Ask HN: We found a cracked version of our software on the web, now what?
Specifically, the crack modifies some of our binaries to circumvent the activation process and allows bogus registration keys. Pretty standard stuff AFAIK. Thankfully, our digital signatures are lost in the process, so that's reassuring.
We haven't done the most thorough search of how widespread the issue is, but we've estimated that it's about 1 user per day since the early half of 2022. A license costs a few thousand dollars, but we do regional pricing and bulk licenses for larger firms. We also provide free licenses to academics (with proof).
For context, we are a <15 person company where we all wear multiple hats and would like to continue providing great service, training and introducing features. It's clear to us why someone would crack our software, especially in lower income countries.
I'm not entirely sure what other information would be helpful to provide, but I was wondering if anyone has run into this into the past, and how it was mitigated. While we'll always have some piracy, we'd like to keep it to a minimum.
296 comments
[ 2.6 ms ] story [ 280 ms ] threadThis actually happened to me with NieR: Automata. I downloaded it for free, played for 60 Hours, then discovered that the CREDITS were a playable minigame which was not feasible to beat alone, requiring Network Connectivity to gain helping partners. These just being basic AI named after other players' save files.
So then 2 years later I BOUGHT Automata, played another 50 hours or so, and finally beat the Credits :) Then bought some DLC so my friend could experience it with Steam Share through my account...
And yet nearly all games on Steam, including Valve's own titles, have DRM. What an executive says in public for PR purposes doesn't always reflect their or their company's actual views on the issue.
Then Bought it because of a SERVICE that was not available to me.
Present time the solution for many is the phone home route with the idea that their client's system is online always. The other goto was to contract a service that specialises in tracking down any unauthorised versions and contacting site admins - but IMO the web is so diverse these days it's simply not worth the money.
I would say if software is intriguing and works well, more often there will be a 'cracked' version on the web somewhere. I know many people see the pirating as lost profit, but more often there's a stark reality, they were never going to afford it in the first place - in which case it's not money lost but software getting exposure which might lead to more sales by those who've seen it in action. I've also seen absolute rubbish that had more money and time spent on protecting the ever so precious contents, that's been cracked only to allow curious users to see what a lemon it was.
Subscriptions are a negative value, it's something that'll bleed me dry as long as I have it.
I don't have answers but I have a few unusual ideas.
I would suggest (perhaps as a "fun" way of dealing with it) looking into The Legend of Spyro style copy-protection. This is where, rather than just depending on the small activation component, there are small checks throughout your code that cause little inexplicable annoyances constantly if a pirated copy is found. Maybe people try to print things and 1/3 of the page is blank. Maybe they try to save files and there's a 1-in-100 chance of total corruption. Checks like these, when widely distributed through the code, obfuscated, and having different things they look for, can sometimes be a major PITA to fully detect and remove. If a pirate feels that getting an initial cracked copy is easy, but getting all the bugs out is miserable...
Another possibility is the "great service, training and introducing features." Pirated copies shouldn't provide access to your training material or any customer support if possible (make it a bit of an enigma to use sometimes). If the pirate has a question but can't read the documentation or watch videos about what to do because he doesn't pay for an account... it is a little annoying for legitimate customers but causes further frustration.
This sounds like a great way to make sure prospective customers think your software is buggy and awful and dissuade them from ever spending money on it.
Don't underestimate how often cracked software serves as educational tool or trial version for someone who will later be a professional with money who will buy legit licenses.
At least this creates extra code paths and requires extra testing.
Help people who want to pay, most don't. And they won't, regardless of how many hoops you put as 'copy protection'. Yes doing it purely online will work, but that has its issues as well
- if those people someday move to a big company that can afford it, they'll be familiar with your sw
- they may blog about it or publish results from it, giving you free advertising
- reduces the market for a lower-cost version of your product, making new competitors less likely to form
At this point why not exclusively offer it to legitimate university users (with a valid .edu address)?
Now congratulate yourself that people are willing to jump through hoops to use your software, I guess?
They fight pirating, and that prevents it from becoming absolutely endemic, but they don’t really lose massive amounts of sleep over the cracks, because every cracked copy is training people to use their software.
Sort of “The Old Dope Peddler” model.
It’s not really correct to assume every cracked copy is a lost sale.
Instead, think of it as indoctrination of possible future sales.
Then, cracked software becomes free advertising!
I've always thought this was kind of an old wives' tale FUD. Long time back when I used to hoist the ol Jolly Roger, the pirated versions of software seemed to always be pristine copies. Reputable release groups had their reputation in mind and would go out of their way to release clean copies, or even go so far as to remove the official company-shipped malware like all those offers you used to get during install to Also Get This Toolbar! Reputable crack groups were the same way--leave no trace and use the smallest, most minimal binary modification possible.
Same with pirated movies: The pirate releases are often better than the official releases, containing more subtitle languages, stripping off marketing and FBI warnings, and so on.
If you don't activate Windows 10, you have no ability to personalize your PC (change wallpaper, colors, Lock Screen image, etc.) But you can still use it - which makes it annoying, but still functional.
After a few weeks without activating, it also adds an always-visible watermark warning to "Activate your PC." But it still lets you use it.
Perhaps the OP could do similar. Where... he has his standard system of copy protection, but then adds additional checks that stamp watermarks on printed documents, or show a watermark about illegal copy, doesn't allow adding business information to documents, so forth...
Maybe that's even the trial version. Always free, forever - but certain features disabled and lots of watermarks.
All you will do is annoy legitimate users.
You can totally do that when you're Microsoft because pretty much everybody hates you already but you have essentially a monopoly so what can they do? But it's very different when you're in a market where alternatives exist.
The downside is, people who would have paid might discover they're quite happy with the trial version.
Of course, they'll probably re-hack it at that point, but often the first hacked version ends up being the most spread around one.
Do it silently and maybe warn in a non-obvious way. But I wouldn't annoy the user too much
Parent is right, most of those pirating it wouldn't have bought it in the first place. Especially if it's a technical software with limited use (as opposed to a game, for example)
you are not gonna guilt anyone into not pirating and if the message blocks or is annoying, crackers are gonna circumvent it just like they did the license check.
Pretty bad when the pirated versions of your software work better than the legit copy.
Microsoft has bribed their way into having power of police in Argentina.
the can legally obligate you to give them a report of how many computers and what operating systems you are using and they can request a judge's order to enter your company with the police to audit your infrastructure if they think you are not telling them the truth.
I they will do this kind of stuff without fear of losing face I don't think they will care if some legit customer gets hit by a false positive.
This worked especially well with (I think) US government agencies who can in theory be fined for every time the software was activated.
If the cracked software gets downloaded a lot then maybe there's another mass market that will pay tens to hundreds of dollars for your software. If that happens then it might be worth releasing a new version of your product at a lower price point for those customers.
It's an arms race and the best thing you can do is redesign your activation process. There are certain ways to do this that make it increasingly difficult to get around it.
It's like computer security in a way... You cant ultimately solve the problem but you can make it so difficult to do that the time investment required is probably not worthwhile for an attacker.
Build multiple telemetry code paths in your code — if you can just get IP addresses of offenders you’ll have way more info than now.
Sorry, but from where I stand that absolutely looks like demonizing the user base.
> A license costs a few thousand dollars
Demonizing and chasing people who pirate will only work against you, just like it happens with gaming.
Consider the pirate version a "trial" for people who are considering whether to buy the official version. Again, many with gaming do this.
Don't feel bad. In all seriousness, piracy is probably helping you spread the word and get people to try your project.
The user who is willing to stomach the time and risks associated with cracked software is NOT your target market anyway.
This is essentially a free trial program for “aspirational users” who will circulate it for you.
I’ve had my software (games) pirated, and been a pirate in my youth. Now I wouldn’t consider pirating because I have more money than time now. I suspect your actual addressable market is in the same boat.
The worst thing you can do is add draconian copy protection that adds friction to your product for actual paying users.
I vehemently disagree. Cracked users of commercial software ARE your target market that, for any reason, can't afford to pay you. They would if they could.
When I was a broke teenager, I pirated a lot of software, games and music I later paid for when I had enough money to do so.
Piracy can be annoying, but it is also an underrated indicator that some people really like or need your product so much they'd rather put up with the discomfort of piracy instead of going to the competition. I wonder if this is also an indicator to very expensive software that they might increase their paying user base by lowering their price. You might be leaving money on the table, maybe it's time for a flash sale.
I think we actually agree. You said “They would if they could”, that’s exactly what I’m saying.
Especially in business software, the risks associated with piracy always outweigh the benefit of free software for those that can actually pay.
The person who is trying to learn, or uses the cracked software while climbing up the pay-scale will eventually turn in to a paying user.
As others have said, getting cheeky and letting folks know that you know the software is pirated is also a good approach.
Price-testing as you mentioned can also be valuable. Spending energy on DRM or anti-piracy schemes beyond a little Easter-egg/joke/warning is a waste of energy better spent on improving your product for your actual paying customers.
I don't know, I feel like it depends on the culture as well, not just the amount of money someone has.
For example, I am at a point in my life where I can afford JetBrains licenses (actually their Ultimate pack with tools for all languages), so I buy them. Some people that I've talked with, while also apparently able to afford such tools, simply don't bother paying and prefer the pirated versions instead. They might look at the ~350 euro yearly price tag, consider that it's X% of their current month's salary and prefer free instead, even though it means putting themselves at risk (sometimes). In other words, they just don't care.
I can pretty much say the same about Windows installs that many are running on their computers. Given that buying Windows might be a non-insignificant part of their income, they just won't and instead might pay 20 euros or something to someone who can give them an install that just works. They don't care about copyright, or the ethical aspects, they just want the shiny thing.
My income has gone up in the past few years to a point where I'm comfortable, but I definitely can understand their point of view, even if it's unethical, at least given how life can be in my country (Latvia, though the same applies to many other economies around the world). Heck, in regards to entertainment I never buy those new AAA "full priced" games and just not play them if I can't find them on discount/sale until a few years pass and they're cheaper then, though I've heard that shady game key reseller sites are also popular here.
Here, the average annual disposable income per capita per year was around 11 thousand euros in 2020: https://www.statista.com/statistics/1267688/latvia-average-i...
Edit: actually, my country might be a bit of a negative example in particular, not sure why: https://eng.lsm.lv/article/society/society/latvia-leading-in...
> According to the MUSO anti-piracy analytics website, 46.3% of Latvians use the web to access illegal content, followed by Bulgaria (27.4%) and Lithuania (24.5%).
I've gotta disagree here. SOME pirates are your target market that can't afford to pay you. I can't tell you how many times a friend has bragged to me about pirating a movie over drinks at an overpriced bar. If you can afford four cocktails at $15 a pop then you certainly can afford the $20 or less it costs to license a movie. Some people just like to feel like they're getting away with something.
Do you provide demo (limited functionality) and trial (full version with limited time) options?
As to what to do about it, there are two basic tracks, neither of which is incompatible with the other:
1. The legal route: notifying distribution sites that they're hosting content in violation of copyright law, requesting takedown, and if required, demanding such (with a DMCA notice or similar). If a distributor is unresponsive to both, DMCA Google, Bing, etc. to at least suppress the cracks in most search results;
2. Having some fun with it: make sure that a special page on your own site becomes the #1 search engine result for "<productname> crack" and similar. On this page, put a human face on your pricing, explain the available discounts, and finally offer to supply a free registration key to anyone that truly wants it, so they don't have to download all kinds of shady binaries. Of course, any such free keys don't come with support and display a prominent PIRATED VERSION notice in all window captions, printed outputs, et cetera, but you disclose all of that upfront and explain how that's a small price to pay...
But above all, make sure not to confuse a "pirated copy" with a "lost sale". In 99% of cases, the Venn diagram of those has very little overlapping area.
2b. Free with Ads. Yes, this is not for everyone, but many devs will make this path an option. Your buyers must realize that all ads can be removed for a fair price.
Turns out, the pirated copy had a special feature where the player would feel immense economic pressure from piracy, so a bunch of players asked how to win against this, it was pretty hard and really fun for people who knew what was going on.
Point is, you could hide an Easter Egg for pirated versions (can you detect the lack of signatures?)
Game Dev Tycoon
It's important to note that they didn't use DRM or anything like that to detect whether a given copy of it was pirated. They made two builds of the game: a normal one that they gave to paying customers, and the special one that they uploaded a torrent of themselves.
I hope you are super duper 100% sure the bug can’t happen otherwise. I would hate to be your paying costumer and ignored because your drm system is buggy.
It's something along the lines of: Pi+=2 in one place of the code. And Pi += 1.1415 somewhere else. And both are guaranteed to run at the start of the program so that Pi=3.1415
However one of those lines is hidden in a part of the code that the most obvious crack is going to remove.
I cracked an expensive FPGA simulation program (for which I had the license, but the FlexLM scheme based on the MAC address of the adapter was just too annoying to get working on Linux).
What they would do is have a sort of unit test of their license verification function at runtime. There was a check hidden somewhere that I never found, and if the license verification was changed to always return true, the unit test would fail. The simulator would continue working within a single module, but as soon as you tried simulating a larger project, it would return undefined values between all the modules, rendering the simulation unusable for any real project =)
(I solved the unit test by having the license check return true only for my hardcoded serial number, which is definitely easier than hunting for the different places where a check might be hidden)
https://bit-tech.net/news/gaming/pc/pirated-batman-pc-contai...
> "I've got a problem when it's time to use Batman's glide in the game," said user Cheshirec_The_Cat, whose appalling spelling we felt we needed to clean up. "When I hold [the button], like it says, to jump from one platform to another, Batman tries to open his wings again and again instead of gliding. So he falls down in the poison gas. Can somebody could tell me, what I should do there?"
The pirated version had a different name for one of the mannequins, but people loved the quote and the acting for yelling out the name of the mannequin in the movie, so that led to people would arguing in internet comments about the name used and you could get a feel for how prevalent the piracy was by upvotes
I think a fundamental aspect of cracking consists of disabling such detection mechanisms. But if the cracker only digs far enough to ensure that it seems to work without nags, and not far enough to find Easter eggs, then it will probably work for a while until people catch on and demand a further crack.
It's really the OS that needs to detect a lack of expected signature, because the cracker isn't going to be able to disable an OS feature unless they release the cracked app as a while VM or something. But that's a thing...
I believe there were several games that had a reputation for being horribly buggy that was at least partially the result of pirated versions having bugs intentionally introduced by the copy protection.
I believe the game you mentioned made it really obvious what was happening and why to avoid that.
Any time I've seen game devs try it the comments under those people were "you fix it by buying the game pirate".
And platforms like Steam allow you to review only bought games anyway
If the software supports getting updates, get the cracked copies to phone home and have a legal firm send them a warning they might be using hacked software.
Home users won't care, but legitimate businesses might convert to actual sales.
And if you made cracked copies phone home, that's something that would get removed by the cracker anyway most of the time.
Rather send a message directly through the software and give a link directly to purchase it. A bit cheaper and more straightforward, than finding out adresses and involve lawers. That should be the last resort.
Indeed! There's a nice anecdote from Paulo Coehlo (I don't like his work but w/e) where he was stuck in traffic somewhere in LATAM and a guy passed by his car selling pirated copies of his newest book. He then says this event made him feel like he had finally made it and even became a strong promoter of piracy, heh.
We had this happen too. In our case, our software required our hardware to function so we put the recurring license on the hardware instead of the software. It's been about 8 years since then and nobody has been able to crack that system yet. Some software that doesn't need hardware also uses a small hardware key to enforce licensing.
Going forward, you could make it so the user has to login to your service when they launch your software. You could provide extra value to your paying customers through this channel too. You would run into some other challenges such as shared passwords, but those have some mitigation strategies too.
The Atari 800 cartridge address range could be populated with RAM, and cartridge images simply copied to RAM and run. Copy protection techniques usually involved figuring out sneaky ways to write to that address range (which would crash an image running from RAM).
Toward the end of one project, I spent about two weeks writing an encrypted, multi-stage anti-copy system. A few months after the game shipped, I asked my pirate "friend" about it.
"That was a hard one," he said, "It took us nearly three days to crack it."
For instance, current Netflix pricing I am okay with, with the content they have. If the price triples, you bet your ass I am going back to torrents unless they really step up the quality and quantity of content.
There is just very little incentive anymore. The skill level for hacking game DRM is extremely high now and those people would rather spend their time working on one of the many bug bounties where they can get huge payouts and public recognition for hacking ios vs having to hide behind tor and risk arrest to provide kids with free games.
A third option is a big looking what adobe photoshop did. Most people in the early days has an access to a cracked version and it became nearly the standard for image editing. And how did they then manage this: By adding cloud services.
You could maybe start small and say: „You can download our free templates (don’t know what type of software but I thought of some 3D models) from the web (new template every couple of month) and this works only with an activated version. By this you actively provide more value for your paying customer at the same time instead of wasting time and money to just make it harder to crack.
Very true. If they were never going to pay anyway, you haven't lost anything if they use a crack. It still irks though!
It's literally the same reason most companies give students essentially fire sale discounts (often just free) versions of their software.
They're probably pirating it because they aren't deriving much if any revenue from using it yet (it's either for personal use, they're learning a new tool, or they have no money). But having that person familiar with your software and trained on it means that if they reach a spot where they're using it profitably for business - it's basically a guaranteed sale.
"Sure thing, how many do you need?"
When I hesitantly reminded him we hadn't discussed prices yet, I was told it was free as they really wanted to snare us in as users before we wound up in paid work where we'd need to be productive employees fast.
I have since had three employers buy full licenses and support deals. Good call by Protel back then.
Instead, the value proposition to switching to paid became once it had established value to me, and I could benefit from the reduced exposure risk of running malware in the cracked version, and possibly get updates if they affected major things like stability, or new tool-sets or access to online data that was useful.
First, people or companies using the cracked version of your software were never going to buy it. These people do not pay for software, and nothing you do will convince them to pay for it.
Secondly, whatever measures you put in place to combat the cracked versions will potentially have a negative impact on your actual paying users - the real people you built the software for.
Extra security measures or hoops to jump through; extra validation or 'calls home.' - all extra things that can and will go wrong at some point for a real user.
Why would you inconvenience paying users to combat people who will never be paying users?
Ignore them, and spend your time improving your product for your real users.
[I've had 3 desktop apps cracked and hosted on Warez sites over the past 15 years - even appearing for sale on eBay on some occasions. I was worried the first time it happened, then I stopped caring. They made no difference.]
Not always effective for all applications though.
It's very bad economics to think of a pirated copy as a lost sale. In some cases the piracy helps drive sales!
I've heard this before but I'm not convinced this is actually true. Why? Because I use Netflix instead of torrent sites, and just accept the limitations of that format. Programs are tools vs of entertainment, but I don't know that the human psychology actually changes.
A neat trick they did was to introduce downloading as a feature. Now search results for "Netflix download" all talk about the built in feature as opposed to teaching how to rip the DRM off the downloaded file.
Regardless this just goes to show that the problem can be mitigated by making the legitimate route less painful than the illegitimate one. I used to pirate most of my music collection but now I use Apple Music because the friction of maintaining the library across multiple devices is so much lower.
Imposing restrictions and hoops to make your product harder to pirate is vastly inferior and in many cases entirely ineffective in than designing the product to be a superior experience to pirating it.
The ability to do so is going to vary wildly by the product itself, but that is the better way to achieve the goal.
There are people who will always pirate things, whether out of principle or out of economics. However there are plenty of people who would gladly cross the line if the legitimate route was significantly better, either by ease of use or design.
DarrenDev says there are no lost sales. However, I pay for Disney plus because I don't have access to invite-only torrent sites where the latest movies can be found, but I'd still like to watch them. If I had access to those torrent sites or someone's Plex, I could cancel Disney plus.
A good portion of their user base got started using cracked copies of the software, as the price of something like the CS6 Master collection was well outside of the affordability of the average hobbyist.
But some of those teenage hobbyists grew up to go to college to expand on their Adobe tinkering to becoming professionals that sneer at people who use non-adobe products because of the price.
Businesses buy the software because that is what the talent is trained on. The difference between calling what Adobe has on the market a monopoly and an actual monopoly is probably only technicalities at this point.
Sure, most of this comes from the fact that their software really was the best of the best for the longest time, and their lead in technology and namesake is so far ahead of any of their competitors that it is laughable. their software was pirated obsessively because it was so good and so expensive, just like Waves $2,000 Mercury VST plugin suite.
There are other softwares, many of which are free or very affordable, that do 95%+ of what anything adobe or Waves does. But when you edit a photo with Gimp people will still instinctively say that you photoshopped it, and few people will ever care what plugins you used on an audio track if it's not autotune.
Its completely unaffordable to the student or hobbyist, the "home edition" is too limited to be useful, so everyone starting out uses a cracked version because its been the de-facto industry standard tool since forever for reverse engineering.
Later when those people get jobs, they become another paying (through work) licensed user of IDA Pro.
What's slowly fucking IDA now is finally there are alternatives, the NSA open sourced Ghidra which can replace IDA to some extent - so smaller customers (who were always treated poorly anyway) are moving away from their product.
Would you still pick Netflix over torrents if it cost €100/month?
When I was a young teenager I used to rip CDs from the local library (who could get almost any CD in a week if ordered).
Now I spent a fair chunk of money on both digital and physical (vinyl) supporting artists - because I can afford it.
Then they (the record companies) started suing their customers, and I stopped buying CDs. I've been listening to the same set of songs ever since, or stuff on youtube.
Never again will I feed that monster.
If there is no note whatsoever it's very easy to get to situation where user A starts to use it, pirates it, then just dumps it onto file share and tells others to use it.
If you are making money from something or using it enough that you want support / reliability, pay for it and shame on you if you don't
Don't gimp your cracked stuff for the college kids and evening hacks just trying to see if they like something or if they can build its use into a business.
I have pirated person when I was a poor student where it literally was money for food vs buying some software. I buy all my (commercial) software now that I can easily afford it and support multiple open source projects with donations. And the software houses, Bands and filmers who have seen the most of my money have been precisely the ones whose work I liked before.
The creators who have not been assholes about it (or even had some kind of humor in their response) are well remembered.
Sure there might be people who pirate everything out of principle, but my guess is that the majority will only do it if they can't help it any better.
Or, they would never have bought it if unable to obtain a pirated copy, but now that they've tried it, may purchase. Admittedly this is more true of games than other software. When I compare my steam library to my pirated library, many of my favorite games are in the overlap: I tried them first, loved them, and then bought them.
The non-overlapping are is likely non-trivial. There are surprising many shops that use professional software for client projects, could afford the license, but that prefer pirated copy to paying actual license fee.
Ofc persecuting non-professional users is pointless. Persecuting professional users in a smart way can lead to license sales.
I feel like easiest way to monetize apps like that would be free noncommercial license. Want to DJ your school party ? Go ahead, as long as nobody pays you it's fine, and if someone does, well, now you have money for license.
You're also building potential user base, when everyone can play with your software without limits many will pick it when they will do something commercial
https://virtualdj.com/products/virtualdj/price.html#comparis...
But you'd be insane to use a pirated copy of SOLIDWORKS for anything professional (like if you were the Cybertruck's door handle subcontractor or whatever), just like you would be insane to use a pirated copy of windows or Office. But let's be real, plenty of people do that. Whether it's because they're poor, or whether it's because they're cheap, or both, full list price is simply not gonna get paid, and so they'll go with the cheaper option - it's just that cheaper option happens to be a $0 pirated copy in most cases. Some offices will have one genuine copy for one computer and pirated copies for the rest of everyone, especially part-time contractors. In that way, a cheaper academic license, even accepting that there's no fool proof way of checking for that, or having a time-limited entrepreneur/start-up option will lead to more sales and more money.
It then becomes an exercise in the dark art of pricing things, to figure out where that sweet spot actually is. A 30 or 90 day copy which is hopefully long enough to build the bike shed, priced right, is an actual sale that can be made that otherwise wouldn't. A cheaper limited version for the non-premium seats at the company are other additional sales to be made.
Why not bundle a separate license for individuals with the enterprise license.
VSTs are pretty niche and the market is mostly people without much money. But you can find cracks being used in top studios, so...
I’m seeing many comments saying this, but it’s simply not true for commercial/industrial software. Outside of the US, even in large swathes of Europe, it’s extremely common to lose significant revenue to piracy, and if you make it too hard to pirate they will pay.
Companies (the customers in this case) that are happy to exploit workers in sweatshops? Also completely happy to use your software without paying for it.
In the vast majority of cases it doesn't mean that.
A lot of cracking is done for sport and to show off, especially when the protection is weak.
I don't use any cracked software, but I sure did when I was a kid without money. And I was so grateful for it, especially all the DAW and music production stuff.
There is an utilitarian argument somewhere in there about free software.
Copyright owners also habe legitimate interests in their products and are afforded with different ways to gain value from a software product that is locally installed.
Also, something like a self-contained, "portable" linked binary that creates value without any dependency on any online service will always be trivial to copy but also maximally useful.
(Edit: languages that depend on an interpreter don't differ too much, I think)
If your app isn't a game and/or you think that DRM isn't worth the platform tax, remove the DRM and focus on building relationships with your customers.
The one time I had software cracked and pirated sales pretty much dried up immediately upon its release.
This is probably true if your audience is primarily people who aren't particularly technically minded, but my product was no doubt most appealing to the same kind of people who know how to pirate software.
It's been shown time and again in gaming no matter what you do people will crack it and your measures to stop them will have more negative impact on your paying customers than it does on pirates, see Denuvo.
Honestly, the best thing is probably working on your conversion funnel to understand why you aren't converting people from pirates to purchasers.
https://www.wired.com/story/empress-drm-cracking-denuvo-vide... https://www.pcgamer.com/denuvo-cracks-2019/
She's falling behind though. https://www.reddit.com/r/EmpressEvolution/
This is probably often true, based on the product and its price point, but pirates using it as a blanket truism isn't good. There are a lot of possible situations.
Real life example: movie piracy may not generally affect box office, but an arguably bad movie leaked before release date will create a cloud of gossip that could tank its opening weekend. If previewing a film for reviewers will affect the box office of a bad movie, 100,000 copies being watched two weeks before release certainly will.
Piracy is the natural order of things, and likely isn't hurting sales at all as counter-intuitive as that seems.
You could perhaps offer cheaper versions in lower income countries, but if you try to 'beat' piracy too much, you're just going to lower the overall user experience of your software.
This isn't a strong ethical argument from me, but a practical one - if it wouldn't lose money and may help get more in then either ignoring the piracy or making it irrelevant would be a very simple solution.
"I stole some software from a warez site, and months later, my system got wiped".
The burden of proof is entirely on their side, and illegal activity isn't a great starting point.
The time bomb could be hidden such that there is no traces of anything malicious in the software build. When the time comes, the software could contact a server from which it downloads a script to execute. The script does the job and then vaporizes.
The mechanism by which that script executes could be something that licensed versions of the program use regularly (e.g. fetch a harmless, update-related script), so the discovery of its existence would prove nothing.
Proving that it was your program could be very difficult.
We never took it too serious. You don't have to lose sleep over it but you also shouldn't completely ignore it. Just refactoring the copy protection ever few release cycles. Most of the cracks were using Windows APIs to access entrypoints to flip variables. Simply renaming, moving them, or adding removing properties was enough to throw them off for a while.
We figured out some of our customers were using cracked editions without paying for more seats. The support calls were interesting because we told them the bug was fixed but they were super reluctant to update. We'd pass the message off to the accounts managers and let them wrangle with it. This was more prevalent in developing countries where pirating for business use wasn't considered a big deal.
I tried to bring up a low cost edition at our company meeting but it was shot down. The numbers wouldn't work. Business users get training provided; casual users would swamp our helpdesk in lieu of actual training.
The plan should always be to get those pirated users into actual users, unless the country they're in is embargoed, funny story. From reading the piracy forum thread I found many were using our software for job training in hopes of gaining foothold in the field. Similar to how Photoshop was everywhere in the early web design days.