Thoughts on software licensing, serials and activation techniques

Discussion in 'PowerPC Macs' started by AphoticD, Apr 12, 2018.

  1. AphoticD, Apr 12, 2018
    Last edited: Apr 12, 2018

    AphoticD macrumors 68000


    Feb 17, 2017
    I've been reading through the recent thread on MorphOS and the regular criticism of their business model for locking licenses down to individual hardware. This brings up an interesting subject (for me), which I'd like to share some thoughts, and also get some feedback on...

    There’s nothing more annoying (and off-putting) than having to manually contact the developer / vendor to activate your license or feel like you are pestering them to provide you with a license for software on a replacement machine (and in some cases, provide evidence that your old hardware is actually cactus). Each time I've had to call Microsoft to transfer a software license to a new PC, they have always been good at just handing out the codes, but it's a pain to have to call them to do this in the first place.

    Then there is the reality of a company closing their doors and your software not ever being available to activate again as pointed out by @bunnspecial. I once had a great menu bar app called Snippet by a company called (something like) Fuel Software. However, it stopped working on PowerPC simply because the server which the activation process used no longer supported the outdated SSL libraries on Tiger/Leopard. The developer continued moving forward with the OS iterations, but ignored the fact that the older software versions, although completely compatible with the older OS, couldn't be reinstalled due to the updated activation server. As it was the web server and not their software, they wiped their hands of it and said there was nothing they could do.

    Anyway, as some of you may be aware, I am in the process of developing indie Mac software. I intend to cover a wide range of Mac hardware. To do this, I intend to distribute / license via both the Mac App Store (10.6.6+) and direct via my upcoming website (10.4+). As such, I am looking at various licensing and copy protection methods for use outside of the MAS.

    Ultimately, the methods used will need to cover the intended hardware/software range of OS X 10.4 through macOS 10.13. This means limiting older / incompatible SSL communication on pre-Lion and on Lion+, remain within Gatekeeper and Sandbox rules.

    Here’s where I am at...

    Licensing - Keep it simple:

    1. Individual use - An unlimited install, single user license. Allows the user to install on any number of Macs for personal use.

    2. Business use - single machine license. One license per machine / installation.

    Serial numbers are to be generated / matched against a personal or company name. By matching names and serials, individuals are gently encouraged to buy their own license and not to share with friends/family unless they really choose to. If they do, the name on the license will always be a (subtle) reminder it was shared and may encourage a change of heart at some stage.

    I have no intention of programming any kind of policing method for this. A simple user agreement is enough IMO. I don't think anybody has ever liked being kicked out of Microsoft Office because another user on the LAN (or even worldwide?) is using the same serial number. Did Adobe do this too? I can't remember.

    Activation - Online or offline?

    I’m undecided here. Should activation require an online validation on a central database or remain an offline process? I know I prefer software which uses offline activation and I don’t like software phoning home without my knowledge. However, if the user is shown the exact shared information during the activation process, then would that be acceptable?

    1. Online activation - The serial and licensee name is validated with a central license database/service. The current IP, Operating System version, software version and simple hardware profile (Machine ID, architecture, CPU, RAM, VRAM) could be sent along with it. The hardware profile would be useful for future updates and/or projects to tailor features and understand the typical lowest common denominator - although after thinking this point through, this is completely redundant as I am already intentionally writing software to run on any Mac built within the last 20 years (G3, 10.4+. Maybe even 603/604 given @LightBulbFun's work).

    2. Offline activation - The serial is generated using a private encryption key encapsulating the licensee's name/company name. The serial can then be validated against this private key and the software is activated without ever needing to call home. The downside here is releasing a degree of copy protection (control) and record keeping, while also missing out on the opportunity to gather hardware info, plus the recording of the user's IP to maintain a history of activations of a given serial number (and the opportunity to approximate a user's geographic location based on the IP).

    Just thinking it through as I type here... User privacy needs to be realistically reconsidered. In my opinion, the best way to honour an individual's privacy is to not gather data from them in the first place (are you listening Zuck'?).

    Given the scale of my independent efforts, I am leaning toward the offline activation option. Plus it just feels more ethical to give a user the freedom of choice... However this doesn't do anything to deter piracy (which could be my undoing? Or is that just paranoid?)

    It's muddy water... Apply too much control to protect the creator/developer/vendor from piracy at the cost of (possibly) annoying the user, or release a degree of control to keep it simple for the user?

    Does anyone have any thoughts and/or experience on the subject? Any other anecdotes of software lost to the activation void?

  2. eyoungren macrumors Core


    Aug 31, 2011
    ten-zero-eleven-zero-zero by zero-two
    All I am going to say here is that I actually like the approach Extensis has taken with their Suitcase product.

    You buy a license online with them which creates an account on their website under an email address and password you provide them. While a serial number is generated, the app depends on you being logged in through it's own process (although you can disconnect internet after login).

    Extensis allows two additional installs based on email you add from your account on their site.

    Generally, I'm no fan of having to login to use an app, but at least Extensis makes it unobtrusive.
  3. AphoticD thread starter macrumors 68000


    Feb 17, 2017
    Ableton use a similar technique for their Live product. The app interfaces with the browser and activates via their web service. The activation is recorded against the online login, so you can go in and see your licenses/activations.

    I reinstalled Live 8.2.1 on a PowerBook G4 sometime last year and found they had an activation limit of 2 machines (intended for a Desktop + Portable personal-use scenario). So I emailed their support team to explain that the previous Mac had died, and I wanted to reinstall on this old PowerBook as well as a G5. They responded within a few hours (to my surprise) and just opened up another 2x activations for me, which is great, but it felt like an unnecessary process.

    The downside to this again, is the possibility of non-working software if the vendor decide to bring their online security up to a point where PowerPC activation is cut out in the process... However, if the end-user is using TFF or LWK, then the browser-interfacing process at least bypasses the security limitations of the OS.
  4. dbdjre0143 macrumors regular


    Nov 11, 2017
    West Virginia
    With regard to the issue of whether to use an online activation process which sends more data or an offline process, I think the ideal solution is a combination of both, like what Windows uses - (at least in XP, not sure how they handle offline in current releases).
    Based on usage of social media, along with general public apathy toward the usage of technologies like tracking cookies, I believe the "average" user couldn't care less about what data you collect (to a reasonable extent of course), especially with the type of non-personal information you're seeking. In this case, convenience rules more for end users over privacy, and I believe most would opt to use an instantaneous online activation process for that reason.
    However, my reason for advocating for offering an offline option as well is twofold. First is the issue you mentioned with the potential for needing to maintain older or "insecure" server technologies to support a broad range of hardware. For the older systems you target, it is conceivable that this could become an issue. Offering an offline activation process allows you to continue supporting the older hardware/OS without supporting a potentially insecure technology in your server. My second reason is the obvious one, supporting installation without an internet connection. The most frequent reason I have ever used the phone activation for Windows is because I didn't have internet access on the target machine at that time. I realize that needing the network adapter drivers is obviously a non-issue for Macs, but it is once again conceivable that some of the older machines you're targeting may not have wireless and may be used in an offline setting. Requiring the user to move their machine near their router and connect to the web to activate could turn away some potential sales to those who would otherwise just download the installer on another machine and transfer it.
  5. redheeler macrumors 604


    Oct 17, 2014
    Having to login once to activate should allow an unlimited amount of the user's computers to license the software, while also discouraging them from distributing the serial number (and consequently also their login info) outside of trusted friends. When you decide to stop supporting the software or pull down the account server, simply release a free-for-all version that doesn't require a paid license, and refund those that purchased less than two months prior.

    There are some problems with this approach: It would be harder to implement, and if you decide to support vintage hardware, many of them aren't connected to the internet much or at all. If you want to support the most vintage Macs possible, offline serial numbers are the way to go; but depending how popular your software becomes, you may find users sharing serial numbers online.

Share This Page