4

Phoning home to enforce a user licence is considered by many to be "evil". But for my web-dependent Windows application it seems like the perfect method of enforcing a single-user, multi-workstation licence, i.e. one licence on many machines, but only one can be active at a time. As an example, think in terms of a single rendering engine licence with a worker process spanning several hours only being active on one machine.

A licensing server must therefore authenticate the application when it is first run and check that the licence is not currently in use before a worker process is started. I can see how this would be considered evil if the application required Internet access just to check its licence, but my application is useless without an Internet connection anyhow. A site licence would only require one check.

If the licensing server is ever down (hopefully almost never), the app should gracefully degrade to a limited version until it can be authenticated. It has to phone home to check for updates and report (consensual) usage statistics anyway, so why is this so bad?

How do I keep honest men honest without being evil?

Singleton
  • 3,701
  • 3
  • 24
  • 37
Petrus Theron
  • 27,855
  • 36
  • 153
  • 287

4 Answers4

8

Trust your customers to pay the bill. If they want to run your program on two computers at the same time, they will find a way.

Make it as easy as possible for your users to use the software. Often, a pirated version of a program is more user-friendly than the legal version. For one thing, the pirated version just keeps working if the license server is down.

I advise you to give the user full access if the license server is down, instead of giving them a limited version.

Sjoerd
  • 74,049
  • 16
  • 131
  • 175
  • 1
    +1 for not letting a pirated versions be more user-friendly than a legal version. I agree with full access if the licence server is down and if a hack/crack could impersonate my licensing server, then it might as well disable the licence check in the first place. I want users to share my app (trial) and use their full versions on *their* multiple machines, but I don't want them sharing user licences. A more traditional registration key schema may be easier to crack, but pirates will be pirates. Would a more occasional phone home to check for a pirated key be more reasonable? – Petrus Theron Dec 03 '10 at 13:28
  • Checking wether the user has a pirated key is useful for users who want a legal license, but are not aware that they are using an illegal copy. It is not as useful for blocking pirates, because contact to the license server is easily blocked. – Sjoerd Dec 03 '10 at 13:52
4

This, as all rights management, comes down to cost against risk. If you trust that your users will normally stick within your license terms or at least close to them (occasionally running two instances) then you don't need the extreme approach of the license server query with every run.

If you don't trust your users then how much additional revenue do you think you'll achieve and is it exceeded by the cost of implementing and maintaining your licensing solution? Bear in mind that the more you restrict, the more likely that someone will break your restrictions and pay you nothing (this is my impression based on nothing more than experience).

I for one would be furious if my paid-for-app degraded in performance just because your licensing server was down, that's your problem, not mine :)

Lazarus
  • 41,906
  • 4
  • 43
  • 54
3

Make it easier to be honest than to be dishonest. Once a pirated version comes out without crippling, then you have only punished the honest people.

tenfour
  • 36,141
  • 15
  • 83
  • 142
2

As an (almost) average computer user, this would seem fair enough to me, except for one point. If your licensing server is down, my experience should not be affected. The application should continue to run as the full version until it can be properly authenticated. At the end of the day, the end user should not suffer for your technical problems.

Gary

gsteinert
  • 1,324
  • 2
  • 10
  • 13
  • 1
    Indeed: will the licensing server still run in two years? Five? Ten? Because then the application's full function depends on your company's existence - that's a pretty fragile and useless dependency. – Piskvor left the building Dec 03 '10 at 13:12