* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!


» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)


Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

How do you "get over" being cracked?

As some of you have seen from my other posts, one of my apps was cracked (actually a keygen made) about 10 years ago.  I've never gotten over it, and I'm constantly in the pursuit of stopping crackers, to the point that I haven't really released much since.

I've done three or four smaller apps, which were for sale but then I changed my mind and made them freeware for their next updates.  Shortly after, I then pulled the plug on my website because it pissed me off that I wouldn't be making money from them.

Now I have three new apps nearing completion... but I'm still not ready to dip my toes again and release because I'm fearful of being cracked again.  You've no doubt seen my other posts where I discuss trusting users to pay, or doing crazy schemes like rewards and such, and even times when I've been rude to Wyatt when I really shouldn't.  (Again, sorry mate, I know I have issues).

So, what can I do?  It's January and as such I really want this year to be "my year" for success.  But I'm still too scared to go ahead and release.  I just *know* some dumbass will delete my trial key or whatever and use my apps forever, for free.

I can't get over that.

Advice?  Please?
PSB136 Send private email
Tuesday, January 14, 2014
You just have to get past this and look forward.

It sounds like someone who doesn't date any more, because their ex cheated on them. Not really a good way to live and certainly not a good way to run a business.
Scorpio Send private email
Tuesday, January 14, 2014
You'd rather give up on however many customers may pay you because of a small few who won't?

"Revenue leakage" is a cost of doing business. Banks write off bad debt. Retailers deal with store shrink.  There are always going to be a few people who can't or won't pay, and this isn't just because of fraud: customer dissatisfaction, customer financial difficulty, and so on.

You can't eliminate revenue leakage. Your best option is to minimize it as a percentage of your sales by making great products, making your customers happy, growing your sales, and securing your revenue in a way that keeps honest customers honest while imposing as few burdens on them as possible.
Kevin Walzer Send private email
Tuesday, January 14, 2014
To answer your question of how you get over this, you have to find a way to better understand the industry you've chosen. 

Suppose you chose to be a model and were lucky enough to earn money and fame from people taking your picture.  If you were successful enough, people would take pictures of you whenever you were out in public, and you wouldn't be able to stop them (or charge them for it).  It's just part of the job.

If you can accept this, go out and make great software and feel blessed that you get to do something that you love AND get paid for it.  If you can't get over this, that's okay too; just find a career where people can't take your work for free, like a salaried job working for a big corporation.
Brian Leach Send private email
Tuesday, January 14, 2014
Ok. So you give all the source code to me and forget about it so you will never ever have problem of piracy and go back writing new code...
I will take care of publishing and getting paid and I won't suffer if a crack appears...


Of course I'm extreme in my message but you may try to sell the code as is to somebody for one-time fee
fp615 Send private email
Tuesday, January 14, 2014
Cracks and chargebacks are part of the software business. Along with incoherent support emails, DLL hell, crashing computers and 101 other annoyances. You either learn to deal with it or choose a different business.

You seem to have disporportionate issues about this. Maybe you should go and talk to a counsellor or therapist about it? It might help.

And remember that cracks only cost you money when they are used by people who would have paid you otherwise. If they were never going to pay you, you didn't lose any money.
Andy Brice Send private email
Tuesday, January 14, 2014
I hope this isn't too flippant, but you seem to have some serious anxiety.  Might be worth talking to a doctor.  This just isn't a big deal.  I've been cracked before.  Yeah, it ticked me off, but once you blow off some steam, you move on and serve your paying customers.
Doug Send private email
Tuesday, January 14, 2014
9 months and no crack yet.
However I have a crack honeypot page for my product which asks you to register instead. The intersection of people landing here and people who buy is below 5%. Most people looking for a crack DO NOT register. I guess I would be losing 5-10% to a crack. Different markets may show different numbers.
Zka Send private email
Tuesday, January 14, 2014
You haven't "made it" until someone cracks your software. ;0)
Andy Brice Send private email
Tuesday, January 14, 2014
After posting I went togym and the reanier had this motto on her shirt: until you spread your wings you will have no idea how far you can fly (reported as written, probably is not proper englush)

I think it fits your situation: until you publish you will have no idea how much money you can earn, how much cracks you will have, etc. If you stay in the nest, no cracks, no money...
fp615 Send private email
Tuesday, January 14, 2014
> I can't get over that.

> Advice?  Please?

If you truly *can't* get over that, to the extent that it makes you not enjoy selling your software so much that you'd actually be happier without the money if it means without that hassle--and by "can't" I mean no matter *what* you do (including therapy, herbal teas, and aboriginal dreamtime), then you need to leave the desktop software "make money on each application copy sold" business. 

If you stay in desktop software, you'd have to go to some other revenue model.  Ads, bundling ad toolbars; pay for support for B2B.  Not sure what else.  Don't even think about donations!

What about doing web applications?  People can't pirate your code; at worst (I guess?) they can share each other's accounts, but depending on what service you offer, people might not want to do that (such as if each person has personal stuff on there).  Also, you can make money through advertising online as well.

If you do want to sell copies of programs, then the advice above is very good.  Suck it up.  Did you ever pirate anything in your life, even when you were a teen?  If so, can you really be that critical of others?  If not, hey, enjoy the sanctity and pity that not everyone is as conscientious as you are/were.
Racky Send private email
Tuesday, January 14, 2014
You are looking at piracy the wrong way.

Consider pirates as future clients or as marketing investment. Let me explain:

Consider the following scenario: A student or kid has no money, he will pirate your software and will use it for years. One day he starts his own business or gets a job and decides to go legal. He will buy your software because he likes it and already knows it.
If you have had stopped the pirating of your software he would have pirated your competitors software and since that one is familiar to him when he decides to buy he'll buy the competitors product.

Another scenario: A hardcore pirate that never buys software pirates your soft, he will never buy your software, he never bought a software in his life. Now his buddy will ask him to recommend a software, he recommends yours since he likes it. The buddy is not a pirate so he will buy your software.
If you have stopped the pirating of your software he would have pirated your competitors software and would have recommended that one.

So instead of focusing on tracking down cracks and keygens, focus on creating a good product that the legitimate users and pirates will enjoy using :).
Attila Kovrig Send private email
Wednesday, January 15, 2014
Thanks, everyone.  Given me a lot to think about and some really good aspects that I didn't consider.  As one coder to you others, I really appreciate your support.
PSB136 Send private email
Thursday, January 16, 2014
There are some great answers here. I agree with all of them. I'd add one thing. Perhaps you could postpone the issue so you can get it off your mental stack:

1) Implement the absolute minimum protection (something any determined computer knowledgeable person could break, maybe just a simple registry entry).

2) Release the product.

3) Absolutely do not think about or search for cracks or piracy for a predetermined amount of time (maybe a year?). Put the date you'll check it in your diary. Have a set of activities (e.g. excercise) you'll use to deflect your attention if you start obsessing about it.

4) After that year asses the situation and see if you have a problem with piracy, if so take steps to mitigate it only if it'll be profitable to do so. This shouldn't take more than a week in the worst case.

5) Mark another date in the calendar and repeat the cycle.
Jonathan Matthews Send private email
Thursday, January 16, 2014
Good advice here and the note that it's mostly psychological is good too. Sounds like OP is feeling violated and paranoid, which is understandable, but it's not personal. You're just bits and an algorithm "in the cloud" to people using the crack, and you're an adversary in the sense of a chess partner to crackers, whom you have volunteered to create fun puzzles for. You create fun puzzles, and they solve the puzzles. You can create harder puzzles, and get more worthy adversaries if you like, or you can create no puzzles at all and they'll be bored.

If someone releases a key generator, then you can switch to a new key generator or method.

Over time, many of the illicit users will then "upgrade" to the pay version since their illicit key doesn't work with their illicit copy.

Also, a profusion of illicit key generators is helpful since it generates confusion among potential users. Confusion that you can help them with - by selling them a valid, legit key.

Key generators in the wild is only a big problem if the software is stale - never updated and bugs never fixed.
Scott Send private email
Thursday, January 16, 2014
One time we sell copies is when an illicit user contacts us for support. Sometimes they don't even realize it. Some of these contacts are businesses and schools too.

Pretty recently had a typical case - a big name college contacted me for support as the copy they had no longer worked after they upgraded the OS. They wanted new keys. But oh fuck, they have never bought the software to begin with. It was illegally installed by a previous IT administrator that no longer works there.

This was for a school wide install.

So I send them a formal letter by registered mail notifying them they need to correct their registration issues.

That sale ended up being for a bit over $30,000 worth of licenses.
Scott Send private email
Thursday, January 16, 2014
Just delete all your source code, and get a 9-5 job

:) no dont do that :)

If you have been cracked, its a sign of popularity.

Take it as a compliment.

Try to keep your paying users happy.

Crackers dont have a paying mindset anyway.
If they cant crack, it, does not mean they were going to buy it.  They just move on to another product from your competitors that can be cracked.  End of story.

"Today is the first day of the rest of your life!"
Forget crackers, concentrate on taking money from paying customers.
NewGuyOnTheBlock Send private email
Friday, January 17, 2014
> delete all your source code, and get a 9-5 job

I'm in a 9-5 job now, but spend nights coding apps that I love and hope others will love.  :)

> Take it as a compliment

I will never take that viewpoint.  Ever.  They're assholes, plain and simple.  Who knows how much money that keygen cost me?  People bought before it existed, and then nothing much after.  The answer is obvious.  It's why I'm in a 9-5 job today.  Lost opportunity and income, plain and simple.

> concentrate on taking money from paying customer

The problem is per the above... all paying customers stopped once the keygen came out.
PSB136 Send private email
Friday, January 17, 2014
> The problem is per the above... all paying customers stopped once the keygen came out.

So have a new key scheme.  My keys have a version number embedded.  So I can read keys of scheme 1, 2 and 3 for example.  If someone created a keygen for scheme 3, I'd invent scheme 4.  The latest software is the only one what knows what to do with a scheme 4 key.

As someone above said -- this will cause many different keygens to exist, most of which won't work.  The crackers will become bored with the game of cat and mouse.  And end users get confused and frustrated when most licenses they generate don't work.
Doug Send private email
Friday, January 17, 2014
To stop keygens use hardware-locked licensing (e.g. online activation). A keygen can still be created but the keys will not work because they would fail to validate.

To stop "casual piracy" (key sharing) use hardware-locked licensing.

To stop "regular users" from finding cracked versions of your app use DMCA notices (primarily to search engines like Google & Bing to get the listings removed, but also to the hosts as well).

To stop cracking ... you can't.

To stop the depression caused by your app getting cracked? I don't know. See a therapist, maybe. There's no shame in getting help, especially if the depression is debilitating.

>> "I've been rude to Wyatt when I really shouldn't.  (Again, sorry mate, I know I have issues)."

It's no problem - I've got thick skin.
Wyatt O'Day Send private email
Friday, January 17, 2014
> have a new key scheme

At the time, my app wasn't coded to take new schemes into account. So once somebody got the keygen, they could use it forever. It was also a very niche app, which meant no further updates were needed, so everyone basically got it for free to use forever.  Tough lesson for me.

> use hardware-locked licensing

Personally, I'm against that.  I've gone through 3 different PCs in the last year, so if an app was locked to one, I wouldn't be able to use it on any other (ie. the replacements I bought).  It also prevents me using the app on any PC where I am, such as at work, or at a friend's house.  I lose my freedom to use the app I paid for.

Further, due to a storm, I was without internet access for a few days, which again meant that any licensing solution that "phones home" wouldn't have worked.

Therefore I really want to stay away from hardware solutions totally.  I don't like the inconvenience involved, and I won't subject that loss of freedom to my users either.

Without phoning home, I know I can't win.  But I will never phone home.
PSB136 Send private email
Friday, January 17, 2014
"all paying customers stopped once the keygen came out."

You are assuming sales stopped totally because of the keygen. That's extremely unlikely, never even heard of such a thing. The thief people are a minority of real potential customers.

What were your actual sales before hand? State in average number of licenses sold per month.

Now tell us again how that dropped to 0 after the keygen came out.

Now answer, "Are you lying?"

You don't have to answer here or publically, but you should answer honestly to yourself.

Figure out the real reason sales dropped off, or stopped. Was it lousy customer service? Price too high? Better competitors? Or was it you had almost no sales to begin with?

It sure as heck wasn't because of the keygen.

You are only telling yourself that because you refuse to deal with whatever the real issue was, which you either didn't want to admit, or never bothered to find out.
Scott Send private email
Saturday, January 18, 2014
"So once somebody got the keygen, they could use it forever."

This is essentially BS. When you released version 1.1, you could have replaced that, and then they would need a new key to run the version that is compatible with Windows 8, or has the cool new features, or whatever.

It's irrelevant that the keygen works forever with your crappy, buggy lousy version 1.0, because it doesn't work with the 75 new feature upgrades since then.

What there wasn't any bugfixes or feature upgrades?

Damn boy, no wonder the customers left.

Let's say it together. Abandon ware.
Scott Send private email
Saturday, January 18, 2014
That's not how it was, Scott.  As I said, it was a niche product that did one job and did it extremely well and totally bug-free.  Shock, horror: such apps exist!

There was never any need for a v1.01 so there was no way to make a new version that was immune to the keygen.  In hindsight, I could've made a "fake" v1.01 but since the niche users were tech-savvy, they'd spot it was just a rebadged v1.00 and then I'd be crucified.

Anyway, thanks for your input to the discussion.  :)
PSB136 Send private email
Saturday, January 18, 2014

In the late 90's, I sold a command-line SMTP emailer.  I had some usage limits built into the EXE so that you could only send about 15 emails before you had to log out and back in to Windows to try again.  ( ...implemented by using GlobalAddAtom / GlobalFindAtom ...)  I also had a "create with trial edition" message at the top of every email sent.

When the users registered, I sent them a link to a fully-functioning copy of the EXE.  I didn't use keys or anything like that.  I had set up my automated email from RegSoft to include the URL.

I had been concerned that people would start sharing the URL. This did happen in later years, before I retired the product. However, for the life of the product, that scheme seemed to work out very well, for me. 

If the URL had become public knowledge, I could have changed it with each release or I could have come up with a different scheme. This allowed me to focus on supporting the customers and on evolving the product.

Were there people downloading unlicensed copies of the real thing?  You betcha.  It happens. I was quite content with the number of paying customers, though.

An earlier version of the trial edition of MailSend was cracked to remove the "trial edition" messages.  I ended up scrambling the message strings so that they weren't easily found or modified in the EXE. Then, I released an updated version, adding features along the way.  My registrations really didn't seem to be impacted.
Jim Lawless Send private email
Saturday, January 18, 2014
Jim, your story has convinced me to take an approach I was considering: sending the paying customer a personalized version by way of an image submitted by them which will have their name watermarked in its corner, and placed in a corner of the UI like a badge.

This might be a photo of their kids, wife, pet, whatever; and it means anyone who shares their personalized version can be easily identified, and anyone who chooses to receive it will have to view some other person's photo every time they use it.  Sort of like a custom coffee mug in a workplace office: surely they'd want their OWN photo/mug?  I hope, anyway.  :)

And before anyone yells, "resource editor!", I've already tested this idea with many prominent resource editors and they aren't capable of replacing the image.  You'd have to be really against buying to go that route anyway!
PSB136 Send private email
Saturday, January 18, 2014
Andy has an article on his blog about having the person's name in toolbar of the app alone reduces piracy. 

It would be kind of funny, though, if a cracked version of your app got into the wild that had some person's wife or kids on all the illegitimate copies.
Racky Send private email
Saturday, January 18, 2014
There's nothing to crack in the trial or full version, so I don't know what you mean?  Someone could share their custom copy with the world, yes.  But then (hopefully) those that download it might want to pay for their own custom version with their own image of their beloved Fido.  :)
PSB136 Send private email
Saturday, January 18, 2014
Sorry, but I think that this "embed-your-picture" as protection scheme is... well, quire silly...
I can send you an image of a children shot at the park...

Like Scott, I also believe that a cracker can't completely stop sells. It means that this niche app already filled 100% of its market...
fp615 Send private email
Saturday, January 18, 2014
> I can send you an image of a children shot at the park

True... but I am always free to reject such a submission.  I could limit photos to just landscapes or animals.  But then, copyright infringement could occur.  Ah, stuff that idea then.  :(

I will read Andy's article about the buyer's name in the toolbar.  Sounds like this may have to be the approach I take, along with other customisations where copyright infringement can't be involved.
PSB136 Send private email
Saturday, January 18, 2014
Its simple maths. If 30% of your users crack your app, you have a loss of 30%. If you don't release, then you have a loss of 100% because no one pays you at all. If you're that paranoid about cracks, then make your app SaaS or require online activation. If you're not willing to do that, then don't worry about the people who crack, implement the strongest security available to you, and then move on.
IdeaSkeer Send private email
Sunday, January 19, 2014
PSB said:

> Jim, your story has convinced me to take
> an approach I was considering: sending the
> paying customer a personalized

I probably rambled on a bit too much.  The point I should have stated was that my focus was on maintaining, supporting, and improving the product.  I wanted to spend so little time dealing with non-payers that I didn't go to the trouble of implementing a key system.  I used the simplest means that I thought would nudge procrastinators into paying.

Full disclosure: I made a nice hobby income, but I didn't make a living income from this product.  Please factor that in to any decisions you make from what I've stated.
Jim Lawless Send private email
Sunday, January 19, 2014
I agree with most of the advice on here that if you want to sell your software you'll have to accept that some piracy is the cost of doing business.

I know it's enraging when you really stop and think about people stealing from you, but also think of this -- the person who stole from you victimized you once by creating the key generator.  Now
it's like you're victimizing yourself all over again because that happened to you by not moving forward with your life the way you really want to.  That person probably never gave you a second thought but years later they're still having all this power and control over the direction your life takes.

They say that success is the best revenge.  I understand why you're so focused on this after what happened, especially if that keygen really did stop your business (or even if it just felt like it did due to the coincidence of timing).  But look at all the people on here who are making software sales and remaining successful despite the occasional piracy.  Why shouldn't you get to do that too?

I did have a momentary, dark thought of you building some virus into the app that would be activated if someone tried messing with the licensing, but odds are it would get accidentally unleashed on some poor sap who was just bumbling around.  Besides, that would make you as bad as them.  It was a fun thought for a minute though...
Emily Jones Send private email
Wednesday, January 22, 2014
Okay, so my app is now fully coded with a trial routine which stops the app being used after 30 launches.  It will only be 3 or 4 launches to trial it fully anyway, so I'm being overly generous with 30.

For those that would delete the Registry key (once found), too bad for me.  As others have said, if they're going to that extent, then they're obviously never going to pay so it's not really a lost sale.  That's the concept I had to learn to accept.  Such people won't be getting any support, nor their suggestions implemented, nor getting new versions quickly (ie. payers get new versions 3 months before general public release on my website).

I think this is okay with how to proceed.  Time will tell.  :)  Thank you all for supporting me and giving good advice.  I hope I'm finally over the past and can move into a successful 2014!
PSB136 Send private email
Thursday, January 23, 2014
Good luck!
Andy Brice Send private email
Thursday, January 23, 2014
Thanks Andy... I'll definitely post back if I get some good sales.  :)
PSB136 Send private email
Thursday, January 23, 2014
> I can send you an image of a children shot at the park

Just revisiting this comment: I've decided to combine an embedded image with the customer's name in their custom version, but the images will be from a specific pre-made selection of photos by a photographer friend.  So they get to customise their interface without my risks of pedophilia or copyright infringement.

Therefore, it'll be my "coffee mug" approach to piracy: the buyer gets a personalised product that will hopefully be of little incentive to anyone else.  (Example: A female customer might prefer her own version with a cute kitty cat, instead of using a biker's version that has a motorcycle and skull on the GUI).

Anyway, we'll see.  I think it's an okay concept.  Got nothing to lose by trying!
PSB136 Send private email
Friday, January 24, 2014
>Got nothing to lose by trying!

Exactly!  Good luck, please let us know how it goes...
Emily Jones Send private email
Friday, January 24, 2014
Yep, will do.  I have the entire month of Feb off from my day job, so that's when the release will happen with lots of marketing (submissions to sites, subtle on-topic links to it in other forums, etc).
PSB136 Send private email
Friday, January 24, 2014

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz