Ask HN: To fight or not to fight piracy?

17 points by albertogh ↗ HN
I recently released a new iPhone and iPad application which requires external servers to run, thus making each pirate copy a money loss to me. I decided to build a mechanism for copy protection which can be remotely enabled.

The app made it to the top 20 in its category, so pirates didn't take more than a couple of hours to post cracked binaries. I've been checking the server logs and the legit users to pirates ratio is around 20%. I've downloaded the cracked binaries and the copy protection is still there. Basically, the app runs some critical operations using a custom bytecode through an interpreter, which means it's not easy to crack. I'm sure a determined cracker can reverse engineer all of that, but it will take them some time.

I haven't enabled the protection yet and I'd really like to hear from someone who has done something like this before, specially:

- Did it increase sales?

- Percentage of pirates converted to legit users?

- Would you immediately prevent the pirates from using the app or let them use it for a couple of days, maybe a week, so they can properly test the app before deciding if they're going to buy it or simply look for an alternative?

- Would you disable the app completely or just introduce some painful limitations?

32 comments

[ 3.4 ms ] story [ 84.9 ms ] thread
I'm not sure what your app does, but you could make it more reliant on your servers and require an account.

The app would be a front-end to your service. So even if someone pirated it, it wouldn't matter because they would need an account on your service.

This is how I've started to structure all of my new apps.

It's funny how people still pirate the hell out of $1 or less apps. One of the main excuses from many pirates was that software was "too expensive".

It seems when app developers meet all of the demands of the pirates, they don't stop. They continue with a new set of excuses. This is a clear example as to why you don't negotiate with criminals. They will just bleed you dry.

I wonder if in the future, the saying "Today's pirate is tomorrow's customer" will be common.
I believe you should absolutely disable pirated copies, and try to make sure the pirate users know they've been caught. Honesty compels me to mention that my motivation for this is not that I believe it will help your business; it is that I believe the major obstacle to widespread conscious adoption of free, open source software by end users is that piracy of proprietary software is widely tolerated. If proprietary software made more effort to prevent unauthorized copying and use, it would really drive adoption of FOSS.
That's great, you're telling him that he should enable the copy protection so that his software, and all closed source software, will fail?
They will not fail, but the Open source alternatives will get more consideration.
"They will not fail, but the Open source alternatives will get more consideration."

If you are willing to use an app that doesn't work as well, has less support, and you aren't willing to pay $1 or less (which is what I imagine the OP's app costs), then go for it.

Aside from a few things (apache, php, mysql, linux), I generally use open source in the beginning when I'm trying to cut costs..but almost always end up going with a proprietary solution when I need to get serious about it.

Open source has it's place, but it's not the software utopia that the community claims it to be.

Security is the #1 misconception. The claim is that it's more secure because there are "more eyes looking at the code".

If you look at any major open source project, there is usually a core set of developers that actually make any set of changes to the main core. Combined this with the fact that 90% of the project users don't know enough/anything about coding to make any changes and the odds of getting security changes fixed are probably around the same as a proprietary application.

Most users also don't update (proprietary or open source)..contributing to insecure software. I can't tell you how many Wordpress installations I've seen out there that are using sub 3.X/insecure versions.

I actually don't know whether or not it would help his business or harm it. I suspect (without research) that applications which gain utility in proportion to the size of their userbase are probably helped by piracy more then they are hurt, but niche applications that perform a specialized function and have a small target audience are badly hurt by it. My comment was mostly intended as a thought-provoker.
"If proprietary software made more effort to prevent unauthorized copying and use, it would really drive adoption of FOSS."

You would think so, but it never does. Mostly because proprietary apps usually do a better job with support, easy of use, and general features.

Photoshop is still king even though GIMP has been free for many years.

I'd wager that Photoshop is also one of the most frequently pirated applications of all time.
I think you should display a message like Panic did before with Transmit when people entered pirated serials.. Don't reprimand but be polite asking them not to pirate your stuff.. The effect you're looking for is for the pirate to feel a bit guilty...

You can then either limit the functionality to a free lite version of the app, or put a time limit for them to try or just disable the app...

If you plan on putting a time limit, it might make better sense the show that message after maybe 2 or 3 use of the application so that the user has already tested it and likes it.

I'm thinking of something like:

Dear user,

I cannot let you use <app_name> for free anymore blah blah blah. If you truly cannot afford it, drop me an email and we'll work something out. Sincerely, <my name>.

Adding a couple of buttons at the bottom, one for sending me an email and another one for buying the app.

Not bad, but be sure to try and check the message from Transmit from Panic... I remember that when reading it I felt guilty (way back in my college days when I didn't have money and did in fact pirate a bit). This message is nice and simple but does not elicit any kind of emotions from the pirate.
Don't focus on people who aren't your customers, focus on people who are. Totally ignore pirates. It's a waste of your time.
I don't see every pirate copy as lost sale, I know most of them won't buy the application even for $0.01.

The problem is the server resources they consume. If I just ignore the pirates and the legit/pirate users ratio continues to be the same, I'll need 5x more server capacity to keep the app running. That's a really big increase in the hosting costs.

The other side of this is that the pirates give you network effects which let more people see your app.

I wouldn't disable it totally, they will just move to giving prominence to something else. Just throttle the amount of bandwidth pirated accounts consume. They are likely giving you sales you wouldn't have otherwise.

> The other side of this is that the pirates give you network effects which let more people see your app.

But if most of the people the pirates show that app to are pirates, those network effects aren't in his favor.

It depends where his costs lie. If the ratio of piracy/buyers remains constant, and he is making money right now. Greater volume -> greater profits.
"It depends where his costs lie. If the ratio of piracy/buyers remains constant, and he is making money right now. Greater volume -> greater profits."

I seriously doubt the buyer/pirate ratio is going to stay constant or increase with increased pirate views. Why would it?

When I was younger, I would pirate the hell out of anything and everything. I would only buy it if it was too difficult to actually find/crack. Many pirates will just give up (and not pay either way). But, I think a larger percentage of people that would actually buy it (compared to the number of pirates that will pay a dollar out of the kindness of their hearts).

In the 80's our company (very small) received a letter from an official/whatever in the German Postal service wondering if he could arrange the purchase of around 5,000 manuals for our software. This came as a enormous surprise in that we had never in fact sold any of our software to any one in Germany! Instead of the predictable reaction of revenge and lawyers, we decided to cut the guy one hell of a deal. We sold him photo ready masters for the manual and a great deal on a site-wide license. There after whenever a new version came out we could count on a tidy chunk of change for the upgrade fee from a source we hadn't even know about. While the situation here is obviously different, the conclusion we came to is what I'd recommend. Calculate the cost of fighting piracy and determine if subtracting that from the cost of improving your product is worth it. We decided that it wasn't We did however pretty much make the same deal open to everyone. Most people like the idea of amnesty particularly if it costs less than the original purchase price!
"Calculate the cost of fighting piracy and determine if subtracting that from the cost of improving your product is worth it. We decided that it wasn't We did however pretty much make the same deal open to everyone. Most people like the idea of amnesty particularly if it costs less than the original purchase price!"

You were lucky in your situation. It's very possible you wouldn't have gotten any money at all.

The problem is that if you don't fight piracy, it will only get worse over time. There will be more links in Google pointing to your cracked software (which potential customers may get to before hitting your site).

Try getting paid for ur app using ads instead. Making it free this way for the users would be a win-win situation for all. I don't know if this is possible on iPhone and iPad apps or not, but thats how some jar games on my Nokia phone work, so I'm guessing that should be an option for you too. You could post on your app's website (if u've any) that any interested advertisers can contact you if they wish to advertise using ur app :-)
This app is probably good for showing ads, since my logs show a great average session length. Unfortunately, I've published other apps with free and paid variants (with the free version having ads and lacking some features) and users will still pirate the paid version.
Iff you can detect a pirated copy of the paid version with 100% certainty, have it show ads when it's detected piracy.
Would advertisers be happy paying for ads that'll only ever be seen by users with a track record of not paying for stuff?
Yes. People don't believe ads work on them
Dunno what kind of application. But it think you should do it like github & 37signals. Make sure your software is usable for free and add some features for which real customers would pay. Dont work against piracy. Its lots of effort for nothing, because there will always ppl who find a way to crack your software - and, IMHO, thats absolutely okay.

If your app is good enough, it will be pirated, but that means LOTS of ppl get to know about it and, at least, few of them will pay for.

While I do not know the details of your application such as whether or not ads are displayed.

Is it possible that you display ads to pirated users and no ads to legitimate buyers? I do not have experience with iPhone/iPad development so I am not sure if this is even possible.

Since its an ip(o|a)d app, I'd either a) just not release anymore with a message saying "it was cracked. Goodbye" (Much like some comic artists -> porn of their comic) or b) Tell people who pirate the app to just go pay for the damn thing and bail or c) Just ignore it.
Can you prorate? I.e. give the pirates the service but on a first-come first served basis, basically allow them to use one server if the capacity allows, if not, display that "free version has limited access". All paid customers are on separate servers, with great service, and your additional costs are minimal.

And pirates can use the app and convert to paid customers once the delays/notifications become a showstopper for them.

If you can reliably determine a pirate, maybe you could add some ads to your app conditionally on that. I've heard CTRs are way better in Cydia apps when the developer asks for support (than in App Store).