Log in

View Full Version : The Joy of Application Activation


Jerry Raia
12-10-2006, 07:30 PM
On a quiet weekend what better thing than to have a little rant? I have chosen application activation as my irritation for the day. Let me be clear, I am not arguing with the concept of having it or the need for it. I’m only musing about the methods used. I will put these in the order they frustrate me the most. <!> The most irritating by far is the method that ties the activation to the device or ROM. Every time I update a ROM or sell a device and get a new one, I have to chase down the developer and get a new activation code. No big deal you say? Not unless the developer folds up their tent.

Next is the method that ties the activation to the email address listed in the Owners Information section of the device. I recently had an issue where I had used a different email address a few years ago to activate an application. I had since changed the email on my device. The new application kept changing the owner email field on my device every time I entered it in the application activation field. This of course would deactivate the old application! I had to contact the newer applications developer to change the email address used. No big deal right? Just a hassle and again, if the developer goes away, I'm cooked.

Lastly do we really need activation schemes that require 50+ characters to be entered? On a Smartphone with just a dial pad this can be quite a thrill. Since all of these schemes it seems can be cracked why not just make it easier for those of us who do not steal software to activate it? Your thoughts?

SPPassion
12-10-2006, 07:45 PM
You forgot one of my favorites used by Handango (before they started stupid "download protection insurance", Recently, I tried to download a medical ref software that I had bought a little while ago, to my surprise, a pop up screen prompted me "Please enter the credit card number used to make this purchase". How in the world I am supposed to remember that?
I could not agree with you more on many different ways "developed" by different developers.
I like the method, where you simply log on the website and download a full version w/o need of any crazy numbers or letters :)

Jerry Raia
12-10-2006, 07:53 PM
Oh yours is a good one! Of course I have 5 credit cards and can't remember which one I used! :roll:

Kris Kumar
12-10-2006, 08:18 PM
My favorite is the one you mentioned Jerry, the 50+ character activation key. Not to forget the 50 characters are not all numbers or letters, it is a mix of numbers and upper and lower case letters. If you make a mistake, the screen will wipe the previously entered text clean and make you re-do it. :roll:

Before I had the luxury of a QWERTY keyboard, I used to use SOTI Pocket Controller to enter these pesky activation codes from the desktop instead of on the handset. ;-)

Jason Dunn
12-11-2006, 01:09 AM
I have a deep respect for software developers, and their need to protect their intellectual property, but I also resent overly aggressive software activation methods - especially ones that require online activation, and especially limited numbers of activations (hey, I have six PCs in my house!). Many of those methods make the customer feel like a criminal, and do little to stop real pirates.

mbranscum
12-11-2006, 01:48 AM
You forgot one of my favorites used by Handango (before they started stupid "download protection insurance", Recently, I tried to download a medical ref software that I had bought a little while ago, to my surprise, a pop up screen prompted me "Please enter the credit card number used to make this purchase". How in the world I am supposed to remember that?
I could not agree with you more on many different ways "developed" by different developers.
I like the method, where you simply log on the website and download a full version w/o need of any crazy numbers or letters :)

I have not purchased anything from Handago since they started the "download protection" ripoff scam! I also sent them a 2 page letter letting them know that a person who has spent a few hundred dollars with them will no longer be buying there. They replied and sent me a $20 gift certificate.... I did not use it. :evil:

whydidnt
12-11-2006, 02:13 AM
You make excellent points, Jerry. I actually try to avoid software that requires activation, at least when an alternative exists (unlike Windows for example). I like some of SPB software houses software, but their recent decision to include a software activation requirement in their DVD software caused me to completely ignore said software.

It's not that I don't think developers should be paid for their software, as my CC bill will attest, it's that it's far too likely the developer won't be around at some point in the future and I won't be able to use software I legally purchased. I change devices every 4-6 months and don't think I should have to repurchases software just to use it on my new device. This doesn't even take into account the hassle of having to make sure you're online to reactivate software you legally purchased.

I can only hope software houses such as SPB will see that insisting upon Activation actually hurts sales more than it helps and find a more effective way to distribute their software.

SPPassion
12-11-2006, 03:02 AM
I have not purchased anything from Handago since they started the "download protection" ripoff scam! I also sent them a 2 page letter letting them know that a person who has spent a few hundred dollars with them will no longer be buying there. They replied and sent me a $20 gift certificate.... I did not use it. :evil:

Me either, I even have some reward points that I can redeem for some software but i did not. Too bad Microsoft does not think the same way. Now Handango is their favorite software store. Oh well, we can always walk away from these type of stores. I tried using developers own websites to buy software so they get to keep the major share of the profits, unfortunately, some of the developers website actually takes you to Handango (called mini brands-handango) site.

Jerry Raia
12-11-2006, 03:31 AM
I think at the very least any protection scheme should leave the buyer independent of the developer or the store. Once you own it, you should not have to worry about the developer disappearing and putting the application on another device if they are no longer around. I mean you can't even change your email address or your owner name in some cases. This is unreasonable.

bshpmark
12-11-2006, 04:30 AM
The activation codes requiring you to enter letters and numbers in six different boxes is ridiculous. I have one piece of software right now that I cannot activate on the Dash because it won't take the registration number that was used for the SDA and it is a Looonnngg code. I have been waiting all week for the developer to get back to me on it even after sending all of my purchase information to the developer and assuring them that I would take it off the SDA.

I have also seen some software that I would like to purchase but when I saw that the buy button took me to Handango I refused to purchase it.

Rivia
12-11-2006, 10:53 AM
It's great that this topic came out, as I'm the developer myself, and I'm currently working on new registration model.
I hope that you can help me with developing the concept.

Currently I'm using registration model that needs the user to enter his device's owner name during purchase. The registration key is generated based on this name.
However there are some users, which provide wrong owner information, because they don't understand what this thing is all about.

So I would like to change this model. After the purchase the user will get the ticket (the owner name won't be needed during purchase).
When the user enters the registration ticket, the software will connect to the web service, and will send the owner name to the server. The service will send back the license information, which will be used to determine if the software is registered.
Whole process will be totally transpared to the user - he enters the code, and the application shows the 'Registration Successfull' message.

Of course offline registration will be added also. For example when the Web Service will be down, or the user won't be able to connect to the internet, he will contact the support, and receive a file, which he will have to put on the device in order to register the application.

I think that those offline registrations will be very rare, and that's why I think that this model will be easier for the users. However I would like to know your opinion about it.

Maybe you have some other propositions?

--
Best Wishes,
Mateusz Grzegorzek

http://rivia.net

Jerry Raia
12-11-2006, 10:58 AM
The question is what happens if the user gets anther device and you are no longer developing software? Has he/she lost the use of the application they paid for?

Rivia
12-11-2006, 12:13 PM
The question is what happens if the user gets anther device and you are no longer developing software? Has he/she lost the use of the application they paid for?

Well, theoretically, the user losts the ability of using the software. However, it is very cheap to maintain the Web Service which will automatically register the software with the ticket that the user already received, so I think it won't be very big problem.

Please note that in all other registration models, you will also encounter problems after the developer will vanish. E.g. the user needs to remebmer the owner name that he used, there could be compatibility issues with the new OS, etc.

Another option, which I think is the best to the developer, is to sell the source code/distribution rights to another developer, who will support the software.
In case of high quality software, I think it won't be a problem. And if the software is poorly written/unpopular - who cares anyway ;).

chucky.egg
12-11-2006, 01:03 PM
Oooh, now this is a good one.

As a consumer I want a model that allows me to run the number of installations I am licensed for on whatever my current handset it.

I've had issues in the past where I've had to replace a phone and used a different Username (without realising). I've then had to re-purchase software in a couple of cases in order to get my old and new apps working.

I don't know what the model would be, but ideally it does NOT rely on:
IMEI (handset serial)
Phone number
Username
Email address
Internet access
Continued service from developer

What about a "key" based on supplier, date, supplier site ID?

You'll never beat the people that are determined to crack apps, but with this "key" you could at least identify the people who are sharing serial numbers.

At the end of the day, as someone who always pays for my "gadget goodies" it annoys the heck out of me that I have to do this at all. I've waited days for keys in the past and am pretty sure I could have found a crack faster.

Like so many areas you get penalised for doing the right thing.

whydidnt
12-11-2006, 02:57 PM
Well, theoretically, the user losts the ability of using the software. However, it is very cheap to maintain the Web Service which will automatically register the software with the ticket that the user already received, so I think it won't be very big problem.

Even so, if a developer is going out of business what incentive do they have to maintain this service. It is still a cost and it's far too likely they eventually won't maintain the service. Not all developers will have the same outlook as you.

Please note that in all other registration models, you will also encounter problems after the developer will vanish. E.g. the user needs to remember the owner name that he used, there could be compatibility issues with the new OS, etc.

But at least in these cases the reason the original purchasers can't re-use the software is either in their own hands (forgot owner name/registration code) or because the software wasn't designed for the new OS - items beyond the control of the developer. Any registration method you use that requires me to contact you our your service to re-use on a new device (or even to re-install on the same device) is unacceptable to me.

I'm glad that as a developer you think of these things, but have you ever sat down and figured out what your extra cost is in trying to developing AND support crack-proof software and related registration methods? Not being a programmer I have no idea how much extra time this takes, but I just wonder how much your spending to prevent those who probably aren't going to buy your software anyway from using it?

Lurk
12-11-2006, 03:11 PM
Another developer here. I'm not attempting to defend the licensing schemes, but maybe explain them. I'm with Sapphire Software and I lurk here quite a bit to try to stay up on things.

We opted for licensing because of a combination of things. We wanted to allow a demo version and we wanted to get the full version to the customer without having to re-download software. We chose the Owner Name to allow for device changes more easily. This also creates a situation where the software could be run on multiple devices without additional revenue, but we wanted to allow people to upgrade fairly peacfully. I have reissued licenses when people have moved to another device, including one who moved to his wife's device and the name changed completely. We (all developers I'll assume) are trying to walk the fence and be responsive, but protect our assets as well. Do you realize just how many $5-10.00 pieces of software you have to sell to make a living?

Anyway, I'm also a customer and I personally hate all licensing/copy protection schemes. The first thing they seem to do is tell customers that you don't trust them. So what is the answer?

Is everybody ready to do over the air registration of some sort? Does it solve the issue? Probably not. The bus hits the developer and everything goes away. Software, site and whatever else.

Tied to a device? NO. An email? I have enough troubles keeping accounts active when the ISP is sold out from under me, or I have to change to kill off spam.

What is the solution? I hear the complaints. I feel the pain. I want a solution, too.

Shareware? How many people out there ever really paid for shareware?

Separate versions? Download a demo and play it. Like it, download it again as a full version? It scares me to put the full version out without any protection.

"Why use protection since it will be cracked anyway?" Why use locks on you car or house? Locks keep the honest people out, not the crooks.

I know the community is relatively small, so trading the software is probably not too likely. But what is my real advantage to balance my risk?

Help me out on this one. Thanks!

Pony99CA
12-11-2006, 03:59 PM
"Why use protection since it will be cracked anyway?" Why use locks on you car or house? Locks keep the honest people out, not the crooks.
Actually, locks do a bit more. They also keep out the "easy target" (or lazy) crooks. No truly honest person would need to be kept out, would they?

As a user, I'm not thrilled with single-device activation models (like ALK's CoPilot Live uses), but at least ALK provides a method to deactivate the software. Any single-device model must provide a deactivation method.

Of course, that's not really sufficient in some cases. For example, my iPAQ 5550 died and I couldn't deactivate CoPilot Live on it, which meant that I couldn't install it on my iPAQ hx2795. I called ALK and they deactivated it for me, but it was still a bit of a hassle. If that happened late on a Friday night and I was taking a trip on the weekend, would support have been available?

If I had to pick a registration scheme, I prefer the Owner Name ones. As you point out, it does allow running the program on multiple devices the user may have, but it's pretty simple to remember. If you can't remember your own name, you deserve to be shut out. :lol:

And how many people really change their name. I think the largest segment would be women who got married, but even they could keep their maiden name in the device fairly easily if they didn't want to try convincing the developers to change their registration code.

By the way, if you are using the Owner Name method, why not just license the software to run on all of the devices the user has? That would be really friendly and wouldn't make thieves out of those of us with multiple devices who didn't want to pay multiple times. It's not like we're going to be using all of those devices at once....

I think Borland used that model, calling it the "library book" method (if I remember correctly). As long as only one copy of the software was in use at once, you could put it on as many devices as you wanted. With Windows Mobile devices, it's a little trickier because turning the device off doesn't really stop the program, but the idea is the same.

I suppose one way to eliminate some of the problems is to have a subscription model, where you only get the software for a year, like WorldMate (http://www.mobimate.com/smartphone_business.shtml?filename=smartphone.jpg) now does. Personally, I hate subscriptions, though. I was considering buying WorldMate for my Motorola Q, but decided not to when I found out there was a subscription. I just wanted a world clock program, not the satellite imagery and weather, but they didn't have a Lite version, so they lost a sale.

Steve

onlydarksets
12-11-2006, 04:05 PM
There's a business model waiting to be developed - a central registry. Startup a business that takes a small cut out of each sale in exchange for managing license keys. End users install just one application to manage their licenses, which are downloaded from the central server (automagically, of course).

whydidnt
12-11-2006, 04:12 PM
There's a business model waiting to be developed - a central registry. Startup a business that takes a small cut out of each sale in exchange for managing license keys. End users install just one application to manage their licenses, which are downloaded from the central server (automagically, of course).

While that seems like a decent solution on the surface, I would be uneasy with it, since it STILL requires someone to maintain that server. What happens if a competitor comes along and wins a majority of developers business? Without new revenue coming in, how does that company maintain its server, and more importantly what incentive do they have.

I really think using the owner name method of generating a key offers the best flexibility for users while offering that "locked door" feeling to developers.

Lurk
12-11-2006, 04:13 PM
By the way, if you are using the Owner Name method, why not just license the software to run on all of the devices the user has? That would be really friendly and wouldn't make thieves out of those of us with multiple devices who didn't want to pay multiple times. It's not like we're going to be using all of those devices at once.... I don't have an issue with the idea, but I need to reread the licensing agreement to be sure that we are saying the right thing to our customer. I think the old concept was the HAMMER analogy. You can really only use it in one place at one time, otherwise it's good.

I'm not familiar with the deactivation technique that you indicated earlier, but it appears that something external to the device must be tracking the activation/deactivation in order to allow the activation to be moved around. this would eaither be some read/writable material that could not be copied or a web service accessed over the air or online. Honestly, both are more hassle than I want to build. At least, that's how I see an activation/deactivation scheme running. Correct me if I am mistaken.

Pony99CA
12-11-2006, 04:26 PM
I'm not familiar with the deactivation technique that you indicated earlier, but it appears that something external to the device must be tracking the activation/deactivation in order to allow the activation to be moved around. this would eaither be some read/writable material that could not be copied or a web service accessed over the air or online. Honestly, both are more hassle than I want to build. At least, that's how I see an activation/deactivation scheme running. Correct me if I am mistaken.
Yes, ALK's scheme uses a Web service with a human backup. That's kind of annoying.

The worst part is that I think you also have to type in the ridiculously long 25-character key on the desktop software, too. :roll: (In fact, if I remember correctly, at one time you had to type it in two or three times -- once for the desktop software, once in the Pocket PC software and/or once in the Web service -- but I think they fixed that by now.)

Steve

Lurk
12-11-2006, 04:37 PM
On the issue of multiple device usage, our license says:You may:
(i) use one copy of the Software on a single computer and associated device (smartphone or pocket pc);
(ii) make one copy of the Software for archival purposes, or copy the Software onto the hard disk of your computer and retain the original for archival purposes;
...
You may not:
(v) move the Software between computers more frequently than in thirty day intervals.My first reading of May indicates that using a copy on multiple devices non simultaneously is allowed, but the second statement would likely be construed to indicate that installation on a single device is still limited. We should probably reword it to be friendlier. And match up the May not appropriately.

For most users, this would not typically be an issue since they don't change devices nor have multiple devices very frequently. However, power users and product evaluators would be trapped by the clauses.

alex_kac
12-11-2006, 04:55 PM
I have not purchased anything from Handago since they started the "download protection" ripoff scam! I also sent them a 2 page letter letting them know that a person who has spent a few hundred dollars with them will no longer be buying there. They replied and sent me a $20 gift certificate.... I did not use it. :evil:

You do realize its optional and that some stores (like Phatware's, WebIS's, and SPBs) that use Handango for their main engine have it turned off by default?

Its a scam for SOME products which offer free downloads, but not for others that don't. If I buy software x from dev y and his only full version downloads are when you buy the software, then the download protection is useful as it helps pay for the bandwidth of redownloading and offers the ability to do something the developer wasn't doing for you.

Pony99CA
12-11-2006, 05:33 PM
On the issue of multiple device usage, our license says:You may:
(i) use one copy of the Software on a single computer and associated device (smartphone or pocket pc);
(ii) make one copy of the Software for archival purposes, or copy the Software onto the hard disk of your computer and retain the original for archival purposes;
...
You may not:
(v) move the Software between computers more frequently than in thirty day intervals.My first reading of May indicates that using a copy on multiple devices non simultaneously is allowed, but the second statement would likely be construed to indicate that installation on a single device is still limited. We should probably reword it to be friendlier. And match up the May not appropriately.

For most users, this would not typically be an issue since they don't change devices nor have multiple devices very frequently. However, power users and product evaluators would be trapped by the clauses.
I would read that license as only allowing the software to be installed on one PC and one device at a time. To install on another device, you'd have to uninstall it from the first. Worse, your license only allows that once every 30 days (presumably to prevent people from claiming to be in compliance by removing the software from once device and installing it on another every time they want to switch).

As you said, most people won't have multiple devices, so it won't even be an issue. For those that do have multiple devices, I suspect many of them install some programs on multiple devices regardless of what the license may state.

Steve

Jerry Raia
12-11-2006, 05:46 PM
The focus should be to make it easier for the end user. There will be some dishonest people, that's just the cost of doing business. A lot of Microsoft's applications don't have any of these tricks or checks. I know they are bigger and aren't trying to make a living selling only $10 applications. The level of activation schemes right now is totally disproportionate to the value of the software. A 20 character key tied to a ROM is a bit over the top for a $10 application, for example, don't you think?

Jason Dunn
12-11-2006, 05:48 PM
I like some of SPB software houses software, but their recent decision to include a software activation requirement in their DVD software caused me to completely ignore said software.

Yeah, I was very surprised to see them take that route, because their software has always been so amazingly easy to register: a simple, fixed code, that doesn't rely on any fancy server activation. Now with their DVD product, it requires online activation, which I really dislike. I've emailed Vassili at Spb to ask for details about this new activation - I'm hoping it's not as bad as I think it is. :?

Jerry Raia
12-11-2006, 05:54 PM
I think software activation is a big mistake. Look at the heat Microsoft takes for it and they have a captive audience. For a small developer like SPB to do it is silly.

alex_kac
12-11-2006, 06:05 PM
The focus should be to make it easier for the end user. There will be some dishonest people, that's just the cost of doing business. A lot of Microsoft's applications don't have any of these tricks or checks. I know they are bigger and aren't trying to make a living selling only $10 applications. The level of activation schemes right now is totally disproportionate to the value of the software. A 20 character key tied to a ROM is a bit over the top for a $10 application, for example, don't you think?

I do agree that there should be a balance with a slight tipping to the end user.

My viewpoint is we need reg keys - but they don't have to be tied to anything. We let our users run the same software on as many devices as they personally use - this requires us not to have it tied to a ROM bit or owner name.

At the same time, we need a fairly robust key gen system. Unfortunately sometimes that does mean a 30 character reg key when you are dealing with a fairly large possible volume of keys. But the key needs to be case-insensitive and in our case we put 5 boxes to do this so one doesn't have to bother with dashes - just letters and numbers.

Lurk
12-11-2006, 06:18 PM
Jerry Raia
A 20 character key tied to a ROM is a bit over the top for a $10 application, for example, don't you think?Absolutely over the top. We use a 5 digit key tied to the Owner Name, but I'm here to hear of a better way. A fixed key or checksum based tied to nothing is an alternative, but that seems a bit too open and easily published. Honestly, at $10 I won't be quitting my day job in the foreseeable future.

Recapping:
A short key tied to Owner Name seems preferred (as long as some key is required).
An unregistered application tops the list, of course. But must it be full shareware? Is trialware acceptable with a second download for a full version?

I'm willing to change models. We have discussed it here.

Their appears to be a secondary issue with the multiple release (trial &amp; full) style. I see complaints on the Handango "Download Protection" scheme. I've seen their write-ups and they sound great in concept. What they don't say (and I'm forced to guess) is that this is a "Pay" service? If so, I regret that I must agree in principle to the concept. Someone needs to keep track of who has purchased what so that access can be limited to the full version.

Of course, the original developer could do this as well on a separate site, but we still run into the same "hit by a bus' issue as before with the license key version.

What is the best approach? I really want to know. I'm hoping to find the magic bullet here. ;)

Just to go back a million years, when I was programming on the back of my dinosaur in CP/M there was a product called WordStar. It was a great word processor (for the time) and even a great code editor (beat the heck out of most of the other options). I think it must have been the most pirated piece of software in existence. I do know that they were getting on well, and some of it was likely due to the word of mouth marketing by the pirates, but that can't justify the piracy. Still the question becomes "Is the revenue worth the risk of the piracy?" On an essential application that requires support, it might actually pay off. But on a small game that is clearly not essential, what would the impact be?

On the Microsoft front, they are moving in the direction of annoying large goofy keys and tying into hardware on their more significant products. Windows and Office both have the whole license thing going in full swing because of the fear of lost revenue. And the fear is real, I suppose.

Back to the question. Which is preferable. Download with a short key based on Owner Name (trial without key entry) or two downloads (one for trial and one for full)?

As the InHand model appears to go, the former does not appear to be downloadable as a trial. I haven't seen the latter, but I haven't looked real hard yet.

Lurk
12-11-2006, 06:24 PM
alex_kac
My viewpoint is we need reg keys - but they don't have to be tied to anything. We let our users run the same software on as many devices as they personally use - this requires us not to have it tied to a ROM bit or owner name.

At the same time, we need a fairly robust key gen system. Unfortunately sometimes that does mean a 30 character reg key when you are dealing with a fairly large possible volume of keys.Doesn't that make it possible to just pirate the software by publishing the key with the executable?

Is the intent to provide a backtracking of the piracy back to the original customer?

Jason Dunn
12-11-2006, 06:26 PM
Back to the question. Which is preferable. Download with a short key based on Owner Name (trial without key entry) or two downloads (one for trial and one for full)?

My real preference is a single download with a medium-length key that isn't tied to the owner name - only one thing to enter. Watch the front page on Pocket PC Thoughts...

Jerry Raia
12-11-2006, 06:27 PM
The key and the Owner Name with only one download version seems to make the most sense and the least trouble for the purchaser. Owner Name is the least likely to change as opposed to email address. This method also puts the brakes on casual copying from one person to the next. It will never stop the determined warez cracker but nothing will!

Lurk
12-11-2006, 07:08 PM
Jason Dunn
My real preference is a single download with a medium-length key that isn't tied to the owner nameWhat would you tie it to? Or are you recommending untethered? If untethered, what is the security model? Backtracking on piracy? Where is the penalty (if implemented) on piracy? The original paying customer?

I'm sorry. That sounds agressive, and I don't mean it that way. I'm just not sure what advantage an untethered key has over an unlocked application besides blaming the original purchaser ... which could be the right person to blame, but they will always fall back on "someone stole their key".

Thanks for the input.

&lt;edit>Ok. I see more. The key is only to unlock features, but not protect software beyond trial. It is a short cut for a second download. Mea Culpa.

Thanx.

Jason Dunn
12-11-2006, 07:12 PM
What would you tie it to? Or are you recommending untethered? If untethered, what is the security model? Backtracking on piracy? Where is the penalty (if implemented) on piracy? The original paying customer?

Not being a developer, I can't answer any of those questions for you - I'm simply stating that as an end-user that purchases software, I'm willing to enter in a keycode, but that's about it - anything more just ticks me off. ;-)

Lurk
12-11-2006, 07:52 PM
I understand. I didn't think they were actually developer questions. How about a parallel.

Suppose this site was your means of income. If you added advertising, the customers would probably reject your product because they really hate it popping up in their face. (Actually, this concept has been and is being tried, but it costs the customer in OTA connect time) So, you create user accounts and you charge $10.00 for lifetime use of your site. Of course, you want to make it convenient for you customer to reach you, so you allow them to use their home computer, their PPC and their SP to get to you. You even allow them to get into the system from work. No skin off your nose.

But some customers want multiple logins because they like to argue both sides online. So, you allow it. Suddenly, overnight you user base triples, but you revenue stream stays stagnant. What happened?

Your revenue has become untethered from the original user. Their account is now being used worldwide. So, the question is how do you protect your revenue; the product of your labor? Who do you blame for the sudden loss? How about the person wh is giving away access to your site for free? But, you gave out keys that werent associated to anyone, so you don't know who?

These are not programming questions. They are business questions. Of course, we don't want to be stuch with a 25 digit M$ key for a login. On the other hand, it seems a pain to pay for the tools to put together a product and put all of the labor into it only to have it given away with no compensation to you.

You are willing to enter a key code, but it cannot be tied to anything. The rest is a pain in the @$$. Anything more accuses you of being a thief because it prevents you from giving the software away ... which you weren't going to do anyway. I know and I agree. I just want to find somthing that doesn't tick you off while protecting my investment and efforts. Maybe the "must be connected and see advertisements" method works best.

whydidnt
12-11-2006, 08:31 PM
Lurk,

You make good points, but I would agree more with Jason about what "I" want.

As far as a key that isn't tied to a specific owner name/etc. Couldn't you maintain a database of who you issued the serial numbers to? This would have the same affect without the need for the user to enter additional information when reinstalling the software.

As far as effectiveness goes, I think most would agree that almost any "lock" will be cracked, regardless, so why not make it easy for the people who actually pay for the software to use it. If you find your software floating around with a valid registration key, you can refuse to provide updates and support to that user and you can report them to the authorities. However, because the value is so low, you might not get a favorable response.

As to the point regarding "locking our houses and cars" to keep people honest. I'm not sure that's a great comparison. We lock our houses to keep our loved one's safe AND the value of most of our possessions and cars is far greater than a $10.00 piece of software. If my car was only worth $10.00, I would not lock it, and would figure if someone needed a $10.00 car that bad, they could have it. :wink:

I know it's different when you are trying to either earn a living, or at least earn something for your efforts. If nobody ever paid for software we would not have most of the really good stuff we enjoy. Having said that, Product Activation, long keys, strange registration requirements are really something we've only seen become extremely prevelant in the last 5 years or so (and only the last 2-3 in WM land) and many people managed to make a lot of money developing software before that.

I often wonder if some haven't become more concerned about stopping those that would steal from stealing than with actually making money from their work. It just seems like developers keep spending more and more resources trying to stop thieves and really haven't accomplished anything. Maybe I'm just over simplifying things, but I think it has been proven too many times that most product registration/activation/protection schemes do little to stop crackers, while making it harder and harder for those of us that want to pay for the software to enjoy our purchase.

Jerry Raia
12-11-2006, 08:42 PM
Whatever the answer is, I think in the end the developer/seller should be out of the entire loop once it is sold. I don't want to chase anyone down for a $20 application because I updated my ROM or changed my device.

Lurk
12-11-2006, 08:52 PM
whydidnt,
what "I" want
Actually, I think Jason is correct and is very representative of the user community for software in general in that regard. Ideally, users want NO hassles and I couldn't agree more. I don't think there are any people out there that are more enthusiastic software users that software developers. We live on these machines and have to deal with reformats, keys, upgrades multpile environments and all of that on a daily basis every day.

I was more interested int the thought that the questions were "developer" questions. The reality is easily recognized. Software is pirated. It is a business issue, and the reason for software protection. I don't like the idea of codes tied to anything either. I just spent three days working with a user to get thier purchase to register based on the owner name. I finally had to alter the registration code and produce a method to get real information from them. I'll borrow Jason's name for the demo. OWhat is the difference between "Jason Dunn", "JasonDunn" and "Jason Dunn "? Inside a registration screen, quite a bit. And it turned out to be " JasonDunn ". But I cannot complain to the customer that they provided me with false information. I get to spend three days worth of email trying to get the real answer for a $5.00 product. I don't want to tie the key to the Name or anything, but I don't want to give it away either.

And cutting off support? It is a great idea if you have a product that will generate sufficent support calls. Suppose there really is no need for support? I haven't yet had to support my products on anything other than registration. I don't like registration.

All locks can be cracked. Agreed. And if someone wants to steal my $10.00 package, they will. But, do I leave the door unlocked because it's only $10.00 ... per person? What if it is stolen 100 times? 1000 times? How expensie of a car are you willing to leave unlocked with the keys in the ignition?

Prior to registration keys, (especially in the game industry), we have disk copy protection, cartridges that can't be copied to another, black CDs with bad sectors that won't copy, etc. It's not new. It's just another way to try to get people to pay for what they use. Did you notice the security sensors at the department store entrances? Wilson's Leather? fortunately, theirs is passive and not a hassle to their customers. I want that ability, too. But how do you do that with bits?

Last paragraph: Agreed. But, we still don't leave our doors unlocked or our keys in the ignition. That would be surrender to thieves. We just seem to be hassling the wrong people.

John Cody
12-11-2006, 09:11 PM
With my first app, SmartTIP, I tried the full-unlocked, no regcode version to purchasers. But, then a Chinese site started to offer it for free:

http://www.mypda.com.cn/download/soft/1501.asp

Because no regcode was issued, I have no idea who the original purchaser was that uploaded it to that site. But, lets say I did issue a regcode that wasn't tied to any device info, but was uniquely assigned to each customer. Yeah, maybe I could then track back and find the original purchaser who that regcode was issued to, but then what? Am I going to spend thousands of dollars to hire an attorney near the customer to sue them for some unknown damage amount? Of course not. As you can see, simply having a system that will just identify the original buyer does little to mitigate the damages if my app is being illegally distributed for free.

I believe an unlock code needs to be at least tied to the device's "owner name" to help prevent it from being installed on another person's device. Yes, if someone else set's their device's owner name to the real purchaser's name, then they could run my app illegally. But, who would really like to see someone else's name on their home screen? And even if they did this, they then couldn't install any other apps that are keyed to yet a different owner's name.

Thus, I feel a code tied to the owner's name is a reasonable balance between hampering illegal usage and with the convenience and device Independence for the customer.

So, this is the approach I am using:

1) My apps have a single version for both trial and full/unlocked. This allows the user to unlock an app without having to uninstall a trial version and install a different version.

2) I issue a unique regcode for each purchase. This regcode is not initially linked to any particular customer or device. This comes in handy when I want to offer some free copies of my apps to be used as a raffle prize at various websites - all I have to do is give the regcodes to the webmaster and they can give them out any way they want without having to notify me who got what code.

3) When the user is actually installing my app from a desktop PC, the installer prompts the user for the regcode. Because the regcode is being entered via a desktop PC, it's super-easy to just cut and paste it from the order receipt (or raffle winner) email using a full-sized keyboard.

4) My installer then retrieves the "Owner Name" from the connected smartphone or Pocket PC and asks the user to confirm it's correct - this eliminates most typos by getting the owner's name direct from the horses mouth (the device). The installer then sends the regcode and the owner's name to my website using a background web service.

5) My website returns an "Activation Code" back to the installer (which is keyed to the Owner Name) and then the installer automatically stores it in the registry of the user's device so there is NO need for the user to manually enter it into the app itself using the limited keypad of a smartphone (I got many "thank you" emails on this feature).

6) Since the activation code is stored in the device's registry and I specifically designed the uninstaller for my app to NOT delete this registry key, my user's never need to re-enter the activation could even when they uninstall my app or install a minor update (which uninstalls the previous version). I can't believe the number of other apps out there that when I install an update, it trashes the existing code, so I have to re-enter the long code manually again using the small keypad! And to make matters even worse, after I install the update for these other apps, there is usually no warning from the app that the previous code was erased, so I won't find this out until I go to run the app some days later only to have the app stop working with "Trial Expired - please register"!!! When my apps are in trial mode, a window appears every time you launch it and displays the number of days remaining in the trial. And even when the trial days hits zero, I offer free trial extension codes from my website that open it up for an additional week.

7) My website also automatically emails the user their activation code, along with the linked owner's name so they can keep it for their records. Once this is done, the user is no longer dependent on me or my website. They will be able to change the owner "email", do a hard reset to their device or install my app on their other devices. As long as they use the same owner name (which is included in my activation email as a reminder) and the same activation code, my app will be fully unlocked. In addition, if you lost the email and/or forgot the owner name you used to activate one of my apps, you can request my website to send you an email with the owner name and activation code you previously used.

8) Also, for BOTH the regcode and the activation code, I specially designed my coding system to not only accept codes with or without dashes, but it's also case insensitive and it will actually treat similarly looking characters as the same (i.e. a zero "0" is treated the same as an oh "O", and "S" is the same as "5"), so it greatly reduces the frustration and occurrences of typo's :)

-John Cody

whydidnt
12-11-2006, 09:30 PM
With my first app, SmartTIP, I tried the full-unlocked, no regcode version to purchasers. But, then a Chinese site started to offer it for free:
-John Cody

John, first off, let me say I appreciate the steps you've taken to make it easy to register/re-register/activate your software. I don't think I've actually purchased any of your software, to date, but it sounds like you thought this out very well.

2nd, how many sales do you think you lost as a result of that site giving away your work? I ask not how many people stole the software from the site, but how many actual sales you lost. I'm sure there isn't any way to know, but perhaps you saw a 25% dip in monthly sales the same time it appeared there or something? I just ask because it leads back to my question of the return on your investment. You obviously had to invest considerable time and energy to lock down your software. Did the locking down generate enough additional sales to make it worth your while? Not knowing the answer to this, I have always wondered if developers actually see a quantifiable uptick in sale after adding registration requirements to their software. I personally wouldn't think so, but that's just me sitting here as Joe User that pays for software (actually most of what I'm currently using I got from the PPCMag's best of everything software package, a tremendous deal IMO.

John Cody
12-11-2006, 09:36 PM
2nd, how many sales do you think you lost as a result of that site giving away your work?

I really don't know - I accidentally found it doing a google - so I don't even know when it was posted to try to compare it with any sales period.

I can say, though, that the time required to develop my activation system took less time that any one program I previously developed. Yet, my activation system can now be used for any number of my apps - so divided by the number of apps that are/will use it, the time spent on the activation system is negligible and easily worth the added benefit.

The One Eyed Man
12-11-2006, 10:58 PM
Somebody said it a couple of pages back: A good answer is to do a subscription-based license, also known as Software As a Service (SAS -- please note SAS also means Serial-Attached SCSI, but I'm referring to Software As a Service)

Developer issue: Protect Intellectual Property. Solution: Subscription is unique to an owner / device. The installed software periodically checks for a valid activation, and deactivates once the subscription expires. The user can use a website to "move" an activation to another device, or change associated owner information on the fly.

Developer issue: Recurring revenue stream. Background: In traditional software license models, customers pay 18% to 20% per year to the software developer for maintenance. This establishes a recurring revenue stream for the developer, whose only obligations are to provide support and release one update per item per year. I don't see the same license model being applied to these small-scale apps, and perhaps they should not be. Comparing this to the "I pay $10 once, and you provide support and activation for ever" model does not seem to make sense for the developer, because he is funding future development based on today's revenue, and is providing a service without compensation (his only compensation is positive or negative reputation based on end-users' expected service levels). Solution: SAS allows a developer to realize a recurring revenue stream, funding for infrastructure, support, maintenance updates, and new development. Further, SAS allows Service Level Agreements to be established and contractually provided as part of the license. This protects both the developer and the end-user.

User Issue: Why should I pay $10/yr, when I can buy some other app for $10 and have it forever? Solution: Developers releasing their goods under a SAS model must take this in to account, reduce the price, and bank on recurring revenue. If you had the option of paying $5 / yr (50% of retail) for the software "service" for 1 year, would you? Compare this to what the "real" cost *should* be for that $10 app: $10 fixed cost, plus $2/yr

User Issue: What if xyz site goes away? I lose access to my application. Solution: Developers need to understand and accept the responsibility of running a production environment. It is not acceptable to run a "registration server" at your house on the other end of your cable modem. If you are providing a service, you have to do it right: Backups, Redundant servers, dedicated bandwidth, stable, hosted environment. This infrastructure and environment can typically be outsourced for a few hundred dollars per year to a hosting provider. Conversely, caveat emptor. The user is paying for a service, not buying a license. If the developer makes a decision to obsolete a product, he merely has to inform his current, licensed user base, and NOT renew contracts when they expire. This only keeps him tied to supporting the app for 1 year from the time he decides to turn off the lights. This manages both the developer's obligation as well as the end-user's expectation. This is not that unreasonable to expect from the developer -- people sign apartment leases for more than 1 year.

In regard to the REGISTRATION process for that service.... The requirements become much more lax. Everything is tied to the fact that the user is up-to-date with their service fees. It is completely reasonable to expect two things: a) The user has an internet connection either on the device or on a desktop machine to which the device is connected. In either case, the application can periodically (let's say, once per week) "phone home" and check for a valid registration. b) The user will bear the reasonable cost of data transmission (a few KB at the most) on a periodic basis in order to use the application. The latter is more relevant on wireless devices whose data plan is based on data transmission sizes or rates.

As a final note.... A word to software developers: You either need to release your software for free, or understand the full scope of your commitments. In addition to availability (is it there when I need to register), please note that you may be subject to any of the following (and more):
- If you sell anything on-line in California, you may be subject to CA SB 1386, which defines security and privacy requirements for personal information.
- If you process on-line credit card transactions, you may be subject to the Fair and Accurate Credit Transactions Act (FACT Act or FACTA), which defines privacy considerations such as data retention an disposal.... you can't keep someone's credit card data sitting in your basement, and you must dispose of it securely (secure shredding, secure electronic erasure, degaussing), AND you have to be able to show logs PROVING you did it.
- And more....
If you intend to release software in small volumes at low cost, seek out a company that can provide you with the infrastructure you need in order to provide stable, secure, compliant services.

Overall, Software As a Service has benefits for both the developer and the end-user.

Lurk
12-11-2006, 11:27 PM
SAS seems reasonable, but the real question is : Will people buy something for say $5.00 and pay $1.00 each year thereafter to continue to use it? Or would they buy something for $10.00 with no guarantee of upgrades for free or otherwise?

In the realm of paying $500 for a package, the SAS makes sense, but at $5.00 or $10.00 it becomes a more disposable purchase like a sixpack or going to a movie. IMHO.

Other thoughts?

The One Eyed Man
12-11-2006, 11:51 PM
Well..... The model would be: Pay $5/yr.

My opinion: the developer must offset a higher up-front license fee in return for a recurring revenue stream ($5/yr/lic)

As for "disposable", the objective of SAS is to make the process easy and transparent for both developer and user.

whydidnt
12-12-2006, 02:23 AM
I have serious doubts on a subscription model being accepted by consumers on any kind of large scale basis, at least for relatively inexpensive software. MS found very little traction in their previously offered Outlook live.

This model is being accepted a little more by businesses, but only in instances where the initial software expense has historically been extremely high, such as you see with the CRM application from salesforce.com.

I think a more practical consumer subscription model would be for someone like Handango or PocketGear to offer portions of their library to users on a subscription basis, for say $20-30/month. Of course there would have to be some way of paying developers for the use of their software and those details may be the stumbling block, not to mention the aforementioned potential activation issues -- whoever provides the service would have to "own" the keys to all the software included so it would probably cause MORE work for developers to centralize on a standard.

My model is along the lines of what Napster, Rhapsody, etc are doing with Music today, but admittedly that model and it's accompanying DRM are still a hassle to many of us. :?

Kris Kumar
12-12-2006, 02:35 AM
2nd, how many sales do you think you lost as a result of that site giving away your work? I ask not how many people stole the software from the site, but how many actual sales you lost. I'm sure there isn't any way to know, but perhaps you saw a 25% dip in monthly sales the same time it appeared there or something? I just ask because it leads back to my question of the return on your investment. You obviously had to invest considerable time and energy to lock down your software. Did the locking down generate enough additional sales to make it worth your while?

In defence of the developer community, I would like to say the following. It is definitely not a trivial task to add the registration code. I wish Microsoft or maybe OpenNetCF.org can provide a re-usable registration module that can be re-used by developers. This will not only save developer time, but will offer a consistent registration behaviour across applications.

The developer definitely has to protect every sale. $5-$10 per software is a small amount, not to mention if you are hosting the software on a site like Handango or Smartphone.net, the developer has to pay for the hosting charges and credit card processing fees etc, after which there is not much $ left for the developer. If there was no concept of unlock code and trial period, then the customer would never pay for the software (most won't). Bottomline it is a necessary evil.

I like the user name the best. The unlock code should not be based on device id or email id.

Kris Kumar
12-12-2006, 02:38 AM
3) When the user is actually installing my app from a desktop PC, the installer prompts the user for the regcode. Because the regcode is being entered via a desktop PC, it's super-easy to just cut and paste it from the order receipt (or raffle winner) email using a full-sized keyboard.

John, you definitely have the best activation system. By using the desktop you definitely it easy for the customer to copy paste the unlock code.

I know some people love the over-the-air CAB based install, but if you prefer the CAB install, then you have to pay the price of entering the key on the handset. ;-)

John Cody
12-12-2006, 03:20 AM
John, you definitely have the best activation system. By using the desktop you definitely it easy for the customer to copy paste the unlock code.

I know some people love the over-the-air CAB based install, but if you prefer the CAB install, then you have to pay the price of entering the key on the handset. ;-)

Thanks Kris for the kind comment - I tried to make every aspect of my activation as easy as possible for my customers.

The One Eyed Man
12-12-2006, 04:15 AM
I think a more practical consumer subscription model would be for someone like Handango or PocketGear to offer portions of their library to users on a subscription basis, for say $20-30/month.


Good call, both in comparing a consumer-friendly SAS model to iTunes / Napster / etc, as well as your point about DRM.

Handango etc, could offer either an encrypted package (DRM model) or a traditional license-registration model. Either of these could be encapsulated within a simple API.

Regarding Salesforce... This is a perfect example of consumerization, which is an important factor in shaping the future of the SAS trend. Business will become more comfortable with SAS solutions as consumers who use SAS solutions at home become constituent end-users of, or decision-makers within the business. I have seen quite a few companies adopt and standardize on Salesforce.com as an organic decision in the vacuum of a central standard: "So-and-so uses this, and it rocks"

In Microsoft's case, I don't think they had a product anyone wanted. With SBS it's usually cheaper to run Exchange in-house for SOHO, and consumers don't really see the need to pay for "Live" services rather than use Yahoo or GMail for free.

However, the reality is that consumers are being trained to use everything as a service (rent your house, cable or satellite, Tivo, Netflix, lease your car, subscribe to on-line games,...... and ..... iTunes). I think a good model, such as the one you suggest, is something that these consumers would readily digest.

Jason Dunn
12-12-2006, 06:26 AM
Software as a service is tricky...because let's say you like the application, want to buy it outright, but the developer only offers a subscription. In most cases, if I really like the software, I want to own it outright - I've seen far too many technical glitches resulting in software not working because of a server being down, a token timing out improperly, etc. Witness the hell that is PlaysForSure music subscription services, music requiring constant activation, etc. :-(

I think SAS is overkill for cheap applications - the lost revenue in customers not wanting to bother with the hassle isn't worth it IMO.

Pony99CA
12-13-2006, 10:31 PM
Software as a service is tricky...because let's say you like the application, want to buy it outright, but the developer only offers a subscription. In most cases, if I really like the software, I want to own it outright - I've seen far too many technical glitches resulting in software not working because of a server being down, a token timing out improperly, etc. Witness the hell that is PlaysForSure music subscription services, music requiring constant activation, etc. :-(

I think SAS is overkill for cheap applications - the lost revenue in customers not wanting to bother with the hassle isn't worth it IMO.
I agree with this. I think software subscriptions work best when there's a guaranteed stream of updates, like news, weather and sports applications. I suspect that's why MobiMate went to a subscription model, but it doesn't seem like they lowered prices much to compensate for that. :(

I can't imagine paying a subscription for something like a calculator, for example. It doesn't really need any updating (except for bugs, and those updates should be free). If somebody adds enough new features to the calculator, I can make the decision if those features are worth it to me. The same would be true for things like word processors and spreadsheets.

On the other hand, paying for a traffic program or GPS software on a yearly basis might make sense. People are used to subscribing to newspapers, so this model wouldn't be too unrealistic given that traffic changes by the minute and maps change regularly.

There's also a third option for non-service types of software, like the calculator or word processor -- the maintenance contract. You pay a fixed fee (usually less than the purchase price) for all updates to a program for a period of time and for better support. I think Microsoft is trying to move Office users to that model. Of course, if you don't need support much and the developer doesn't release updates often (like Office), that may not make much sense.

Steve