The Plain Truth about Casual Software Piracy
It’s a rare day when a shareware programmer gets firm statistics on the extent of software piracy, but just recently, I got that chance.
You see, the company I work for – Ambrosia Software – writes and publishes shareware – software that encourages users to make lots of copies and share them with friends. It works like this: we write a game or utility and make it available for download and on low-cost CD, so you can install it and try it out for a while – kick the tires and drive it around the block a few times, so to speak. If you like it, you can buy the product; if not, just delete it or pass the CD on to someone else.
We make money, and stay in business, by selling software that competes with commercial products for quality and entertainment value, while remaining priced so that it doesn’t stretch the pizza-and-beer budget of the average college student. There’s no bait-and-switch going on: you get a fair chance to try out the product and decide if your $25 could be better spent elsewhere. We think our software is competitive – $25 will cover a burger run and movie ticket for about three hours entertainment, but a good game can entertain you for days or weeks – and we won’t make you watch Jar Jar Binks.
A few years back, Ambrosia’s software was distributed on the honor system. You could download the software and use it forever, scot-free except for the friendly reminders that you had the software for 1,500 days and still hadn’t beaten level 6. This was obviously a big leap of faith on our part, but it built up an almost cult following among Mac users. What we lost in sales, we made up in good will. As a business model, the honor system wasn’t ideal, but it certainly was idealistic, and it helped put Ambrosia’s founder, Andrew Welch, through college and kept Ambrosia’s employees supplied with pizza and beer. (I think there’s a law of conservation at work there.)
This was all fine and good – except that eventually Andrew graduated and everyone else got sick of pizza and beer. Ambrosia grew from an interesting sideline into a full time place of employment. The company became an entity with its own purpose, its own office space, and its own gravitational pull. It also developed an insatiable appetite for cash, because as any MBA will tell you, the lifeblood of business is green.
This period of growth and rampant consumption was constrained only by the limited diet afforded by the generosity and honesty of others. Basically, money was tight. One way we encouraged users to pay for the game Escape Velocity was to introduce the character of Captain Hector, who would remind (and eventually harass) players who were still unregistered after an extended period of play. When we compared sales of Escape Velocity to those our previous products, it became apparent that either pizza and beer had become a lot more expensive or that some people needed an extra nudge – such as from Captain Hector – to do the right thing and pay up.
Locking the Front Door — Shortly after I joined the Ambrosia team, Andrew forwarded me an article that illustrated the benefits of crippling software. In short, the author of a shareware program found that people were five times more likely to register and unlock a crippled version of his software than they were to register software that came fully functional from the outset. It was the final straw in our camel-breaking, decision-making process. We would still make shareware, but we would no longer stand there waiting for handouts on the street – we’d charge admission.
Let me tell you, we heard about it. Many who had praised us for our idealism were now calling us sellouts. It didn’t matter that little changed for our paying customers – they still got their codes quickly, and had unlimited access to the game – it was the principle of the thing. Okay, it was a little inconvenient if you’d lost your code or wanted to install it on your new Power Mac 7500, but we could resolve that quickly in response to a phone call or an email.
I mean, we like being cool and fair, but even a cult following can get tiresome (cultists don’t shower, they track in mud, and they leave you to pick up the check). Besides, the mantra kept repeating in our heads: five times as many registrations, five times, five times. I don’t think it ever was quite that good for us, but we definitely saw an increase in sales that helped Ambrosia weather some tough times. (No, we never actually ran out of pizza, but there were times when we had to mop up spilled beer with borrowed rolls of toilet paper.) It was a hard decision, but it was a business decision, and it turned out to be the right one.
Time passed. Our staff continued to grow and evolve, and my wife and I begat our son Luke. Nothing brings home how untenable your professional and financial situation is like having a family. When it was just my wife and I, we could fool ourselves into thinking that we were just coed roommates living on a college budget – but no more. Pizza and beer had given way to diapers and life insurance.
Diapers and Life Insurance — So I’m working for this shareware company, and I want to make sure that my job is secure. You have to understand that even a 10 percent variance in Ambrosia’s registrations means that someone may need to start checking the employment classifieds. At the same time, it’s becoming more evident that people aren’t just not paying for our software – they’re actually going out of their way to share license codes with others over the Internet. Some ingenious folks have even reverse-engineered our software and figured out how to generate their own license codes.
We don’t live with our heads in the sand. We knew what was happening. The Internet was the great facilitator of homework assignments and world peace, but it had also become a way for people to get registration codes for any software they wanted. We felt action was required, but we remembered the trauma of our last change in policy when we required people to register the software instead of just asking nicely.
So over the course of numerous lunches (many of which didn’t include pizza or beer, but did involve some yummy sandwiches from Arby’s), we discussed various ways for improving the whole registration system from our standpoint without making the process onerous for our loyal customers. Simplicity was the keyword. The final piece of the technical puzzle fell into place one weekend as I drove through Canada, when I recalled a bit of algebra that would make our license code algorithm quite secure without violating any treaties or munitions bans.
When I finally contacted Andrew, I said to him one word: polynomials.
The blank look on his face continued for a long time as I explained how we could factor the serial numbers, secure our products, and even distribute codes that would expire and stop working when exposed to prolonged sunlight. With his grudging consent, we sketched out and implemented the first pass at the "new Ambrosia registration system."
The fundamental change we made was to build the current date into the license code itself. That timestamp is then used at just one point in the process: it forces the user to activate the product within 30 days, or the code expires and won’t activate anything, Now, and this is important, the timestamp has absolutely no effect on the operation of the software after the code has been entered. Once personalized for the user’s computer, it remains fully functional forever (unless someone wipes the system clean).
Snapz Pro X — The first product to use the new registration system was the latest version of our flagship utility, Snapz Pro X, which started shipping in June of 2001. Over the course of the summer, the system silently and steadfastly worked as intended. Most people didn’t care that the license codes were now 12 digits instead of 8, and registrations continued apace. It wasn’t until September that we received any negative feedback.
You see, in September Apple upgraded Mac OS X to version 10.1, and many people were paranoid enough to reformat and perform a clean install. That meant the data file containing the software registration was lost, forcing most people to reenter their license codes. It also meant that anyone whose serial number was generated before August needed to contact us by phone or email to get an updated code. Of course, these people had paid already, so we renewed their codes quickly and free of charge.
It’s been our experience that people are often too busy or forgetful to store their license codes in a safe place, so it’s inevitable that every major system release is followed by a barrage of requests for missing codes. To handle the tremendous load of people who had misplaced their codes (as well as those who saved them only to find they had expired), we created an email address – <[email protected]> – dedicated to generating new codes. When Joe User entered the expired code, he was prompted to send us an email (it required only a click), and someone would respond to the request as soon as possible. Yet we were constrained by the laws of time, space, and the New York State Department of Labor, so our staff was available to answer requests only during regular business hours.
After several customer complaints, we decided to remedy this problem by automating the process of renewing an expired code. When an expired code is entered for Snapz Pro X, the user is encouraged to request a new license code from our automated server – right then and there! Renewing the code takes only two extra clicks, maybe an extra 30 seconds overall, but it puts the power back in the hands of the user. He can decide when to update his system, install software, and renew his license code at his leisure. Even at midnight just before a four-day weekend.
So you are probably curious about the benefits of expiring codes – why would anyone want this hassle? Let’s look at the three categories. For paying customers with an Internet connection, the extra work is minimal: an email sent to Ambrosia that’s answered within one business day. For those organized enough to save their original codes, there isn’t even a wait: they get the code on the spot. The only inconvenience comes to those people trying to enter a pirated code.
Which brings us back to the question, "How many people are using pirated codes?" The plain fact is that most people are honest unless given a chance to be dishonest. If they stumble across a working license code for software, or do a quick Internet search, then they can quickly enter the code and cover their self-loathing with the adrenaline rush of blasting aliens and squishing fish. Only the most hard-core computer user will try to reverse-engineer the software and crack the copy protection – and I’ll be honest, there’s isn’t much we could do to stop them. Crackers enjoy the challenge itself – the tougher the better – so if they want it badly enough, they’ll find a way.
Historically it’s been difficult to measure software piracy, but our experience is that the vast majority of users lack the time or inclination to modify software to bypass license checks. Here’s the rub: these users might actually buy the software if it weren’t so easy to find pirated codes. Thus, expiring codes are a good way to defeat (or at least hamper) this kind of casual piracy – the serial numbers stored in databases and posted to the Internet are viable only for a short while before they must be renewed.
Ironically, it’s these casual pirates who are helping me measure the impact of piracy on our sales.
You see, to renew a stolen code, Joe User must contact a computer in our office. There’s nothing nefarious about it – he sends us the user name and expired code and gets back a new license code or a suitable error message. We don’t encrypt the data, we don’t grab any personal information, and we don’t even open a connection without explicit permission. But when Joe User clicks that bright shiny Renew button, our server records the product, user name, and the Internet address he came from.
For the first two days after we posted the latest update to Snapz Pro X, our server was busy. Of the 194 different hosts that tried to renew a license code, 107 of them sent in pirated codes (click the URL below to view a screenshot of an actual server log file; the entries highlighted in red are attempts to authenticate pirated license codes). Incredibly, more than 50 percent of the people installing the update entered one or both of the pirated codes we’ve known about for months. Some of these people even tried several different variants on the names when the server refused them access ("maybe I misspelled it"), and one guy got so frustrated he pounded the Renew button over and over every four seconds ("WHY click IS click THIS click NOT click WORKING???") until our server blacklisted him for flooding.
You don’t have to remind us that the sample isn’t statistically valid. Nevertheless we think it’s a reasonable approximation of reality – if not a little conservative. It certainly reinforces our perception that casual piracy is both significant and widespread.
Hopes for the Future — Maybe I didn’t look these people in the eye, but they know I’m watching them. They indicated a real interest in our software when they thought they could use it for free, and this gives me hope that some may yet decide that registering is easier and more satisfying than stealing our hard work. If not, then either they were forced to stop using the software or they’ll likely encounter me again, somewhere down the road. Next time, I’ll bring Captain Hector.
I also hope this article explains to our customers (and other computer users out there) the impact that piracy has on small software firms like ours. I hope they can appreciate our decisions regarding the registration system and agree that the extra 30 seconds and two clicks are a minor inconvenience. If everyone pays for the products they like and use, companies like Ambrosia can stay in business and continue making cool products for everyone to enjoy.
Finally, I hope that these changes give me a little more job security, so I can continue doing what I love with some of the coolest folks I’ve ever met. Because I plan on working here as long as I possibly can, making great software and saving enough money so my kids can eventually go to college, where they can enjoy their share of beer and pizza.
[This article is reprinted from the Ambrosia Times with permission. Matt Slot has worked for Ambrosia for nearly five years, but life isn’t just fun and games for the Bitwise Operator. When he’s not calculating polynomials and fighting off pirates, Matt enjoys reading a good book (Terry Pratchett), watching a little television (24), and playing with his two kids (Luke and Kaleigh).]