Piracy

I have a client who has discovered that there are hundreds of thousands
of listings for his software product that he sells online, and only the
first twenty or so are legitimate. The rest appear to be hacks and
product codes, apparently allowing most of the users of his program to
run it without paying for it.

He is also frustrated at the search engine providers for failing to take
down offending web sites (though how he expects to address even a
fraction of the hundreds of thousands of URLs is beyond me).

The program is sold online, where he provides a product key when you
purchase it.

Does anyone here have some ideas that could help this guy? My only ideas
so far have been to either activate online (like MSFT is now doing)
and/or to tie a product key to a specific computer.

Any technological and/or legal suggestions would be appreciated.
--
--------------------------------------------------------------------
The preceding was not a legal opinion, and is not my employer's.
Original portions Copyright 2007 Bruce E. Hayden,all rights reserved
My work may be copied in whole or part, with proper attribution,
as long as the copying is not for commercial gain.
--------------------------------------------------------------------
Bruce E. Hayden                      bhayden@...
Dillon, Colorado                     bhayden@...


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

The internet technology side is simpler - taking down a few dozen web sites
is often possible,
taking down a few hundred is difficult, taking down a few hundred thousand
is impossible.
Sure, you might legally be allowed to do DMCA takedown orders, if something
like that applies here,
but if you need to kill *all* the copies, you're just not going to get them
all.
Getting the 3-4 major search engines to clear their caches for some number
of pages can be possible;
getting them not to search for complex combinations of terms isn't,
and getting all the non-major search engines not to search for your
information isn't possible.
So Crackers-R-Us-dot-info is going to have hacks and product codes if
they're useful.

There are some kinds of user permission software your client could have
built into the code
that let you deal with the problem after the fact; there are others that don't,
and if he picked a weak permission system and the product runs standalone,
with no way for it to check remotely that it's valid,
then his (e.g.) 2006 Edition is wide open to the ethically-challenged
members of the public.

So he either needs to find some way to make money off the escaped versions,
or come up with a new version that's so much cooler that even pirate-copy
users will want to upgrade,
and then find a way to either protect his new versions better
or else make money off them (e.g. by having them display ads) or both.

It's an annoying arms-race, and I can't credibly recommend a winning
copy-protection system
even if I did know a lot more about your client's product.
Some kinds of software are inherent rip-off targets, like games for teenagers,
or highly overpriced business software that customers will buy one copy and
clone.
If you do an online payment system, and the product verifies online that
it's being
registered for the first time when it runs, then you risk annoying
legitimate users who
need to re-install their products if they upgrade their machines,
and you're still at risk from crackers reverse-engineering your
verification code.
But if you don't, you're also at risk of people sharing the verification
codes...

Maybe they need to run the website where all the cool users hang out and
see advertising banners while they read the user documentation that's
woefully missing from the product.    Maybe they need to sell T-shirts and
(if it's a gaming system) have watery tarts lobbing occasional magic swords
at registered users.
Or you could buy stock in graphics-card companies and RAM vendors and
make your product run much better if the users upgrade their systems...

On the bright side, depending on what kind of product it is,
some fraction of those web sites with registration codes are really scammers,
selling advertising banners and popups and search engine optimizer link farms
and pushing the visitor off to five or ten different other scammer sites
without actually giving them what they're looking for,
or if they do get something it's really a virus that turns their machine
into a zombie.
On-line music lyrics and downloadable MP3s are usually that way,
if you start looking from a search engine rather than a known legitimate site.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

On Mon, Apr 16, 2007 at 06:24:05PM -0600, Bruce Hayden wrote:
> I have a client who has discovered that there are hundreds of thousands
> of listings for his software product that he sells online, and only the
>
> He is also frustrated at the search engine providers for failing to take
> down offending web sites (though how he expects to address even a

Explain to your client that search engines are not the same as web-hosting companies.  Search engines do not have the ability to "take down" a website, although they could "de-link" it from their database.  The software creator could possibly pursue this with some of the sites, but i suspect most search engines will meet your client with either answers in the negative or plainly be ignored when submitting these requests.  A discussion for a different thread, but i do not think it is the job of the search engines to provide or regulate access to sites on the internet.  Their job is to facilitate the finding of those websites.

So, take-down notices would need to be sent to the sites hosting the software.  They ought to be found via dig or whois, etc.  The hosting companies are typically protected from liability, but they also often listen to take-down notices, so that may be a viable route for your client.

> The program is sold online, where he provides a product key when you
> purchase it.

Change up the authentication mechanism.  I do not really know much about these things, but if it used a unique symmetric key system or something, I don't believe it could be readily broken.  This would be a nightmare of overhead for your client and possibly not worth it.

Change the business model.  Instead of making the money on the software sales, make money in service.  Open Source the software to ease up on the burden of development and become the primary support site/purveyor for the product.

Those are off the top of my head.  Hope that helps.

K

--
In Vino Veritas
http://astroturfgarden.com



**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

Subscription software requires the purchase of a new product key
every month, every six months, or every year. You can either [OPTION
1] charge a renewal fee that is equal to a reduced installation fee
and spread the cost, e.g. collecting $50/yr for a $250 program; or
you can load the cost into the installation
  fee ($250), and charge a nominal renewal fee ($5/yr) for a new
product code that is only issued to the authorized holder of the
expired product code. Either way, infringement introduces the product
to the purchaser; and a renewal requirement either generates a
continuing revenue stream from infringers (option 1) or requires
infringers to pay the installation fee (option 2).

Does that work?

John Noble

At 6:24 PM -0600 16/4/07, Bruce Hayden wrote:

**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

In message <462413A5.5010908@...>, at 18:24:05 on Mon, 16 Apr 2007,
Bruce Hayden <bhayden@...> writes
>The rest appear to be hacks and product codes, apparently allowing most
>of the users of his program to run it without paying for it.

If there are hacked versions in circulation, that don't require any
product codes at all, then most of the schemes mentioned so far aren't
going to work.
--
Roland Perry


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

On 4/17/07, Bill Stewart <bill.stewart@...> wrote:


Yes, from a legal standpoint you could use DMCA takedown orders to each
cracker site that hosts a keygen, crack, etc. since software is considered
copyrightable these days, but it would only apply to entities located here
in the US. There are three possible targets of the notice of infringement:
the ISP of the infringing site, the search engine linking to the site, and
the operator of the site itself.

Most of those sites are abroad, where the DMCA has no reach. However, of the
sites you could get, I think your best bet would be to get the ISP; search
engines can be asked to de-link, but another change to the infringing site
may cause it to pop up again in the results. Sending a Notice to the
operator of the site itself is probably useless, since the operator is
obviously a blatant infringer already. However, any site whose ISP is in the
US is amenable to takedown via a Notice of infringement, and is usually the
best way to go, since an ISP does not want to be held liable for the content
of sites hosted by them.

That might at least give your client a start.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

Kevin Neely wrote:

> Change the business model.  Instead of making the money on the software sales, make money in service.  Open Source the software to ease up on the burden of development and become the primary support site/purveyor for the product.

This is how my ex-roommate was going to fix the problem of pirate copies
of his software: go to a Web-app model.  In the process, he was going to
add lots of cool features customers had been requesting from the
beginning of the stand-alone product.

It's too bad he got cancer before he could develop it...


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

The DMCA takedown order is a total waste of time and money. Your
client will be playing whack-a-mole with a bunch of hackers who have
been offered a challenge, and who have all day, and all night, to
frustrate enforcement efforts. The publicity, even just by word of
mouth (or chat-room) within whatever community cares enough to steal
this software, will have the effect of multiplying the unauthorized
distribution and proliferation of unauthorized copies available
online. It would be better to do nothing at all.

Can you tell us what software we're talking about?

John Noble

At 10:47 AM -0400 17/4/07, C.T. Aiken wrote:

**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

On Apr 17, 2007, at 11:25 PM, Stephen Satchell wrote:

His own damn fault.

Had no business getting cancer in the first place.

My Original Writing blog: http://itgotworse.blogsource.com


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

On 4/17/07, jfnbl@... <jfnbl@...> wrote:
>
> The DMCA takedown order is a total waste of time and money. Your
> client will be playing whack-a-mole with a bunch of hackers who have
> been offered a challenge, and who have all day, and all night, to
> frustrate enforcement efforts. The publicity, even just by word of
> mouth (or chat-room) within whatever community cares enough to steal
> this software, will have the effect of multiplying the unauthorized
> distribution and proliferation of unauthorized copies available
> online. It would be better to do nothing at all.


Agreed.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

I remember that Ambrosia Software created a software registration system
that had some properties that would be useful here, including the
ability to disable registration codes.  That's more effective than
takedown notices.

I agree with others here that using a better registration system in the
next version of the product is the way to go.

-joe


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************