Discuss Home · Bootstrapped Podcast · Scribbleton Personal Wiki · HelpSpot Customer Service Software · Thermostat NPS

Software protection, cracks and DMCA


#1

Hi guys,

for a couple of years we have been working on software products and sold them quite well. It’s one-time purchases (plus cheaper upgrades for new versions). We were above the “industry conversion average” of about 4% (purchase vs. downloads) but always wondered why software has those low conversions generally. Btw: we found that Google Analytics is generally great and it is awesome in combination with campaigns (URL builder from Google) to track and optimize downloads instead of purchases - simply because the number is 10-20x as big and FB/Google can thus optimize the ads better… Saved us a lot of money in advertising eliminating campaigns on FB/Google that showed many clicks but low #downloads. Bing is just awful. Cheap clicks but no value.

Aaaanyways. Back to the important parts:

Software protection:
We do use LimeLM and we are actually very happy with it. We are aware, that LimeLM only makes sure that “users cannot share a license with friends or on more computers than its allowed”. So in essence with LimeLM (as far as we understand and speak from experience) we can make sure, that a product key that was rightfully purchased cannot be used beyond the number of activations we intended. We always had our software cracked within a couple of days - but that is not LimeLMs fault. Replacing the license verification in machine code with a “pass” is simply a problem of the system itself… We are looking forward the new LimeLM release and we are quite excited about the “verified trials”. I personally like Wyatt - he has the most competent customer service I know and I particularly like that he tells people when they ask stupid questions which are explained in detail in the handbook. Kudos.
What is your take on software protection? We have Windows and Mac applications and many solutions come at cost of the customer experience/false positives in antivirus. False positives are an issue for us - whitelisting our software helps. Still, there are many antivirus solutions out there who flag any software as malware and don’t even have a whitelisting… So those overprotective solutions suck. What’s your experience here?

Certificates
We started using DigiCert EV. Time will tell whether it’s worth the additional money. However: they have a very responsive customer support. Comodo is just bad. I have never met more incompetent people. Always caused trouble as well - and Symantec could not explain the verification process in detail, so we went for DigiCert. Whats your experience?

Btw: I cannot understand why Microsoft/Apple do not enforce valid certificates. If executables/programs could not run with an invalid certificate/tampered executable, cracking would in essence be impossible. They could stop piracy essentially tomorrow. Of course some “freeware developers” would moan about 100 EUR/year for certificates - but the rest of the industry just suffers. I also cannot understand how Google is so little concerned about “cracks etc.”. Sure, comes in handy to harm competitors if your own product sits on your servers and cannot be cracked and shared for free… Plus crack generate search traffic…

Cracks and DMCA
The Crack Tracker is actually really cool. It gives great satisfaction to send out dozens of emails to those morons. Its very convenient to use. We can see the results, which is great. Is there something like that available for torrents as well? Generally, DMCA requests really seem to work. Facebook, Youtube and Google are quite responsive to that. Also: a lot of those “crack sharers” are just average smart - they have their page hosted on godaddy.com etc. So it is actually a quite effective idea to check out WHO shares your cracks, search the ISP on WhoIs and then send an email to them (the ISP/Godaddy). Usually they take down the entire homepage (I get a lot of cry emails of those “crackers” moaning about their pages being taken down) lately :slight_smile: I would encourage you to do so as well. It’s not Hydra. Work on it regularly, send out those DMCA requests to the ISPs and they TAKE DOWN the pages. Some of those crackers are even as dumb as listing their own name/phone number on WhoIs for their “free program sharing page”. I can recommend calling them at night. How do you take down torrents? We have searched manually on the most popular torrent pages and DMCAs sometimes work - but a tool would be better. We also use Muso.com for a while - but they are somewhat slow…
Don’t start with “you can never stop cracking” or “cracks don’t matter”. Cracks matter. We have about 150 downloads per day for our software - and found that ONE torrent spread the crack to 2000 people in 6 weeks. Great for sales. People are dishonest. We had people sending us support tickets from their COMPANY email address sending us screenshots of their cracked software (they didn’t know we spotted) and asked for trouble shooting… Calling them in person also works very well in this case. Keep in mind: those people sharing your programs often come from a village somewhere in Pakistan - and do it as a hobby. They are not smart or sophisticated. The crackers may be. The people downloading the cracks are not evil people - just regular persons who don’t think “stealing software is bad”. We tracked down those sharing our program and those using the cracks. There is no “sophisticated scheme” behind it. Punch them in the face - real hard. What is your suggestion coping with torrents? Any tools?
Our experience: invest some time, track them down, beat them up. No mercy.

Let the discussion begin :wink:

Cheers
Jan


#2

I’m in the games industry, where piracy is a big problem.
Here’s some things I learned, and a shameless plug for my own DMCA service.

Honeypots
Have a page that says “ProductName crack”, and encourages people to buy in a friendly way.
For example:

If you like ProductName enough to go searching for a crack, why not just buy it? It’s only XXX. You get free support and YYY. Downloading cracks is a great risk to your computer because … On the other hand, buying our software is completely risk-free: We offer a 30-day money-back guarantee. And if you need any help, the developer will himself respond to your questions. Please pay us for our hard work. Some Keywords for Google: Crack, License Key, Warez

I learned this from Andy Brice. A significant number of people find this page through Google, and some of them actually buy.

Catching people after they pirated the software
My software has several mechanisms to detect that it has been cracked. But upon detection, it will continue working. (If you make your software crash after it has been cracked, the cracker will notice and just circumvent the check).
So it will continue working normally, but pop up a webpage saying:

"Hey, it seems you don’t own a valid license key yet. We work hard to build the best software available. IN order to do that, we need your support. Do the right thing and buy the full version! With the full version, you will also get X, Y, Z.

It continues working, but it reminds people in a friendly way that they didn’t pay for the software yet.

DMCAS
I agree that DMCAs are great. For example, whenever a new wave of cracks gets released, sales drop by 30%. Sales climb back up once I send out DMCA notifications. In my experience, most people are lazy and will pirate the software, if they can find the pirated version easily. But if most pirated links have been DMCA’d, they will give up searching and just buy the software.

It would be possible to send DMCA notifications to Google, asking them to remove pirate sites from the search results.
This is a bad idea for several reasons:

  • Google only delists one particular URL. Often the same content can be accessed via a slightly different URL.*

  • Google places a very obvious “content has been removed” link at the bottom of the search results. Clicking that link gives you a list of the original URLs.

What I do is, instead of going after the pirate sites, I go after the uploaded files.
Pirated files are usually not hosted on the pirate sites themselves, but on various upload services. These upload services are fully DMCA-compliant and will remove files on request.
When you send DMCAs for all the individual files, then you have lots of pirate sites with invalid links.
This serves to obscure the few pirate sites that do have working files.

Crack Tracker is a good product, I’ve used it for several years.
However, I discovered that it finds only around 30-50% of all cracks that I was able to find manually.

Therefore, I wrote my own piracy crawler. It replicates the search behaviour of a human pirate. It doesn’t rely on a built-in list of piracy sites: Instead, it searches the internet and detects new pirate sites automatically. The software is able to find almost anything that a human pirate would find.
By using the software, no further piracy-related sales drops occured.
I’m now offering this as a service: Copyright Hero - Anti-Piracy Service
It’s a fire-and-forget solution - you tell me your product, I handle the rest.
Send me a link to your product and I’ll send you a free report, with complete listing of all the files found.

Torrents
Some torrent sites respond to DMCAs, but most don’t.
What I found out is that just going after file hosters, as described above, is very effective to increase sales. For example, in my case sales dropped by 30% after release of cracks, and went back to their original levels after sending out DMCAs.
My suggestion is to handle the file hosters first and worry about torrents later. If you’re affected by piracy, this alone will lead to a significant boost in sales.

Cheers,
Lukas


#3

Wow! Great ideas! No nonsense talk - full of rich and great information. You don’t find much good stuff about it on the internet…
I’ll drop you an email. Thanks!
Jan


#4

Thanks again Lukas - just to give the others a heads up: the report by Lukas was super informative. We will use his service for our product going forward!
@Lukas: Have you ever talked to Wyatt from LimeLM? I know he does recommend good software solutions (e.g. Fastspring) because he recommends what he thinks. I do believe your service would be a great addition to LimeLM - it would be a win-win for both. The “my software gets cracked, what can I do” pops up in the forums at LimeLM from time to time… I wish I had known earlier…
Cheers


#5

My friend has used LimeLM for his audio processing software and it was cracked in no time, actually the day after he released the software. Stop wasting time on this snake oil.


#6

Your “friend” should read the site for the product he bought and perhaps learn the difference between licensing and crack-protection, they are 2 very different product genres.

The point of licensing isn’t to stop crackers from cracking your software. The point of licensing is to increase your revenue by preventing casual piracy (using serials over and over again). There is real money to be made by stopping casual piracy.

https://wyday.com/limelm/features/why/

Yes, I use LimeLM myself, no I’m not a troll.