As to what to do about it, there are two basic tracks, neither of which is incompatible with the other:

1. The legal route: notifying distribution sites that they're hosting content in violation of copyright law, requesting takedown, and if required, demanding such (with a DMCA notice or similar). If a distributor is unresponsive to both, DMCA Google, Bing, etc. to at least suppress the cracks in most search results;

2. Having some fun with it: make sure that a special page on your own site becomes the #1 search engine result for "<productname> crack" and similar. On this page, put a human face on your pricing, explain the available discounts, and finally offer to supply a free registration key to anyone that truly wants it, so they don't have to download all kinds of shady binaries. Of course, any such free keys don't come with support and display a prominent PIRATED VERSION notice in all window captions, printed outputs, et cetera, but you disclose all of that upfront and explain how that's a small price to pay...

But above all, make sure not to confuse a "pirated copy" with a "lost sale". In 99% of cases, the Venn diagram of those has very little overlapping area.

First, people or companies using the cracked version of your software were never going to buy it. These people do not pay for software, and nothing you do will convince them to pay for it.

Secondly, whatever measures you put in place to combat the cracked versions will potentially have a negative impact on your actual paying users - the real people you built the software for.

Extra security measures or hoops to jump through; extra validation or 'calls home.' - all extra things that can and will go wrong at some point for a real user.

Why would you inconvenience paying users to combat people who will never be paying users?

Ignore them, and spend your time improving your product for your real users.

[I've had 3 desktop apps cracked and hosted on Warez sites over the past 15 years - even appearing for sale on eBay on some occasions. I was worried the first time it happened, then I stopped caring. They made no difference.]

I've heard this before but I'm not convinced this is actually true. Why? Because I use Netflix instead of torrent sites, and just accept the limitations of that format. Programs are tools vs of entertainment, but I don't know that the human psychology actually changes.

A neat trick they did was to introduce downloading as a feature. Now search results for "Netflix download" all talk about the built in feature as opposed to teaching how to rip the DRM off the downloaded file.

Regardless this just goes to show that the problem can be mitigated by making the legitimate route less painful than the illegitimate one. I used to pirate most of my music collection but now I use Apple Music because the friction of maintaining the library across multiple devices is so much lower.

Imposing restrictions and hoops to make your product harder to pirate is vastly inferior and in many cases entirely ineffective in than designing the product to be a superior experience to pirating it.

The ability to do so is going to vary wildly by the product itself, but that is the better way to achieve the goal.

There are people who will always pirate things, whether out of principle or out of economics. However there are plenty of people who would gladly cross the line if the legitimate route was significantly better, either by ease of use or design.

DarrenDev says there are no lost sales. However, I pay for Disney plus because I don't have access to invite-only torrent sites where the latest movies can be found, but I'd still like to watch them. If I had access to those torrent sites or someone's Plex, I could cancel Disney plus.

Would you still pick Netflix over torrents if it cost €100/month?

When I was a young teenager I used to rip CDs from the local library (who could get almost any CD in a week if ordered).

Now I spent a fair chunk of money on both digital and physical (vinyl) supporting artists - because I can afford it.

Then they (the record companies) started suing their customers, and I stopped buying CDs. I've been listening to the same set of songs ever since, or stuff on youtube.

Never again will I feed that monster.

A good portion of their user base got started using cracked copies of the software, as the price of something like the CS6 Master collection was well outside of the affordability of the average hobbyist.

But some of those teenage hobbyists grew up to go to college to expand on their Adobe tinkering to becoming professionals that sneer at people who use non-adobe products because of the price.

Businesses buy the software because that is what the talent is trained on. The difference between calling what Adobe has on the market a monopoly and an actual monopoly is probably only technicalities at this point.

Sure, most of this comes from the fact that their software really was the best of the best for the longest time, and their lead in technology and namesake is so far ahead of any of their competitors that it is laughable. their software was pirated obsessively because it was so good and so expensive, just like Waves $2,000 Mercury VST plugin suite.

There are other softwares, many of which are free or very affordable, that do 95%+ of what anything adobe or Waves does. But when you edit a photo with Gimp people will still instinctively say that you photoshopped it, and few people will ever care what plugins you used on an audio track if it's not autotune.

Its completely unaffordable to the student or hobbyist, the "home edition" is too limited to be useful, so everyone starting out uses a cracked version because its been the de-facto industry standard tool since forever for reverse engineering.

Later when those people get jobs, they become another paying (through work) licensed user of IDA Pro.

What's slowly fucking IDA now is finally there are alternatives, the NSA open sourced Ghidra which can replace IDA to some extent - so smaller customers (who were always treated poorly anyway) are moving away from their product.

Not always effective for all applications though.

It's very bad economics to think of a pirated copy as a lost sale. In some cases the piracy helps drive sales!

If you are making money from something or using it enough that you want support / reliability, pay for it and shame on you if you don't

Don't gimp your cracked stuff for the college kids and evening hacks just trying to see if they like something or if they can build its use into a business.

I have pirated person when I was a poor student where it literally was money for food vs buying some software. I buy all my (commercial) software now that I can easily afford it and support multiple open source projects with donations. And the software houses, Bands and filmers who have seen the most of my money have been precisely the ones whose work I liked before.

The creators who have not been assholes about it (or even had some kind of humor in their response) are well remembered.

Sure there might be people who pirate everything out of principle, but my guess is that the majority will only do it if they can't help it any better.

Or, they would never have bought it if unable to obtain a pirated copy, but now that they've tried it, may purchase. Admittedly this is more true of games than other software. When I compare my steam library to my pirated library, many of my favorite games are in the overlap: I tried them first, loved them, and then bought them.

If there is no note whatsoever it's very easy to get to situation where user A starts to use it, pirates it, then just dumps it onto file share and tells others to use it.

The Atari 800 cartridge address range could be populated with RAM, and cartridge images simply copied to RAM and run. Copy protection techniques usually involved figuring out sneaky ways to write to that address range (which would crash an image running from RAM).

Toward the end of one project, I spent about two weeks writing an encrypted, multi-stage anti-copy system. A few months after the game shipped, I asked my pirate "friend" about it.

"That was a hard one," he said, "It took us nearly three days to crack it."

For instance, current Netflix pricing I am okay with, with the content they have. If the price triples, you bet your ass I am going back to torrents unless they really step up the quality and quantity of content.

There is just very little incentive anymore. The skill level for hacking game DRM is extremely high now and those people would rather spend their time working on one of the many bug bounties where they can get huge payouts and public recognition for hacking ios vs having to hide behind tor and risk arrest to provide kids with free games.

Turns out, the pirated copy had a special feature where the player would feel immense economic pressure from piracy, so a bunch of players asked how to win against this, it was pretty hard and really fun for people who knew what was going on.

Point is, you could hide an Easter Egg for pirated versions (can you detect the lack of signatures?)

It's important to note that they didn't use DRM or anything like that to detect whether a given copy of it was pirated. They made two builds of the game: a normal one that they gave to paying customers, and the special one that they uploaded a torrent of themselves.

https://bit-tech.net/news/gaming/pc/pirated-batman-pc-contai...

> "I've got a problem when it's time to use Batman's glide in the game," said user Cheshirec_The_Cat, whose appalling spelling we felt we needed to clean up. "When I hold [the button], like it says, to jump from one platform to another, Batman tries to open his wings again and again instead of gliding. So he falls down in the poison gas. Can somebody could tell me, what I should do there?"

I hope you are super duper 100% sure the bug can’t happen otherwise. I would hate to be your paying costumer and ignored because your drm system is buggy.

It's something along the lines of: Pi+=2 in one place of the code. And Pi += 1.1415 somewhere else. And both are guaranteed to run at the start of the program so that Pi=3.1415

However one of those lines is hidden in a part of the code that the most obvious crack is going to remove.

I cracked an expensive FPGA simulation program (for which I had the license, but the FlexLM scheme based on the MAC address of the adapter was just too annoying to get working on Linux).

What they would do is have a sort of unit test of their license verification function at runtime. There was a check hidden somewhere that I never found, and if the license verification was changed to always return true, the unit test would fail. The simulator would continue working within a single module, but as soon as you tried simulating a larger project, it would return undefined values between all the modules, rendering the simulation unusable for any real project =)

(I solved the unit test by having the license check return true only for my hardcoded serial number, which is definitely easier than hunting for the different places where a check might be hidden)

I believe there were several games that had a reputation for being horribly buggy that was at least partially the result of pirated versions having bugs intentionally introduced by the copy protection.

I believe the game you mentioned made it really obvious what was happening and why to avoid that.

Any time I've seen game devs try it the comments under those people were "you fix it by buying the game pirate".

And platforms like Steam allow you to review only bought games anyway

Game Dev Tycoon

I think a fundamental aspect of cracking consists of disabling such detection mechanisms. But if the cracker only digs far enough to ensure that it seems to work without nags, and not far enough to find Easter eggs, then it will probably work for a while until people catch on and demand a further crack.

It's really the OS that needs to detect a lack of expected signature, because the cracker isn't going to be able to disable an OS feature unless they release the cracked app as a while VM or something. But that's a thing...

The pirated version had a different name for one of the mannequins, but people loved the quote and the acting for yelling out the name of the mannequin in the movie, so that led to people would arguing in internet comments about the name used and you could get a feel for how prevalent the piracy was by upvotes

Indeed! There's a nice anecdote from Paulo Coehlo (I don't like his work but w/e) where he was stuck in traffic somewhere in LATAM and a guy passed by his car selling pirated copies of his newest book. He then says this event made him feel like he had finally made it and even became a strong promoter of piracy, heh.

I’m seeing many comments saying this, but it’s simply not true for commercial/industrial software. Outside of the US, even in large swathes of Europe, it’s extremely common to lose significant revenue to piracy, and if you make it too hard to pirate they will pay.

Companies (the customers in this case) that are happy to exploit workers in sweatshops? Also completely happy to use your software without paying for it.

Very true. If they were never going to pay anyway, you haven't lost anything if they use a crack. It still irks though!

It's literally the same reason most companies give students essentially fire sale discounts (often just free) versions of their software.

They're probably pirating it because they aren't deriving much if any revenue from using it yet (it's either for personal use, they're learning a new tool, or they have no money). But having that person familiar with your software and trained on it means that if they reach a spot where they're using it profitably for business - it's basically a guaranteed sale.

"Sure thing, how many do you need?"

When I hesitantly reminded him we hadn't discussed prices yet, I was told it was free as they really wanted to snare us in as users before we wound up in paid work where we'd need to be productive employees fast.

I have since had three employers buy full licenses and support deals. Good call by Protel back then.

Instead, the value proposition to switching to paid became once it had established value to me, and I could benefit from the reduced exposure risk of running malware in the cracked version, and possibly get updates if they affected major things like stability, or new tool-sets or access to online data that was useful.

The non-overlapping are is likely non-trivial. There are surprising many shops that use professional software for client projects, could afford the license, but that prefer pirated copy to paying actual license fee.

Ofc persecuting non-professional users is pointless. Persecuting professional users in a smart way can lead to license sales.

But you'd be insane to use a pirated copy of SOLIDWORKS for anything professional (like if you were the Cybertruck's door handle subcontractor or whatever), just like you would be insane to use a pirated copy of windows or Office. But let's be real, plenty of people do that. Whether it's because they're poor, or whether it's because they're cheap, or both, full list price is simply not gonna get paid, and so they'll go with the cheaper option - it's just that cheaper option happens to be a $0 pirated copy in most cases. Some offices will have one genuine copy for one computer and pirated copies for the rest of everyone, especially part-time contractors. In that way, a cheaper academic license, even accepting that there's no fool proof way of checking for that, or having a time-limited entrepreneur/start-up option will lead to more sales and more money.

It then becomes an exercise in the dark art of pricing things, to figure out where that sweet spot actually is. A 30 or 90 day copy which is hopefully long enough to build the bike shed, priced right, is an actual sale that can be made that otherwise wouldn't. A cheaper limited version for the non-premium seats at the company are other additional sales to be made.

Why not bundle a separate license for individuals with the enterprise license.

I feel like easiest way to monetize apps like that would be free noncommercial license. Want to DJ your school party ? Go ahead, as long as nobody pays you it's fine, and if someone does, well, now you have money for license.

You're also building potential user base, when everyone can play with your software without limits many will pick it when they will do something commercial

https://virtualdj.com/products/virtualdj/price.html#comparis...

I don't use any cracked software, but I sure did when I was a kid without money. And I was so grateful for it, especially all the DAW and music production stuff.

There is an utilitarian argument somewhere in there about free software.

Copyright owners also habe legitimate interests in their products and are afforded with different ways to gain value from a software product that is locally installed.

Also, something like a self-contained, "portable" linked binary that creates value without any dependency on any online service will always be trivial to copy but also maximally useful.

(Edit: languages that depend on an interpreter don't differ too much, I think)

We had this happen too. In our case, our software required our hardware to function so we put the recurring license on the hardware instead of the software. It's been about 8 years since then and nobody has been able to crack that system yet. Some software that doesn't need hardware also uses a small hardware key to enforce licensing.

Going forward, you could make it so the user has to login to your service when they launch your software. You could provide extra value to your paying customers through this channel too. You would run into some other challenges such as shared passwords, but those have some mitigation strategies too.

VSTs are pretty niche and the market is mostly people without much money. But you can find cracks being used in top studios, so...

The one time I had software cracked and pirated sales pretty much dried up immediately upon its release.

This is probably true if your audience is primarily people who aren't particularly technically minded, but my product was no doubt most appealing to the same kind of people who know how to pirate software.

2b. Free with Ads. Yes, this is not for everyone, but many devs will make this path an option. Your buyers must realize that all ads can be removed for a fair price.

If your app isn't a game and/or you think that DRM isn't worth the platform tax, remove the DRM and focus on building relationships with your customers.

A third option is a big looking what adobe photoshop did. Most people in the early days has an access to a cracked version and it became nearly the standard for image editing. And how did they then manage this: By adding cloud services.

You could maybe start small and say: „You can download our free templates (don’t know what type of software but I thought of some 3D models) from the web (new template every couple of month) and this works only with an activated version. By this you actively provide more value for your paying customer at the same time instead of wasting time and money to just make it harder to crack.

In the vast majority of cases it doesn't mean that.

A lot of cracking is done for sport and to show off, especially when the protection is weak.

If the software supports getting updates, get the cracked copies to phone home and have a legal firm send them a warning they might be using hacked software.

Home users won't care, but legitimate businesses might convert to actual sales.

And if you made cracked copies phone home, that's something that would get removed by the cracker anyway most of the time.

Rather send a message directly through the software and give a link directly to purchase it. A bit cheaper and more straightforward, than finding out adresses and involve lawers. That should be the last resort.

The best part is that while it's technically illegal (you didn't pay for rights to the translations), they're never going to reveal who they are to come after you (since they don't have the rights to distribute their translation).

Why CJK text first?

[Edit: "first" meaning "before releasing", not meaning "before other scripts."]

- Let hobbyists and tiny companies pirate your software. You don't have to encourage it, but you can still turn a blind eye. They weren't going to pay you anyways, and this is a good way to get people familiar with your products.

- Ruthlessly go after mid-large sized companies if you find their employees pirating your software. They have money to pay, and will be happy to do so (at least in the face of legal threats).

The interesting part is that the first demographic (students, hobbyists, tiny companies) directly feeds into the second when they start working corporate jobs. So in that sense piracy is sometimes a key part of the sales funnel. This is exactly how companies like Microsoft and Adobe have been able to maintain complete hold on the market.

“Crack” gmail or ChatGPT if you can.

The move to the webapp model you describe is slowly happening, but it will be a very long time (if ever) before it can cover 100% of software use cases. Try telling someone in your accounting department they they have to use the web version of Excel moving forward and watch them quit on the spot.

Pretty much. You can add more data points – email address used to sign up, whether the IP address matches a company's network, whether their machine is connected to a corporate domain.

They fight pirating, and that prevents it from becoming absolutely endemic, but they don’t really lose massive amounts of sleep over the cracks, because every cracked copy is training people to use their software.

Sort of “The Old Dope Peddler” model.

It’s not really correct to assume every cracked copy is a lost sale.

Instead, think of it as indoctrination of possible future sales.

This worked especially well with (I think) US government agencies who can in theory be fined for every time the software was activated.

you are not gonna guilt anyone into not pirating and if the message blocks or is annoying, crackers are gonna circumvent it just like they did the license check.

Pretty bad when the pirated versions of your software work better than the legit copy.

Microsoft has bribed their way into having power of police in Argentina.

the can legally obligate you to give them a report of how many computers and what operating systems you are using and they can request a judge's order to enter your company with the police to audit your infrastructure if they think you are not telling them the truth.

I they will do this kind of stuff without fear of losing face I don't think they will care if some legit customer gets hit by a false positive.

Of course, they'll probably re-hack it at that point, but often the first hacked version ends up being the most spread around one.

Then, cracked software becomes free advertising!

I've always thought this was kind of an old wives' tale FUD. Long time back when I used to hoist the ol Jolly Roger, the pirated versions of software seemed to always be pristine copies. Reputable release groups had their reputation in mind and would go out of their way to release clean copies, or even go so far as to remove the official company-shipped malware like all those offers you used to get during install to Also Get This Toolbar! Reputable crack groups were the same way--leave no trace and use the smallest, most minimal binary modification possible.

Same with pirated movies: The pirate releases are often better than the official releases, containing more subtitle languages, stripping off marketing and FBI warnings, and so on.

If you don't activate Windows 10, you have no ability to personalize your PC (change wallpaper, colors, Lock Screen image, etc.) But you can still use it - which makes it annoying, but still functional.

After a few weeks without activating, it also adds an always-visible watermark warning to "Activate your PC." But it still lets you use it.

Perhaps the OP could do similar. Where... he has his standard system of copy protection, but then adds additional checks that stamp watermarks on printed documents, or show a watermark about illegal copy, doesn't allow adding business information to documents, so forth...

Maybe that's even the trial version. Always free, forever - but certain features disabled and lots of watermarks.

You can totally do that when you're Microsoft because pretty much everybody hates you already but you have essentially a monopoly so what can they do? But it's very different when you're in a market where alternatives exist.

The downside is, people who would have paid might discover they're quite happy with the trial version.

All you will do is annoy legitimate users.

Do it silently and maybe warn in a non-obvious way. But I wouldn't annoy the user too much

Parent is right, most of those pirating it wouldn't have bought it in the first place. Especially if it's a technical software with limited use (as opposed to a game, for example)

The user who is willing to stomach the time and risks associated with cracked software is NOT your target market anyway.

This is essentially a free trial program for “aspirational users” who will circulate it for you.

I’ve had my software (games) pirated, and been a pirate in my youth. Now I wouldn’t consider pirating because I have more money than time now. I suspect your actual addressable market is in the same boat.

The worst thing you can do is add draconian copy protection that adds friction to your product for actual paying users.

I vehemently disagree. Cracked users of commercial software ARE your target market that, for any reason, can't afford to pay you. They would if they could.

When I was a broke teenager, I pirated a lot of software, games and music I later paid for when I had enough money to do so.

Piracy can be annoying, but it is also an underrated indicator that some people really like or need your product so much they'd rather put up with the discomfort of piracy instead of going to the competition. I wonder if this is also an indicator to very expensive software that they might increase their paying user base by lowering their price. You might be leaving money on the table, maybe it's time for a flash sale.

I think we actually agree. You said “They would if they could”, that’s exactly what I’m saying.

Especially in business software, the risks associated with piracy always outweigh the benefit of free software for those that can actually pay.

The person who is trying to learn, or uses the cracked software while climbing up the pay-scale will eventually turn in to a paying user.

As others have said, getting cheeky and letting folks know that you know the software is pirated is also a good approach.

Price-testing as you mentioned can also be valuable. Spending energy on DRM or anti-piracy schemes beyond a little Easter-egg/joke/warning is a waste of energy better spent on improving your product for your actual paying customers.

I've gotta disagree here. SOME pirates are your target market that can't afford to pay you. I can't tell you how many times a friend has bragged to me about pirating a movie over drinks at an overpriced bar. If you can afford four cocktails at $15 a pop then you certainly can afford the $20 or less it costs to license a movie. Some people just like to feel like they're getting away with something.

I don't know, I feel like it depends on the culture as well, not just the amount of money someone has.

For example, I am at a point in my life where I can afford JetBrains licenses (actually their Ultimate pack with tools for all languages), so I buy them. Some people that I've talked with, while also apparently able to afford such tools, simply don't bother paying and prefer the pirated versions instead. They might look at the ~350 euro yearly price tag, consider that it's X% of their current month's salary and prefer free instead, even though it means putting themselves at risk (sometimes). In other words, they just don't care.

I can pretty much say the same about Windows installs that many are running on their computers. Given that buying Windows might be a non-insignificant part of their income, they just won't and instead might pay 20 euros or something to someone who can give them an install that just works. They don't care about copyright, or the ethical aspects, they just want the shiny thing.

My income has gone up in the past few years to a point where I'm comfortable, but I definitely can understand their point of view, even if it's unethical, at least given how life can be in my country (Latvia, though the same applies to many other economies around the world). Heck, in regards to entertainment I never buy those new AAA "full priced" games and just not play them if I can't find them on discount/sale until a few years pass and they're cheaper then, though I've heard that shady game key reseller sites are also popular here.

Here, the average annual disposable income per capita per year was around 11 thousand euros in 2020: https://www.statista.com/statistics/1267688/latvia-average-i...

Edit: actually, my country might be a bit of a negative example in particular, not sure why: https://eng.lsm.lv/article/society/society/latvia-leading-in...

> According to the MUSO anti-piracy analytics website, 46.3% of Latvians use the web to access illegal content, followed by Bulgaria (27.4%) and Lithuania (24.5%).

Do you provide demo (limited functionality) and trial (full version with limited time) options?

In many cases, none because they'll just keep pirating yours. Even if the company has a "don't pirate, we want to pay for it" policy, some employees will still do it! That's something to keep in mind. For some, piracy has become the default way to get software.

You need to make it easier to buy than to pirate. I believe taking small credit card payments for 1-seat licenses is key here. If a low-ranking employee's options are piracy vs. informally asking their manager "hey can I buy this $99 software" and entering their credit card, you're much more likely to make a sale than if the employee has to choose between piracy and dealing with their purchasing department, legal department, IT security, etc.

This only applies to companies with corporate credit cards and employees that have a lot of flexibility, of course. I don't know what other methods you need to offer to make it easy for other companies.

Usually, the "main" users had a valid license, but there were cracks floating around for the people that used the software a couple times a year. We're talking a about stuff costing thousands here. This was, if not approved, certainly turned a blind eye by management.

1) Typically obfuscation is not used, but even when it is used, it's easy to find what you're looking for. They're going to be using JCE or BouncyCastle for encryption. Look for the relevant classes.

2) The key is nearly always hard coded as a string constant that is not unique to the installation or customer. Super easy, and often discoverable with just the 'strings' command line utility. I would find your concats of chars and other silly schemes if you did that, but it would slow me down a bit.

3) IV is never used correctly with AES. It's always a static value, usually 0.

4) License keys are usually encrypted with the same scheme, but their format of entitlements takes some extra effort to discover. I occasionally must reverse engineer this as well to understand the limitations. For example, stupid licenses lock to IP address or a BIOS uuid, complicating a disaster recovery plan.

My favorite encounter was a class file, in the spirit of OOP, dedicated to licenses (ie License.class). It was not obfuscated in any way and had both the load() and save() methods included. All one must do is write your own Java class (or use Groovy interpreter), include the vendor jar in your classpath, set your license entitles and call save().

A real WTF is that SAP will encrypt the contents of _your_ database with simple substitution ciphers. If you want to query it for insight, you're going to need their simple character shifting/replacing scheme.

We reverse engineer it and it turned to be simply hitting a predefined endpoint for an encrypted file that then was encrypted with a hard coded custom script .

We happily extracted the auth data and setup a script that did the same in a cheap AWS linus box.

I think it's working well to this day, more than 10 years later.

Then, when the user gets activated, I used that as one of two pieces to recover the hash function to decode those secrets.

Still circumventable, but requires more complexity than simply skipping the activation check, because simply omitting some code doesn't cause it to work.

It's been shown time and again in gaming no matter what you do people will crack it and your measures to stop them will have more negative impact on your paying customers than it does on pirates, see Denuvo.

Honestly, the best thing is probably working on your conversion funnel to understand why you aren't converting people from pirates to purchasers.

https://www.wired.com/story/empress-drm-cracking-denuvo-vide... https://www.pcgamer.com/denuvo-cracks-2019/

She's falling behind though. https://www.reddit.com/r/EmpressEvolution/

This is probably often true, based on the product and its price point, but pirates using it as a blanket truism isn't good. There are a lot of possible situations.

Real life example: movie piracy may not generally affect box office, but an arguably bad movie leaked before release date will create a cloud of gossip that could tank its opening weekend. If previewing a film for reviewers will affect the box office of a bad movie, 100,000 copies being watched two weeks before release certainly will.

If individuals run it, eh who cares. There's a not insignificant amount of people who want to see if the real version would actually work. And see if it'll run on WINE or whatever. Pissing off individuals is how you get to be known as bad.

And then there's companies who run it pirated. Those are juicy targets. You dont even need to be mean. "We saw that your company appreciates the trial of our software on X machines for Y days, and would like to engage in licensing for your department/company."

Build multiple telemetry code paths in your code — if you can just get IP addresses of offenders you’ll have way more info than now.

Sorry, but from where I stand that absolutely looks like demonizing the user base.

> A license costs a few thousand dollars

Some general answers:

- An important point that I missed: we offer trial licenses.

- If necessary, we work with the customer to establish payment plans. Apparently it even happened today!

- The crack is being hosted on a site dedicated to cracked software, so I'm not sure if DMCA applies. (I'll have to read up on it.)

I'll take note of those who offered some help in case we'd like to work with you.

(Edit: Fixed comment layout for legibility.)

I'd also add rather than trial ware, if possible, creating a free lite version, some places stick to a depowered full version but IMO something separate devoid of any protection scheme that might be there as well as important code, offers light functionality ... and share it out P2P without announcing at the main site - have an internal link within the software that points to the site, and the hidden download announce page that has the official file share - along with md5 or other authentication schemes.

Defeat the crack when you put out new versions, create more complex protection and obfuscation, but make the more complex check only after a few weeks of running the software. Most crackers develop a crack and when it works release the program, so any kind of delays and double and triple license checks defeat them for a while. Make sure to never tell the user "this software is cracked." Instead, make it fail with obscure errors or work only partially. Be surprised by the support requests you get from users of the cracked version. Put out your own fake cracks with complicated installation instructions that sort of work, but not fully, etc.

Repeat indefinitely, with many releases. Do not ever use any intrusive DRM or hacks like installation of licenses in "secret" places, system modifications, etc., and make 100% sure your legit users have a perfect experience all the time.

Basically, it's a cat-and-mouse game whose goal is to frustrate the users of the crack. At the same time, consider giving legit users better deals and more flexible pricing options. Maybe you can even give away older versions of the software for free or cheap.

Finally, please remain polite even to users of the cracked version (they'll be on forums asking for help). Most of them simply do not have the money to buy a license, but might become legit customers later in their life when they earn more money. Some of them also aren't serious users, i.e., no future customers anyway.

The reason is that we noticed some paying users were cracking it, too, because our licensing system didn't allow dual boot or having a workstation and a laptop.

But our licenses were supposed to be per user and people wanted to carry our software around with them. If setup correctly, the same USB stick is now used both as licensing dongle and it also contains installers for Windows and Mac.

The reason yours wasn't cracked is the lack of interest on skilled crackers' part.

But mainly my point was that some of the "piracy" turned out to be paying users who had issues with our licensing system.

Piracy is the natural order of things, and likely isn't hurting sales at all as counter-intuitive as that seems.

You could perhaps offer cheaper versions in lower income countries, but if you try to 'beat' piracy too much, you're just going to lower the overall user experience of your software.

Present time the solution for many is the phone home route with the idea that their client's system is online always. The other goto was to contract a service that specialises in tracking down any unauthorised versions and contacting site admins - but IMO the web is so diverse these days it's simply not worth the money.

I would say if software is intriguing and works well, more often there will be a 'cracked' version on the web somewhere. I know many people see the pirating as lost profit, but more often there's a stark reality, they were never going to afford it in the first place - in which case it's not money lost but software getting exposure which might lead to more sales by those who've seen it in action. I've also seen absolute rubbish that had more money and time spent on protecting the ever so precious contents, that's been cracked only to allow curious users to see what a lemon it was.

Without knowing specifics of your software (language, platform, etc.) it's hard to advice on the protection scheme, but a simple option for compiled Windows binaries would be something like VMProtect (which is what Denuvo protection is based on). This will dramatically increase the amount of effort needed for a crack. On the flip side it may also increase the amount of false positives from anti-viruses and security software, but an EV sig on the binaries and a smaller installation base should easily offset that.

Also, it's worth keeping in mind that there are two classes of cracks. One is done for (basically) the street cred and another is the paid-for cracks. The vast majority of cracks are of the first kind, done by people on the warez scene. They tend to go after easy targets and will give up when there's more to the crack than nop'ing a couple of IFs or patching a couple of functions via a proxy DLL. So even a little friction here will go a very long way.

Something as simple as periodically re-verifying your license at random intervals using independent copies of your license validation code would be a good start. Ditto for checking the signature on your binaries. Never displaying the result of failed validation immediately, but always delaying it a bit. We are aiming at irritating, frustrating and wasting their time.

Despite of some people say, you can cripple your software if you detect it's running an "altered" version. The counter-argument goes that this will cause users of cracked versions assume that your software is of a poor quality, this information will spread and taint your reputation. This is 100% b/s. In reality every single user of cracked software is perfectly aware of incomplete cracks, so when a cracked version malfunctions, they know why.

If your program phones back home, e.g. to check for updates, make it report the hash of its binary and a license, and then allow crippling the install remotely. Among other wonderful uses, this allows messing with someone who is in the process of cracking your software, in real-time. Really dirty, but super effective.

Or you can do nothing, lay back and relax. But where's fun in that?

Indeed. To understand the motivation of these people see: https://successfulsoftware.net/2011/04/07/interview-with-a-c...

It's an arms race and the best thing you can do is redesign your activation process. There are certain ways to do this that make it increasingly difficult to get around it.

It's like computer security in a way... You cant ultimately solve the problem but you can make it so difficult to do that the time investment required is probably not worthwhile for an attacker.

We never took it too serious. You don't have to lose sleep over it but you also shouldn't completely ignore it. Just refactoring the copy protection ever few release cycles. Most of the cracks were using Windows APIs to access entrypoints to flip variables. Simply renaming, moving them, or adding removing properties was enough to throw them off for a while.

We figured out some of our customers were using cracked editions without paying for more seats. The support calls were interesting because we told them the bug was fixed but they were super reluctant to update. We'd pass the message off to the accounts managers and let them wrangle with it. This was more prevalent in developing countries where pirating for business use wasn't considered a big deal.

I tried to bring up a low cost edition at our company meeting but it was shot down. The numbers wouldn't work. Business users get training provided; casual users would swamp our helpdesk in lieu of actual training.

The plan should always be to get those pirated users into actual users, unless the country they're in is embargoed, funny story. From reading the piracy forum thread I found many were using our software for job training in hopes of gaining foothold in the field. Similar to how Photoshop was everywhere in the early web design days.

This isn't a strong ethical argument from me, but a practical one - if it wouldn't lose money and may help get more in then either ignoring the piracy or making it irrelevant would be a very simple solution.

The more they tape it, pass it around, and talk about it, the more you'll sell.

It your case, you might put a better cracked version on pirate sites with subtle messaging you want shared. Because some of them will tell people that work places that will pay, and some of them will take jobs at places that will pay.

Cheapest mass marketing you'll ever get.

- if those people someday move to a big company that can afford it, they'll be familiar with your sw

- they may blog about it or publish results from it, giving you free advertising

- reduces the market for a lower-cost version of your product, making new competitors less likely to form

Help people who want to pay, most don't. And they won't, regardless of how many hoops you put as 'copy protection'. Yes doing it purely online will work, but that has its issues as well

At this point why not exclusively offer it to legitimate university users (with a valid .edu address)?

I sometimes reverse engineer things for fun or curiosity, though I don't generally use or redistribute it. TBH I don't understand the psychology of licensing/pricing. Some commercial software is excellent and seems worth every penny the vendors ask for (and I am happy to pay for such software). I've seen a few products that cost thousands to license and are just dreadful. I have the impression that such products are sometimes not intended to be marketed as such, but their usage is licensed as part of a consulting deal, effectively borrowing the academic reputation of the person behind it.

You indeed get some users from piracy. Some of our legitimate users asked for a Russian localization because they've seen images of our GUI in Russian online and bought it for that. In my estimation, the number of clients you get from piracy about equals the number of clients you lose to it. Many people online say that those who pirate would never be your users anyway, but some users with an inelastic need for your software will prefer piracy if it is easy.

Moving your features to your servers will significantly reduce piracy. Sometimes that is not feasible. In that case, you can issue cryptographic tokens from your server to perform operations on client machines. With enough effort, that can be worked around, but you can make it difficult enough so that the inelastic users will buy the software.

It depends on what kind of software you make, but you could also license it cheaply in some regions with a special licensing agreement. In exchange, you could ask your clients to advertise you in their products (logo in movie credits, splash screen in a video game), or you could add royalty payment terms.

You could also think about flipping your business model upside down and, rather than focusing on great customer experience, focusing on getting as many software units out there at a lower price. A price that may be more affordable for the lower income countries. Do you know your marginal revenues and marginal costs? What happens if you drop your marginal costs by 80% by moving your training online, slowing down customer support, and drop your price by 50%? What would be the % growth of units bought? Maybe, in the end, that could be a profitable transition and would eliminate piracy.

But overall... I don't know how many pirates you'll be able to convert. In my professional experience, sometimes you can get a bigger ROI on effort spent in other areas than fighting piracy. There is no silver bullet for piracy; otherwise, it would not exist.

After I shut down and stopped distribution, some other Chinese crackers kept the app alive and going via both cracking AND forcing in Chinese translations for the whole app. I loved to see that forum thread continue for years after I had moved on.

1) Publish your own cracked version that has a survey that allows you to determine who is using the cracked version. Use the survey to figure out if it make sense to create a special version (lower price and few features) or special pricing for those users (see #3 below).

2) Move some key logic to a server so a cracked version would need to use your server for some part of an important feature.

3) Consider a subscription funded version of your product. If a user only needs your tool for one week and will not use it again for months, then it would allow them to pay a fraction of the purchase price.

You're still losing out on sales, but cracked software often originates in those same low-income countries. They get to have their free copies, and it's a likely bet that your customers in wealthier parts of the world will just buy the license instead of attempting to crack it themselves.

It is a waste of your time and you will be in a forever game of cat and mouse.

Subscriptions are a negative value, it's something that'll bleed me dry as long as I have it.

Only a small percentage of people who pirate it are likely to be paying customers if they couldn't pirate it. So the real revenue loss is likely minimal. (Without know more about what the software does it's hard to make generalizations about the target market, though.) And you never know when someone who was able to use/learn the software by pirating it will be in a position to turn around and recommend to their employers or friends your product and those entities will actually buy it.

If there's a specific site or forum online where the crack is being distributed, you can always at least just send a DMCA takedown notice, but overall it's probably not worth spending much time or money worrying about it unless you have real data showing significant missed revenue opportunities (which is at most a tiny fraction of the number of people who pirate the software).

If you can update future versions of the software to not be cracked by the existing mechanism, BUT NOT AT THE EXPENSE OF CAUSING HASSLE FOR REAL CUSTOMERS WHO ARE UPGRADING, you could do that too.

Technically, it's very hard to stop a determined cracker once they get your binary. VMProtect, Themida or other strong packers maybe to some extent can, but those do degrade user experience, so not really popular for professional software. Dongle based solutions by Gemalto or Wibu? They are expensive. One need to physically post the dongles. And they are still crackable unless one have been really carefully implementing the protection scheme (never seen one yet).

See how the cracker's tools (well, reverse engineering tools) are protecting themselves: IDA and JEB Pro are two prominent examples, they don't get pirated until someone leaked the installer. They watermark their distributions, and then they can trace who leaked the binary and act accordingly.

2. Downloaders of cracks are not 1:1 with buyers. Overwhelmingly people buy legitimate software if their business actually relies on it. If Photoshop cracks didn't exist there would be far less professional users.

3. You cannot remove it from the net. Any legal attempts are a waste of money, you will only ever catch the lowest quality users, and trying to go after them in court will not only cost more, but will put your company on the permanent shit list - meaning more clout, more notoriety for cracking future versions.

4. Congrats, you've made a product people want. Focus on making it better, and buyers will come. If you focus on drm and fall into the trap of "theft prevention", you will ultimately end up locking your legitimate customers out before the crackers. Crackers don't play by your rules.

5. If you do actually see a tangible and significant hit in profits, then tie your software to online services. Can't crack what isn't executed locally. This will again reduce quality for legitimate customers.

When you are ready to release the next version of your software, you simultaneously release 50+ “cracked” versions of the software on as many pirate sites as you can find.

The trick is that the “cracked” versions of the software is actually just demo versions that will stop working after some time and prompt you to buy the real thing.

You also add comments to pirate sites on all really cracked versions of the software claiming that the cracked software erased your hard disk, that the software is trying to black mail you, that it was cracked by interpol to catch pirates etc. etc.

Of course using hundreds of different user names to hide the fact that it is really your company doing it.

And you of course reuse “real” pirate names and claim that those other users are fake and/or police traps.

And even better: use an AI to automate all of this. Make it really expensive and frustrating to try and get a cracked version of your code.

You are welcome.

Circumventing licensing restrictions, “sharing” keys, customers pretending to be other customers to avoid paying support agreements, I’ve seen it all. Some people view avoiding paying you as a legitimate way to do business, and will happily do so if they can get away with it.

One mechanism to prevent this that actually works, is having a chunk of your functionality “cloud based”. Put new functionality server side and piracy loses its value. Make it so that the upgrade mechanism is through their account. Generally, stop thinking in terms of “registration” and start thinking in terms of “licence to access services”.

Most other mechanisms are legal rather than technical, but these are hardest to pursue in the countries where piracy revenue loss will be most prevalent.

This argument falls apart when you recognize that people that pirate weren't going to pay anyways. Piracy isn't a lost sale. A lack of piracy doesn't mean more sales, it means fewer users.

Yes, I pirated Photoshop (Who didn't?), but if I couldn't pirate Photoshop, the alternative was never going to be buying Photoshop, it would be using GIMP or something else.

When you make piracy hard enough, they will pay.

As a youth I pirated everything I could get my hands on, I’m not saying the photoshop example is invalid. I’m saying that if you are making software that’s used in a commercial setting, then piracy is a genuine problem that must be addressed.

There is a spectrum. Some people will never pay (e.g. teenagers, who don't have credit cards). Some people will always pay. A lot of people (most?) are in between. They will use a pirate copy if it is easy and they think can get away with it, otherwise they will pay. So some level of protection is important. But you shouldn't do anything that makes life more difficult for the people that are prepared to pay.

None of the people using the cracked version would be potential current customers, but later on down the line they might become customers when they move to an environment where using a cracked version is not doable.

Student movie tickets are cheaper, even though the seat taken is the same. This is done so students will spend some money instead of none, without reducing the price that other segments will pay.

Although you get no revenue from piracy, you do get people trained on the software, integrated into their workflow and infrastructure, advertising and promotion - it helps your product become the standard. They may later become paying customers. It denies oxygen to competitors.

Apparently, adobe turns a blind eye to piracy of photoshop, for reasons like these.

But to repeat: this mightn't be appropriate for your case. Are there such network effects? Would you benefit from them, over time? Is there some trigger for actual purchase?

If it's on BitTorrent, you can get crazy about it and monitor people who share it and send them letters/notify their ISP, but I think that's a lost cause.

Similarly with other P2P networks, you often make direct connections with sharers, and you can use IP addresses to report them to ISPs.

That or you can do what studios/rights holders so with movies and poison the well with broken downloads, bogus files, etc.

You can obfuscate binaries, it's just a matter of how determined crackers are and how much effort they want to expend cracking them.

If you want to prevent this, tie your product into remote services that require authentication with your servers. New features are now implemented in the cloud, and the binaries you ship are just clients to those remote features.

Can you provide some proof of this happening? I'm curious because I've always thought about this but never actually encountered it in the wild.

It is, however, _very_ common for different groups to use unreleased or recently release movies to release a video that's just a sign post. Either the URL shown in the video leads to a malware site, or a site that charges you to see the full video, itself a scam of some degree.

For instance, you'll see this:

    "name": "A Man Called Otto.2023.720p.BluRay.x264-WDC", 
    "files": [
      {"name": "A Man Called Otto.2023.720p.BluRay.x264-WDC/A Man Called Otto.2023.720p.BluRay.x264-WDC.avi", "size": 670547315}, 
      {"name": "A Man Called Otto.2023.720p.BluRay.x264-WDC/Readme.txt", "size": 223}

At least it's not made by the "official" WDC.

For the curious, the file directs the victim to the link below. Open at own risk.

echo "otto-dellac-nam-a/8545047tt/hctaw/zyx.llufseivom//:sptth" | rev

Code something that detects the tampering and either sends the info about it somewhere (that might not work if they just not allowed firewall out tho), then you might be able to send a letter to company (if that is company not just some random non-professional user). Probably illegal in EU tho.

Or just have it display delayed warning/info notice about software being illegal and where you can buy legal copy. Disabling software is probably pointless (if it stops it from working they will find way around), but just "using this is illegal and can get you in trouble, contact with us to buy a legal copy, we offer bulk discounts" migtht get you some

This actually happened to me with NieR: Automata. I downloaded it for free, played for 60 Hours, then discovered that the CREDITS were a playable minigame which was not feasible to beat alone, requiring Network Connectivity to gain helping partners. These just being basic AI named after other players' save files.

So then 2 years later I BOUGHT Automata, played another 50 hours or so, and finally beat the Credits :) Then bought some DLC so my friend could experience it with Steam Share through my account...

And yet nearly all games on Steam, including Valve's own titles, have DRM. What an executive says in public for PR purposes doesn't always reflect their or their company's actual views on the issue.

Then Bought it because of a SERVICE that was not available to me.

Now congratulate yourself that people are willing to jump through hoops to use your software, I guess?

The reason that I pay for all software I can afford, and run the REALLY expensive stuff in an isolated VM, is ransomware. If I were to search for the latest version of a program on torrent sites and forums, and I found it and installed it, and then +1 day + the next time I opened it, it "updated" with ransomware that the cracker included... well, I'd be real unhappy and make sure to warn people with negative reviews on the crack sites. There are ransomware as a service providers now that pay a large percentage of any payments... It's everywhere!

Piracy is a compliment. Piracy is a form of free advertising. Your core customers will remain yours anyway. But you have to close the open breaches from time to time, gradually narrowing the attack surface. This will help you remain profitable.

You may need some tools to help you win that game. Obfuscators/protectors may be of some help. For instance, code virtualization is a pretty decent technique to deter most attacks of such kind.

"That software of yours? Yeah, I tried it once and it was garbage, couldn't even save its own output properly. Now you want me to buy it for... wait, how much?"

https://m.slashdot.org/story/185397

and

https://en.m.wikipedia.org/wiki/FADE

There are also other games, one whose name eludes me, that deliberately couldn't be completed if it detected it was cracked (and effectively acted as a demo by doing so).

If anything, this demonstrates how unpopular this idea is. Of dozens games released and cracked every year, after 40 years of PC gaming, how many tried this strategy? A handful? Also, I now checked some of these games at my favorite torrent tracker, and yes, they are there, they are cracked, and there are no complaints about these defense systems in comments.

And these are games. I wonder if anyone has ever tried that with more useful software, and if they had any success with this strategy.

edit: I now realize I might have met this "in the wild". In my case the game was "The Legend of Kyrandia", and my cracked version could not be completed indeed.

All this trick achieved was making that kid who was me frustrated and unhappy. The game did not explain what was wrong, and there were exactly zero ways I could get a legal copy in Russia in 1999 anyway.

I got a better cracked copy later though. Nice game, do recommend.

Some developers I know and will not name have been known to leak their own cracked copies of their product, just to ensure that there is something broken about them that easily identifies them as a cracked copy.

If the broken thing ends up publicly known, then it will just get fixed in the next cracked version. But if you keep it under wraps, then you'll end up with a reputation for writing buggy, unstable software, especially when the inevitable false positives occur.

If the cracked software gets downloaded a lot then maybe there's another mass market that will pay tens to hundreds of dollars for your software. If that happens then it might be worth releasing a new version of your product at a lower price point for those customers.

So you mean the software has been digitally signed? If it is signed how is it possible that it is cracked? Isn't even a slight modification of the binaries will render the software unusable if it is signed? I have a software that is signed digitally and the certificate private/public key is supposedly takes some hundred billion years on average to crack. So what is the point of signing a software?

Signed drivers are more frequently required than applications.

Cracking tampers with the binary, so the signature is removed.

Demonizing and chasing people who pirate will only work against you, just like it happens with gaming.

Consider the pirate version a "trial" for people who are considering whether to buy the official version. Again, many with gaming do this.

Don't feel bad. In all seriousness, piracy is probably helping you spread the word and get people to try your project.

I remember any tech-savy/media kid was obsessed with getting Adobe products... but no way could they ever afford a license like that. I don't think it would be as big as it is today without kids/younger generation getting their hands on it somehow.