I’m happy to let you know that going without copy protection has worked well for me. That said, I still think it’s entirely dependent on what kind of company you are looking to build. For example, if you are planning on selling high-ticket items as a “premium” brand, going without any anti-piracy measures isn’t probably a great idea. However, if you are aiming to just share cool software with people and build a brand around that idea, removing any hassle is only going to win you more customers in the long run. Some of them will pay you, some of them will not. But as already discussed in this thread, the ones that don’t pay you, weren’t probably going to do so anyway.
I would also keep in mind that if you do end up going with copy protection, it’s pretty much a race against time before someone cracks it anyway. You just gotta sell as many copies as possible before that happens. It still could be a very favorable tactic, though, as demonstrated by the vast majority of companies using some kind of anti-piracy solution.
Lastly, I want to mention that without copy protection, not many people will even realize that they could share the plugin with anyone. If I buy a plugin, all I care about is getting the thing in my DAW and start playing around with it, without questioning the process that gets me there. So if someone is going to share the plugin after purchase, they are most likely buying the plugin with the intention of doing so. Furthermore, once your plugins do finally get on those dodgy free software sites (and your website SEO isn’t absolutely terrible), it’s only going to be found by people who are actively looking to not pay you.
Anyway, I hope that helps even a little bit. If you have anything else you’d like to discuss outside the scope of this thread, I’d be happy to chat via email
I just wanted to thank you @Aapo for following up on this and posting about your results. I am going to release my first plugin this year and I have been absolutely exhausted trying to find simple solutions to this issue. It’s refreshing to know that you don’t need copy protection and can still be successful. I will be considering this heavily moving forward! Thanks
It’s funny, a couple of years ago, we had the exact same question as OP, and a lot of the answers to this post has some really good ideas. They all also concluded what we concluded; there wasn’t really anything on the market that was cheap or good enough for what we wanted.
I’m happy to hear that @aapo has had a good time going without, but in case someone wants some protection, here’s what we found building our own solution to this problem;
iLok is out of the question, it’s perceived both as too expensive, but also not a good enough user experience
A lot of the existing solutions in the market charge per product which didn’t make sense to us (we wanted to ship multiple free or cheap plugins too)
We don’t want to have any support requests around licensing, so self service for customers is paramount
We also want reasonably secure licensing, with the ability to move licenses between devices
Given the above points, we effectively had to build a licensing solution with customer accounts and authentication built in, with a customer portal in our storefronts
@hugoderwolf and @vallant is onto something with the RSA encryption, we ended up not encrypting the license, but rather just signing a blob of metadata to uniquely identify the device & user, which can be validated by the plugin. In the recent years, we’ve been moving more towards using standards like JWTs, which has a more standardized way of embedding RSA signatures
This approach also lends two neat use cases; offline activations and time-scoped trials. Of course, both need additional code to support, but it’s feasible
Happy to help anyone else out struggling with this!
I agree. You can even encrypt the email so you can trace back a particular license to a user in case it is distributed without your permission and cut this user from further updates. Updates are quite useful to motivate people to buy your plugin once it has been cracked so the last thing that you want is to give them to the users who are using another license without permission.
Attaching the license to a machine is a nightmare because users change machines quite often, every OS has little variations about the id’s, etc. Maybe companies like PACE can deal with all the details of it but for a small dev, I felt this was too much work knowing that you will be cracked anyway and there is a big risk that this annoys your honest users.
I know some users that aren’t always connected to the internet (me ) and I’ve read some posts of people who used cracked versions of the plugins just because they couldn’t use the copy they bought in offline machines. Considering that OS are nowadays non-optional and can add bugs, I think that it actually makes a lot of sense to have your recording studio computer offline.
I’m happy it worked for you. I accidentally made a mistake and removed the protection in my plugins. In my personal case, 1 month later the internet was seeded with uploads of the free installer! It sure gave them some exposure but well, the sales dropped quite dramatically (more than the 40% that has been mentioned several times in the forum).
I arrived at a similar idea, I’ve been trying to setup a basic offline system using RSA signature with a license file, but to no avail. I can get as far as generating public and private keys with OpenSSL and even generating a license file using name and email, but can’t get the actual signature system working in JUCE. Any suggestions greatly appreciated!
P.S. Sorry for the necro-post but this is by far the best thread I’ve seen on this topic.
It sure gave them some exposure but well, the sales dropped quite dramatically (more than the 40% that has been mentioned several times in the forum).