiate, just not sure about the ethics of disabling their software after they connect to our web site, will put that idea in the hopper as well. It's actually a good time for us to be thinking of this because we're rewriting our app completely from scratch in .net and licensing is one of the major areas we're going to be revising.
-
I agree but it would have to be a system that doesn't work through obscurity for obvious reasons. I'd love to see all the ideas for a system that works even though the method is plainly obvious and documented. There is a *lot* of good info on other techniques and about the problem in general here: http://inner-smile.com/nocrack.phtml[^] But as the title says those methods just make it harder, not impossible.
John Cardinal wrote: _http://inner-smile.com/nocrack.phtml\[^\]_ Excellent FAQ! I bookmarked this last time it was posted, and I'll use the info if I ever need to create software that uses keycodes (which, in all likelihood, I will).
"Blessed are the peacemakers, for they shall be called sons of God." - Jesus
"You must be the change you wish to see in the world." - Mahatma Gandhi -
I agree but it would have to be a system that doesn't work through obscurity for obvious reasons. I'd love to see all the ideas for a system that works even though the method is plainly obvious and documented. There is a *lot* of good info on other techniques and about the problem in general here: http://inner-smile.com/nocrack.phtml[^] But as the title says those methods just make it harder, not impossible.
Right, but what I would prefer is a collection of ready to use libraries. Stuff that people can drop in to an app, or however most appropriate to set it up. it would have to be a system that doesn't work through obscurity for obvious reasons. I'd love to see all the ideas for a system that works even though the method is plainly obvious and documented. I would to. Surely there are enough people here who can come up with good, creative, possible solutions, as well as enough people who like low level bit twiddling to attemtp to crack the solutions to verify the integrity of the solution. I've never done anything like this, but I have some ideas.... ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned
-
Excellent idea! Thank you, aside from all the other stuff that we do that would be very beneficial. We currently have a temporary keycode system that we use for purchase orders in case they don't get paid, but we don't use that for credit card purchases, I'm also thinking of making that more widespread as well. (I.E. the initial keycode is a temporary one and we email a replacement when we actually get paid, but it could be extended to any order after a couple of weeks get the final keycode) What we also do and something that I don't know why more people don't do is we don't have anywhere in the program a visible way to enter a keycode. The enter keycode dialog doesn't contain any static text related to keycodes all that text is encrypted in the program and it's a hidden option you can only bring up with a certain set of mouse clicks on a certain screen which the users so far have had no problem with, but it means that you don't know how to enter a keycode unless you get the official registration email which is the only place we publish that information. The person that posted the keycode didn't include those instructions so we've been amused to see replies to their message saying that there is no way to enter the key. It doesn't take a genius to find an alternative way to do it, but it probably stopped a number of people right off the bat.
Not sure if I like hiding the registration dialog, as it makes things that bit harder for legitimate users. With time limited activation most all problems go away. I also lock the license info to the PC, after it is sent. What this does is allow the license info to be backed up and restored for that PC, but prevents it being restored to another PC. One of the perenial problems we all have is where company x uses more licenses than they've paid for. This helps stop that. And on it goes. ;) A good friend of mine Russell Robinson, is developing a comprehensive Software Protection System + Web based CRM with options to enable the verification of licenses back to your server, along with the ability for a legit customer to request a new license at any time. As most people are connected to the Web these days, this is a very good way to go, as others have said. He has a demo of the CRM up and running which you can play with and the guts of the SPS working. The licensing system has grown from code Russell developed for his products and is part of what I use in ED. I suggest you drop Russell an email at: russellr@rootsoftware.com and see what he is up to. Neville Franks, Author of ED for Windows. Free Trial at www.getsoft.com
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
What irks me is that when software companies such as yours have to defend themselves they have to (1) spend lots of money to reduce the effects, and (2) potentially lose out of licence revenue. I'm a software developer, naturally - which I am here - and as far as I am concerned takes the food off my table and the roof from my head if people don't pay. I am irked by people (mostly non-computing people) asking that since I have an MSDN subscription, and therefore a vast library of MS software, could I see my way to lending them the Office or Windows disk. :mad: No I B@&*dy well could not! :mad: I pay my mortgage because people pay me to write software. "But, :-D Microsoft is a big company with billions in cash in the bank - they won't notice:-D." ":mad:I don't care! Its the principle. Microsoft pays its software developers, who use that money to feed and clothe themselves, to provide a roof over their heads, to provide for their families. If people like you :mad: don't pay for software, Microsoft's or not, then the software companies can't pay their employees, and they can't in turn can't afford to feed themselves!" "But, I am sure you've got copied software. ;)" "NO I HAVE NOT! :mad: AND I AM DISGUSTED THAT YOU THINK I DO :mad:" ":omg:You've never copied software?" "NOT EVEN AT UNIVERSITY :mad: - I WAS THAT LONE STUDENT WHO PAID FOR THE EDUCATIONAL EDITION OF MICROSOFT OFFICE and BORLAND C++" . . . .... :-O Excuse me... I have to go and rest for a bit. I'm a bit flustered... --Colin Mackay--
"In the confrontation between the stream and the rock, the stream always wins - not through strength but perseverance." (H. Jackson Brown)
-
Excellent idea! Thank you, aside from all the other stuff that we do that would be very beneficial. We currently have a temporary keycode system that we use for purchase orders in case they don't get paid, but we don't use that for credit card purchases, I'm also thinking of making that more widespread as well. (I.E. the initial keycode is a temporary one and we email a replacement when we actually get paid, but it could be extended to any order after a couple of weeks get the final keycode) What we also do and something that I don't know why more people don't do is we don't have anywhere in the program a visible way to enter a keycode. The enter keycode dialog doesn't contain any static text related to keycodes all that text is encrypted in the program and it's a hidden option you can only bring up with a certain set of mouse clicks on a certain screen which the users so far have had no problem with, but it means that you don't know how to enter a keycode unless you get the official registration email which is the only place we publish that information. The person that posted the keycode didn't include those instructions so we've been amused to see replies to their message saying that there is no way to enter the key. It doesn't take a genius to find an alternative way to do it, but it probably stopped a number of people right off the bat.
One more thing. We require prospects to Register with their email address etc, and then send them login details for our Forums, where they can download the software. This no doubt puts some people off, but serious punters will go through the process. If you had a system like this I'm sure it would have stemmed the flood of downloads considerably. The other upside is we can follow up with them later, as we know how to contact them. Neville Franks, Author of ED for Windows. Free Trial at www.getsoft.com
-
What irks me is that when software companies such as yours have to defend themselves they have to (1) spend lots of money to reduce the effects, and (2) potentially lose out of licence revenue. I'm a software developer, naturally - which I am here - and as far as I am concerned takes the food off my table and the roof from my head if people don't pay. I am irked by people (mostly non-computing people) asking that since I have an MSDN subscription, and therefore a vast library of MS software, could I see my way to lending them the Office or Windows disk. :mad: No I B@&*dy well could not! :mad: I pay my mortgage because people pay me to write software. "But, :-D Microsoft is a big company with billions in cash in the bank - they won't notice:-D." ":mad:I don't care! Its the principle. Microsoft pays its software developers, who use that money to feed and clothe themselves, to provide a roof over their heads, to provide for their families. If people like you :mad: don't pay for software, Microsoft's or not, then the software companies can't pay their employees, and they can't in turn can't afford to feed themselves!" "But, I am sure you've got copied software. ;)" "NO I HAVE NOT! :mad: AND I AM DISGUSTED THAT YOU THINK I DO :mad:" ":omg:You've never copied software?" "NOT EVEN AT UNIVERSITY :mad: - I WAS THAT LONE STUDENT WHO PAID FOR THE EDUCATIONAL EDITION OF MICROSOFT OFFICE and BORLAND C++" . . . .... :-O Excuse me... I have to go and rest for a bit. I'm a bit flustered... --Colin Mackay--
"In the confrontation between the stream and the rock, the stream always wins - not through strength but perseverance." (H. Jackson Brown)
Okay [Starts to breath more easily, and colour is returning to normal] I've calmed down a bit... I've just gone to look and see how easy it is to find cracked software. :eek: That was way too easy!:omg: But what gets me in the site I found was that its "Easy 3 step instructions" include as the third step: Crack-Locator.com wrote: 3. If you like the software, please support the author and buy it! Every good job should be paid. :wtf: Is that not the pot calling the kettle black? --Colin Mackay--
"In the confrontation between the stream and the rock, the stream always wins - not through strength but perseverance." (H. Jackson Brown)
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
Why not use online activation? That way, if a key code is stolen you can immediately invalidate it so that no one using it will be able to activate. That's what I do, but I'm not sure if it has adverse effects on legitimate customers. I have a symbiotic relationship with my computer.
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
John Cardinal wrote: Bottom line is that technically, we're out USD$20,000.00+ worth of licenses from the people that downloaded before we patched our software to not use that keycode (of course they will never be able to upgrade) Actually, although I'm very sorry for your problems, this linear extrapolation is just that. I know it probably doesn't do much to soothe your soul, but the lionshare of illegal downloads were probably by people who wouldn't have bought your software anyway, so you may not be out anywhere near as much you think. I don't know what your software is or does, and that will also have bearing on how much you lost, depending on the intended audience, etc. But this is the age-old debate over piracy. How many people who acquire illegal copies of a given piece of software would have bought it had they not been able to acquire it illegally? It's a nearly unknowable factor. The only option is to use s different licensing system (yes, I know, there are upsides and downsides to everything) which doesn't allow multiple installations from one key. Good luck in the future. Paul
-
John Cardinal wrote: Bottom line is that technically, we're out USD$20,000.00+ worth of licenses from the people that downloaded before we patched our software to not use that keycode (of course they will never be able to upgrade) Actually, although I'm very sorry for your problems, this linear extrapolation is just that. I know it probably doesn't do much to soothe your soul, but the lionshare of illegal downloads were probably by people who wouldn't have bought your software anyway, so you may not be out anywhere near as much you think. I don't know what your software is or does, and that will also have bearing on how much you lost, depending on the intended audience, etc. But this is the age-old debate over piracy. How many people who acquire illegal copies of a given piece of software would have bought it had they not been able to acquire it illegally? It's a nearly unknowable factor. The only option is to use s different licensing system (yes, I know, there are upsides and downsides to everything) which doesn't allow multiple installations from one key. Good luck in the future. Paul
A few people have pointed this out already, it's not so much the potential loss of licenses, it's the real costs we've already incurred from the whole incident: In expenses we're down the price of a license, the price of lost time and productivity of two of our senior staff dealing with this, a few hundred dollars lawyers fees to find out what's involved, lot's of long distance calls all over the U.S., bandwidth charges from our ISP, lost revenue when our site went down while the ISP was trying to block that referrer and real paying customers couldn't get through, delays for downloads of legit people because the file was being hammered so heavily on our site etc. In real expense just to deal with this, completely ignoring the lost sales potential we're probably out a few thousand at least which is big for us
Strangers passing in the street By chance two separate glances meet And I am you and what I see is me...