Hardware-based Registration Codes?

[mikelove]

Another item we're looking for feedback on:

We're considering switching to a hardware serial number-based registration code system in the finished version of PlecoDict. With this system, your registration code would be tied not only to your HotSync Username but also to the serial number of your PDA.

Along with this, we would offer an automated, instant-response system for changing your serial number if you got a new PDA; there would be some sort of limit as to the frequency with which you could generate a new number, but a limit which we would gladly waive if you e-mailed us with an explanation. We might also offer the option of tying your serial number to the hardware ID of your SD flash memory card instead of your PDA itself; that way, even if you had 3 or 4 different PDA's, you could use the software on all of them by swapping out the card.

We had avoided a system like this in the past because we didn't want to inconvenience our customers and didn't think we were losing that much money to piracy anyway, but in the last few months there's started to be a lot more piracy of our software than there used to be - someone even posted their serial number on a file-trading network (if your Oxford serial number begins in 49200 and ends in 83821 then you're using a pirated copy).

Anyway, while a hardware based registration code system doesn't make piracy impossible, it does make it quite a lot harder (beyond the capabilities of any non-hacker anyway, at least on OS5 devices), and our hope is that it would motivate at least some would-be pirates to purchase a legitimate copy of our software. At the same time, if it's going to upset our loyal customers then it's probably not a good idea.

So if anybody has any thoughts on this new system, please let me know.

 

[goulniky]

Trouble with this is not all devices have a hw serial number, and when they do it can be reset after flashing the ROM (e.g. system update on Treo 600)

 

[mikelove]

Well that's true, but we can also factor in some other hardware identifiers (OS version, device model number information, OS features, RAM, etc) - it's a lot harder to pirate the software if you can only use a code from someone with the same model of PDA. And it's a lot harder to re-set the serial number than it is to re-set the HotSync Username.

This system wouldn't stop piracy completely, we just think it might reduce it somewhat. But I'm not even sure if we'd get back in extra sales what we invested in introducing and supporting this new system. So I'm certainly not committed to the idea yet, I'm just thinking about it.

 

[gandq]

?

i personally think this might be a bit too comlicated. isn't your current registrations system already much safer than oxford's?

anyway, i will stick to plecodict, whatever you do.




jo.

 

[gandq]

eager to check out the flashcards, i just installed the beta on my old clie t656c, which i almost never use. the problem i wrote you about might only apply to the nx73 clie, because i didn't experience a single flashcard-related crash yet.

but there seems to be a problem with the test setup: if i only want the definition or pinyin to be shown instead of the chinese characters, it won't show anything instead. if i check both, only pinyin will show up.

and the import seems to have worked flawlessly (including no-pinyin entries). so i will have to check back on that. i used a different file this time.
[15 mins later]: must have been the file. everything perfectly imported now. joy!
[another 30 mins later]: didn't work with the next file i tried. have to do more testing on this issue before i can draw some conlusions.

why i post this here? because it has something to do with the registration codes. i could only install the app because of the name-based system (i promise i won't sell the thing to anybody!)


jo.

 

[Anonymous]

Sounds like a good idea since I paid for the software. Provided that there is that "automated, instant-response system"

Also, how about a registration code that's only valid for 90 days? Then auto-generate new ones like 15 days before it expires and have it sent to the registered user's email address.

You could offer these as options for user to choose.

 

[mikelove]

jo makes a good point, but technically we're not supposed to be letting people use our software on more than one handheld anyway - even if we didn't care about it ourselves, we've got an obligation to our licensing partners to make reasonable efforts to combat piracy. Then again, the ultimate goal here is to make money, and treating your paying customers like potential criminals is probably not a good way to go about doing that. (Microsoft's vast fortune nonwithstanding) So we might end up shelving this idea for a while.

We're also considering ditching the Device ID system - people find it confusing, so at the very least we might want to change it to a "Verification Code" and let people optionally enter it alongside their HotSync name. (maybe we'd even give them a $1 discount for entering it - it saves us a lot of trouble, since a large % of our support requests come from people mis-typing their usernames on the order form)

90-day codes are an interesting idea but I think they'd be too much of a hassle, especially for software like ours which people might be using a long way away from a computer; we wouldn't want someone in the middle of a monthlong trip to China to suddenly discover their software had expired.

 

[goulniky]

I was actually thinking along the same lines as the 90-days suggestion (could be 30,60, whatever). Admitedly, all these mechanisms are a drag but I understand the rationale, and as a paying and satisfied customer I want to make sure Pleco stays in business.
I think today everyone of your customers will have access to the network at least occasionaly, including during travels to mainland China. So. if you offered a secure area on your website where people could 'recharge' their licence (i.e. get a new code) on demand by simply entering their email address (and/or HotSynch name) they could easily plan a 3-months trip. The license could be a key to copy/paste or a little app to install as HWpen does.
You could have a reminder popup in PlecoDict, and give an extra week after expiration so as not to be completely let down.
I'm not sure what the cost impact would be, but another option to send reg. codes would be SMS to mobile phones. Sending should not be a big deal, and everyone has a cell phone, requesting might be a little trickier. Though you could request the code by email and ask to get it my SMS, an additional security actually (this technique is used by a number of apps here in Europe).

 

[Alexis]

Go for it!

I have 100% support for a hardware-based registration scheme.

Hardware-based schemes prevent stealing from the average consumer who want something easy and free. If it's not easy to pirate, they're more inclined to pay for it.

I don't see it as viewing your customers as "criminals". Any intelligent customer will realize that he or she is benefitting because people paying for products result in companies that produce more and better products.

The "extra complication" argument is moot point since plecoDict addresses a niche market with rather lame competition ^_^

That being said, if such a scheme is implemented, I would suggest that it go in the first release version of plecoDict to avoid pirated v1.0 copies hanging around for years to come...

I paid for plecoDict, and it would be a shame to see less innovation and product releases due to high piracy rates.

In addition, the beta's should be made to expire after a set amount of time (if that is possible).

However, I do believe the average customer will find an 90-day (or other) expiry on their purchase product very irritating.

 

[haraldalbrecht]

Timebombs in software products are great, really!

I was actually thinking along the same lines as the 90-days suggestion (could be 30,60, whatever).[...]
I think today everyone of your customers will have access to the network at least occasionaly, including during travels to mainland China.

I had been in China for a while and had real problems with Internet access. Getting my email was a real headache. In addition, I've seen several Internet caf?s with totally broken Windows setups where I could snif out all the details the person before me had entered into web forms. From both a technical as well as a security standpoint this will not work out.

Also, if there is any problem with the company or the servers I will end up with a defunct software that won't work any more. I paid for the software like I paid for the book -- and remember, over here in Europe there is no such thing as a software lease if I don't explicitly undersign such a contract. PlecoDict would get into law problems then, because they are now trying to change the license conditions afterwards. Sorry, that doesn't work out over here. It's the law, so to say.

I can understand the concerns about piracy. Seems that Plecodict has gained its well deserved reputation now, thus piracy is increasing. However, making use of the software I bought -- remember, not leased -- hard for me would force me to drop this product. Well, I might be only a single customer and I already shelled out the money for your fine product. But I would surely not consider buying any software product with a build-in timebomb. And I would not be a positive multiplier anymore when being forced to tell others that this software disables itself even for loyal customers.

 

[gandq]

goulnicy has his point there. a complicated registration system could really put off potential customers.

still, plecodict is is in a niche market (i'd never thought that there would be a problem with piracy in the first place). because it has no real competition, people would probably just have to accept whatever registration system you implement. on the other hand, IF someone else develops a similar product, a complicated r-system might lead customers not to buy plecodict. (if they knew what they would be missing!)

difficult question.

 

[mikelove]

I think the Google axiom of "don't be evil" is particularly relevant for us - as a small software company that gets a large % of its new customers by referrals from its existing ones, it's very important that we stay "nice." Microsoft or Adobe might be able to get away with annoying product activation schemes, but it's not like a lot of people are walking into their accounting classes and telling everyone about this great new "Excel" software they just bought. Even if we are the only game in town, if people are only grudgingly buying our software because there's nothing else comparable out there, they're going to be a lot less likely to tell their friends about it.

So nobody needs to worry about us introducing a 90-day time limit; it might make sense for a big monopolistic company, but not for us, certainly not on Palm at least. On a PC it's a little more reasonable, since nearly all PC's have internet access and we could automatically connect to a server to verify the license key every 90 days without even interrupting the user, (a lot of companies already use this approach, in fact) so I suppose that might be an option someday. But it'll be a long time before internet penetration among PDA's is as high as it is among PC's, and even then, it wouldn't work all the time and people paying for per-kilobyte (or per-message) cellular plans would rightly be annoyed at having to pay to keep using the same version of a program they'd already bought.

And even the hardware restriction is a little bit inconvenient; it's still a "time limit" of sorts, since Palms don't last forever. I suppose eventually if we didn't keep producing upgrades that some new version of the Palm OS might come out which was no longer compatible with our software, but even then you would still be able to buy compatible used Palms on eBay for many years (late-90's vintage Palms are still available in abundance there) At the same time, it's not really that big of an imposition, since people are already stuck reinstalling our software and re-entering their registration codes when they get a new PDA, so if it increases our sales it might be worth doing.

Anyway, I appreciate all of your comments on this. I'm feeling hesitant enough about it that I think we'll probably keep the current system for PlecoDict 1.0 on Palm, but we might introduce it on Pocket PC (which allows you to change the username right on the device, and for which a very high % of add-on software is already tied to the hardware serial number, so it's more important and less unusual), and based on our experience with that we'll decide whether or not to roll it out in a future Palm OS release.

 

[myIST]

About pleco dict Hardware base security, I'm not agree.

Because I am one of gadgetmania.

I can change gadget several times in one year, right now I have 3 palm, and 1 ppc. I have plan to buy Treo650 for these couple of month. So my palm become 4. And if tungsten T6 become available in this latest year, maybe i would buy it too, and sold my old one.

I have hobby collecting good gadget. Sometimes my wife mad at me because my expensive hobby

I love pleco dict very much. All my palm device have it inside. Because everytime I want to go out, I always bring my palm with me.

So if pleco security become hardware base, i really need to register a lot of device then, Very uncomfortable :cry:

So I think, it would be better if we, registered user, can get a new serial and password to download pleco full version. Like previous Oxford dict security system. So non registered user can't get full version from the net. I think that's more then enough to make piracy harder. :wink: