Ask HN: We found a cracked version of our software on the web, now what?

216 points by throwaway932874 ↗ HN
Hi HN, I work for a small company and we've recently come across a version of our software that's been cracked.

Specifically, the crack modifies some of our binaries to circumvent the activation process and allows bogus registration keys. Pretty standard stuff AFAIK. Thankfully, our digital signatures are lost in the process, so that's reassuring.

We haven't done the most thorough search of how widespread the issue is, but we've estimated that it's about 1 user per day since the early half of 2022. A license costs a few thousand dollars, but we do regional pricing and bulk licenses for larger firms. We also provide free licenses to academics (with proof).

For context, we are a <15 person company where we all wear multiple hats and would like to continue providing great service, training and introducing features. It's clear to us why someone would crack our software, especially in lower income countries.

I'm not entirely sure what other information would be helpful to provide, but I was wondering if anyone has run into this into the past, and how it was mitigated. While we'll always have some piracy, we'd like to keep it to a minimum.

296 comments

[ 2.6 ms ] story [ 280 ms ] thread
(comment deleted)
Gabe Newell, CEO of Steam, once said that "Piracy" is a Service Problem. If an Illicit Downloader has your Software for Free, then they must become interested in Paying to Install Updates, or to Pay for a License to Access a Web Resource.

This actually happened to me with NieR: Automata. I downloaded it for free, played for 60 Hours, then discovered that the CREDITS were a playable minigame which was not feasible to beat alone, requiring Network Connectivity to gain helping partners. These just being basic AI named after other players' save files.

So then 2 years later I BOUGHT Automata, played another 50 hours or so, and finally beat the Credits :) Then bought some DLC so my friend could experience it with Steam Share through my account...

> Gabe Newell, CEO of Steam, once said that "Piracy" is a Service Problem

And yet nearly all games on Steam, including Valve's own titles, have DRM. What an executive says in public for PR purposes doesn't always reflect their or their company's actual views on the issue.

And yet I skirted Steam DRM in my example and downloaded Automata for free?

Then Bought it because of a SERVICE that was not available to me.

Software getting cracked is just about as inevitable as death and taxes. There really isn't anything you can do about it.
The only thing I can say is this is an old situation that goes right back to the copyright protection wars to protect the software sold on floppies.

Present time the solution for many is the phone home route with the idea that their client's system is online always. The other goto was to contract a service that specialises in tracking down any unauthorised versions and contacting site admins - but IMO the web is so diverse these days it's simply not worth the money.

I would say if software is intriguing and works well, more often there will be a 'cracked' version on the web somewhere. I know many people see the pirating as lost profit, but more often there's a stark reality, they were never going to afford it in the first place - in which case it's not money lost but software getting exposure which might lead to more sales by those who've seen it in action. I've also seen absolute rubbish that had more money and time spent on protecting the ever so precious contents, that's been cracked only to allow curious users to see what a lemon it was.

Subscription based licensing can be really useful for getting legitimate users who can't fork over a thousand dollars at once. IMO Adobe creative cloud is a great example of this working out well.
Unfortunately it also generates negative press on social media from frustrated users, and people who avoid subscriptions will avoid the product. But if you're an already established market leader that doesn't care, then subscriptions are fine.
I'm not a fan of subscription services but there are decent compromises to be had, e.g. Jetbrains model where you receive a perpetual fallback version after a year.
I agree that there are decent subscription models. Adobe, however, isn't one of them.
It's really not, Creative Cloud is the most pirated software suite in the world, and the company that makes it is almost universally hated by its customers.
Agreed, the software I am most likely to buy (and least likely to try to use without buying) is one with a lifetime license and offline activation for unlimited machines, even if it's just for one version. That's very valuable to me; as long as I can access the key and installer, I know I will always be able to run it.

Subscriptions are a negative value, it's something that'll bleed me dry as long as I have it.

> I'm not entirely sure what other information would be helpful to provide, but I was wondering if anyone has run into this into the past, and how it was mitigated. While we'll always have some piracy, we'd like to keep it to a minimum.

I don't have answers but I have a few unusual ideas.

I would suggest (perhaps as a "fun" way of dealing with it) looking into The Legend of Spyro style copy-protection. This is where, rather than just depending on the small activation component, there are small checks throughout your code that cause little inexplicable annoyances constantly if a pirated copy is found. Maybe people try to print things and 1/3 of the page is blank. Maybe they try to save files and there's a 1-in-100 chance of total corruption. Checks like these, when widely distributed through the code, obfuscated, and having different things they look for, can sometimes be a major PITA to fully detect and remove. If a pirate feels that getting an initial cracked copy is easy, but getting all the bugs out is miserable...

Another possibility is the "great service, training and introducing features." Pirated copies shouldn't provide access to your training material or any customer support if possible (make it a bit of an enigma to use sometimes). If the pirate has a question but can't read the documentation or watch videos about what to do because he doesn't pay for an account... it is a little annoying for legitimate customers but causes further frustration.

I would suggest (perhaps as a "fun" way of dealing with it) looking into The Legend of Spyro style copy-protection. This is where, rather than just depending on the small activation component, there are small checks throughout your code that cause little inexplicable annoyances constantly if a pirated copy is found. Maybe people try to print things and 1/3 of the page is blank. Maybe they try to save files and there's a 1-in-100 chance of total corruption. Checks like these, when widely distributed through the code, obfuscated, and having different things they look for, can sometimes be a major PITA to fully detect and remove. If a pirate feels that getting an initial cracked copy is easy, but getting all the bugs out is miserable...

This sounds like a great way to make sure prospective customers think your software is buggy and awful and dissuade them from ever spending money on it.

Don't underestimate how often cracked software serves as educational tool or trial version for someone who will later be a professional with money who will buy legit licenses.

I'd also suggest (sorry for forgetting) also having a student license program that is cheap or free upon proof of academic use, and other more-lenient ways of getting a legitimate copy if you are in such circumstances.
It's risky that some of "intentional bugs for pirates" end up working for paying users as well. Every software has bugs, is it really a good idea to create extra ones, some of which might slip by?

At least this creates extra code paths and requires extra testing.

The risk for the first option is that your software will get the reputation of being glitchy
You might consider offering more free or cheap versions, like a student edition (cheap with no proof required) and a free trial. Wolfram, for instance, does both. Not many real companies will cheat, and it's better to have users who can't pay using an official version than a cracked one. Perhaps they start using it in an un-funded skunkworks project, then buy a full license when the project gets funded.
This shows that you have never dealt with companies in 3rd world countries. When money is tight, which is always in those countries, there is not a cheap-enough price that you can make them pay. They want the benefit of the product but they do nit want to pay anything for it. So, a free trial version in those places, will turn into a perpetual "free" trial. Same for "no proof needed" student/academic versions. Unfortunately for the original poster, there is no solution to such a situation. Especially considering, they do nit want to spend an arm and a leg on legal enforcement, for a measly few thousand dollars worth of licensing fees. The only solution I can see for this kind of problem is to design the product to run purely online, leaving nothing more than a UI on the customers' hardware, but since the product is out, there is no way to put that cat back into the bag. May be they should consider future, enhanced versions of their software to run online only.
Maybe one of your main revenue sources shouldn't be trying to squeeze already cash strapped 3rd world entrepreneurs
There is a solution - fully or partially cloud based software. But there are limitations and not everyone will be happy.
Pricing segmentation based on market and understanding their circumstances goes a long way

Help people who want to pay, most don't. And they won't, regardless of how many hoops you put as 'copy protection'. Yes doing it purely online will work, but that has its issues as well

Yes, people who can't pay will keep renewing the free trial indefinitely. Since you weren't going to get any money out of them anyway, there's no loss. More people using your sw costs you nothing, and has various benefits, including:

- if those people someday move to a big company that can afford it, they'll be familiar with your sw

- they may blog about it or publish results from it, giving you free advertising

- reduces the market for a lower-cost version of your product, making new competitors less likely to form

Add then they can unfairly compete with the people that DO pay for your software because their very not having to fairly compensate for the benefits of your labour yet still gain from it puts them ahead of some 'sucker' who pays. I would rather that people willing to steal from me don't compete with my paying customers. Even though their usage doesn't make you less 'whole' it does impact the ecosystem your business operates within.
> Same for "no proof needed" student/academic versions.

At this point why not exclusively offer it to legitimate university users (with a valid .edu address)?

How many universities in the world outside of US give out a .edu address?
> now what?

Now congratulate yourself that people are willing to jump through hoops to use your software, I guess?

Some vendors who sell expensive software arrive (perhaps unintentionally) at this solution: produce software with enough defects or missing features that it cannot be used without regular contact with support. An adjacent idea is to produce software with a large number of plugins that are separately purchased. That multiplies the effort needed to crack and distribute everything.
I’d suggest taking a page from Adobe and Microsoft.

They fight pirating, and that prevents it from becoming absolutely endemic, but they don’t really lose massive amounts of sleep over the cracks, because every cracked copy is training people to use their software.

Sort of “The Old Dope Peddler” model.

It’s not really correct to assume every cracked copy is a lost sale.

Instead, think of it as indoctrination of possible future sales.

Even be cheeky. Detect when the software is cracked (signature/binary hash changed) and message the user “we see your version is corrupt or cracked, you may want to reinstall. If you are using this software without paying for it <something>”. You can invest some time in obfuscation and more frequent releases, but I would not spend a lot of effort on it.
Also a note about the dangers of cracked software. There could be malware, viruses, etc. The value becomes much smaller to use something that could ransomware your system.

Then, cracked software becomes free advertising!

> Also a note about the dangers of cracked software. There could be malware, viruses, etc. The value becomes much smaller to use something that could ransomware your system.

I've always thought this was kind of an old wives' tale FUD. Long time back when I used to hoist the ol Jolly Roger, the pirated versions of software seemed to always be pristine copies. Reputable release groups had their reputation in mind and would go out of their way to release clean copies, or even go so far as to remove the official company-shipped malware like all those offers you used to get during install to Also Get This Toolbar! Reputable crack groups were the same way--leave no trace and use the smallest, most minimal binary modification possible.

Same with pirated movies: The pirate releases are often better than the official releases, containing more subtitle languages, stripping off marketing and FBI warnings, and so on.

Problem with pirated movies these days (and for a long time) is that you have so many variations: garbage like different encoding schemes because some loser still watches the films on their DivX player or re-encoded in other methods. Then you have different release groups releasing their own variations and you have to keep on top of all these silly labeling schemes on the filenames. It all leads to clutter on the scene sites and no true guarantee that you are getting the pristine release. These days, I acquire the 4K Blue-Ray, rip the data, strip off the DRM, and make my own pristine release that I know for sure is the best of the best. Its got all the ads/copyright stuff stripped and all tracks, subtitles added.
Neither of those things you mentioned (poor/strange encoding, silly filenames) are a problem beyond minor inconvenience. Any standard release will be x264 or x265 with AAC or DTS, and a simple program like Filebot will lookup all the files on imdb and rename them for you automatically. It is great to support the industry that makes things you like, but ripping blu-rays is orders of magnitudes more work (I do it though, since I like the commentary tracks, I just wanted to correct your misconceptions).
It depends on your perspective. If your intention is to enjoy the film with the best possible quality, then it goes from being an inconvenience to being a real problem. If you don't care, then yes it is just an inconvenience. I'm not saying it is a dealbreaker for everyone, but it is a dealbreaker for me.
I've only gotten malware twice in my life. It was on windows and in came from the ads on a reputable normal website.
You could always do the Windows 10 Activation model.

If you don't activate Windows 10, you have no ability to personalize your PC (change wallpaper, colors, Lock Screen image, etc.) But you can still use it - which makes it annoying, but still functional.

After a few weeks without activating, it also adds an always-visible watermark warning to "Activate your PC." But it still lets you use it.

Perhaps the OP could do similar. Where... he has his standard system of copy protection, but then adds additional checks that stamp watermarks on printed documents, or show a watermark about illegal copy, doesn't allow adding business information to documents, so forth...

Maybe that's even the trial version. Always free, forever - but certain features disabled and lots of watermarks.

The cracked versions will simply disable all these anti-features.

All you will do is annoy legitimate users.

The risk in any of those measures is mis-identifying a copy as "cracked" and refusing to function fully for a paying customer. Sometimes that customer will be understanding, but sometimes they'll just plain angry that you're selling them a license for thousands of dollars and then mess with their ability to get things done. And they usually won't be silent about it either.

You can totally do that when you're Microsoft because pretty much everybody hates you already but you have essentially a monopoly so what can they do? But it's very different when you're in a market where alternatives exist.

I think the idea is to put out a company-approved nagware "trial" version. It makes piracy less likely (because the benefit of a full cracked version is smaller) and gives you a sales channel to those who would have pirated it.

The downside is, people who would have paid might discover they're quite happy with the trial version.

One good idea is to time-delay that response -- hackers generally won't sit around for a month, or even a week, and see if your app will start responding differently.

Of course, they'll probably re-hack it at that point, but often the first hacked version ends up being the most spread around one.

You don't want to do this "immediately" after checking for pirated versions, that will be checked and cracked as well

Do it silently and maybe warn in a non-obvious way. But I wouldn't annoy the user too much

Parent is right, most of those pirating it wouldn't have bought it in the first place. Especially if it's a technical software with limited use (as opposed to a game, for example)

Probably a waste of time. If they've gone to the trouble of cracking, removing a nag screen is probably trivial.
This too will be trimmed from the cracked version just.
am I the only one that thinks that the remote possibility of showing this message to a legit customer by mistake outweights any benefit it could bring?

you are not gonna guilt anyone into not pirating and if the message blocks or is annoying, crackers are gonna circumvent it just like they did the license check.

A lot of big players like adobe and microsoft don't seem to think this is a problem. In the past I have gotten cracks for legitimately purchased software from both because their licensing system is/was crap and would block access thinking my copy was not valid.

Pretty bad when the pirated versions of your software work better than the legit copy.

> A lot of big players like adobe and microsoft don't seem to think this is a problem

Microsoft has bribed their way into having power of police in Argentina.

the can legally obligate you to give them a report of how many computers and what operating systems you are using and they can request a judge's order to enter your company with the police to audit your infrastructure if they think you are not telling them the truth.

I they will do this kind of stuff without fear of losing face I don't think they will care if some legit customer gets hit by a false positive.

I think the inclusion of 'corrupt' gives legitimate users a mental excuse from this problem.
I’ve seen an advanced version of this once. A company I’m familiar with made sure it was relatively easy for users to copy existing licenses. So in an organisation where their software was popular but maybe a pain to get a purchase order for it would spread. They had activation ping backs and could see which companies were running lots of unlicensed copies. They would let it spread and wait till usage plateaued. Then legal would contact that org and suggest they buy the full thing with a nice juicy support contract to avoid litigation.

This worked especially well with (I think) US government agencies who can in theory be fined for every time the software was activated.

You say a license costs a few thousand dollars. Is that kind of customer going to use cracked pirated software? Are those customers going to risk a data breach to save a few thousand dollars? I don't think it'll affect your business at all.

If the cracked software gets downloaded a lot then maybe there's another mass market that will pay tens to hundreds of dollars for your software. If that happens then it might be worth releasing a new version of your product at a lower price point for those customers.

Way back in the day I was involved in cracking software that I needed to use and would share the keygens etc with other groups. Like many posts here say, I couldnt afford licenses.

It's an arms race and the best thing you can do is redesign your activation process. There are certain ways to do this that make it increasingly difficult to get around it.

It's like computer security in a way... You cant ultimately solve the problem but you can make it so difficult to do that the time investment required is probably not worthwhile for an attacker.

Were you also doing demo-scene for your cracks ?
I havent heard about demoscene for years. Unfortunately I was never a part of it.
If someone is sufficiently motivated, they'll always find ways to crack the software. If you don't have a large "personal" user base (as opposed to firms) - consider introducing a cut-price personal edition to lessen said motivation. Firms using it for "real work" - which I would hazard a guess at your price point form the bulk of revenue - are unlikely in any case to use a cracked or personal edition. Firms in less well-off regions may choose to buy the personal edition and accept the legal risk, but avoid the larger security risk of a cracked version - so you still get some revenue.
Double down efforts to survey users and potential users. Keep making the product better. Consider the pirate option as a competitor. Don’t demonize your user base, but don’t be afraid to go after any institution you know is using pirated version.

Build multiple telemetry code paths in your code — if you can just get IP addresses of offenders you’ll have way more info than now.

It's a matter of course to firewall all Networking of all DLLs in Illicitly Downloaded applications
> Don’t demonize your user base […] Build multiple telemetry code paths in your code — if you can just get IP addresses of offenders you’ll have way more info than now.

Sorry, but from where I stand that absolutely looks like demonizing the user base.

I think the parent means more "analyze why they are pirating" (is your price for a given too country in a weird spot, is it an unapproved software purchase, etc)
Okay, but the suggestion amounts to "track all your users, including the legitimate ones who paid you, all the time".
The "why" is easy to find out without tracking all your users.

> A license costs a few thousand dollars

Remember to be GDPR compliant though. You must ask consent if you decide to track personal information such as IP addresses.
Make a blogpost talking about this, say you won't pursue users who pirate, but you hope that once they realize the value you provide they come to purchase the real thing.

Demonizing and chasing people who pirate will only work against you, just like it happens with gaming.

Consider the pirate version a "trial" for people who are considering whether to buy the official version. Again, many with gaming do this.

Don't feel bad. In all seriousness, piracy is probably helping you spread the word and get people to try your project.

These aren’t your customers.

The user who is willing to stomach the time and risks associated with cracked software is NOT your target market anyway.

This is essentially a free trial program for “aspirational users” who will circulate it for you.

I’ve had my software (games) pirated, and been a pirate in my youth. Now I wouldn’t consider pirating because I have more money than time now. I suspect your actual addressable market is in the same boat.

The worst thing you can do is add draconian copy protection that adds friction to your product for actual paying users.

> The user who is willing to stomach the time and risks associated with cracked software is NOT your target market anyway.

I vehemently disagree. Cracked users of commercial software ARE your target market that, for any reason, can't afford to pay you. They would if they could.

When I was a broke teenager, I pirated a lot of software, games and music I later paid for when I had enough money to do so.

Piracy can be annoying, but it is also an underrated indicator that some people really like or need your product so much they'd rather put up with the discomfort of piracy instead of going to the competition. I wonder if this is also an indicator to very expensive software that they might increase their paying user base by lowering their price. You might be leaving money on the table, maybe it's time for a flash sale.

I think you're actually in agreement with GP, just in different words. You weren't the target market... until you had enough money to become part of it.
>I vehemently disagree. Cracked users of commercial software ARE your target market that, for any reason, can't afford to pay you. They would if they could.

I think we actually agree. You said “They would if they could”, that’s exactly what I’m saying.

Especially in business software, the risks associated with piracy always outweigh the benefit of free software for those that can actually pay.

The person who is trying to learn, or uses the cracked software while climbing up the pay-scale will eventually turn in to a paying user.

As others have said, getting cheeky and letting folks know that you know the software is pirated is also a good approach.

Price-testing as you mentioned can also be valuable. Spending energy on DRM or anti-piracy schemes beyond a little Easter-egg/joke/warning is a waste of energy better spent on improving your product for your actual paying customers.

> When I was a broke teenager, I pirated a lot of software, games and music I later paid for when I had enough money to do so.

I don't know, I feel like it depends on the culture as well, not just the amount of money someone has.

For example, I am at a point in my life where I can afford JetBrains licenses (actually their Ultimate pack with tools for all languages), so I buy them. Some people that I've talked with, while also apparently able to afford such tools, simply don't bother paying and prefer the pirated versions instead. They might look at the ~350 euro yearly price tag, consider that it's X% of their current month's salary and prefer free instead, even though it means putting themselves at risk (sometimes). In other words, they just don't care.

I can pretty much say the same about Windows installs that many are running on their computers. Given that buying Windows might be a non-insignificant part of their income, they just won't and instead might pay 20 euros or something to someone who can give them an install that just works. They don't care about copyright, or the ethical aspects, they just want the shiny thing.

My income has gone up in the past few years to a point where I'm comfortable, but I definitely can understand their point of view, even if it's unethical, at least given how life can be in my country (Latvia, though the same applies to many other economies around the world). Heck, in regards to entertainment I never buy those new AAA "full priced" games and just not play them if I can't find them on discount/sale until a few years pass and they're cheaper then, though I've heard that shady game key reseller sites are also popular here.

Here, the average annual disposable income per capita per year was around 11 thousand euros in 2020: https://www.statista.com/statistics/1267688/latvia-average-i...

Edit: actually, my country might be a bit of a negative example in particular, not sure why: https://eng.lsm.lv/article/society/society/latvia-leading-in...

> According to the MUSO anti-piracy analytics website, 46.3% of Latvians use the web to access illegal content, followed by Bulgaria (27.4%) and Lithuania (24.5%).

> Cracked users of commercial software ARE your target market that, for any reason, can't afford to pay you.

I've gotta disagree here. SOME pirates are your target market that can't afford to pay you. I can't tell you how many times a friend has bragged to me about pirating a movie over drinks at an overpriced bar. If you can afford four cocktails at $15 a pop then you certainly can afford the $20 or less it costs to license a movie. Some people just like to feel like they're getting away with something.

>This is essentially a free trial program for “aspirational users” who will circulate it for you.

Do you provide demo (limited functionality) and trial (full version with limited time) options?

Congratulations! Having cracked versions out there indicates that your software is both useful and notable, which is a point where many developers would love to arrive at, maybe, one day.

As to what to do about it, there are two basic tracks, neither of which is incompatible with the other:

1. The legal route: notifying distribution sites that they're hosting content in violation of copyright law, requesting takedown, and if required, demanding such (with a DMCA notice or similar). If a distributor is unresponsive to both, DMCA Google, Bing, etc. to at least suppress the cracks in most search results;

2. Having some fun with it: make sure that a special page on your own site becomes the #1 search engine result for "<productname> crack" and similar. On this page, put a human face on your pricing, explain the available discounts, and finally offer to supply a free registration key to anyone that truly wants it, so they don't have to download all kinds of shady binaries. Of course, any such free keys don't come with support and display a prominent PIRATED VERSION notice in all window captions, printed outputs, et cetera, but you disclose all of that upfront and explain how that's a small price to pay...

But above all, make sure not to confuse a "pirated copy" with a "lost sale". In 99% of cases, the Venn diagram of those has very little overlapping area.

Yes, this is a good problem for a developer.

2b. Free with Ads. Yes, this is not for everyone, but many devs will make this path an option. Your buyers must realize that all ads can be removed for a fair price.

Completely agree. Great comment. Make it harder to find by simple means by requesting link takedowns, etc. Don't bother trying to make it harder to crack since real crackers will not be deterred.
There was a videogame that got famous because it was pirated, it was a management game about setting up a gaming company.

Turns out, the pirated copy had a special feature where the player would feel immense economic pressure from piracy, so a bunch of players asked how to win against this, it was pretty hard and really fun for people who knew what was going on.

Point is, you could hide an Easter Egg for pirated versions (can you detect the lack of signatures?)

Here's the full story of that: https://www.greenheartgames.com/2013/04/29/what-happens-when...

It's important to note that they didn't use DRM or anything like that to detect whether a given copy of it was pirated. They made two builds of the game: a normal one that they gave to paying customers, and the special one that they uploaded a torrent of themselves.

I love this approach. If you can detect a crack and block it, it will get worked around. Injecting easter eggs is much more subtle. There was another game that made an otherwise easy jump between two platforms impossible, so the players who had cracked the game went on forums and unwittingly revealed themselves by asking how to complete that level.
We have implemented something similar. The most obvious way to crack our software will trigger certain bug. Whenever people report that bug I feel a little joy
> Whenever people report that bug I feel a little joy

I hope you are super duper 100% sure the bug can’t happen otherwise. I would hate to be your paying costumer and ignored because your drm system is buggy.

Yes. 100% super duper sure.

It's something along the lines of: Pi+=2 in one place of the code. And Pi += 1.1415 somewhere else. And both are guaranteed to run at the start of the program so that Pi=3.1415

However one of those lines is hidden in a part of the code that the most obvious crack is going to remove.

Okay. That sounds reasonable. Well thought out system.
The hilarious thing about this is that this might have different behaviors across architectures or optimization levels if you do a bad floating point compare...
It's a good way to do it! The less obvious it is that there is a remaining check hidden, the better. Some games would become impossible to win, but only halfway through or worse. Sometimes with multiple layers hidden in different places that fail at different moment.

I cracked an expensive FPGA simulation program (for which I had the license, but the FlexLM scheme based on the MAC address of the adapter was just too annoying to get working on Linux).

What they would do is have a sort of unit test of their license verification function at runtime. There was a check hidden somewhere that I never found, and if the license verification was changed to always return true, the unit test would fail. The simulator would continue working within a single module, but as soon as you tried simulating a larger project, it would return undefined values between all the modules, rendering the simulation unusable for any real project =)

(I solved the unit test by having the license check return true only for my hardcoded serial number, which is definitely easier than hunting for the different places where a check might be hidden)

Batman: Arkham Asylum

https://bit-tech.net/news/gaming/pc/pirated-batman-pc-contai...

> "I've got a problem when it's time to use Batman's glide in the game," said user Cheshirec_The_Cat, whose appalling spelling we felt we needed to clean up. "When I hold [the button], like it says, to jump from one platform to another, Batman tries to open his wings again and again instead of gliding. So he falls down in the poison gas. Can somebody could tell me, what I should do there?"

(comment deleted)
Crysis 3 would let you play an hour or two and then some special weapon wouldn't have ammunition essentially soft-locking you out. Great way to sell too.
Mirrors Edge too. You'd get through the first couple of levels then she'd just slowly come to a halt right before the ledge and you couldn't move anymore.
I first misread this as Microsoft Edge and found it funny, if perhaps a little convoluted.
That kind of thing is a cute idea but that specific example has always bothered me because it implies the devs really think that piracy is a catastrophe for sales.
(comment deleted)
Long ago, I helped distribute cracks and reverse engineered servers for warcraft 3 alpha. One of the biggest issues in the cat and mouse game was when blizzard introduced 2 invisible golems that would attack your base. That took the crackers much longer to fix than other updates.
That happened in I am Legend too

The pirated version had a different name for one of the mannequins, but people loved the quote and the acting for yelling out the name of the mannequin in the movie, so that led to people would arguing in internet comments about the name used and you could get a feel for how prevalent the piracy was by upvotes

It was later added it to the paid copy of the game and it's similar to a 'very hard' difficulty where the normal strategies of development don't apply and you have to include DRM most of the time to break even on per-game costs. Completing it was a difficult achievement.
> can you detect the lack of signatures?

I think a fundamental aspect of cracking consists of disabling such detection mechanisms. But if the cracker only digs far enough to ensure that it seems to work without nags, and not far enough to find Easter eggs, then it will probably work for a while until people catch on and demand a further crack.

It's really the OS that needs to detect a lack of expected signature, because the cracker isn't going to be able to disable an OS feature unless they release the cracked app as a while VM or something. But that's a thing...

Depending on the nature of the app a suitable easter egg may be that over time the outputs become randomly but subtly incorrect. Another technique is to canary mark outputs in some way (like a tell tale unique string in PDF/export outputs). In this way your sales team may be able to search for those outputs and put pressure on large orgs creating those files.
One of the Command and Conquer games (Red Alert 2?) would blow up your MCV 30 (or thereabouts) seconds into a game if it detected piracy. Funny, albeit, entirely less subtle.
The obvious risk with that approach is that if people do not realize that this applies only to the pirated version, you're risking bad reviews, which can cost you actual sales (you don't win anything just by keeping people from pirating your software, you only win if someone who is willing to buy but prefers to pirate chooses to buy instead).

I believe there were several games that had a reputation for being horribly buggy that was at least partially the result of pirated versions having bugs intentionally introduced by the copy protection.

I believe the game you mentioned made it really obvious what was happening and why to avoid that.

> The obvious risk with that approach is that if people do not realize that this applies only to the pirated version, you're risking bad reviews, which can cost you actual sales (you don't win anything just by keeping people from pirating your software, you only win if someone who is willing to buy but prefers to pirate chooses to buy instead).

Any time I've seen game devs try it the comments under those people were "you fix it by buying the game pirate".

And platforms like Steam allow you to review only bought games anyway

There's a third option:

If the software supports getting updates, get the cracked copies to phone home and have a legal firm send them a warning they might be using hacked software.

Home users won't care, but legitimate businesses might convert to actual sales.

How would you send them a warning, you'd know nothing other than an IP address? If you just send the ISP a regular ol' "copyright" notice, there's a lot of ISPs who do not forward those notices.

And if you made cracked copies phone home, that's something that would get removed by the cracker anyway most of the time.

In my country, there is a branch of police that deals with such things. They have a relationship with an organization called Business Software Alliance, which I believe is formed with this specific goal- to allow foreign companies or their local distributors reach pirate users. However, I'm only aware of the major software companies being members of this org: Microsoft, Adobe, Dassault (Solidworks), Siemens.
If the business is from someone in a low income country, they likely wouldn't care about any legal warnings either. Some of the software prices in those countries are very expensive relative to prices of other things.
"and have a legal firm send them a warning they might be using hacked software."

Rather send a message directly through the software and give a link directly to purchase it. A bit cheaper and more straightforward, than finding out adresses and involve lawers. That should be the last resort.

>Congratulations!

Indeed! There's a nice anecdote from Paulo Coehlo (I don't like his work but w/e) where he was stuck in traffic somewhere in LATAM and a guy passed by his car selling pirated copies of his newest book. He then says this event made him feel like he had finally made it and even became a strong promoter of piracy, heh.

A (possible) third option would be to distribute the product under a SaaS model instead of a binary.
Other options

We had this happen too. In our case, our software required our hardware to function so we put the recurring license on the hardware instead of the software. It's been about 8 years since then and nobody has been able to crack that system yet. Some software that doesn't need hardware also uses a small hardware key to enforce licensing.

Going forward, you could make it so the user has to login to your service when they launch your software. You could provide extra value to your paying customers through this channel too. You would run into some other challenges such as shared passwords, but those have some mitigation strategies too.

When I was working on video game cartridges, I discovered that one of my neighbors in my apartment building was a prolific pirate. I introduced myself and we had some fun chats.

The Atari 800 cartridge address range could be populated with RAM, and cartridge images simply copied to RAM and run. Copy protection techniques usually involved figuring out sneaky ways to write to that address range (which would crash an image running from RAM).

Toward the end of one project, I spent about two weeks writing an encrypted, multi-stage anti-copy system. A few months after the game shipped, I asked my pirate "friend" about it.

"That was a hard one," he said, "It took us nearly three days to crack it."

The Atari 800 was my first console and where I typed my first lines of Basic code. While it wasn't obvious as a 7 or 8 year old kid, I reflect back on this experience fondly and recognize that it was instrumental in my development as a self-taught software engineer. Thank you for your role in my personal development.
The Atari 800 was released (IIRC) in 1979. It was a surprisingly good platform, with a decent OS, a tolerable file system (for a slow floppy disk), and great documentation all around. I learned a lot reading the Atari docs, long before I worked there.
These days the companies won and modern game DRM often doesn’t get cracked for the first year if at all.
Steam seems to have significantly reduced the market for pirated games. Streaming did that for movies for a while, until every single production company decided start their own.
Almost like Gabe Newell is right, piracy is first and foremost a service problem. There's some irony in things like Denuvo making games worse for legitimate users and creating new incentives to crack it, or players deferring purchases until it's either inevitably removed long after the launch window (where publishers are expecting the majority of purchases to happen).
To some extent. With modern AAA games costing ~$100AUD these days, there is still a strong incentive to pirate even if it’s far more convenient to buy.
It definitely is nuanced and everyone has their limits, which may depend on their personal circumstance. The solution for companies it to find a solution. An easy enough solution at a price point most people find reasonable. There are some people where the convenience or price point will never be good enough, but those are edge cases. As mentioned by someone else in a different way, you don't want to alienate your majority of happy current users to try to scoop up the handful who will probably just write off your product completely rather than pay.

For instance, current Netflix pricing I am okay with, with the content they have. If the price triples, you bet your ass I am going back to torrents unless they really step up the quality and quantity of content.

The difference is that it is always possible to rip a movie but cracking games with server side computations could be practically impossible.
The games industry has moved to where even single player games are online enhanced experiences. As angry as that makes users here, gamers and corporations are quite happy with that arrangement which blocks piracy and makes games more fun.
For me, personally, writing my own replacement server would be easier than cracking a binary client.
That heavily depends on game in question. Some use "top of the line" DRM still get cracked within a week.
There is apparently only one person in the world cracking Denuvo and they are very unreliable/unstable. Most of the major "week one" incidents have been accidental leakages of the unprotected game.

There is just very little incentive anymore. The skill level for hacking game DRM is extremely high now and those people would rather spend their time working on one of the many bug bounties where they can get huge payouts and public recognition for hacking ios vs having to hide behind tor and risk arrest to provide kids with free games.

Best is 2. because it's human and fully open and clear in communication and also sane because you acknowledge that every other step is a fight against windmills and swimming against the stream. Using what has been given to you is the best thing, the smartest thing and with that you show, that you outsmart the situation and also respect the users (payed and unpayed)
I think 1 is absolutely is fantastic comment. How many people define as finding product market fit is if people love your program and tell about it to their friends. Here they even go as far to crack it.

A third option is a big looking what adobe photoshop did. Most people in the early days has an access to a cracked version and it became nearly the standard for image editing. And how did they then manage this: By adding cloud services.

You could maybe start small and say: „You can download our free templates (don’t know what type of software but I thought of some 3D models) from the web (new template every couple of month) and this works only with an activated version. By this you actively provide more value for your paying customer at the same time instead of wasting time and money to just make it harder to crack.

>But above all, make sure not to confuse a "pirated copy" with a "lost sale". In 99% of cases, the Venn diagram of those has very little overlapping area.

Very true. If they were never going to pay anyway, you haven't lost anything if they use a crack. It still irks though!

Consider it free training, education, and marketing rather than a lost sale.

It's literally the same reason most companies give students essentially fire sale discounts (often just free) versions of their software.

They're probably pirating it because they aren't deriving much if any revenue from using it yet (it's either for personal use, they're learning a new tool, or they have no money). But having that person familiar with your software and trained on it means that if they reach a spot where they're using it profitably for business - it's basically a guaranteed sale.

This was how I got a licence for the Protel (Now Altium) PCB design software when back in university; the cracked version doing the rounds on campus was rather prone to crashing, so eventually I figured I had nothing to lose, called up the distributor and asked them if they did student discounts, as buying a full licence was definitely out of the question, but so was using the, uh, evaluation version with its stability issues.

"Sure thing, how many do you need?"

When I hesitantly reminded him we hadn't discussed prices yet, I was told it was free as they really wanted to snare us in as users before we wound up in paid work where we'd need to be productive employees fast.

I have since had three employers buy full licenses and support deals. Good call by Protel back then.

Yeah basically. Not only that, but, for all of the most expensive software I use, I used a pirated version first for months to ~ 1 year first. Once I really got a feel for it, if it provided value to me, I have pretty much paid for it everytime. And no, a 30-day trial doesn't cut it for evaluation. If I used the software enough to where a 30-day trial would have been enough to test it properly, the value proposition would have already been there to just buy it. Software trials should be based on hours used or something, and the eval periods are almost always too stingy.

Instead, the value proposition to switching to paid became once it had established value to me, and I could benefit from the reduced exposure risk of running malware in the cracked version, and possibly get updates if they affected major things like stability, or new tool-sets or access to online data that was useful.

There is a third option which I'm surprised no one has mentioned so far: Ignore them.

First, people or companies using the cracked version of your software were never going to buy it. These people do not pay for software, and nothing you do will convince them to pay for it.

Secondly, whatever measures you put in place to combat the cracked versions will potentially have a negative impact on your actual paying users - the real people you built the software for.

Extra security measures or hoops to jump through; extra validation or 'calls home.' - all extra things that can and will go wrong at some point for a real user.

Why would you inconvenience paying users to combat people who will never be paying users?

Ignore them, and spend your time improving your product for your real users.

[I've had 3 desktop apps cracked and hosted on Warez sites over the past 15 years - even appearing for sale on eBay on some occasions. I was worried the first time it happened, then I stopped caring. They made no difference.]

I agree. Ignoring them is probably a good strategy. #2 in the list is too time consuming and has opportunity cost for the small team already wearing many hats.
It was called "the WordStar effect" in the 80s. Your marginal loss to pirates is nothing compared to the incremental effect of becoming a standard.

Not always effective for all applications though.

Yes, exactly! This is IMHO the best answer. You'd also be amazed at how many people pirated photoshop while they were youths and/or students, and later paid for a legit copy when they had a real business need because it was what they knew and loved.

It's very bad economics to think of a pirated copy as a lost sale. In some cases the piracy helps drive sales!

> First, people or companies using the cracked version of your software were never going to buy it.

I've heard this before but I'm not convinced this is actually true. Why? Because I use Netflix instead of torrent sites, and just accept the limitations of that format. Programs are tools vs of entertainment, but I don't know that the human psychology actually changes.

A neat trick they did was to introduce downloading as a feature. Now search results for "Netflix download" all talk about the built in feature as opposed to teaching how to rip the DRM off the downloaded file.

I think this is different in consumer and corporate markets. The tradeoff to expose a business to legal liability and security problems is not a good one for most businesses while it's usually acceptable (or isn't realized by) many consumers.
Not sure how your example of Netflix refutes the point being made? It’s exactly the point?

Regardless this just goes to show that the problem can be mitigated by making the legitimate route less painful than the illegitimate one. I used to pirate most of my music collection but now I use Apple Music because the friction of maintaining the library across multiple devices is so much lower.

Imposing restrictions and hoops to make your product harder to pirate is vastly inferior and in many cases entirely ineffective in than designing the product to be a superior experience to pirating it.

The ability to do so is going to vary wildly by the product itself, but that is the better way to achieve the goal.

There are people who will always pirate things, whether out of principle or out of economics. However there are plenty of people who would gladly cross the line if the legitimate route was significantly better, either by ease of use or design.

Oh yeah okay I see what you're saying.

DarrenDev says there are no lost sales. However, I pay for Disney plus because I don't have access to invite-only torrent sites where the latest movies can be found, but I'd still like to watch them. If I had access to those torrent sites or someone's Plex, I could cancel Disney plus.

I do have an access to an invite-only torrent site, but rarely download anything from there (mostly to keep my membership). Once in a while there's a movie that hard to come by online and I have to reach out to them (because of some stupid regional thing or whatnot). I'd say I download 2 movies per year. Convenience beats everything.
Look at Adobe, for instance.

A good portion of their user base got started using cracked copies of the software, as the price of something like the CS6 Master collection was well outside of the affordability of the average hobbyist.

But some of those teenage hobbyists grew up to go to college to expand on their Adobe tinkering to becoming professionals that sneer at people who use non-adobe products because of the price.

Businesses buy the software because that is what the talent is trained on. The difference between calling what Adobe has on the market a monopoly and an actual monopoly is probably only technicalities at this point.

Sure, most of this comes from the fact that their software really was the best of the best for the longest time, and their lead in technology and namesake is so far ahead of any of their competitors that it is laughable. their software was pirated obsessively because it was so good and so expensive, just like Waves $2,000 Mercury VST plugin suite.

There are other softwares, many of which are free or very affordable, that do 95%+ of what anything adobe or Waves does. But when you edit a photo with Gimp people will still instinctively say that you photoshopped it, and few people will ever care what plugins you used on an audio track if it's not autotune.

It's the same with IDA Pro.

Its completely unaffordable to the student or hobbyist, the "home edition" is too limited to be useful, so everyone starting out uses a cracked version because its been the de-facto industry standard tool since forever for reverse engineering.

Later when those people get jobs, they become another paying (through work) licensed user of IDA Pro.

What's slowly fucking IDA now is finally there are alternatives, the NSA open sourced Ghidra which can replace IDA to some extent - so smaller customers (who were always treated poorly anyway) are moving away from their product.

Adobe targets a very wide market, so it's okay to "let them learn on cracked PS" (like Microsoft did, actually), but in OP's case their case is obviously very narrow and this model, sadly, won't work..
You likely use Netflix because you can afford it.

Would you still pick Netflix over torrents if it cost €100/month?

When I was a young teenager I used to rip CDs from the local library (who could get almost any CD in a week if ordered).

Now I spent a fair chunk of money on both digital and physical (vinyl) supporting artists - because I can afford it.

When I was a young programmer, I used to buy CDs based on the songs I found using Napster, it was glorious being able to freely discover so many new artists/songs based on everyone else's collections.

Then they (the record companies) started suing their customers, and I stopped buying CDs. I've been listening to the same set of songs ever since, or stuff on youtube.

Never again will I feed that monster.

I agree with this, but I do think having pirate keys show up on ebay is a special case. I've dealt with this in businesses that expected Microsoft support but had windows and office keys bought off ebay that they believed were legitimate. End users often just think that $5 key is a special deal. It's worth sending whatever complaints you can to ebay.
Distributing cracked software for free is one thing, but people trying to make money selling cracks or access to them ... if it were my software, that'd feel personal.
Eh, you probably want to give company customers some notice it is a pirated one.

If there is no note whatsoever it's very easy to get to situation where user A starts to use it, pirates it, then just dumps it onto file share and tells others to use it.

I use cracked software until it is too useful or frustrating to use and the economics makes sense.

If you are making money from something or using it enough that you want support / reliability, pay for it and shame on you if you don't

Don't gimp your cracked stuff for the college kids and evening hacks just trying to see if they like something or if they can build its use into a business.

> These people do not pay for software, and nothing you do will convince them to pay for it.

I have pirated person when I was a poor student where it literally was money for food vs buying some software. I buy all my (commercial) software now that I can easily afford it and support multiple open source projects with donations. And the software houses, Bands and filmers who have seen the most of my money have been precisely the ones whose work I liked before.

The creators who have not been assholes about it (or even had some kind of humor in their response) are well remembered.

Sure there might be people who pirate everything out of principle, but my guess is that the majority will only do it if they can't help it any better.

> First, people or companies using the cracked version of your software were never going to buy it.

Or, they would never have bought it if unable to obtain a pirated copy, but now that they've tried it, may purchase. Admittedly this is more true of games than other software. When I compare my steam library to my pirated library, many of my favorite games are in the overlap: I tried them first, loved them, and then bought them.

‘But above all, make sure not to confuse a "pirated copy" with a "lost sale". In 99% of cases, the Venn diagram of those has very little overlapping area.’

The non-overlapping are is likely non-trivial. There are surprising many shops that use professional software for client projects, could afford the license, but that prefer pirated copy to paying actual license fee.

Ofc persecuting non-professional users is pointless. Persecuting professional users in a smart way can lead to license sales.

Lol everytime I read this argument I think of the software VirtualDJ. It was notorious for being the DJ software to use about a decade and a half ago as pirate copies were everywhere! Fast forward to today and you can read post after post from ex pirate user that's now a paid user. VirtualDJ have one of the more expensive software licenses on the market in that sector too. I wonder if many other software companies have had similar experiences?
That describes the progression from a poor hobby user to a more affluent hobbyist/pro. The market I know and meant (CAD) there is no such progression and the way to make the pirate users licensed users is to give them one call, offer a chance to buy an official license, and if this does not work inform the authorities. Legal procedures though likely need a way bigger org than 15 persons.
I'd imagine most of that is out of annoyance of dealing with pirate version or just them finally being able to afford it as it is now part of their job.

I feel like easiest way to monetize apps like that would be free noncommercial license. Want to DJ your school party ? Go ahead, as long as nobody pays you it's fine, and if someone does, well, now you have money for license.

You're also building potential user base, when everyone can play with your software without limits many will pick it when they will do something commercial

A full actual version of SOLIDWORKS costs, no joke, $10,000 for a professional license ($8k plus $2k/yr support contract). An engineer at, say, Tesla is going to have that paid for by their employer while designing the Cybertruck. That Tesla engineer is also going to want to use SOLIDWORKS to design their bike shed. Their two choices for their bike shed are either use their work computer, or pirate it. (Using non-solidworks CAD isn't really an option due to the muscle memory involved with the application, and the resulting switching cost.) So it's getting pirated. But that also means their next employer better have SOLIDWORKS and so that "lost" sale for a bike shed really isn't.

But you'd be insane to use a pirated copy of SOLIDWORKS for anything professional (like if you were the Cybertruck's door handle subcontractor or whatever), just like you would be insane to use a pirated copy of windows or Office. But let's be real, plenty of people do that. Whether it's because they're poor, or whether it's because they're cheap, or both, full list price is simply not gonna get paid, and so they'll go with the cheaper option - it's just that cheaper option happens to be a $0 pirated copy in most cases. Some offices will have one genuine copy for one computer and pirated copies for the rest of everyone, especially part-time contractors. In that way, a cheaper academic license, even accepting that there's no fool proof way of checking for that, or having a time-limited entrepreneur/start-up option will lead to more sales and more money.

It then becomes an exercise in the dark art of pricing things, to figure out where that sweet spot actually is. A 30 or 90 day copy which is hopefully long enough to build the bike shed, priced right, is an actual sale that can be made that otherwise wouldn't. A cheaper limited version for the non-premium seats at the company are other additional sales to be made.

When I worked at GE, anyone could buy a copy of MS Office for $10 - full version not the subscription.

Why not bundle a separate license for individuals with the enterprise license.

The value of deliverable asset (document etc) from MS Office for the regular user is insignificant. The value of deliverable from a professional CAD application otoh, always has a price that likely non-trivial and plausibly much more than the 10k yearly license or so. E.g. A multi-month project with all of the relevant design data.
I like the special page suggestion. Humanizing the software is a great way to get people to pay for it if they have the means. And if they don't, then you're doing some good in the world (hopefully) by giving it away. Maybe at some point in the future they'll pay it forward or back.
This depends on the market. I know a handful of people who got out of the VST plugin market because cracks were killing them financially.

VSTs are pretty niche and the market is mostly people without much money. But you can find cracks being used in top studios, so...

“But above all, make sure not to confuse a "pirated copy" with a "lost sale". In 99% of cases, the Venn diagram of those has very little overlapping area.”

I’m seeing many comments saying this, but it’s simply not true for commercial/industrial software. Outside of the US, even in large swathes of Europe, it’s extremely common to lose significant revenue to piracy, and if you make it too hard to pirate they will pay.

Companies (the customers in this case) that are happy to exploit workers in sweatshops? Also completely happy to use your software without paying for it.

This pro-piracy nonsense is a point of faith for many nerds. They will twist themselves into pretzels to avoid the conclusion that piracy is costly and that enforcement of the law can be good.
> Having cracked versions out there indicates that your software is both useful and notable

In the vast majority of cases it doesn't mean that.

A lot of cracking is done for sport and to show off, especially when the protection is weak.

Your comment is beautifully succinct and made my day.

I don't use any cracked software, but I sure did when I was a kid without money. And I was so grateful for it, especially all the DAW and music production stuff.

There is an utilitarian argument somewhere in there about free software.

Copyright owners also habe legitimate interests in their products and are afforded with different ways to gain value from a software product that is locally installed.

Also, something like a self-contained, "portable" linked binary that creates value without any dependency on any online service will always be trivial to copy but also maximally useful.

(Edit: languages that depend on an interpreter don't differ too much, I think)

If your app is a game and/or you think that DRM provides significant value to you, consider moving to an app store or other platform that manages the DRM semi-automatically, perhaps with OS support in the case of macOS/Windows/iOS/Google Play/etc..

If your app isn't a game and/or you think that DRM isn't worth the platform tax, remove the DRM and focus on building relationships with your customers.

> But above all, make sure not to confuse a "pirated copy" with a "lost sale".

The one time I had software cracked and pirated sales pretty much dried up immediately upon its release.

This is probably true if your audience is primarily people who aren't particularly technically minded, but my product was no doubt most appealing to the same kind of people who know how to pirate software.

the obvious approach is to keep raising your prices and attempts to lock your software down with anti-circumvention measures. That always works.
Nothing. Almost all of the research points to piracy having zero impact on sales for example, https://corsearch.com/content-library/blog/does-piracy-impac...

It's been shown time and again in gaming no matter what you do people will crack it and your measures to stop them will have more negative impact on your paying customers than it does on pirates, see Denuvo.

Honestly, the best thing is probably working on your conversion funnel to understand why you aren't converting people from pirates to purchasers.

I believe denuvo is by now more a success story than a failure, there's not many groups cracking the latest versions of denuvo anymore.
Denuvo's purpose is to stop piracy for the first few weeks of release, since that is when the bulk of a game's sales happen. No one cares if it gets cracked after that. Many publishers themselves remove Denuvo protection from their games after a set period of time. By those measures it is an incredibly successful and effective piece of software.
Get it to the point that they all remove Denuvo after 90 days and I'll be much less upset about the harm it causes...
And none of that changes the fact it's a tool to solve an non-existent problem that often impacts paying customers disproportionately.
> Almost all of the research points to piracy having zero impact on sales for example

This is probably often true, based on the product and its price point, but pirates using it as a blanket truism isn't good. There are a lot of possible situations.

Real life example: movie piracy may not generally affect box office, but an arguably bad movie leaked before release date will create a cloud of gossip that could tank its opening weekend. If previewing a film for reviewers will affect the box office of a bad movie, 100,000 copies being watched two weeks before release certainly will.

Now nothing.

Piracy is the natural order of things, and likely isn't hurting sales at all as counter-intuitive as that seems.

You could perhaps offer cheaper versions in lower income countries, but if you try to 'beat' piracy too much, you're just going to lower the overall user experience of your software.

How would lowering your revenue and decreasing the competitiveness of your paying customers (because they now have to pay MORE than their competition who probably already have lower operating costs because they are operating out of a lower income country) make any sense?
Who said anything about lowering revenue?
If you had a non-commercial license that was free, how many users do you think would go from paying customers to falsely using that version? Do you think it could help on-board people as it lowers barriers to getting started? WinRAR feels like a good example to keep in mind.

This isn't a strong ethical argument from me, but a practical one - if it wouldn't lose money and may help get more in then either ignoring the piracy or making it irrelevant would be a very simple solution.

Well, a classic response is to add onerous counter measures that inevitably get removed from the cracked version, making it the unquestionably superior product.
Add a trigger that doesn't fire until a few months after install (to prevent the cracker coming across it and patching it out) and then run rm -rf if it detects it is cracked. Optionally display a countdown from 10 and play an alarm sound before this happens for extra lols.
You could go to jail for doing this.
Probably not. The plaintiff would be making their case from a very poor position.

"I stole some software from a warez site, and months later, my system got wiped".

The burden of proof is entirely on their side, and illegal activity isn't a great starting point.

The time bomb could be hidden such that there is no traces of anything malicious in the software build. When the time comes, the software could contact a server from which it downloads a script to execute. The script does the job and then vaporizes.

The mechanism by which that script executes could be something that licensed versions of the program use regularly (e.g. fetch a harmless, update-related script), so the discovery of its existence would prove nothing.

Proving that it was your program could be very difficult.

This almost sounds like one of the companies I used to work for. I also would occassionally find our software, cracked, online. We would download the cracked version into a container and debug it. Reverse engineer the crack that reverse engineered our protection.

We never took it too serious. You don't have to lose sleep over it but you also shouldn't completely ignore it. Just refactoring the copy protection ever few release cycles. Most of the cracks were using Windows APIs to access entrypoints to flip variables. Simply renaming, moving them, or adding removing properties was enough to throw them off for a while.

We figured out some of our customers were using cracked editions without paying for more seats. The support calls were interesting because we told them the bug was fixed but they were super reluctant to update. We'd pass the message off to the accounts managers and let them wrangle with it. This was more prevalent in developing countries where pirating for business use wasn't considered a big deal.

I tried to bring up a low cost edition at our company meeting but it was shot down. The numbers wouldn't work. Business users get training provided; casual users would swamp our helpdesk in lieu of actual training.

The plan should always be to get those pirated users into actual users, unless the country they're in is embargoed, funny story. From reading the piracy forum thread I found many were using our software for job training in hopes of gaining foothold in the field. Similar to how Photoshop was everywhere in the early web design days.

Whatever you decide to do, don't add hurdles that in any way inconvenience legitimate users or take away their functionality (e.g. offline usage). Those measures will be cracked sooner or later and it's only going breed resentment among your legitimate users.