I've always assumed that weak DRM is the result of a cost benifit analysis. A child with a hex editor could disable it in a few minutes, but most of your customers do not have a hex editor. And, of those that do, the ones who are willing to spend the time to break your DRM (however trivial) would probably not have bought your software anyway. The intersection of people who would work around your weak DRM, and who would pay if they could not do so is small enough that it is not worth paying developers to spend the time to implement a strong DRM.

I think integrity is a better word here than ideals. We're not talking about doing the best you can, we're talking about doing something that you know will do harm. And yes, I've given up the paycheck twice in that situation. Don't pretend you're just like everyone else if you think choosing not to do the right is okay. Because you are not like me. Sometimes you absolutely have to, but by being an engineer in a first world country, that simply does not apply.

There have been a few instances of this sort of "malicious compliance" that I've noticed, the biggest of which has been Pandora: If you're not in the US, you have to convince their website that you are in order to play music (due to licensing restrictions). However, last I checked, the audio servers have no such restrictions, so you can still stream directly from them rather than having to push that through a proxy as well.

Yep, most country restrictions seem to work that way. The worst though is billing -- e.g. having to have a credit card from that country -- or auto-updating DRM. In both of those cases, it's not impossible but it raises the bar quite a bit. That said, even in billing scenarios, people seem okay with lying about your address, so long as parts of it match and the card can still be billed. E.g. if out of the US and it asks for a US zip code, just use the numbers from your postal code.