More copy protection...

[JCJR]

Apparently a lot of customers will buy software requiring manual interaction with websites to unlock the software. Maybe the typical consumer who buys software doesn't mind.

I don't want to register with a company and get a username/password for each company and futz around with visiting internet sites or email or special authorization applications to get the software to run.

I'll buy something that asks for username and product serial number for authorization. I don't mind if the activation dialog calls home to a web site to complete the authorization, so long as it is transparent and I don't have to screw with anything extra, except username and serial number.

Sometimes have bought software which requires jumping thru more hoops than that, but software needs to be truly mission-critical, with no other viable alternative before I'd pay for such a "hassle product".

I have quite a few NFR (not for resale) "free" legit copies from companies that require jumping thru hoops, but it is so annoying I rarely bother to install them on a new computer, and actually I rarely use those programs even if I jump thru hoops and install them. Maybe they don't get used much because of the "bad taste in the mouth" of having to jump thru hoops to activate the software.

But maybe forcing the user to visit web pages or do email tag to get authorized, makes more sales than the number of customers driven away by the intrusive copy protection. Dunno.

[Urs]

At bandcamp, by default, every visitor could simply "save as" the fully unprotected "demo" and call it a day.

I've tried that once. More Feedback Machine 1 was fully functional and free to demo, but cost 20 bucks for a full license. It got downloaded tens of thousands of times, it was on several magazine CDs and so on. Yet, I think about 20 people paid those 20 bucks over the years. It was a model that doesn't work, so I filed it under "advertisement".

A big issue with software is perception of value. Everyone wants expensive software for a lower price. If it isn't expensive, it's commonly regarded as less valuable and thus less "pro". Hence some companies give themselves a "pro" image by pricing their software high, yet running a sale all year long (there are good reasons for this kind of marketing being prohibited in the EU and elsewhere). I don't think it works the other way round though - you can't run a business on "if you really like it, we invite you to pay twice as much". One way looks like a good deal (cheap software with higher percepted value), the other way looks overpriced (cheap software with optional rip off).

[Vertion]

A big issue with software is perception of value.

Nailed it. As a buyer in this market, and watching this whole scene evolve since ScreamTracker, I can say that it's completely true. The product must have good packaging strategy, but it also must have a good core/function.

My example from just now: I just jumped from a KVR post over to look at Dust from SoundMorph, I vaguely remember seeing it before.. but I did a little more looky-loo at it. I'd like to describe my experience of perceived value.

I first look at the website, looks a little cheesy to me, but I'll give them the underdog card for the benefit of the doubt. It could signal about their product quality in mind, I keep it in mind as I continue forwards. I look at the product picture and it looks pretty, which tells me I might enjoy looking at it while using it and giving me a better experience.. I feel a rush of relaxation and interest. Then I look at the price.. it says 99 bucks. I don't know about everyone else, but as income goes I'm the general range of the common everyday consumer, and that's a bit much, especially if I am a fan of buying plugins on some kind of regular basis.

So perhaps it's worth 99, I have no idea yet, but given my existing collection, I need to see if it really is something I can't pull off with my existing gear, or in some other way with ease. So I start looking examples of how it sounds first.. I play the intro youtube video on the page.. it's a little cheesy, but interesting, some of it sounds pretty good to my ears, and a bit curious to how it was done. So I move to the next video, I wait through more sound examples to finally get to it.. trying to minimize the time to answer my question, how to use it.. with as little investment of time and energy to learn and pay attention, except to answer my question. Then I think.. not bad I guess.. but I still don't feel the 99 bucks coming.. it doesn't feel like it's worth that to me.. but it is interesting.

So I look for a demo.. I look up the page, down the page.. left.. right.. and finally conclude there is no demo available.. so I think.. well.. I have no idea if I would like this after 5 minutes.. I take the risk this product sucks.. or I was misled... it could be worth it.. I guess I could ask others.. or search youtube for reviews... but I wanna move on to something else now... I decide it's not worth my money or my time given the price and the situation.. I keep in mind that if they ever have a big sale, I might... but how much am I willing to pay.. so I ask myself.. and keep dropping the price.. then I conclude that I feel comfortable trading my lunch money for it.. about 20 bucks... and then I think.. but they'll likely never do that.. so I move on.

This is the reason I don't buy most plugins.. only the ones I can experience first hand.. and really get to know.. ones that demonstrate the ability to make me better music and/or broader music than I currently do. I perceive U-he has high quality products, the best actually.. but I also have to weigh my wallet... so I prioritize the list to only the ones I'm able and willing to shed the cash for. I get the high priced idea for creating value.. but it's also the ones I buy the least. The ones that prove valuable to my goals and enjoyable to use.. and cost about a lunch (or a tad more 20-30 bucks) are the ones I end up buying the most.. otherwise I spend the money on completely different things.. like a pizza. Speaking of.. (phone call to Domino's).

I don't know about everyone else, but if any of Urs plugins were 20 bucks (if I had known).. including MFM.. any of them.. I know my lady would let me get that.. and I'd get it in a heartbeat.

[nonnaci]

A big issue with software is perception of value.

Nailed it. As a buyer in this market, and watching this whole scene evolve since ScreamTracker, I can say that it's completely true. The product must have good packaging strategy, but it also must have a good core/function.

My example from just now: I just jumped from a KVR post over to look at Dust from SoundMorph, I vaguely remember seeing it before.. but I did a little more looky-loo at it. I'd like to describe my experience of perceived value.

I first look at the website, looks a little cheesy to me, but I'll give them the underdog card for the benefit of the doubt. It could signal about their product quality in mind, I keep it in mind as I continue forwards. I look at the product picture and it looks pretty, which tells me I might enjoy looking at it while using it and giving me a better experience.. I feel a rush of relaxation and interest. Then I look at the price.. it says 99 bucks. I don't know about everyone else, but as income goes I'm the general range of the common everyday consumer, and that's a bit much, especially if I am a fan of buying plugins on some kind of regular basis.

So perhaps it's worth 99, I have no idea yet, but given my existing collection, I need to see if it really is something I can't pull off with my existing gear, or in some other way with ease. So I start looking examples of how it sounds first.. I play the intro youtube video on the page.. it's a little cheesy, but interesting, some of it sounds pretty good to my ears, and a bit curious to how it was done. So I move to the next video, I wait through more sound examples to finally get to it.. trying to minimize the time to answer my question, how to use it.. with as little investment of time and energy to learn and pay attention, except to answer my question. Then I think.. not bad I guess.. but I still don't feel the 99 bucks coming.. it doesn't feel like it's worth that to me.. but it is interesting.

So I look for a demo.. I look up the page, down the page.. left.. right.. and finally conclude there is no demo available.. so I think.. well.. I have no idea if I would like this after 5 minutes.. I take the risk this product sucks.. or I was misled... it could be worth it.. I guess I could ask others.. or search youtube for reviews... but I wanna move on to something else now... I decide it's not worth my money or my time given the price and the situation.. I keep in mind that if they ever have a big sale, I might... but how much am I willing to pay.. so I ask myself.. and keep dropping the price.. then I conclude that I feel comfortable trading my lunch money for it.. about 20 bucks... and then I think.. but they'll likely never do that.. so I move on.

This is the reason I don't buy most plugins.. only the ones I can experience first hand.. and really get to know.. ones that demonstrate the ability to make me better music and/or broader music than I currently do. I perceive U-he has high quality products, the best actually.. but I also have to weigh my wallet... so I prioritize the list to only the ones I'm able and willing to shed the cash for. I get the high priced idea for creating value.. but it's also the ones I buy the least. The ones that prove valuable to my goals and enjoyable to use.. and cost about a lunch (or a tad more 20-30 bucks) are the ones I end up buying the most.. otherwise I spend the money on completely different things.. like a pizza. Speaking of.. (phone call to Domino's).

I don't know about everyone else, but if any of Urs plugins were 20 bucks (if I had known).. including MFM.. any of them.. I know my lady would let me get that.. and I'd get it in a heartbeat.

Indeed with software and most digital goods, the cost of production after the original gets built is effectively zero. Short of introducing artificial scarcity, the supply is taken to be infinite and the buyer is charged with setting the price which is entirely a matter of perceived value; hence the massive marketing campaigns to differentiate from competitors.

[FabienTDR]

I don't think it works the other way round though - you can't run a business on "if you really like it, we invite you to pay twice as much".

I agree, that approach certainly doesn't work well. It creates an unfavourable situation for the customer.

You'll have to be clever in any way. No matter how a business weights piracy prevention, prices and PR in general. It's not exactly easy.

A more relaxed model also has notable advantages going beyond hippie romanticism. I'd definitely put your approach into this league, don't get me wrong. I'm winking towards more extreme examples investing tons of gold into attracting the wrong audiences, while declaring an open war to pirates and youngsters, but also their own customer's nerves.

With regard to anecdotes, I have an interesting one, too! As you maybe know, we have a unusual approach to the whole freemium/demo/paid thing. We of course observe the known crack blogs and regularly find surprisingly intense debates between members about whether uploading our products is ethical or not.

We're very relaxed with cracks, as these often don't last very long. They typically still contain time bombs suggesting, in a friendly and humble tone, to officially acquire a license "by clicking here". After a few months, there's typically a new version with exciting features available, plus updated keys and bombs of course.

One way looks like a good deal (cheap software with higher percepted value), the other way looks overpriced (cheap software with optional rip off).

Again, no question about that. On the other hand, and depending who you want to attract in the first place, you can expect certain things. Most pro studio owners, be it recording, mastering or post production, have been hammered with the same (software) sales trick over and over again, for years, if not even decades. Same is true for most customers in the web era, they've seen quite a load of different banners, .99 prices, strikethrough pricing, eternal discounts, you get the point. There is a counter-trend forming in certain areas favouring a pricing with nice round number, no-luxury trickery, clearly understandable terms and conditions, and so on. Some of these companies are highly valued by any aspect. Some wild example of such CIs, by varying amount, would be Google, Benchmark audio, Cockos, Bandcamp, Slack, xiph.org, Mozilla foundation and so on.

[FabienTDR]

Indeed with software and most digital goods, the cost of production after the original gets built is effectively zero.

This is a fallacy. You forget the wild stormy sea in which this software has to keep its head over water.

Software is maintenance and support heavy. Much more than most non tech people think. The more it is used, the more costs grow. Bugs also appear with time, not just due to mistakes!

[nonnaci]

Indeed with software and most digital goods, the cost of production after the original gets built is effectively zero.

This is a fallacy. You forget the wild stormy sea in which this software has to keep its head over water.

Software is maintenance and support heavy. Much more than most non tech people think. The more it is used, the more costs grow. Bugs also appear with time, not just due to mistakes!

Ah yes, support ;( And particularly nasty if dependent APIs change over time (cough app market). But does the customer consider the cost of support? I think most have an expectation of good customer service despite having already exchanged moneys.

[Vertion]

Software is maintenance and support heavy. Much more than most non tech people think. The more it is used, the more costs grow. Bugs also appear with time, not just due to mistakes!

I keep hearing that plugins have to be supported. However, for my level income, I own a lot of plugins... and many of them are still VST Win32, with no updates in sight.. and many are still being sold on their sites.. with no one home. I've actually come to expect to buy any plugin 'as is', so I'd better make sure it works for me first (mandating the demo). It ticks me off when some developers remove their products from sale.. like reFX.. I really used to love reFX's products... oh man.. they were it for me back in the day.. I loved Claw.. Vanguard and bought it.. I loved PlasticZ and bought it.. and I had all their demos.. I had a yearning to add Beast and QuadraSID to my collection.. and when it finally became the time that I could afford it, and moved to buy the remaining plugins.. they remove them from their site and sell only Nexus.. so I'm personally left with the attitude 'well f you too' ...I never bought Nexus... and frankly, I scoffed at it, and still do. I didn't care that Beast/QuadraSid/JunoX2 were no longer supported either, especially since I'm so used to it.. . I just wanted the damn plugins. I was about the throw some money at them, which they turned off. Personally I think all that former awesomeness of refx turned around and became xfer ...hehe.. at least thats how I see it.

[e@rs]

...refx turned around and became xfer...

[rhansen]

I used to get spikes in web traffic when a crack was released.

hehehe, talking about web traffic... to this day, in its 6th or 7th year, each 17th of a month is ACE day. Sales of ACE spike on any 17th or 18th (depending on timezone). Based on the most simple idea I've ever come up with, the copy protection of ACE performs an additional serial check on each 17th of any month. It displays a message on the screen alongside a link to our shop. Some warez user clicks that link, browser opens, a few of them turn into legit users.

Do you do system calls in order to check the current date? Reading through all the answers made me feel like system calls are a kind of "no-go" and can be tracked easily. I think you even once mentioned that Zebra does a serial check after 9 months of using. I always wondered how you do that. I only came up with the idea to store some date of creation inside a preset file. But even then I would need to query the current date (by doing a system call) for comparision.

Can you give some details about the "most simple idea"?

[Urs]

I used to get spikes in web traffic when a crack was released.

hehehe, talking about web traffic... to this day, in its 6th or 7th year, each 17th of a month is ACE day. Sales of ACE spike on any 17th or 18th (depending on timezone). Based on the most simple idea I've ever come up with, the copy protection of ACE performs an additional serial check on each 17th of any month. It displays a message on the screen alongside a link to our shop. Some warez user clicks that link, browser opens, a few of them turn into legit users.

Do you do system calls in order to check the current date? Reading through all the answers made me feel like system calls are a kind of "no-go" and can be tracked easily. I think you even once mentioned that Zebra does a serial check after 9 months of using. I always wondered how you do that. I only came up with the idea to store some date of creation inside a preset file. But even then I would need to query the current date (by doing a system call) for comparision.

Can you give some details about the "most simple idea"?

I do all sorts of things. Eight years ago I still did date checks using system calls. This one didn't get cracked away.

Thing is, pretty much all software necessarily uses system calls. The cracker won't remove them as long as they seem benign and/or as long as they are required for the normal operation of the plug-in. The trick is to always use the very same section of code for the "normal" operation and the protection code. That means, you need to abstract the access to those OS calls and obfuscate the call hierarchy. This is most simply done with some kind of service module that calls any of the OS stuff through a dispatcher. Quickly your code will have hundreds of references to the dispatcher call of this service module, which turns tracing system calls into a reverse engineering nightmare.

Imagine every malloc, free, open, read, write, close, getTime, strlen, sprintf look like this:

myGlobalOS->dispatch( k_OpcodeMalloc, 1000, &outPtr );

All of which you can create preprocessor makros for that let you code just like you normally do.

The result is "hey, I'll track file opens" - "Uh, oh, cool, there's only one! All fiel access goes through this code bit here..." - "Eeek, there are 397 references to this code bit..." - "lemme see what else I can crack beforehand..."

[plusfer]

Which is the best option?

Code: Select all

string step1();

vs

Code: Select all

void strep1(*string);

vs

Code: Select all

void Licenser::step1() {this->string = something; ...}

vs

Code: Select all

not separated in a function step1

[Chaotikmind]

I used to get spikes in web traffic when a crack was released.

hehehe, talking about web traffic... to this day, in its 6th or 7th year, each 17th of a month is ACE day. Sales of ACE spike on any 17th or 18th (depending on timezone). Based on the most simple idea I've ever come up with, the copy protection of ACE performs an additional serial check on each 17th of any month. It displays a message on the screen alongside a link to our shop. Some warez user clicks that link, browser opens, a few of them turn into legit users.

Do you do system calls in order to check the current date? Reading through all the answers made me feel like system calls are a kind of "no-go" and can be tracked easily. I think you even once mentioned that Zebra does a serial check after 9 months of using. I always wondered how you do that. I only came up with the idea to store some date of creation inside a preset file. But even then I would need to query the current date (by doing a system call) for comparision.

Can you give some details about the "most simple idea"?

I do all sorts of things. Eight years ago I still did date checks using system calls. This one didn't get cracked away.

Thing is, pretty much all software necessarily uses system calls. The cracker won't remove them as long as they seem benign and/or as long as they are required for the normal operation of the plug-in. The trick is to always use the very same section of code for the "normal" operation and the protection code. That means, you need to abstract the access to those OS calls and obfuscate the call hierarchy. This is most simply done with some kind of service module that calls any of the OS stuff through a dispatcher. Quickly your code will have hundreds of references to the dispatcher call of this service module, which turns tracing system calls into a reverse engineering nightmare.

Imagine every malloc, free, open, read, write, close, getTime, strlen, sprintf look like this:

myGlobalOS->dispatch( k_OpcodeMalloc, 1000, &outPtr );

All of which you can create preprocessor makros for that let you code just like you normally do.

The result is "hey, I'll track file opens" - "Uh, oh, cool, there's only one! All fiel access goes through this code bit here..." - "Eeek, there are 397 references to this code bit..." - "lemme see what else I can crack beforehand..."

Depending how it's made it can be very simple to automate the annotation of assembler code with script in IDA.
Most probably, the guy cracking your plugs just didn't see the check , cause they tend to work extremely fast. (and then missing stuff)

[Urs]

Depending how it's made it can be very simple to automate the annotation of assembler code with script in IDA.

I can't see how.

Most probably, the guy cracking your plugs just didn't see the check , cause they tend to work extremely fast. (and then missing stuff)

I refuse to think of this as "work", just like I can't see why people thank uploaders for "their hard work". Their contribution is irrelevant compared to the effort in the design and development process of the software in question.

Most probably, they diff previous cracks and continue their random little twiddles from where others left it.

[AnX]

A big issue with software is perception of value.

By the customer or the dev?