After reading though lots of posts I decided not to really fight back against the Robin Hoods of the internet.
But I think about implementing some basic functionality to avoid duplicating legit licenses via filesharing.
My current ideas are
- store a lot of legit keys inside my binary
- on registration, check if the entered string is a legit key
3a) save machine id in combination with string
4a) on later startup, check if current id matches first saved machine id
3b) save activation info in some other file, so copying the .vst3 (or au etc) binary wouldnt copy the license status (like it does with some other audio companys)
4b) look for this file on later startup
Do you think these approaches are worth the (in comparison little) effort?
Is there someone who went a similar route?
Are there other similar approaches?
Could there be problems when using machine ids for registration?
Are there other problems Im missing?
Do you think everybody will just figure out that they just have to use the installer again and enter the same code again?
If you are worried about publicly talking about your security measures you can dm me on discord: moritzsur#9577
Dealing with this right now and honestly we are just going mvp-route (minimum viable product/solution). Everything will get cracked in a matter of days after release, mega big companies are not an exception so I think the most important thing when doing something like this is to make sure that the customers who actually pay your company, are harassed to the minimum! 
On 3a) / 4a) where do you intend to save the data? I don’t think saving inside the .dll / .vst is a viable option, maybe on mac OS where you can have stuff inside the package as separate files, but on windows it’s a single file, and Idk if it’s possible to do without breaking the compiled plugin?
one way which is pretty safe is to have a web server that checks the customer’s license to use the plugin and maybe a database that keeps track on how many devices the said license is being used (and limit that), but it requires the plugin to ask for internet access, which is not automatic, and also all kinds of web security issues may arise… But maybe the best yet somewhat simple afaik.
Oh yeah, iLok is an option too and is state-of-the-art, since JUCE is owned by PACE now the stuff might be included inside JUCE already? Ofc it requires users to have the iLok which is a deal breaker for some customers.
1 Like
Have you tried forcing internet connection to verify the serial, then when the app is validated the server remembers the key and places it in a “already used” location.
If in future, the user shares his key, the server checks used keys and finds that the key given was already used by someone else, then locks the key.
This has the drawback of course, of needing internet when loading an instance. But there’s internet everywhere nowadays anyway.
1 Like
I would probably save the data in a juce::PropertiesFile somewhere else.
Yeah the webserver sounds like the right solution if I could put the time into it.
ILok also has ILok cloud so you dont need a dongle nowadays.
as a user i like it most when it’s simply about entering the correct serial number. i strongly believe that most people who buy plugins at all wouldn’t steal a plugin if it’s not free, because they are not driven by the complexity of cracks, but by morals
3 Likes
