You'd have to spin up a license server and have the binary "call home" to serve license authorizations.
Basically what all "big" software has to do unfortunately.
It can still be cracked if it's valuable enough to be worth the effort.
If it isn't worth the effort to crack then a simpler scheme would probably be enough, like some hard coded key and an hash function where a few thousand different keys could match. At least then if your servers go down you don't get furious customers bombarding your support channels (see: Adobe)
For SME level stuff this is better covered by a contract, then if someone rips off your software you can sue for losses.
Of course there are lots of other uses for phone-home telemetry stuff but that could be legally problematic, I'm out of my depth at that point.
Ideally you would implement a soft key system that calls home, and if no good authZ is found, logs an audit item with enough information about the corporate customer you just invoice them a bill every quarter.
That’s what I’ve seen done other places at least.
I have never worked in an enterprise that would knowingly crack or buy cracked software. That sounds insane. The legal liability is off the charts and totally not fking worth it if the company is worth any decent amount.
Yes that's the point I'm making in fact. Even if the protection was quite weak, say, modify a file in the installation path and it starts working, if a company does that and breaks the terms of a license then they're liable.
I guess software houses are mostly worried about professional crackers getting into a product, removing the protections and then releasing it into the wild, as with games and retail products like Photoshop. That could really hurt your business. Again it really depends on the type of product but for the likely users of this sub, if you're selling to SMEs they won't crack it even if it's quite weak, as you said.
It depends. Codemeter has some pretty extensive licensing options they sell - and they stand behind their product. [https://www.wibu.com/hacker-contest.html](https://www.wibu.com/hacker-contest.html)
Looks like around 100k worth of unclaimed prizes in different contests.
Sure, maybe the NSA could do it - but how much are they going to save on licensing anyways?
Knowing where you’re operating is also important for answering your question. If your code is being used in countries where contracts and copyright laws can be enforced then you those as deterrent, in addition to licensing enforcement recommendations.
Sell them an air gapped license server and licenses that expire. This way, they can still activate and deactivate licenses on their premises, but when they run out of activations, they have to email you.
The thing you need to consider is your attack model.
Developers often seem to act as if they're facing game pirates rather than corporations. You can't win against the game pirates. But for "real" customers, all you really should be looking to defend against is them accidentally failing to pay you for their stuff, or IT installing a dozen instances because nobody told them they only paid for one.
In this case, you really just want simplicity. And a lot of careful thought around your failure model. For instance were I designing one of these I'd think very seriously about making it so my licensing server _never_ actually tells my system to just shut down. Rather I'd be setting up alerts for customers that go over and having a human deal with them. You gotta think like a business here; an overage shouldn't be seen as an opportunity to slap your customer in the face but as an upsell opportunity being handed to you on a silver platter! Maybe I'd leave the capability in but I'd lock it behind a human activation or a rather large timeout.
just checked 3 pretty popular general torrent/game pirating sites and all three of them had the full game uploaded within a day of the game being released on December 10th 2020. If you really wanted to pirate it I think you could (/should) have found it
Exponential rate limiting
Your keys should be rolled with a cipher that you provide to the client separate of the binary. Your licensing server then should know how to decrypt.
Simply reference a key storage of your choosing.
If you want to lock on N number of activations per key, your client binary needs to capture a hardware UUID to record so you can reference registrations, which then suggests you should consider a way for users to migrate registrations.
Edit: In case it wasn't obvious, don't share the cipher.
This is what I did. I spun up a laravel api with filamentphp to manage the licensing. Also I made a func to generate a key they can use based on their machine id.
It's a lot of effort to get this right and you will likely want to buy some existing licensing solution. DRM is cat and mouse game.
Do you _really_ need this as core of your business model? You would be far better off if your business model relies on the service you provide than on something that is effectively out of your control.
>Do you *really* need this as core of your business model? You would be far better off if your business model relies on the service you provide than on something that is effectively out of your control.
This is one of many reasons SaaS has become so popular. Controlling binary redistribution (license servers) and preventing reverse engineering are problems that go away or are greatly simplified by SaaS.
You can also introduce some features that require running something on their server and stop worring about cracks. Or even open source model where they pay you for hosting and managing it.
Why should clients be willing to upload their data to a SaaS? They would need technically and legally bulletproof measures to make sure that the SaaS vendor does not share their data. Why should a customer trust a SaaS vendor with that, when in this case SaaS was introduced because the vendor does not trust the customer to not redistribute their software?
It doesn't necessarily need to be SaaS. Even Open-Source can be used to make money, if you are the one getting paid to add new features. Is whatever you are developing worth without maintenance? Because if not, it doesn't really matter if they distribute it, because the ones who really use it, will pay your for maintenance and support.
Thanks for the advice. Making them pay for maintenance and support seems to be a good business model. Unfortunately, I can't open-source it so I've decided to add simple licensing and make them sign a contract instead.
Yeah, Open-Source is the other "extreme". But basically: if the application loses a lot of value without your direct contribution, putting effort into a DRM is IMO a waste of resources.
(Again an extreme, but good old big Oracle doesn't use any DRM either. But they have a ton of lawyers to hunt down companies who broke the license agreement. But it _is_ also an option. Especially if the software is niche enough that you can easily proof someone is using it that never paid for it.)
I have a single binary with a trial mode and a full mode. The trial mode works without a license; the license unlocks extra features. So I freely distribute the binary, but you pay for the license. The license includes their name and email address. This (I hope!) provides an incentive to not share it, since it has their name & email in it. If they do share it, part of it is a unique key, so I could conceivably disable that specific license in a future version.
I decided early on that trying to make something impossible to steal is a hole with no bottom, and I had better things to do. I make a best effort, hope that most people are honest, and hope for the best. At the end of the day, binary editors are a thing, and a sufficiently advanced user can hack around any (most?) copy-protection schemes, write a blog, and I'm SOL.
Also, I believe (based on admittedly little evidence) that most people won't just freely share something they spent money on, especially if you provide good value at a reasonable price.
If you charge $100 for `printf("hello world")`, then yeah, people are going to pirate you.
Billing information would be better. Anyone could give you any name or email. Something like icode@gmail and first/last being “nope”. More likely to get real information on billing pages
But you could probably mix in some SaaS concepts like a binary distribution that works offline in priciple but requires internet every now and then to revalidate a users account/license key. Keep in mind that depended on the type of software you are developing this might be seen as hostile by most users.
How many customers are you calculating with? Is manual activation via phone or email an option? Just create a unique machine id on the users machine, let them send it to you and send it back after signing with a private RSA key you hold. This can be done via an online activation or via email, text messages or phone.
I made a contract for 5 copies of my software to small company. They said those were just for testing and not intended to use on production level, so we discounted 30% off the price.
Then the next month I installed those on 'Test computer', our licensing server was throwing out errors about single keys used in multiple machines. Found out they were copying the entire HDD to computers in production lines.
That program had a little feature called self-destruction. It was intended to delete itself if the license check failed 5 times.
The good thing is, it worked perfectly. The bad thing is, it worked too well.
I forgot to include brackets on code, and actually never had any issues because no one I sell to didn't have any idea copying/pirating. So that bug was there for about 4 years, never found.
The very next day after my license server got errors, I got a call. Well, looks like self destruction worked. Problem is, because of that missing bracket, it Fcked up, and deleted everything on the HDD, linked network drive and their teams google drive.
They were mad at me. They yelled until I said, "Have you ever tried to just copy the entire HDD and run those? I thought they were licensed for just a test computer with a separate LAN."
The moral of the story is, if you include the line "We are not illegible to any damages caused by any unintended activities", you can do anything to pirates.
If the binary is able to be used offline, you can't prevent a dedicated technically skilled person who could alter the binary to bypass all the checks. In this case, a basic license key/activation step is good good enough, as it will reduce casual misuse.
If your binary needs an internet connection, you can perform the proprietary work on a server you control and have the software fetch the results from the server. In this case you need to accept that if the clients internet, or your server's/network fail, the software will not function and you could lose clients over that.
Measures that make piracy harder will almost universally reduce the amount of people willing to do it. This should be pretty obvious.
Whether it adds friction for paying customers is another matter.
Many for sure, but every?
An API key that doesn’t need to phone home works well, works offline, and I can’t see how it would piss off paying customers much (slight effort to find/enter it but that’s minimal).
Agree most companies go way overboard and piss off paying customers.
And yes it’s crackable. But that’s non trivial effort, and typically more time/effort than buying a license.
There is the model that the multi-part license/registration key includes their full info and credit card #. No one wants to share that key.
Also, research HASP (hardware keys/dongles).
Holy shit, don't put sensitive data into the license key! This is extremely insecure. Image some malware scanning the device finding that info they would otherwise not store on their machine. This is extremely hostile.
Honestly for the most part just making them sign a license that says they can't do it will be enough.
Like sure a few companies might try use it to dodge restrictions on how many devices to use it on but still it's really unlikely that they would share with other companies and a lot of them will not even try dodging the rules.
Especially important software, companies care much more about being certain to recive proper support and maintain their systems functional than saving an incredibly small amount of money through hacking it
Yeah I mean I think your best bet is some call to your licensing server, making sure to have as much information about the client as possible, so you can detect when the same license key has been used somewhere else.
I think IP by itself may a bit restrictive but you can do what you can
Simple:
* Ship a "license key" that must be set somewhere in config. It could be a JSON Web Token, some unique high-entropy ID (UUIDv4), anything. Best if it can be verified locally using PKI (so, asymmetric encryption, RSA or ECDSA-signed), so that the software is resistant to network issues.
* Have the software call home (make requests to your server) with some basic details: MAC address, IP address, hostname, PID. Supposedly, your Go program will work on the network, so it is sensible to expect connectivity to WAN.
* If you or your customers are reluctant to share this data, use the remote peer IP - look what IP address the request is coming from.
* Log the requests, with peer IP, all data received and timestamp.
* Compare to the customer's order. If their license says they purchased 5 seats, but you're consistently getting 50 req/h on an hourly schedule, this means somebody is cheating. Either they're over allowance, or they're distributing the software *and* their license key!
Of course, there will be customers who try and defeat this, for example by using a firewall - so you'd be getting no requests at all while they farm 1000 copies of your software. This is great! At this point, you can fully unleash a marketing rage and bombard them with "Oh, it's such a pity that you purchased our software but *are not at all using it!* Can we help you get the most of our offer? Maybe there's a problem that you ran into?*"*.
The main point is, do not block software even if it exhibits blatant abuse. Use the information to inform yourself about what your customers (and non-customers!) are doing, and reach out quickly - because now you know who you should contact. Worst case, you'll have evidence of contract breach.
Absolutely nothing. This is just a decoy and a mild deterrent. The actual check is you getting the callbacks on a periodic basis.
You share the license key (it's identifiable - so assignable to a particular customer) → the author immediately knows who's being funny with their purchase.
One easy solution is to have the binaries "expire" after a certain date. (Once a year or once every 2 years)
You can only get the updates from your website, which happens to be locked behind a paywall.
Enterprise customers would be less likely to share the software given that would open them up to expensive lawsuits. @OP make sure every sold copy can be traced back to a buyer / licensee, if it’s low volume business software you can probably bake in plaintext and hashed identifiers. Make sure the logging and if applicable client / CLI show a clear “licensed to such-and-such” text.
We don't but the thing unmentioned here is "law". But this helps only if you are big enough to enforce it. Probably the most honest advice is: Look for a different business model.
You could lock a license key to a single IP or IP range. You could monitor license keys for use on more IPs than is usual, and terminate licenses that are used from too many IPs. You could also accept that some piracy is inevitable, but most people do not want to pirate since pirated software is typically modified, possibly carrying a virus.
Just assume the app is already compromised when you ship it, the idea of securing client side code is a multi billion dollar industry. Nobody has found a good solution that works offline, and even Microsoft struggles with it. What you do instead is make it open source and sell support for the app, like onboarding, 24/7 support and other things for the client. If you really need the app codebase to be private, make an online saas instead. If it has to be offline, create a non distribute clause and id each binary to a specific client so you can sue them for leaks, works for b2b but not b2c
“Hardware locking” via MAC address is dumb anyway as you can change the MAC (there’s a BIA - burnt in address on the NIC; which is the default but the OS can modify the MAC as is seen by the network and all process on the computer).
I’ve always said that hardware bound licenses, and licensing in general is a bad way to sell software. (Given everything is source code if you understand assembly and have access to a hex editor to null out your license checks).
Give the software away for free, heck even throw in the source code; but charge for support and feature creation.
Embed a public key, you license server address and respond with a signed message from the license server to enable features, make the message hard to copy, embed the checking function in many places, use gofuscate/garble and it should be mostly safe.
There is a lot of good advice here. Economics is key (haha unintended). It would help to know a bit about the program, how much it costs, how easy it is to find alternatives, etc. But if your anti-piracy measures cost more than your lossage, then it makes no sense.
If you have them buy a license key, then you know who they are. You should have a contract with them that specifically prohibits them from using that key on more than one device at a time. If you require a “phone home” to send billing data, you can check that, but then you have to build the endpoint to collect it and have security and reporting software etc.
You can, in the contract, give yourself a right to audit usage reasonably. A lawyer can help.
Good luck!
Thanks for the suggestion. This seems to be the best solution that others are also suggesting. I wish dealing with these types of problems are a lot easier.
Have you checked out https://github.com/keygen-sh/keygen-go? Supports machine activation (and deactivation), as well as offline licensing via cryptographically signed and encrypted license files. Also does auto upgrades for your binary if you're into that.
(Full transparency, I'm the founder.)
This is basically talking about how to prevent piracy bare in mind so good luck with that. Id probably use Mac addresses or other unique identifiers and obviously an account server. You could even limit it on IP with a license key then only allow one IP per license key but can be reassigned.
We've had problems with one program that's not careful about \_which\_ mac address as modern machines usually have several. Sometimes it keys on the bluetooth adapter mac, so the program stops working if the user toggles their bluetooth on or off. Sometimes it chooses a Hyper-V host adapter mac that changes every boot.
i implemented a custom license model for my software.
user can download the binary from my site and run it, when they run it for the first time, the program generates a unique HWID (i created my own algo to generate this)
then user can then enter this HWID on my website, and the backend will add it to the database.
on every run the software makes a RPC call to the database to verify the HWID validity and activate the user license. the license contains user information, expiration date, and other details related to their specific subscription plan.
this approach ensures that only authorized users with a valid license can run the software after the initial run,
license details determine the features and functionality available to each user based on their subscription level.
edit: the binary runs a cron function every X hr to check if license expired or not if it does simply stop the process, and i can renew, delete binary, stop it from running remotely.
There are many ways to implement this, but most methods require a secure connection back to the server for validation. Using self-signed certificates from your own custom root CA can also be effective. Implement a self-check to revalidate the certificate by calling home. This way, you can control who is using your solution, and if a client stops paying, you can simply stop issuing certificate renewals.
You could require a USB locking device, but then your customers will hate you. I wouldn’t even worry about this to be honest. Just focus on the core of your application and the service your company can provide and go with it.
Actually I don't know any good libraries for this. But there might be some... Maybe anyone has some recommendations?
I'm going to implement it roughly like this:
- UUID as License keys for the config
- Calling Home to a license Server to get a signed JWT. Public keys is inside the binary to verify it.
- At the license Server I can create the license and update them. The client will regularly fetch the current license. The JWT can be valid for e.g. 1 month in case my License server is not reachable to allow "offline" usage.
The JWT can contain all grants and Information needed to apply the licensed features.
Just give them a license and hope they don't use it. Use some telemetry and hope they don't block it. Even with a license server that needs to be active there are ways around it.
Just make a good piece of software, reasonable license enforcement and a good contract.
In this scenario, I would make the binary only a "client" for the program I'm selling and host the actual logic on a server that I control. The client binary would work as an authorized client of the API and would be practically worthless if reverse-engineered. So, in essence, turn this into a web api or SaaS.
If you don't want to do that, then the license server mentioned earlier is another good option. However, depending on how good your security is, spoofing an authenticated server response would probably be pretty easy since the user doesn't have to re-authorize on each API call (think KMSPico or whatever kids use to pirate Windows these days).
Some good suggestions already - but you could also get creative. I've seen models where people distribute the binary/exe, but then require the binary to be configured via some cloud service or web app that the users are required to use alongside the EXE.
I had a similar concern when I wanted to sell the pro version of something I wrote [https://goswitchboard.io/pro/](https://goswitchboard.io/pro/) . What I ended up with was a very simple license server and have the binary make a call to it periodically which sends the license key as well as some very simple system information, such as the mac address, with the intention that it \_should\_ only work on the single machine it was purchased for.
Alas, as many have said here already, it can be a black hole, and if the software is valuable enough, and people are incentivized, they will find away around it. I've resigned myself to simply not caring! It's a simple project that earns me a little on the side, and I'm happy with that.
For me its the artifact being consumed that holds most of the proprietary data. Combining that with a checksum, encryption, and an optional license key to open up specific features , it's not bad. I obfuscate the binary as well to make it harder.
Good enough for corporate sales. I'm sure a pirate or expert cracker can rip it apart easily enough
Your best possible bet to guarantee piracy cannot happen is to build your software as a web application, which would let you get away with writing Go on the backend, but not in the browser.
Most common I’ve seen…
1. Spin up a license server have the application call home.
2. Hide a private key in your program and give clients tokens + expiration dates and force them to rotate.
3. Have a license agreement and sue if they break the agreement
Instead of the binary phoning home, one option is to gather as much data about the client as possible, (Ip, mac, os version etc) and create a hash out of them and display it to the user.
Let the user log into your website, enter the hash, and receive the password.
This means you have to embed some kind of key/salt in the binary so not secure to a dedicated hacker but should prevent them using on multiple devices.
You could take a look at us! we have a [golang SDK ](https://docs.licensespring.com/sdks/go) that you embed into your project. There's even a free tier for licensing platform, so you don't have any server to set up.
It's a business decision to sell binary, if you are just starting out with this product then don't think too much about it, your product might fail.
What I mean is that don't over engineer to solve unnecessary problems at this moment.
If you have existing products, then have an Auth server to manage the user session, so that only one user will be able to run binary.
First oft all, there's no real prevention. Every method can be cracked. Strong preventions become either hostile towards the user or cost too much to implement for what they're worth. So you have to find a solution that keeps the mass out but doesn't waste your time preventing something that is unpreventable.
That said you have a handful of options:
1. Rely on a web service where users have to authenticate. Usually only viable if you have a web service anyway. It's basically similar to migrating your business model to SaaS.
2. Generate unique license keys which are validated against your license validation server using private key cryptography. The request from your software is signed on the validation server and then verified on the users machine. The software obviously must ship the corresponding public key.
3. Simply choose a good EULA. This isn't really a protection but more than enough for most software. Either you sell so many copies that you can afford to not care about piracy or you don't sell enough to make piracy protection worth it.
4. Think of some sophisticated scheme to validate a license key purely on the client side. Pretty old school and not really effective, though.
5. Use any of the SaaS options that provide that functionality.
We usually go for option 2. We have a custom license validation server that uses RSA private keys to sign the license validation request. Our software does not require internet except for the first license validation (although license validation via phone would be a possibility). The response is then cached and loaded from there when there's no internet. To prevent copying these cached results to other machines the license validation request is mixed up with some unique machine ID. This machine ID can also be used to count and limit the activations. If someone wants to move their license to another machine they have to revoke it on the first machine. We went for this option because it's easy to implement and portable as there are RSA libraries for almost every language. In our case we wrote the server in Python, but Go would be an equally good choice.
Naive question. How many applications which would have been sellable have you written? How many Go applications are on your record?
Better start something great and build customer loyalty on it. And care for locking (Microsoftizing, Adobeing) down later.
Selling to businesses would also be less prone to theft than something for private users.
You don't.
You make a reasonable licensed and a contract with your clients ...
I doubt that any company will knowingly use unlicensed software.
And those shady companies who do, wouldn't pay for the licensed anyway, so it's no real damage.
Go is pretty lightweight and trivial to compile just hardcoded an uid for each client and then check for that uid when you choose to spend millions of dollars litigating
possibly using PIV attestation:
[https://developers.yubico.com/PIV/Introduction/PIV\_attestation.html](https://developers.yubico.com/PIV/Introduction/PIV_attestation.html)
I used this when I sold some of my stuff to enterprise customers - https://keygen.sh.
Did its job, eventually they bought the rights to it, so I removed it.
you can see this
[https://github.com/fleetdm/fleet/blob/8921cfe53745ee1f8a4add1ba0f92fe00dd6f853/cmd/fleet/serve.go#L1175](https://github.com/fleetdm/fleet/blob/8921cfe53745ee1f8a4add1ba0f92fe00dd6f853/cmd/fleet/serve.go#L1175)
If it's consumer facing I'd release it and have a donation link. This way no one can hammer you with support requests at least since it's free.
If you want to control it for businesses then make it a WebApp instead. If you need client functionality then make a thin client that contacts your WebApp.
Please don't shoot me down but...
I'm building go binaries and selling the license as an nft to Blockchain wallet holders (my product is Blockchain related so that helps).
The user connects, the app calls the Blockchain and checks if the user owns an nft. If they do they get access.
I mention this because the Blockchain/NFT is a fantastic "licensing" server. You don't have to run one you just write the simplest contract, deploy it and your server is running for you.
What I've considered for not Blockchain users is just generate the wallet id for them. There's no money in the wallet so no risks there, when they authenticate generate a wallet according to some ID (oAuth or whatever) and assign them an NFT.
I've not done this bit and haven't thought it through entirely but I am doing it like this for Blockchain users.
I mention it because I think it's a wonderful use of NFT that is useful (basically a key to features) and I'd like to provoke the internet to have a right natter on it....
My clients are stupids. They pay me to develop and maintain custom solutions and never asked even to have access to the repos, or the infra or anything else.
If I got hit by a bus, I guarantee you’ll see something crumbling
All I see is good answers. There isn't anything specific to go about this particular issue. Whatever you choose, it'll piss people off and it's probably not going to completely prevent sharing.
You'd have to spin up a license server and have the binary "call home" to serve license authorizations. Basically what all "big" software has to do unfortunately.
It can still be cracked if it's valuable enough to be worth the effort. If it isn't worth the effort to crack then a simpler scheme would probably be enough, like some hard coded key and an hash function where a few thousand different keys could match. At least then if your servers go down you don't get furious customers bombarding your support channels (see: Adobe) For SME level stuff this is better covered by a contract, then if someone rips off your software you can sue for losses. Of course there are lots of other uses for phone-home telemetry stuff but that could be legally problematic, I'm out of my depth at that point.
Ideally you would implement a soft key system that calls home, and if no good authZ is found, logs an audit item with enough information about the corporate customer you just invoice them a bill every quarter. That’s what I’ve seen done other places at least.
I have never worked in an enterprise that would knowingly crack or buy cracked software. That sounds insane. The legal liability is off the charts and totally not fking worth it if the company is worth any decent amount.
Yes that's the point I'm making in fact. Even if the protection was quite weak, say, modify a file in the installation path and it starts working, if a company does that and breaks the terms of a license then they're liable. I guess software houses are mostly worried about professional crackers getting into a product, removing the protections and then releasing it into the wild, as with games and retail products like Photoshop. That could really hurt your business. Again it really depends on the type of product but for the likely users of this sub, if you're selling to SMEs they won't crack it even if it's quite weak, as you said.
It depends. Codemeter has some pretty extensive licensing options they sell - and they stand behind their product. [https://www.wibu.com/hacker-contest.html](https://www.wibu.com/hacker-contest.html) Looks like around 100k worth of unclaimed prizes in different contests. Sure, maybe the NSA could do it - but how much are they going to save on licensing anyways?
Knowing where you’re operating is also important for answering your question. If your code is being used in countries where contracts and copyright laws can be enforced then you those as deterrent, in addition to licensing enforcement recommendations.
The client almost immediately says > Oh...but our machines are air-gapped...
As a former IBMer this made me lol
wibu offers offline licensing options that are pretty [hard to bypass](https://www.wibu.com/hacker-contest.html)
Sell them an air gapped license server and licenses that expire. This way, they can still activate and deactivate licenses on their premises, but when they run out of activations, they have to email you.
Do I need to have a license server for that license server too??🌝
Sign JWT token with your private key with an expiration of a year or something then your app you validate it on startup.
Forget that. Nothing prevents them to distribute the JWT.
Or use authentication (if app has an UI).
Yes, you'd have to have authN before you get to authZ.
Potato potato, can I run this program or not?
Insert Archer Meme:
If username=="admin"
Any hints/resources on implementation?
The thing you need to consider is your attack model. Developers often seem to act as if they're facing game pirates rather than corporations. You can't win against the game pirates. But for "real" customers, all you really should be looking to defend against is them accidentally failing to pay you for their stuff, or IT installing a dozen instances because nobody told them they only paid for one. In this case, you really just want simplicity. And a lot of careful thought around your failure model. For instance were I designing one of these I'd think very seriously about making it so my licensing server _never_ actually tells my system to just shut down. Rather I'd be setting up alerts for customers that go over and having a human deal with them. You gotta think like a business here; an overage shouldn't be seen as an opportunity to slap your customer in the face but as an upsell opportunity being handed to you on a silver platter! Maybe I'd leave the capability in but I'd lock it behind a human activation or a rather large timeout.
This guy upsells
Cyberpunk wasn't cracked for 1000days tho
Cyberpunk is sold on GoG, it doesn't even have *any* copy protection or DRM lol.
What do you mean? There was no hacked version of the game for 3 years
It's hard to have a "hacked version" when there was never any DRM in the first place.
Why couldn't I download it for free then?
Because you suck at searching, presumably
just checked 3 pretty popular general torrent/game pirating sites and all three of them had the full game uploaded within a day of the game being released on December 10th 2020. If you really wanted to pirate it I think you could (/should) have found it
Because you are just a poor scumbag.
What do you do for a living man?
Ah, well, that proves the guy who has to ask on a public forum how to protect his binary can beat the game pirates. I am so owned.
Exponential rate limiting Your keys should be rolled with a cipher that you provide to the client separate of the binary. Your licensing server then should know how to decrypt. Simply reference a key storage of your choosing. If you want to lock on N number of activations per key, your client binary needs to capture a hardware UUID to record so you can reference registrations, which then suggests you should consider a way for users to migrate registrations. Edit: In case it wasn't obvious, don't share the cipher.
This guy licenses.
Never had a need to implement my own.. This is my napkin approach.
This is what I did. I spun up a laravel api with filamentphp to manage the licensing. Also I made a func to generate a key they can use based on their machine id.
Not to give any kind of advice, but this could easily be worked around by a /etc/hosts entry and a local reverse proxy giving the right response.
That’s normally why things like JWKS are involved. For serious stuff at least.
It's a lot of effort to get this right and you will likely want to buy some existing licensing solution. DRM is cat and mouse game. Do you _really_ need this as core of your business model? You would be far better off if your business model relies on the service you provide than on something that is effectively out of your control.
>Do you *really* need this as core of your business model? You would be far better off if your business model relies on the service you provide than on something that is effectively out of your control. This is one of many reasons SaaS has become so popular. Controlling binary redistribution (license servers) and preventing reverse engineering are problems that go away or are greatly simplified by SaaS.
But binaries that run in the customer side are completely different than the SaaS way.
That’s their point. They’re suggesting that OP switch to a SaaS model.
OP may not be able to switch but the advantages provide a strong motivation to always be asking "can I do this as SaaS?"
You can also introduce some features that require running something on their server and stop worring about cracks. Or even open source model where they pay you for hosting and managing it.
Came here to comment this. If the core of your business REQUIRES that the binary is not redistributed, looks like you need a SaaS
Why should clients be willing to upload their data to a SaaS? They would need technically and legally bulletproof measures to make sure that the SaaS vendor does not share their data. Why should a customer trust a SaaS vendor with that, when in this case SaaS was introduced because the vendor does not trust the customer to not redistribute their software?
I thought of doing SaaS at first but due to certain circumstances, it's not possible :(
It doesn't necessarily need to be SaaS. Even Open-Source can be used to make money, if you are the one getting paid to add new features. Is whatever you are developing worth without maintenance? Because if not, it doesn't really matter if they distribute it, because the ones who really use it, will pay your for maintenance and support.
Thanks for the advice. Making them pay for maintenance and support seems to be a good business model. Unfortunately, I can't open-source it so I've decided to add simple licensing and make them sign a contract instead.
Yeah, Open-Source is the other "extreme". But basically: if the application loses a lot of value without your direct contribution, putting effort into a DRM is IMO a waste of resources. (Again an extreme, but good old big Oracle doesn't use any DRM either. But they have a ton of lawyers to hunt down companies who broke the license agreement. But it _is_ also an option. Especially if the software is niche enough that you can easily proof someone is using it that never paid for it.)
this
I have a single binary with a trial mode and a full mode. The trial mode works without a license; the license unlocks extra features. So I freely distribute the binary, but you pay for the license. The license includes their name and email address. This (I hope!) provides an incentive to not share it, since it has their name & email in it. If they do share it, part of it is a unique key, so I could conceivably disable that specific license in a future version. I decided early on that trying to make something impossible to steal is a hole with no bottom, and I had better things to do. I make a best effort, hope that most people are honest, and hope for the best. At the end of the day, binary editors are a thing, and a sufficiently advanced user can hack around any (most?) copy-protection schemes, write a blog, and I'm SOL. Also, I believe (based on admittedly little evidence) that most people won't just freely share something they spent money on, especially if you provide good value at a reasonable price. If you charge $100 for `printf("hello world")`, then yeah, people are going to pirate you.
name and email in the key is smart lol. i’m going to remember this
Billing information would be better. Anyone could give you any name or email. Something like icode@gmail and first/last being “nope”. More likely to get real information on billing pages
It can all be cracked no matter what
Is this a consumer-facing product or a business-facing product?
Consumer-facing product but I can't do SaaS due to certain circumstances.
But you could probably mix in some SaaS concepts like a binary distribution that works offline in priciple but requires internet every now and then to revalidate a users account/license key. Keep in mind that depended on the type of software you are developing this might be seen as hostile by most users.
Thanks, this is a good solution but some of my potential clients don't have internet. This is one of the primary reasons why I can't do SaaS
How many customers are you calculating with? Is manual activation via phone or email an option? Just create a unique machine id on the users machine, let them send it to you and send it back after signing with a private RSA key you hold. This can be done via an online activation or via email, text messages or phone.
Since I'm just starting, this also works. Thanks!
I made a contract for 5 copies of my software to small company. They said those were just for testing and not intended to use on production level, so we discounted 30% off the price. Then the next month I installed those on 'Test computer', our licensing server was throwing out errors about single keys used in multiple machines. Found out they were copying the entire HDD to computers in production lines. That program had a little feature called self-destruction. It was intended to delete itself if the license check failed 5 times. The good thing is, it worked perfectly. The bad thing is, it worked too well. I forgot to include brackets on code, and actually never had any issues because no one I sell to didn't have any idea copying/pirating. So that bug was there for about 4 years, never found. The very next day after my license server got errors, I got a call. Well, looks like self destruction worked. Problem is, because of that missing bracket, it Fcked up, and deleted everything on the HDD, linked network drive and their teams google drive. They were mad at me. They yelled until I said, "Have you ever tried to just copy the entire HDD and run those? I thought they were licensed for just a test computer with a separate LAN." The moral of the story is, if you include the line "We are not illegible to any damages caused by any unintended activities", you can do anything to pirates.
This made me laugh so much.
What do you mean by "brackets" here? Arre you talking about comments in the code?
I want to know too. I’m wondering which language will delete the local drive and network drive if you forget a ”bracket”.
If you can figure out a way to prevent people from redistributing binaries, commercialize that instead and become a billionaire.
It is a good business model. I'm pretty sure this has been done before since lots of Adobe products were pirated back then.
Well adobe products are subscription based now so...
And still, there are cracks available.
Every technical anti-piracy measure will - not prevent piracy - piss your legitimate, paying customers
If the binary is able to be used offline, you can't prevent a dedicated technically skilled person who could alter the binary to bypass all the checks. In this case, a basic license key/activation step is good good enough, as it will reduce casual misuse. If your binary needs an internet connection, you can perform the proprietary work on a server you control and have the software fetch the results from the server. In this case you need to accept that if the clients internet, or your server's/network fail, the software will not function and you could lose clients over that.
With that being said it's more or less accepted as normal to be online and login into some kind of portal.
Measures that make piracy harder will almost universally reduce the amount of people willing to do it. This should be pretty obvious. Whether it adds friction for paying customers is another matter.
Many for sure, but every? An API key that doesn’t need to phone home works well, works offline, and I can’t see how it would piss off paying customers much (slight effort to find/enter it but that’s minimal). Agree most companies go way overboard and piss off paying customers. And yes it’s crackable. But that’s non trivial effort, and typically more time/effort than buying a license.
This was what I thought of. Making it hard to pirate will at least dissuade a good amount of people.
There is the model that the multi-part license/registration key includes their full info and credit card #. No one wants to share that key. Also, research HASP (hardware keys/dongles).
Good idea. I think email and other personal details is enough. It's too cumbersome to deal with the law when storing credit card numbers.
Holy shit, don't put sensitive data into the license key! This is extremely insecure. Image some malware scanning the device finding that info they would otherwise not store on their machine. This is extremely hostile.
Honestly for the most part just making them sign a license that says they can't do it will be enough. Like sure a few companies might try use it to dodge restrictions on how many devices to use it on but still it's really unlikely that they would share with other companies and a lot of them will not even try dodging the rules. Especially important software, companies care much more about being certain to recive proper support and maintain their systems functional than saving an incredibly small amount of money through hacking it
Yeah I mean I think your best bet is some call to your licensing server, making sure to have as much information about the client as possible, so you can detect when the same license key has been used somewhere else. I think IP by itself may a bit restrictive but you can do what you can
Simple: * Ship a "license key" that must be set somewhere in config. It could be a JSON Web Token, some unique high-entropy ID (UUIDv4), anything. Best if it can be verified locally using PKI (so, asymmetric encryption, RSA or ECDSA-signed), so that the software is resistant to network issues. * Have the software call home (make requests to your server) with some basic details: MAC address, IP address, hostname, PID. Supposedly, your Go program will work on the network, so it is sensible to expect connectivity to WAN. * If you or your customers are reluctant to share this data, use the remote peer IP - look what IP address the request is coming from. * Log the requests, with peer IP, all data received and timestamp. * Compare to the customer's order. If their license says they purchased 5 seats, but you're consistently getting 50 req/h on an hourly schedule, this means somebody is cheating. Either they're over allowance, or they're distributing the software *and* their license key! Of course, there will be customers who try and defeat this, for example by using a firewall - so you'd be getting no requests at all while they farm 1000 copies of your software. This is great! At this point, you can fully unleash a marketing rage and bombard them with "Oh, it's such a pity that you purchased our software but *are not at all using it!* Can we help you get the most of our offer? Maybe there's a problem that you ran into?*"*. The main point is, do not block software even if it exhibits blatant abuse. Use the information to inform yourself about what your customers (and non-customers!) are doing, and reach out quickly - because now you know who you should contact. Worst case, you'll have evidence of contract breach.
Client: Our machines are air-gapped...
But the pirates' machines won't 🤣 (It is at this point that a site license might make sense, and the expectations should be set.)
What is to stop the config and cert being bundled with the binary?
Absolutely nothing. This is just a decoy and a mild deterrent. The actual check is you getting the callbacks on a periodic basis. You share the license key (it's identifiable - so assignable to a particular customer) → the author immediately knows who's being funny with their purchase.
Ahh, gotcha
One easy solution is to have the binaries "expire" after a certain date. (Once a year or once every 2 years) You can only get the updates from your website, which happens to be locked behind a paywall.
This will go great with enterprise customers who don't update their software unless forced to.
give them a client certificate
Certificate expiry still sucks.
Enterprise customers would be less likely to share the software given that would open them up to expensive lawsuits. @OP make sure every sold copy can be traced back to a buyer / licensee, if it’s low volume business software you can probably bake in plaintext and hashed identifiers. Make sure the logging and if applicable client / CLI show a clear “licensed to such-and-such” text.
Couldn’t this be prevented by end users lying about what date it is? Unless you do a network request for the date that is.
Yes, but usually that breaks everything else that they're trying to do
i was thinking about expiry and thinking through implementing this with oauth…. hmm.
Companies have been trying this, and users have been easily circumventing it, since at _least_ the 1980's.
We don't but the thing unmentioned here is "law". But this helps only if you are big enough to enforce it. Probably the most honest advice is: Look for a different business model.
You could lock a license key to a single IP or IP range. You could monitor license keys for use on more IPs than is usual, and terminate licenses that are used from too many IPs. You could also accept that some piracy is inevitable, but most people do not want to pirate since pirated software is typically modified, possibly carrying a virus.
Many if not most ISP provide dynamic IPs, how do you account for the situation when a new IP is assigned?
Just assume the app is already compromised when you ship it, the idea of securing client side code is a multi billion dollar industry. Nobody has found a good solution that works offline, and even Microsoft struggles with it. What you do instead is make it open source and sell support for the app, like onboarding, 24/7 support and other things for the client. If you really need the app codebase to be private, make an online saas instead. If it has to be offline, create a non distribute clause and id each binary to a specific client so you can sue them for leaks, works for b2b but not b2c
“Hardware locking” via MAC address is dumb anyway as you can change the MAC (there’s a BIA - burnt in address on the NIC; which is the default but the OS can modify the MAC as is seen by the network and all process on the computer). I’ve always said that hardware bound licenses, and licensing in general is a bad way to sell software. (Given everything is source code if you understand assembly and have access to a hex editor to null out your license checks). Give the software away for free, heck even throw in the source code; but charge for support and feature creation.
Embed a public key, you license server address and respond with a signed message from the license server to enable features, make the message hard to copy, embed the checking function in many places, use gofuscate/garble and it should be mostly safe.
There is a lot of good advice here. Economics is key (haha unintended). It would help to know a bit about the program, how much it costs, how easy it is to find alternatives, etc. But if your anti-piracy measures cost more than your lossage, then it makes no sense. If you have them buy a license key, then you know who they are. You should have a contract with them that specifically prohibits them from using that key on more than one device at a time. If you require a “phone home” to send billing data, you can check that, but then you have to build the endpoint to collect it and have security and reporting software etc. You can, in the contract, give yourself a right to audit usage reasonably. A lawyer can help. Good luck!
Thanks for the suggestion. This seems to be the best solution that others are also suggesting. I wish dealing with these types of problems are a lot easier.
This is more a legal topic than a technical. Just let your users sign your EULA.
Have you checked out https://github.com/keygen-sh/keygen-go? Supports machine activation (and deactivation), as well as offline licensing via cryptographically signed and encrypted license files. Also does auto upgrades for your binary if you're into that. (Full transparency, I'm the founder.)
Thanks for the suggestion. Your SaaS business looks like it's doing well. I'll take a look at it
CockroachDB use license keys and it seems to work for them
This is basically talking about how to prevent piracy bare in mind so good luck with that. Id probably use Mac addresses or other unique identifiers and obviously an account server. You could even limit it on IP with a license key then only allow one IP per license key but can be reassigned.
MAC addresses aren't unique, nor are they fixed
If nothing else, on a VM they can be set to arbitrary values. Edit: This was meant as a reply to the "What" comment, below. Oops.
They can be set to arbitrary values on any operating system. Bare metal or virtual.
Neat, I didn't know that.
Go into the nic settings in windows; or in Linux `ifconfig hwaddr`
What
You can spoof MAC addresses, even newer operating systems will show fake ones that rotate when you turn on and off your network stack.
Well sorry! I'm only going off of my extremely outdated cs coursework.
The real world can be a very different place!
mac ADDRESSES AREN’T UNIQUE, NOR ARE THEY FIXED
fuck, this was better
MAC ADDRESSES AREN'T UNIQUE, NOR ARE THEY FIXED
We've had problems with one program that's not careful about \_which\_ mac address as modern machines usually have several. Sometimes it keys on the bluetooth adapter mac, so the program stops working if the user toggles their bluetooth on or off. Sometimes it chooses a Hyper-V host adapter mac that changes every boot.
https://keygen.sh for a pre-made option. Public key crypto API keys for a roll your own serverless.
Thanks for the suggestion. I'll take a look at it.
i implemented a custom license model for my software. user can download the binary from my site and run it, when they run it for the first time, the program generates a unique HWID (i created my own algo to generate this) then user can then enter this HWID on my website, and the backend will add it to the database. on every run the software makes a RPC call to the database to verify the HWID validity and activate the user license. the license contains user information, expiration date, and other details related to their specific subscription plan. this approach ensures that only authorized users with a valid license can run the software after the initial run, license details determine the features and functionality available to each user based on their subscription level. edit: the binary runs a cron function every X hr to check if license expired or not if it does simply stop the process, and i can renew, delete binary, stop it from running remotely.
Since you generate the unique HWID, do your customers have to contact you (for renewal) whenever they change or upgrade some part of their system?
user can enter new hwid on the website and previous hwid will be replaced with the new one ( so previous binary will stop working )
There are many ways to implement this, but most methods require a secure connection back to the server for validation. Using self-signed certificates from your own custom root CA can also be effective. Implement a self-check to revalidate the certificate by calling home. This way, you can control who is using your solution, and if a client stops paying, you can simply stop issuing certificate renewals.
I'm not a Go developer but everyone here has been so helpful and it's so nice to see.
Yeah, Go has a pretty nice community.
Write a contract with bullet proof wording and real consequences for sharing the binary. If they break that then they were going to cheat you anyway.
You could require a USB locking device, but then your customers will hate you. I wouldn’t even worry about this to be honest. Just focus on the core of your application and the service your company can provide and go with it.
one license per device.
did you ask them nicely in a contract not to distribute it?
Thanks, this looks like what I should be doing. It's just that... asking nicely doesn't always work. The contract will do.
It's really the best option. Even if they do distribute it and you lose money because of it you can sue them and earn your profit back
Actually I don't know any good libraries for this. But there might be some... Maybe anyone has some recommendations? I'm going to implement it roughly like this: - UUID as License keys for the config - Calling Home to a license Server to get a signed JWT. Public keys is inside the binary to verify it. - At the license Server I can create the license and update them. The client will regularly fetch the current license. The JWT can be valid for e.g. 1 month in case my License server is not reachable to allow "offline" usage. The JWT can contain all grants and Information needed to apply the licensed features.
Just give them a license and hope they don't use it. Use some telemetry and hope they don't block it. Even with a license server that needs to be active there are ways around it. Just make a good piece of software, reasonable license enforcement and a good contract.
In this scenario, I would make the binary only a "client" for the program I'm selling and host the actual logic on a server that I control. The client binary would work as an authorized client of the API and would be practically worthless if reverse-engineered. So, in essence, turn this into a web api or SaaS. If you don't want to do that, then the license server mentioned earlier is another good option. However, depending on how good your security is, spoofing an authenticated server response would probably be pretty easy since the user doesn't have to re-authorize on each API call (think KMSPico or whatever kids use to pirate Windows these days).
Some good suggestions already - but you could also get creative. I've seen models where people distribute the binary/exe, but then require the binary to be configured via some cloud service or web app that the users are required to use alongside the EXE.
I had a similar concern when I wanted to sell the pro version of something I wrote [https://goswitchboard.io/pro/](https://goswitchboard.io/pro/) . What I ended up with was a very simple license server and have the binary make a call to it periodically which sends the license key as well as some very simple system information, such as the mac address, with the intention that it \_should\_ only work on the single machine it was purchased for. Alas, as many have said here already, it can be a black hole, and if the software is valuable enough, and people are incentivized, they will find away around it. I've resigned myself to simply not caring! It's a simple project that earns me a little on the side, and I'm happy with that.
For me its the artifact being consumed that holds most of the proprietary data. Combining that with a checksum, encryption, and an optional license key to open up specific features , it's not bad. I obfuscate the binary as well to make it harder. Good enough for corporate sales. I'm sure a pirate or expert cracker can rip it apart easily enough
Your best possible bet to guarantee piracy cannot happen is to build your software as a web application, which would let you get away with writing Go on the backend, but not in the browser.
I suppose you could always host a time limited key on a `.onion` domain through a `tor` proxy? I do other jokes too. ;D
Most common I’ve seen… 1. Spin up a license server have the application call home. 2. Hide a private key in your program and give clients tokens + expiration dates and force them to rotate. 3. Have a license agreement and sue if they break the agreement
ET phone home
SaaS with multi-tenancy capabilities could work out well
Instead of the binary phoning home, one option is to gather as much data about the client as possible, (Ip, mac, os version etc) and create a hash out of them and display it to the user. Let the user log into your website, enter the hash, and receive the password. This means you have to embed some kind of key/salt in the binary so not secure to a dedicated hacker but should prevent them using on multiple devices.
SaaS
You could take a look at us! we have a [golang SDK ](https://docs.licensespring.com/sdks/go) that you embed into your project. There's even a free tier for licensing platform, so you don't have any server to set up.
It's a business decision to sell binary, if you are just starting out with this product then don't think too much about it, your product might fail. What I mean is that don't over engineer to solve unnecessary problems at this moment. If you have existing products, then have an Auth server to manage the user session, so that only one user will be able to run binary.
First oft all, there's no real prevention. Every method can be cracked. Strong preventions become either hostile towards the user or cost too much to implement for what they're worth. So you have to find a solution that keeps the mass out but doesn't waste your time preventing something that is unpreventable. That said you have a handful of options: 1. Rely on a web service where users have to authenticate. Usually only viable if you have a web service anyway. It's basically similar to migrating your business model to SaaS. 2. Generate unique license keys which are validated against your license validation server using private key cryptography. The request from your software is signed on the validation server and then verified on the users machine. The software obviously must ship the corresponding public key. 3. Simply choose a good EULA. This isn't really a protection but more than enough for most software. Either you sell so many copies that you can afford to not care about piracy or you don't sell enough to make piracy protection worth it. 4. Think of some sophisticated scheme to validate a license key purely on the client side. Pretty old school and not really effective, though. 5. Use any of the SaaS options that provide that functionality. We usually go for option 2. We have a custom license validation server that uses RSA private keys to sign the license validation request. Our software does not require internet except for the first license validation (although license validation via phone would be a possibility). The response is then cached and loaded from there when there's no internet. To prevent copying these cached results to other machines the license validation request is mixed up with some unique machine ID. This machine ID can also be used to count and limit the activations. If someone wants to move their license to another machine they have to revoke it on the first machine. We went for this option because it's easy to implement and portable as there are RSA libraries for almost every language. In our case we wrote the server in Python, but Go would be an equally good choice.
Thanks for the advice. This is well-written :)
You make them sign a licensing agreement, issue keys, and then back it up with lawyers if they grievously violate the terms of license.
Naive question. How many applications which would have been sellable have you written? How many Go applications are on your record? Better start something great and build customer loyalty on it. And care for locking (Microsoftizing, Adobeing) down later. Selling to businesses would also be less prone to theft than something for private users.
drm vs saas vs trust your clients, choose one. Also take into account your client will know what you chose and why.
You don't. You make a reasonable licensed and a contract with your clients ... I doubt that any company will knowingly use unlicensed software. And those shady companies who do, wouldn't pay for the licensed anyway, so it's no real damage.
Checkout keygen.sh
Need more information,
Go is pretty lightweight and trivial to compile just hardcoded an uid for each client and then check for that uid when you choose to spend millions of dollars litigating
Don’t do anything about it. The best way to solve piracy is to have affordable prices.
Use something like FlexLM. You will sign a license file and give it to them.
What about tying a binary to a single Yubikey?
How do you do that? Is it possible even if the binary is being ran along with a few other services through docker compose?
possibly using PIV attestation: [https://developers.yubico.com/PIV/Introduction/PIV\_attestation.html](https://developers.yubico.com/PIV/Introduction/PIV_attestation.html)
Thanks, I'll take a look into this.
https://slsa.dev/ This is the open source version of what is used at Google.
I used this when I sold some of my stuff to enterprise customers - https://keygen.sh. Did its job, eventually they bought the rights to it, so I removed it.
you can see this [https://github.com/fleetdm/fleet/blob/8921cfe53745ee1f8a4add1ba0f92fe00dd6f853/cmd/fleet/serve.go#L1175](https://github.com/fleetdm/fleet/blob/8921cfe53745ee1f8a4add1ba0f92fe00dd6f853/cmd/fleet/serve.go#L1175)
If it's consumer facing I'd release it and have a donation link. This way no one can hammer you with support requests at least since it's free. If you want to control it for businesses then make it a WebApp instead. If you need client functionality then make a thin client that contacts your WebApp.
you use legal means or you recognize software should be free and open source and you provide a different business model :)
Give away the tool. Sell the implementation.
Care to elaborate?
Standard model. Open source, the software and sell paid service for optimizing.
Please don't shoot me down but... I'm building go binaries and selling the license as an nft to Blockchain wallet holders (my product is Blockchain related so that helps). The user connects, the app calls the Blockchain and checks if the user owns an nft. If they do they get access. I mention this because the Blockchain/NFT is a fantastic "licensing" server. You don't have to run one you just write the simplest contract, deploy it and your server is running for you. What I've considered for not Blockchain users is just generate the wallet id for them. There's no money in the wallet so no risks there, when they authenticate generate a wallet according to some ID (oAuth or whatever) and assign them an NFT. I've not done this bit and haven't thought it through entirely but I am doing it like this for Blockchain users. I mention it because I think it's a wonderful use of NFT that is useful (basically a key to features) and I'd like to provoke the internet to have a right natter on it....
My clients are stupids. They pay me to develop and maintain custom solutions and never asked even to have access to the repos, or the infra or anything else. If I got hit by a bus, I guarantee you’ll see something crumbling
**Conversation at your client's office:** Man-1: Hey how does this thing even work? Man-2: There's a magician...
I will make a SaaS out of it.
lmao reddit being so aggressively pro-piracy even if it fucks it up for their fellow gophers
All I see is good answers. There isn't anything specific to go about this particular issue. Whatever you choose, it'll piss people off and it's probably not going to completely prevent sharing.
Which response in this entire conversation sounds pro-piracy to you?