* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!


» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)


Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Crack Honeypots


following suggestions from joelonsoftware.com, I put up a "crack honeypot" site which attracts searches for "productname crack".
It worked pretty well so far, getting a lot of visits and even leading to some sales.

I was wondering whether you could go further than that.
What if you went to some crack sites and uploaded a special honeypot version of your product that says "Cracked By XYZ" in the title bar, but still runs out after 30 days, just like your usual software. Or maybe you could cripple some important functionality in that "cracked" version.

Has anyone tried measures like that?
restless Send private email
Wednesday, April 03, 2013
Calm down Satan...

Reluctantlyregistered Send private email
Wednesday, April 03, 2013
I put a little check sum routine that runs in my app a few minutes after launch.  If it finds it's been modified, it sets a flag.  Even later, that flag is checked and specific 'bugs' pop up.

All of that seemed like a good idea (and was fun to write), but at the same time I also:

* signed my apps
* did a simple phone-home when a license is installed.

Since that time (years ago), my apps basically disappeared from the warez sites, and I've never gotten any reports on my manufactured 'bugs', so I don't think any cracks are in use.

So sign apps and one-time phone home FTW!
Doug Send private email
Wednesday, April 03, 2013
This actually is a good idea.

I make Android apps, and just yesterday I was looking for pirated versions of my apps (didn't find any, yay!)

In my case, a good idea would be to make a non-working version that would get the user's email address and send that to me. Then I could email the person offering them a discount or whatever.
RobCh Send private email
Wednesday, April 03, 2013
Doug, that sounds good. I don't really understand how the three measures you mentioned stop cracks - after all, any phone home can be deactivated and who cares whether your app is signed? Also, some people might not care about the "bugs" you introduced. However, the "intentional bug" idea is absolutely brilliant.

RobCh, thanks for your reply. However, I'm not sure if it's a good idea to send the users e-mail address anywhere without their permission. It might even be illegal, in some jurisdictions.
As for me, I am not considering doing something like that. Even if it was legal. My intention is just to make it harder to find the real cracks.
restless Send private email
Wednesday, April 03, 2013
The intentional bug thing is kind of unnecessary.

Your cracked software already has bugs in it.

Hopefully the latest release version has FEWER bugs, and MORE features, right?

So it's already working that way - the cracked version has more bugs. To get less bugs, upgrade from the cracked version you're dependent on to the fresh and new less-bugs version.

Seriously. When people with illegitimate copies they are using contact me with bug reports I sell them a legit copy of the program, and the promise that they will always be able to get the good version with the most bug fixes.

Sabotaging the program deliberately is kind of retarded guys.

And the idea to steal their email address - why not steal their whole address book and look for their bank account info as long as you are committed to doing illegal things.
Scott Send private email
Wednesday, April 03, 2013
@Scott - I think Dougs bugs have a specific pont to them. Since they're unique to the cracked version it allows him (in theory) to spot some pirates through support requests / bug reports.

Seems clever to me.
Jonathan Matthews Send private email
Thursday, April 04, 2013
Interesting idea. 

I suppose if someone sees a message like "Problem with license - contact support" they'd have to be pretty brazen to do so if they knowingly have an illegal copy.  But if they think it is a bug there is more chance they will get in touch. 

But then isn't there a risk that they tell everyone your software is buggy?  I'm thinking business software in particular a freelance developer might use warez but be influential on buying decisions of big companies? 

Just a thought.
John W King Send private email
Friday, April 05, 2013
I think this is a terrible idea.  You don't want a reputation for creating buggy software, no matter the source.
DanDan Send private email
Friday, April 05, 2013
It totally works, and it's a great idea.
I did it, and I've measured a lot of conversions in Google Analytics that trace back to the keyword "<brand> hack"

There are jerks out there uploading viruses in your software's name anyway. The pull a list off a shareware site and automate the distribution.  You should do the same with your legitimate software, and warn those who could be harmed by downloading this junk. This is the best way to protect your brand and people who should be your customers.
Darren Send private email
Monday, April 08, 2013

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz