A pretty big PocketPC developer has just posted an open letter to pirates to his forums:
http://www.pocketinformant.com/Forums/index.php?showtopic=11368&st=0
After having worked in the Palm OS sector for a few years, I have come to the conclusion below - feel free to debate me as much as you see fit:
For me, the solution is not teaching the masses, writing open letters or doing anything similar to change the people’s behavior by free will. Instead, the solution is to force people to go legitimate. Brick and mortar shops don’t have a preacher preaching about how bad theft is…they have a security guard and RFID tags to protect their goods. For software developers, I think that a different approach is in order:
Cooperate on DRM
Many developers have decent DRM systems in their applications. If a group of developers would gang up and work together on creating powerful DRM systems for PocketPC, the pirates would have a harder stand as they need to fight shared expertise. There’s a cryptographer here, and a hacker there…together, developers can for sure create a kickass DRM system that is extremely difficult to hack!
Attack pirates and warez communities
While I still stand behind my words about attacking legitimate users, I meanwhile do think favorably about developers creating “logic bombs” that attack user’s hardware/software. The trick behind this is that users must be shown that the crash/damage they are currently experiencing is NOT caused by your app, but rather a virus.
I know of at least one Palm OS house that is currently developing a method that destroys Palm hardware irrevocably, and think that a similar approach is also possible on PocketPC devices.
Releasing such an application into the PocketPC/Palm warez ecosystem will immediately shake up the masses and reduce piracy to a select few elite pirates; soft of like how many users are afraid of using Series 60 warez due to the many virii around.
Have pirates cooperate with you
At Tamoggemon’s, we have a “house pirate”. He gets access to all Tamoggemon apps before they get released, and attacks them. In exchange for the privilege of being the first to get the app, he gladly forgoes distributing his crack and even shares his findings with me…although I didn’t implement much of his hints yet(yes boy, I KNOW that you want me to release that Vampyr Zyklon DRM NOW, yes boy, but I have a girlfriend…).
Bring a server into the game
Last but not least, a company I consulted a long time ago(4 years), simply made their apps “web clients” that needed a server for an essential bit of computing. The server checked the legitimacy…and cya, pirate.
This approach probably won’t work for everyone…but if your app already does some kind of web related service, why not hit it for good?
What do you think?
Aaron Ardiri did something along those lines with a fake Liberty crack which backfired on him publicity wise, so doing any actual damage can easily backfire on the software author
Are you at liberty to say who is this “Palm OS house that is currently developing a method that destroys Palm hardware irrevocably” Or is it a Tam’s eyes only sort of thing?
What the top guys in the industries should do is create a unified scheme that works without fail and is virtaully impossible to crack (AES anyone?) and throw it into a Shared Library (or DLL or whatever WinMob uses). This gives everyone a fair shot, and lets newbies to the industry have fair play with the big dogs. It may even be easier to just give/license a static library and give the users one less thing to install…
The PCs have a number of options similar to this, such as SecuROM for CD copy protection. i think that it is stupid that developers have to reinvent the wheel every time and end up half assing some third rate protection scheme, watching it backfire and then whining about how there app was cracked.
Now granted, doing this would paint a big fat bullseye on the scheme, but that is all the more reason to make it stronger. There are definitely developers out there (on all of teh mobile OS fronts) that can take on this challenge.
I would also be interested in knowing what developers are making a virus to destroy Palm hardware, because I’m sure palm will not be to thrilled about it. The whole idea behind anti-piracy is to keep “honest users honest”, people that really want to cheat are going to, no matter what DRM is in place. Right now that is the problem, I hate it when I hear about some cool app, do a Google search, and a cracks site is in the first five results-that is not keeping honest users honest.
My dad alway said: Locks only keep the honest people away…
There will never be an uncrackable application so - as a developer - you can only hope that your customers are honest enough to by your software. There’s no real way to force them.
So, instead of wasting your energy in protections that will only last a few hours, so put that effort in your applications. The paying folks will thank you for it
About the protection that destroys Palm hardware: Dmitry Grinberg was talking about something like that some time ago. He might be capable of doing it… but I would like to see the bills from his lawyer if his protection kills the device of a paying customer…
Well, obviously asking nicely doesn’t work. If a kid sees a bowl of candy stting on someones desk they will try to take some candy. If you ask kindly not to do it, they will still try to take it anyways.
You may have to fight back to get your fair share. No, not as in bork their devices beyond repair, but in stronger schemes, in better piracy protection…
And if all else fails we can always add some logic bombs to their sites like Tam supposed
A few anonymous accounts on some warez sites and they may wake up…
I should rephrase this: I don’t support logic bombing. bad word choice:
We can’t sink that low, but what we can do is something like making outgoing mails and sms’s to their contacts, etc. Scare them into not pirating. “I am pirating software. please help me stop.”
Sth less severe than brickification
Hi, I just found this on the Access site. It is written by Aaron Ardiri, so it may have some good bits in it, but I can’t dl it right now (it is a zip and I am at work): http://kb.palmsource.com/cgi-bin/palmsource.cfg/php/enduser/std_adp.php?p_faqid=131
Hi Guys,
Aaron Ardiri definitely went the wrong way for a variety of reasons:
a) His app was moreless self-spreading
b) He admited that the app was his
c) The app activated immediately
My logic bomb would be different. It would be leaked out onto Warez sites only, and would eventually activate and brick the device or sth like that.
Legit users would never get in touch with the code, as it is NOT in the normal application. Its a dedicated logic bomb created ONLY for Warez sites…
As for the house, sorry, but there’s an NDA hindering me from announcing its name…
Best regards
Tam Hanna
The moment the app is traced back to you, you will be liable for the destruction of the device(s) (plus the data on them). The act was definetely malicious (although debatably justified) but unethical and illegal nonetheless.
If someone does a hash of the two apps (logicbomb and normal) and finds a difference, then inderectly you will get implicated. Especially if all/most the apps of your house have the tendacy of bricking devices.
At that point, the negative publicity backlash will start.
Also think of the implications if the Logic Bomb escapes on the wild. The possibility of someone not tech-savy but legit running a google search, downloading the bombed app by mistake and then bricking his device is quite real. At that point you will have to prove to varius forums that you apps do not have any brickifying bugs….
Not to mention that the moment this becomes semi-public knowledge crackers everywhere will compete to disable it, just to spite you (and will be prepared for the next bombed app).
Plus, I for one will not buy an app from a house that follows this strategy. I understand the need to protect one’s source of income but the means of protection must stop at the app itself.
>My logic bomb would be different. It would be leaked out onto Warez sites only, and would eventually activate and brick the device or sth like that.
Then i sure as hell hope you never figure out how to kill a device with code. So far I am only aware of one developer besides me having such ability [mostly because i told him]. And neither me nor him plan to release it in an app. You would be liable for all damages since you are NOT a judge and cannot decide to penalize the user for the value of their device.
And as soon as devices start dropping connection will be made. maybe not immediately but it will be. After there is some connection made, people like me will ger curious and start looking at your apps’ disassembly. Soon enough it will be out and you’ll be facing a few lawsuits from the users who lost their devices, as well as a few from the opportunistic asses who will claim they did as well. Pretty picture, huh?
Hi Dmitry,
that of course is an important point to look at…legal…
But - tbph - doesn’t releasing a bunch of virii from a webshop into pirate sites achieve the same effect?
As long as stuff goes boom and the boom gets connected to piracy, IMHO, we are at our goal AKA spreading FUD in piracy area to scare the common user away from it.
Best regards
Tam Hanna
P.s. You could always have the destruction code in both legal and illegal versions of the app. And the cracker just by mistake made a jump into that code area while pathcing the jumps borking around in the reg code area. Hey, the cracker DID modify that app, breaking its digital signature ..tough job proving that it was you
Tam,
Just having that code in there, if someone discovers it, is a PR nightmare
You like messing with fire?
As said before, there is too much potential for the legitimate user to accidentally stumble upon the “bricker” code.
Also, (I do not claim to be a hacker) a seasoned hacker would probably not make a mistake by jumping into the “bricker code.”
Also, how do you plan on keeping the good version of the application of the warez sites? Has it occurred to you that a hacker could simply purchase the application (the good one) and place it on a warez site?
I see that you are trying to come up with a way to protect your applications, but taking the extreme (and potentially illegal and unethical) route isn’t the way to do it.
If you do this you will be very infamous, and this will cause much more damage than all the pirates could do together…
Probably you’ll face not only lawsuits, but some revenge as well. How about a similar logic bomb addressed at you? Or an attack against your website? Best of all, if you have a victim in the same city, even a broken nose or a shattered windshield is a possibility. Not all pirates are pencil-necks, believe me.
Another point: you think only of the intentional pirates. What is with the casual noobs? Do you want to brick their PDAs too?! The fact someone downloads from a warez site does not mean that s/he knows what it is!!
*You’re a programmer, but you must think with the end users’ head. This is sometimes hard, but essential.*
Yet another viewpoint: don’t forget, getting progs illegally is not easy. Often it takes all your day to find an outdated version. Time is money! If someone chose this way, s/he probably does it because can’t afford to buy it, and if can’t download, then will live without it. (=same amount of loss for you)
Competitive prices are the BEST copy protection in the world. Fighting piracy is just a waste of time and energy. You are a busy man doing it for money, while they are boring teens doing it for competition and passion, and to prove for girls. You have no chance against them.
Another thing, for all developers: go and join a few warez forums to get some insight into that world. The reality is VERY different from what the anti-piracy organizations tell you.
They want to make you believe you are experiencing big losses, and make you join and *PAY*, in the belief they will solve your problems.
Just like spammers try to tell you that a certain piece of your body is too small and you need their herbal stuff
In fact 95% of pirate users will either copy or not use your program at all, either because they can’t afford it, or it isn’t very important to them - if they can have it for free then they will use, but otherwise won’t miss it very much. This is no real loss for you, and fighting this is a waste of time and effort. You won’t squeeze a single cent from these people.
Also it is very funny if your software can be bought only from certain parts of the world, and you cry because people from the other parts use it illegally, and think of it as a loss.
If you don’t believe, go and see for yourself.
This is the stupidest thing I’ve ever read. You simply can’t force users to not pirate software - it doesn’t work like that. Work on your DRM all you want - How many years have people spent working on copy protection only to have it break?
Use your inductive reasoning - every copy protection scheme gets broken.
Something that I like to say and go by:
If it is made by a human, than a human can break it.