![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
rbandrewsMy proposal for a copy-protection system that wouldn't be evil:
The app would come with a serial number. When starting up, if the network is available, it would send a POST request to a validation server with its serial number and the CPU ID of the machine it's on. The validation server would then add the CPU ID (and maybe IP address) to the ones seen with that serial so far, and check whether the serial is valid. If it is, it sends back the serial number, a random number, and a short message, signed with the validation server's private key. The program then either runs or doesn't, based on what the message is.
Now, here's the trick: the purpose of the protection isn't to keep the program from running, because that's impossible. If it can't see the network, it'll still run no-questions-asked. If the server says not to run, we won't, but it'll take all of an hour before the validation is removed and the app gets run anyway.
The purpose is to collect serials that have been seen on hundreds of PCs and, more importantly, show those users a message: "This serial has been revoked, and is probably pirated. Buy a legitimate copy today for $10 off, or contact me by email if there's been a mistake".
The people who want to buy one copy and put it on their laptop and work machine, you don't touch. Why bother? The people who are obviously pirating it, you offer them a discount, because it's better than just getting nothing. And the people who crack it probably won't bother to remove a validation system that doesn't actually keep the app from running.
The app would come with a serial number. When starting up, if the network is available, it would send a POST request to a validation server with its serial number and the CPU ID of the machine it's on. The validation server would then add the CPU ID (and maybe IP address) to the ones seen with that serial so far, and check whether the serial is valid. If it is, it sends back the serial number, a random number, and a short message, signed with the validation server's private key. The program then either runs or doesn't, based on what the message is.
Now, here's the trick: the purpose of the protection isn't to keep the program from running, because that's impossible. If it can't see the network, it'll still run no-questions-asked. If the server says not to run, we won't, but it'll take all of an hour before the validation is removed and the app gets run anyway.
The purpose is to collect serials that have been seen on hundreds of PCs and, more importantly, show those users a message: "This serial has been revoked, and is probably pirated. Buy a legitimate copy today for $10 off, or contact me by email if there's been a mistake".
The people who want to buy one copy and put it on their laptop and work machine, you don't touch. Why bother? The people who are obviously pirating it, you offer them a discount, because it's better than just getting nothing. And the people who crack it probably won't bother to remove a validation system that doesn't actually keep the app from running.
