> In some cases, setting up something to query for pirated serials is a great > way to reduce the number of illegally registered copies that are floating > around. That was one thing I implimented into my software, and I was able > to pull their ip address and everything for prosecution.
With the majority of IPs being dynamic, finding out who was using a particular IP at a given time will likely require a court order in most states (or an FBI badge, as the new "anti-terrorism" laws give them carte blanche to read any electronic transmission at will -- see <http://www.pbs.org/cringely/pulpit/pulpit20000713.html>). Also, anytime your software "phones home" it should ideally require explicit user confirmation. I've been told that overzealous privacy advocates who misunderstand the nature of IP may be quick to file suit over perceived privacy violations. Yep, it's as silly as being sued by the burglar you hit over the head in your own home, but sadly as relevant in this brave new litigious world. However, an explicit two-stage registration, in which the user gets a temporary code until they log into your server, may have merit. It's basically what Ambrosia does, but carries a downside: it creates an inconvenient second step for the majority of your users who are legitimate paying customers. For more tips on serious cracker prevention, see the Anti-Cracking FAQ: <http://www.inner-smile.com/nocrack.phtml> It's written by a Delphi programmer, but most of what's on that page is useful for just about any developer. One thing I learned from that and related pages: serious crackers have waaaay too much time on their hands, and spend a lot of that time stepping through reg screens with a low-level debugger, often modifying binaries to bypass reg checks. There are tricky ways to prevent that, but really at the end of the day you've only slowed them down, and at best by no more than a few weeks. Schemes dependent on hidden files seem to be the first to get cracked, so I never bother. Also, there's a good argument that making files invisible on a customer's machine is simply impolite. Besides, while enforcement of stolen reg codes is still something of a gray area in terms of copyright law (though much less so under the DMCA -- at least until it gets softened), sharing binary files is a clear violation and very easy to prosecute. That is, if you're losing enough to warrant hiring a $200/hr attorney. :) Probably the most effective method for prosecution is to let the big boys handle it: if you stumble across a warez site with your apps or cracks on it, chances are it has apps from large vendors. Just drop a notification of the violation to [EMAIL PROTECTED], [EMAIL PROTECTED], and [EMAIL PROTECTED] and count the days until the site's taken offline. For countries that aren't signers to the Berne Agreement enforcement may be difficult or impossible, but a US site can be nabbed in hours by the bigger software vendors. Good news along those lines: one of the biggest distributors of illegal reg codes, Surfer Serials, is going bye bye. Seems too many folks turned up the heat and he felt them closing in, so according to his Read Me the June 02 edition will be the last one. The DMCA may be as unethical, immoral, and counterproductive as many of our colleagues suggest, but it sure makes it easy to scare the pants off of petty thieves. :) My own scheme is very simple: every character in the reg string is either used in or dependent on a calculation involving some other set of characters. The exact scheme differs from product to product, and is changed between major releases. This merely makes it difficult to guess what the next serialized number may be (most automated keygens will fail), and prevents stolen codes (usually purchased through legitimate channels but with a stolen credit card) from having a long shelf life. It does little else, but does allow me to get back to work on features. You'll never convert most pirates into paying customers, so after a certain point your bottom line gets more value from feature development than security. But as a hack, it is fun to ponder. :) -- Richard Gaskin Fourth World Media Corporation ___________________________________________________________ [EMAIL PROTECTED] http://www.FourthWorld.com _______________________________________________ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
