I have an anti-piracy related decision to make. I searched around for anti-piracy related threads (actually I posted on a few). I know most people recommend making the antipiracy work in a way that is trouble-free for paying customers, and effective enough to keep honest people honest. Fighting with crackers is a waste of time since they are not potential customers anyway. Fair enough.

Having said that, I am trying to decide whether I'd like to use a scheme which locks an application to one specific PC (based on MAC address, HD serial number or whatever) or not worry about users copying the registered applications from each other (no locking). This is really a matter of how much I trust the paying customers I suppose, and I am not sure what the answer is.

Locking the application to a specific PC (assuming that I can successfully do that) has issues such as customers replacing their harddrives or buying new PCs to permenantly replace older ones.

As far as complications that arise from locking an application to a specific PC (such as the ones I mentioned above) are concerned, based on your own experiences or what you hear from others, do you think this approach creates too much hassle for paying (honest?) customers? Do customers mind reregistering when they upgrade their PCs or install a new harddrive etc?

Thank you for your feedback!

Simply from a consumer point of view:

I certainly dislike MS's new activation thing. That's not quite the issue though.

I would seriously dislike anything that gave me a hard time for changing the hardware in my PC. If I bought a game, say, and it was unhappy that I changed my NIC or changed my HD and wanted me to re-register, I would remember that company and make a point not to support such behavior (Unless that game was just so good that I had to). There is no excuse for penalizing the computer savvy and I would see such a maneuver as doing just that.

The MAC address vs the HD serial is better, though slightly, as many people these days have NICs built into their motherboards. If I was such a consumer that didn't, the above still applies.

I very much, as a consumer, dislike software that ties itself to a piece of hardware in so much as computer hardware is a fast-paced industry and the tech/computer savvy among us switch hardware bits regularily (in the lifecycle of a game).

As a similar but off-topic anecdote:
How many of us or other gamers are annoyed (and then some) that we cannot run our DOS games from a few years back on modern Windows machines? --
I see the argument to be no different.


I haven't released a product yet but I have thought, at some length, about copy protection. Outside of a manual check (a la Civilization) it tends to be intrusive and inoperable for customers.
Though I am in the camp that thinks CD checks are intrusive and I wish they would go away (partially because my PC is my only means of playing CD music).

The more I've read about copy protection on this forum and from my personal experiences I would contend that a server-checked serial (once per copy?) would be the best option.

Really it boils down to the fact that you don't want to alienate, in any way possible, your current customers. Such a system can very well do that. That's a bad thing.

But as I said, I have no product, this is from personal experience as a consumer and some thoughts as a potential indie developer.

Personally I find it annoying if I have to re-register a software to run it on new hardware. But you should also consider the additional support work which will be required from you. There will be customers who don't understand why the program no longer works, and bother you with questions, you'll have to lookup customer records to make sure the person really bought the software; you 'll have to hand out new registration keys etc. I would rather like to avoid that additional work.

Regards
Michael

Speaking from a consumer perspective, I also find it annoying. Very annoying.

I have a lot of software that is simply unusable because the software was tied-in with an old hard-drive or I long since lost the serial number.

This happened to me with Macromedia's Dreamweaver. I originally got version 2, which is about 5-6 years old. When I upgraded my computer, I couldn't even get the application to run on a secondary hard drive. So I checked Macromedia's site for my serial number. Well it turns out they have the serial numbers for all my other Macromedia products, except for Dreamweaver version 2. Apparently, their customer database doesn't go far back enough to when I purchased it...so now I'm forced to upgrade even though version 2 is still good enough for me to get the job done. [/rant]

I certainly understand having copy-protection (after all, I am a software developer), but I think far too many honest customers have to suffer. Also, as a game developer I want people to be able to enjoy my game as long as possible. Maybe even pass it down to their kids or relatives. It seems console games have a lot longer lifespan in this regard compared to PC games. It's not too uncommon for someone to still have an old cartridge of Super Mario Brothers, Zelda, or Sonic the Hedgehog lying around in the attic. Sure you might have to dust off the cartridge and give the NES a couple of good blows, but it's not such a huge barrier and in little time you can relive those gaming moments from 15-20 years ago.

Whereas with PCs, I don't think I have a single game on my hard drive (that works), which is more than 5 years-old. I think Civilization might be the only one. I know I definitely don't have a game from the early '90s on my computer. Granted, a lot of this has to do with the extinction of DOS, but over the past 8 years games are becoming extinct quicker because of overzealous copy-protection and lost serial numbers. It's a shame really. [/rant #2]

So to answer your original question, most customers do mind re-registering after upgrading their computer (who doesn't?), but it's starting to become a necessary evil these days. I'm guessing if they just bought the game < 6 months, they won't mind as much since they'll most likely still have their registration info and your website address readily available. But as time passes, you're more likely to have overhauled your database, changed domains, or worse case be out of business so that registration info might be harder to come by if not impossible to find. That's when your customer will be really p*ssed off, but who knows by then you might not care since you might have moved on to something else...

Also, as the others mentioned, you'll need to maintain a customer service area for serial number lookups, which means more work for you. This could be another thing you'll have to maintain even if you don't sell the game anymore. I know I personally couldn't shutdown a site in good conscience if there was still a customer base that depended on it for lost serial numbers. Because I just wouldn't be shutting down the site, I'd be shutting down the game too for anyone who misplaces their serial number.

How many sales do you honestly think you're going to lose through piracy?

Or to put it another way, how much money do you think you'll lose if you have no copy protection at all?

Is this stuff really worth worrying about?

It really depends on your game and customers.

I've used a homegrown client/server computer specific locking security system (based on HD serial) for a few years and it's worked very well for me, I'd recommend it to anyone who has primarily teenage/hardcore gamer customers. (since I always see this method bashed on here I figured I should speak up)

Some keys to its success are:

* It's transparent, people enter their unlock key and it's unlocked. Many people probably don't realize a complex client/server handshake is happening in the background.

* It's generous. I allow people to install and unlock four computers (I even let them know this), and then add permissions for more computers as time passes to cover hardware upgrades, etc. I want to err on the side of letting the user get away with something, I don't care if he shares the games with three friends every six months.

Unlocking the same computer again (for instance, after a windows reinstall that didn't require a drive format) doesn't count as an unlock, as my DB remembers the HD hash used for each unlock.

* It's honest. I don't hide that I connect to a server to unlock it while it's happening and I specify this at the TOP of the EULA.

* Fallback method. If someone can't get on the net or get his firewall to work with things then I do offer an alternative way to unlock that does not require an internet connection.

* Short simple unlock keys. Since it has nothing to do with the real unlock code (which the server sends) you can make them small, easy to write down or backup. (for example, Smith463 might be a key, last name + 3 random digits)

Benefits for the developer:

* Peace of mind, you can give out more free copies, review copies, etc and not worry about it. Beta test without worries.
* Advanced statistics (well, if you handshake every run, while checking for upgrades/patches like I do)
* Can remotely kill invalid keys after finding out the credit card was stolen or some such (same as above)

On the other hand, if most of my games were casual games I probably wouldn't worry about security at all.

About 1 out of 50 customers needs the manual util, generally because they install the game at work or school and sometimes a laptop. The manual util is just as secure but a hassle for the user, so I'd like to see this ratio get better.

I've never had a customer return a game because they didn't like the security system. I think letting people install the game to more than one computer mostly wins them over.

It's worth noting Garage Games uses a very similar system - although the manual unlock system is web driven in their case which I think is a very good idea.

We tie our reg codes to the customer’s hardware, but we try to be as accommodating as possible to the customer. Their original reg code will still work even if they reformat their hard drive and reinstall Windows, or if they upgrade their hard drive or NIC or something like that. If you get a whole new computer, or want to copy the game to their second computer (laptop, kids computer, whatever), they will need a new reg code, but that is sent to them within 30 seconds for free by our automated system.

Our reg codes are based on the serial number of all the hard drives we can find, and the NIC mac address, and a few other things we track. This doesn’t mean the reg code will stop working if one of these things changes. It will only stop working of ALL of those things change. As long as one piece of hardware is still the same, the reg code will still work. You could take out your NIC and replace it with a new one and the code would still work. You could upgrade your NIC and your hard drive and your code would still work. You could buy the game on your P3 and then later buy a complete new P4 system. If you take the NIC out of your P3 and put it into your P4, the original reg code will work on the new computer and will still work on the old one as well. Like I said, we try to be as accommodating as possible.

If you install our game on you new/second computer, and don’t bring any old hardware to the new system, you will need a new reg code. We try to make this obvious and easy to do a few different ways. If you try to use the reg code from the first computer, we help you understand what is going on. If the reg code you use doesn’t match any of your hardware, but it is a valid reg code, we inform the user that “This reg code is for a different computer. If you are trying to ‘share’ a reg code given to you by a friend, you need to purchase your own reg code. However, if you did buy the game, and are trying to use it on a new computer, click here to go through our free ‘re-register’ progress.” This helps anyone who tries to type their original reg code into the new computer. But most users never even try that because of our other approach. All the up-sell screen say thing like “Buy the full version to get feature XYZ. Do you want to buy now?” At the bottom are three buttons; “Buy Now”, “Maybe Later”, and “Already Paid”. If you bought the game on your old P3, and then install it on your new P4, you will most likely see and click on the “already paid” button. The takes users directly to the free re-register feature I mention before without them ever even trying to enter their old reg code.

Our re-register features doe not require the game access the Internet directly. You don’t even have to have Internet access on the computer you are playing on (bit it is easier if you do). This is a big issue for parent who put a computer in the kid’s room for games but don’t want that computer on the Internet. The in-game re-register screen displayes your “product id” (A combination of all your hardware and which game you are using) and tells you the URL to our re-register web site. You can click a button to have your web browser launched and your product ID sent automatically, or you can write down the information and take it to another computer that is on the Internet. On the web site, we have you type in your e-mail address. If we have a record of that e-mail address buying the game specified in the “product id”, and you haven’t exceeded your re-register limit, we e-mail a new reg code to you. If your e-mail has changed since the time you purchased the game, you have to provide more information but you can still use the automated system.m

In addition to the re-register feature, the original purchasing system also has to accommodate this hardware locking system. But I think it is important that you don’t require and Internet connection to buy the game. You can buy our games from an in-game purchasing system, or in your web browser, or over the phone, or PayPal, or mail order. No matter which system you use, you have to tell us your “Product ID” This product ID is unique to your computer. FYI: The product ID also contains information about which affiliate/channel should be paid a royalty / referral fee.

We believe this system has a minimum impact on legitimate customer while stopping casual piracy. It did take a lot of effort to build, debug, and compatibility test such a system. And it does take some effort on the part of our customer service department. But I think it is well worth it. Casual piracy is BIG in shareware/downloadable games.

Thank you for all your feedback so far.

When I go to the "customer" side of the fence, I agree with all of you about troubles of having to reregister. Noone likes to be treated like a criminal. If anything, that might push people to act like a criminal when they are wrongly treated as being one.

However, when I come back to the "developer" side of the fence, I can't help but want to control who installs my app on what PC from a purely piracy point of view. When a customer installs the app (game or any other software really) on a new PC, it is very hard to tell if there is piracy in progress, or the customer is just trying to use the software s/he bought but on a new PC or whatever.

Customer service will surely be a hassle. Besides PCs become obsolete faster than I can finish typing this sentence. This is another big issue.

On the other hand, if a particular user has 10 PCs at home because he is just that kind of a guy, do you sell him copies per seat? Or would you be happy with a single copy sold to such a customer?

I am trying to think of ways that will identify a PC without causing too many false alarms. This is pretty trivial. In addition, I am trying to find ways to identify the "OS installation" as opposed to just the hardware of the PC. If someone replaces the NIC, then I can still detect that it is the same installation. The guy didn't just throw out the rest of his PC. If the harddrive is toast, and a new installation is put on a new harddrive, each OS installation should still be fairly unique based on what the user installs on the PC, personal information (user name, workgroup name), IP address, etc...

Even if some hardware information does not match, as long as the OS installation is "similar" to the one used to register the product, things should be fine. I can't imagine anyone wanting to run a program so badly that they would try to get their PC to impersonate someone else's down to little details like installed applications, user name, IP address, etc..

If all else fails, I could get the customer to answer a few personally identifying questions such as mother's maiden name, last high school attended, birthday, or a few other questions that the customer picks and has to answer. I can even throw in a question like "The credit card number you used to buy this product" or "date of purchase" or whatever... If I can't detect who is at the helm, I could ask these questions and the user needs to be able to answer them correctly. If not, then they have to call in since something fishy might be going on.

Credit card companies do this kind of checking all the time. Can someone get a hold of your credit card and all this information? Possibly. Would you willingly share such information? I don't know... Probably not. I wouldn't, but maybe college buddies would. Who knows?! :) At least, I would imagine it to be highly unlikely.

I just wanted to think about all this before I move too far along. I thought these decisions should be made "before" releasing anything in case I want to go a different direction based on how things unfold. I might start out with no locking whatsoever and see how things go...

One word of caution about identifying the OS installation: Some users reinstall Windows frequently.

Our first generation reg code system gave a unique reg code to each machine and made the machine unique by saving a random number to a hidden spot in the registry. This prevented customers from “sharing” the same reg code with their friends. Unfortunately, it meant they needed a new reg code every time they reinstalled Windows. When Windows was reinstalled, our hidden random number was wiped out from the registry and we had to issue a new reg code to the user. This happened much more frequently than I ever imaged. Some user would reinstall windows every month or two. They used up their 5 free “re-registrations” is 6 months.

We added NIC mac address and hard drive serial number NOT to make it more secure. Tying to actual hardware made the system more user friendly. Now customers can wipe out their OS and reinstall a different one and we still recognize it is the same customer who already owns the game. As the same time, we still do save a random number in the registry. Think of this as a software assigned serial number tied to the OS installation. This way, if they copy their entire Windows installation to a new computer, we still recognize it is the same customer even though all the hardware changed.

Originally posted by James C. Smith
One word of caution about identifying the OS installation: Some users reinstall Windows frequently.

Our first generation reg code system gave a unique reg code to each machine and made the machine unique by saving a random number to a hidden spot in the registry.

When I said I could try tying the application to the OS installation, I did not mean to hide something in the registry. This approach is futile for 2 reasons:

#1 You already mentioned it. People reinstall their OSes. Registry could get wiped out.

#2 There are quite a few free tools to watch what apps do with the registry. Obscurity is not security!

I was under the assumption that people's PCs have unique things on there such as files they created, sizes of system files (like the registry), unique entries in the registry etc... Of course I have no test data to support this claim. I will have to do some investigation on my own.

If all else fails, asking personally identifying questions sounds like a good idea for right now. That eliminates the reregistering and requiring internet accesses to servers for identification as long as the customer can answer the questions. At that point I would probably have the app reregister itself, send a note to the main server about the change automatically and move on. If in the future I choose to suspend a particular person from reregsitering because s/he keeps doing it once a day or something, then I can do that.

Any comments on using personally identifying questions? Anyone doing it already?

In my first message in this thread I made the assertion that “Casual piracy is BIG [rampant] in shareware/downloadable games.” Let me explain. As Entell said when he started this thread, there is no point in trying to stop hackers/crackers. They will pirate the game. I am concerned about Susie Soccer Mom. When she buys a game from Real Networks, or a RegNow based game, she receives an e-mail receipt thanking her for purchasing the game and notifying her of the reg code including instruction for downloading the game and entering the code. It is so easy for Susie Soccer Mom to simply press forward in her e-mail client and send that e-mail to the he sons entire soccer team. She may not even think there is anything wrong with this. She is just being generous and sharing a game she likes with her friends. She probably doesn’t even realize she is a pirate.

Let me share with you some actual stories from your customer service department. As I explained before, our reg codes are tied to hardware so you can’t share reg codes for our games in this manor. Sometimes when people run into this limitation, they contact our customer support department.

Customer support received an e-mail from a “Jane” who couldn’t get her reg code to work. Customer support had trouble locating Jane in our database so they asked her to provide an order number of other identifying information which can be found in the e-mail receipt. Jane replied with an e-mail that looked something like this:

Dear customer service,

Below is the receipt you requested. Please let me know how to make the game work

--Jane


-----Original Message-----
From: Linda@aol.com
Sent: Thursday, April 12, 2003 10:26 AM
To: Jane@home.com
Subject: FW: Ricochet Lost Worlds Sales Receipt


Mom,

I think you will really enjoy this game. It is right up your allay. All the instruction you need to play the game are included below.

Love

Linda

-----Original Message-----
From: sales@reflexive.net [mailto:sales@reflexive.net]
Sent: Wednesday, April 07, 2003 5:02 PM
To: Linda@aol.com
Subject: Ricochet Xtreme Sales Receipt


Dear Linda Smith,

You have successfully upgraded to the full version of Ricochet Xtreme.


Customer order information:

Linda Smith
Linda@aol.com

Order 0404074700501:
Qty Description
1 Ricochet Xtreme

Total cost: 21.54 (includes sales tax, if any)


Product ID: 331922674334913536364627904475
Registration Code: 4108380546342910148

Important Note: Please print and keep this information for your records.


We sincerely hope that you enjoy Ricochet Lost Worlds. Please tell everyone you know about it!

Thank you for your purchase.

Download URL and reg code entering inductions fallow...


In other words, Linda purchased the game and was kind enough to share it with Jane, her mom. Jane couldn’t get the game to work so she contacted customer service. When Jane was asked if the game was purchased she gladly produced the receipt from when her daughter purchased the game complete with forwarding headers and notes.

A more outrageous story was the customer who wanted her money back. She paid for the game but when she found out she could not “share” the reg code with all of her grandchildren she was very upset. She informed us that she buys games all the time and has many different grand children in many different households who want to play the games. She forwards the reg codes to all of them. She was very upset and said we were an “evil company” when we would not allow a single purchases to be shared with her entire extended family. All the other game venders let her do this. Why don’t we? We are evil. She wants her money back. This grandmother didn’t think she was pirating or stealing or doing anything wrong. She thought it was her right to give away free copies of our game as long as she paid for one of them.

Many casual users engage in casual piracy by simply forwarding e-mail receipts. In many cases they don’t even know it is wrong or simply don’t care. It is easy and it “doesn’t hurt anyone.” These users would never seek out cracks or go to warez sites to get serial numbers. But they would “share” reg codes if it is made easy. You have to make it not so easy on them.

Originally posted by entell
#2 There are quite a few free tools to watch what apps do with the registry. Obscurity is not security!


I am sure others would disagree, but I really don’t care about this. My goal is not “security”. I am not trying to prevent people from “cracking” the game or using tools to circumvent the registration system. I just want to prevent casual users from forwarding reg codes in e-mail.

Originally posted by James C. Smith
She was very upset and said we were an “evil company” when we would not allow a single purchases to be shared with her entire extended family.

This brings me back to a question I had in a previous post. Should this grandma be allowed to forward the single purchase to her 10 grandchildren?

Another scenario is, for example, someone who has a PC at work, another PC at home and a laptop. If this dude buys a game and tries to install it on 3 machines which are all different but all his nonetheless, should he be allowed? The answer to this scenario should probably be yes, while the grandma's scenario would probably require a 'no'. But who am I to judge?!

Locking the game to specific hardware stops the grandma (and upsets her too), but it is a pain for the dude with the 3 machines.

It looks like it is impossible to programmatically determine who is trying to do what... So I guess this has to be handled either at the customer service level (hassle for the developer), or the developer has to allow sharing forever which is probably not a good answer either.

There is probably no right or wrong answer here.

What do you all think about this? If you faced a similar situation how did you handle it? Please share your experiences if you don't mind.

Our approach is to make it is easy as possible for the guy with the laptop and 2 other computers to “re-register” all three computers but limit how many times he can do it. As a result, the grandmother could “re-register” some of her grandchildren but not all of them. Also, it would be more of a pain for the grandmother than for the guy with the laptop. This is because the re-register system requires you to have access to the machine being “re-registered” and the e-mail address used to make the purchase. You can’t just know the e-mail address, you have to be able to receive mail sent to that box. This shouldn’t be a problem for the guy with the laptop. But the grandmother will have to act as a middle man for the grandchildren. Not only will this be an inconvenience, but it may help her understand she is doing something wrong.

My point is, we don’t try to detect if this computer is owned by the person who purchased the game or if this is a legitimate use of “re-register”. We just let them do it but limit how often they can do it. Occasionally customer will have a legitimate reason to need to exceeds the limits. In this case, customer support makes a judgment call and can credit the customer additional “re-register” uses.

Also, the “re-register” system lets you use it 5 times. This doesn’t mean we tell people they are allowed to play the game on 5 computers or share the game with 4 friends. The end user license agreement clearly says you are buying a license to use the software on a single computer or by single user. “Re-register” is meant to let you transfer that registration to a new computer or let a single user play the game on two different computers such as at home and one work but never booth at the same time. “Re-register” does not try to enforce these limit. It remind the customer of the proper use and limits how much abuse can occur.

Here's an idea:

Put their credit card number on the main screen!!!

That will teach them!

:)

Originally posted by KoekTromL
Here's an idea:

Put their credit card number on the main screen!!!

That will teach them!

:)

... conveniently teaching everyone NOT to buy your game for their kids. :)

I think a lot of people make good points for the protection angle here - if you HAVE taken some steps to make life livable for legitimate customers with multiple PCs and weird reinstallation habits, and you are willing to deal with the potential hassle of helping them when they have trouble with it, then sure.

Protection that does not annoy the person who hasn't done anything wrong is good. :)

Locking the game to specific hardware stops the grandma (and upsets her too), but it is a pain for the dude with the 3 machines.

It looks like it is impossible to programmatically determine who is trying to do what... So I guess this has to be handled either at the customer service level (hassle for the developer), or the developer has to allow sharing forever which is probably not a good answer either.

Why not just have a separate exe for the full version? Grandma is less likely to share with all her relatives because she would have to upload it somewhere or use P2P. I doubt Grandma is a big Kazaa user. ;) But the guy who has three computers could download the full version on whatever computer he wanted to.

A lot of these other problems occur when you guys try to have the serial number transform the demo to the full-version.

Originally posted by Chris_Evans
Why not just have a separate exe for the full version? Grandma is less likely to share with all her relatives because she would have to upload it somewhere or use P2P. I doubt Grandma is a big Kazaa user. ;) But the guy who has three computers could download the full version on whatever computer he wanted to.

Then the full version can be installed by anyone on any PC which defeats the purpose of having any protection... I am sure the angry ruthless grandma would not mind trying sending the file to her 100 grandchildren via e-mail. If the file is big, maybe she'll think twice, but I doubt it. If we make the full version downloadable from a server, then we are back to James C. Smith's problem about the grandma forwarding the link to her 1000 grandchildren. :)

Regardless, I think I get the point... It is not an easy decision for sure.

Noone seems to be commenting about the personally identifying questions thingie... Does that sound like a good idea at all?

I am sure the angry ruthless grandma would not mind trying sending the file to her 100 grandchildren via e-mail. If the file is big, maybe she'll think twice, but I doubt it. If we make the full version downloadable from a server, then we are back to James C. Smith's problem about the grandma forwarding the link to her 1000 grandchildren.

Well I guess if you have a game that's less than 3MB, then Grandma could still e-mail it. But most ISPs have 3-5MB limits on their mailservers, so if she tried sending the game as an attachment to her relatives, most likely it would bounce back.

As for making the full version downloadable from the server, you can simply have IP checks. If too many different IP addresses try to download the game, you just suspend the account. Or you can limit the number of downloads allowed per account.

I'm not saying having a separate full version is perfect. But if your game is over 5MB, then I think it's a really good option. It does a decent job of curbing casual piracy and you don't have to spend weeks developing a copy-protection method. Nor does it require the level of customer support that serial keys and other more complex implementations require. James C. Smith's copy-protection methods sound really slick, but he actually has a separate customer service department to handle issues.

Oh, give an example of a personal identifying question. I know personally if a site other than a financial institution asked for my mom's maiden name, I'd type Marge Simpson (hint: that's not my mom's maiden name ;) . I only trust my bank or credit card sites with my personal information since their business relies on keeping it confidential. I'm not going to give a relatively unknown site my personal information since I have no protection if it falls into the wrong hands unlike a credit card.

Which brings me to my point, if I put Marge Simpson as my mom's maiden name, which is fake, then I'll have no qualms giving my friends the "personal information" so they can download the full version.

Unless you have some way of verifying the personal information, then I don't think it will do much good to stop piracy.

I recently played Flatspace and I have to say that I was pretty annoyed when I found out that it was tied to my hardware. Like a lot of power users, I upgrade my system fairly regularly. The idea that I only get a few free reregistrations and then have to pay again after that upset me. It's a good game, but I didn't like that aspect too much.

Total Annihilation is still one of my favorite games, and I can reinstall it as many times as I want (and in fact I can put multiplayer-only clients on as many machines as I want). Cavedog is no longer in business, but the game still runs.

What happens if Cornutopia goes out of business or decides to stop supporting the game? Well, now I have a game that I paid a license for that is basically useless the next time I have to install it on a new machine.

Valve is currently on my list because I sent an email to them about their so-called DRM in their license, and they haven't gotten back to me in about a year now. I refuse to get Half-Life 2, no matter how great a game it is, because that's just bad customer service.

I don't like games asking for my personal information. In fact, I find it incredibly annoying if any business needs my personal info, and this includes banks and what you may think is historically ok. Just because it is their business to keep your info secure doesn't mean they always do a good job of it.

I agree that casual piracy is probably the main thing to watch out for. I just think that being overly draconian is horrible, even if mainstream gamers are getting used to serial keys and hardware locking.

Let's say grandma does want to give away the game she bought to her grandkids. You can explain that each license is supposed to cost $X which might upset her, or you can work out a bulk licensing deal? Perhaps this is another business opportunity? Call it the Games for Grandkids Special, and you basically have the ability to purchase multiple copies at a discount. Site licenses work out as well.

But I have no experience actually implementing that, so let me say that IANABMY (I am not a business man yet). I am sure that these special cases would be a big hassle. But let's say that grandma does give away the copies. Now you have a bunch of grandkids who have now heard of your game and/or your company. Their friends now hear about it if it is good. I guess you just have to handle the problem of a bunch of friends who think that "Well, grandma gave it to me, so I can give it to Billy" but these are just ideas off the top of my head. Ignore it if you want. B-)

Originally posted by GBGames
But I have no experience actually implementing that, so let me say that IANABMY (I am not a business man yet). I am sure that these special cases would be a big hassle. But let's say that grandma does give away the copies. Now you have a bunch of grandkids who have now heard of your game and/or your company. Their friends now hear about it if it is good. I guess you just have to handle the problem of a bunch of friends who think that "Well, grandma gave it to me, so I can give it to Billy" but these are just ideas off the top of my head. Ignore it if you want. B-)

You bring up some very good points GBGames. As I mentioned before, looking at things from the customers' point of view, copy protection, hardware locking, etc. are the root of all evil. On the other hand, leaving the option of paying for software in the hands of customers is the other extreme if you ask me. Allowing the full version of the game be installable on every PC you like is pretty open ended. On the other hand, I think pretty much any commercial game I buy can be installed on any PC. I think the limitation on some of them is that if you have a multiplayer game, then you can't use the same game to play against each other or something similar.

I wish I could find a happy medium, but then we run into problems trying to make exceptions to the rule like the guy with 3 machines, or letting the customer run the game forever...

I am not sure what the answer is, so I started the thread.

What does Steve do with Dweeb? I don't own the game, so I don't know. Can you install the game wherever you like once you buy it? How does he solve the problem of customers distributing the game to the masses with good intentions or bad?? It would be nice to get his feedback.

In the meantime, I'll keep thinking about it. I'll post here if I come up with something.

Originally posted by Chris_Evans
[...]
Oh, give an example of a personal identifying question. I know personally if a site other than a financial institution asked for my mom's maiden name, I'd type Marge Simpson (hint: that's not my mom's maiden name ;)[...]

Hmyea, maiden name, that's such a typical thingy. I would most likely just type something like "Marge Simpson" or anything else wich pops into my mind. Simply because I don't know my mom's maiden name. My two brothers and my sister neither know that. I also don't know my bloodgroup - just because it's pointless (a doc must check that anyways).

So what's the deal with maiden names? Was/is that a popular thing to know in the us? (Like knowing your own bloodgroup is a must for japanese people).

Originally posted by oNyx


So what's the deal with maiden names? Was/is that a popular thing to know in the us? (Like knowing your own bloodgroup is a must for japanese people).

The maiden name question is also popular here in the UK.

A friend of mine signed up for something the other day and it asked him to type in a question that only he would know the answer to. Is initial questions where "When did I lose my virginity?" and "How long is my trouser snake in millimetres?". This was until I pointed out to him that they may ask him these questions if he ever phones them up!

Alfie

My most recent game Flatspace is currently locked to one machine. My previous games were registered via the buyer's name and I reasoned that the new system would be more secure. The problem is though it comes across as penalising genuine buyers while not making things any harder for pirates. The best you can say about such a feature is that it prevents the casual 'granny' copying highlighted in this thread.

I've made the descision to reverse my original plan and change the registration system for Flatspace as of the next version, which as you can understand is a bit of a logicstical headache because it involves contacting every registered user.

Developers will always be vulnerable to piracy so in the end it's better not to annoy genuine buyers so I'd recommend not locking the game to one machine.

Mark
Cornutopia Games
http://www.cornutopia.net

Originally posted by Cornutopia
Developers will always be vulnerable to piracy so in the end it's better not to annoy genuine buyers so I'd recommend not locking the game to one machine.

Well, piracy is not my only issue here. I am not sure if it is really OK for granny to allow her 100 grandchildren to play the game, or for the soccer mom to send her game to her 5 kids...

Software is a different kind of beast. When you buy any physical object (a book, a TV, clothes, etc...), you can claim full ownership and say that you can give it to anyone. The beautiful thing is that once you give someone what you bought, you no longer have it yourself.

With software, movies and music, the latest technology allows you to "clone" these products. When you give away a copy, it is not "your" copy you are giving away. If you gave away your copy of the software leaving you with no copies, I'd be perfectly happy with that. When granny allows her children to play with your game, she is still keeping her copy.

Software is sold not as a property but as a license to use the property anyway. You are letting your customer to use the copy s/he bought, but do NOT allow them to make copies, distribute them, reverse engineer them, etc.. That's what most EULAs say. When the granny distributes the game, you are losing sales from a very cold-hearted, capitalistic point of view.

I would like my anti-piracy scheme to stop the violation of EULA as much as possible while not irritating the paying customers. Perhaps it is impossible to achieve both goals especially with a scheme that locks the installation to a single PC.

Originally posted by Chris_Evans
Unless you have some way of verifying the personal information, then I don't think it will do much good to stop piracy.


OK. Good points. :)

How about this then: At the time of the purchase, you are required to enter your e-mail address where you can be reached at. You are asked to provide "correct" information although you might choose to fake it. To prevent the fake addresses, the registration scheme works like this: The e-mail address you provided is the address where you will be contacted. If you did not provide a correct address, then you won't be able to receive your reg key.

When the program is registered, it will display your name and your e-mail address somewhere in the application (but not necessarily on the front page).

The program will block anonymous services such as mailinator. You will need a "real" e-mail address.

What will this try to accomplish? Well, I guess the idea is that you wouldn't want to give your e-mail out to strangers since it might end up on some spam list. In addition, if you want to get updates, you'll need to be a registered user.

This doesn't lock the app to your PC, but it locks it to your name and your e-mail address. You wouldn't care if your e-mail circulates amongst friends, but perhaps you would fear that it would end up on a spam list somewhere if it left your friend circle.

Not very deterrent, but better than nothing I suppose. Coupled with an online activation scheme, it could easily detect multiple usage of assigned reg keys, offer you a discount if you are interested in getting your own copy...

This is interesting to me. I was reading one of Steve's articles about adding incentives, or something to boost up a game's value. And it mentioned his 60-day money-back guarantee on one of his games. Now this seems like a backwards way to ensure more people buy your game, cuz as it seems to me, it would allow alot of people to install the game and ask for a refund, and get to keep it scott free... However, he found out it caused more people to pay for it because they figured that if they didn't like it, they could get a refund.

So what does this have to do with piracy. What if you don't really worry that much about copy protection? What if in your EULA you say, they can't share it with friends but they can put it on as many computers in their households as they want. And see if people are more likely to buy your game? Maybe the reverse-psychology thing would work for that. Some people would copy it, for sure, however... some people would be like "hey i can put it on any computer i own." And the copy-protection is so un-obtrusive because it's non-existant (or practically)... And they'll be like hey, this is cool, i don't have any problems with it. So maybe they'll focus on the fun factor of your game rather than worrying about copying the game. And heck those who do copy the game illegally, maybe that's how alot of people will know your game. I'm not saying that this would even work, it might not, but wouldn't be an interesting experiment to try?

Originally posted by Uhfgood
So maybe they'll focus on the fun factor of your game rather than worrying about copying the game. And heck those who do copy the game illegally, maybe that's how alot of people will know your game. I'm not saying that this would even work, it might not, but wouldn't be an interesting experiment to try?

This reminds me of Rudyard Kipling's "IF":


...

If you can make one heap of all your winnings
And risk it all on one turn of pitch-and-toss,
And lose, and start again at your beginnings
And never breath a word about your loss;

...



If it doesn't work, then there goes months of work... I am not really interested in having to turn my work into freeware. I am not that brave yet! :)

The program will block anonymous services such as mailinator. You will need a "real" e-mail address.


There are way too many free emails available to manage to block them all. :) ISTR there used to be a handy service where you could offer anyone free email addresses at any domain name you owned... (in the portal craze, a lot of people were doing this).

Also, I dunno about you, but I have *never* used an ISP-supplied email address (which is what most people trying to say 'no free emails' want) for anything at all. Don't receive mail there. I don't even know what the isp-email for my current broadband account would be. And email addresses, especially non-free ones, change often. It's my yahoo account that I've stuck with over the years - everything else falls by the wayside when circumstances change.

Ditto that. My “real” email account from my ISP isn’t real at all (I don’t use it at all, therefore it may as well not exist, therefore it is not real). My most permanent, and in my mind real address, is one others would consider “fake” or just a forwarder.

quote:Originally posted by Uhfgood
So maybe they'll focus on the fun factor of your game rather than worrying about copying the game. And heck those who do copy the game illegally, maybe that's how alot of people will know your game. I'm not saying that this would even work, it might not, but wouldn't be an interesting experiment to try?



This reminds me of Rudyard Kipling's "IF":


...

If you can make one heap of all your winnings
And risk it all on one turn of pitch-and-toss,
And lose, and start again at your beginnings
And never breath a word about your loss;

...



If it doesn't work, then there goes months of work... I am not really interested in having to turn my work into freeware. I am not that brave yet!


Interesting. Think about this, if you haven't been successful you have nothing to lose, since you haven't done anything. If you're successful, you have even less to lose since you've already been successful enough to take chances like these ;-)

Originally posted by Uhfgood
Interesting. Think about this, if you haven't been successful you have nothing to lose, since you haven't done anything. If you're successful, you have even less to lose since you've already been successful enough to take chances like these ;-)

Extend that logic, and get in a gun fight. If you're unfit you won't mind getting killed and if you're fit you can probably take a bullet or two. It sort of makes sense but I'd rather avoid a gun fight myself.

Mark

But we're not talking about physical harm here.