Wibu Systems Copy Protection


#1

Hi all, was just curious if anybody has used Wibu-Systems as a solution to copy protection & anti-piracy. Our company is currently on path to use their SDK & licensing services but we’ve ran into a few snags and we’re wondering if anybody else has got this system up and running with JUCE.

Thanks!


#2

The only software I’ve encountered using this is Propellerhead Reason, and it was an absolute bear to use from an end-user perspective. The user has to install kernel-space drivers (what could possibly go wrong?), user-space applications (which are ugly as sin) which connect to a local web-based control panel to manage licenses (UX wtf?). Companies like Wibu and PACE don’t care about you keeping your customers, they care about you as one of their customers.

So with that said, I’d imagine the integration process is probably painless. But your end users will probably hate you. No customer likes dongles or intrusive/obstructive copy protection mechanisms.

FWIW, nobody has cracked Reason since they adopted Wibu. There were rumors Propellerhead was paying off cracker groups to not release cracks, but I find that highly unlikely - Wibu keeps such a vice-grip on the system it’s installed on I believe it could keep the software from being cracked.

At the end of the day, there’s two roads to take - show your paying customers respect and make them happy, or enforce draconian copy protection measures on them to sell a few extra copies (which may not even happen because a good number of customers refuse to buy anything with such intrusive copy protection - especially if it’s something easily replaceable like an audio plugin). Abandon them while you still can.

My two cents.


#3

Hi Jonathon, thank for your input. We really appreciate it! Yes I am worried about the stability and end user experience. Seems like a lot more moving pieces to keep track of.


#4

Hi,
i worked in the past a lot with Codemeter and is not as bad like Pace and the Advance is if you have a Studio and a Computer there its no problem to use this as a Webclient for use the Software without a dongle ,or alternative gives now a non Dongle Solution of this Company !Wibu have a very good support and its very hard to crack ,and interesting if you sell Plugins in the higher pricing Segment :slight_smile:


#5

If you’re interested in other methods, PM me. We are using the eLicenser system (previously Syncrosoft) from Steinberg.


#6

In my earlier post I singled out Wibu/Codemeter because that’s what you’re suggesting, but eLicenser is just as bad for consumers. In fact, it’s possibly worse because there’s no possibility of dongle-free usage like Codemeter (though Codemeter’s dongle-free mode is just as oppressive as having a dongle because of the way machine licensing works, you still have to have the drivers installed, etc etc).

Again, it’s a matter of building good faith with your customers vs stopping a handful of teenagers mass-pirating VSTs who would likely never pay for them anyway, or will become paying customers in a few years after earning some money and having years of exposure to your product and finally paying for it.

One of the most common anti-consumer practices I see regarding dongles is requiring them for trials. That is insane. Of course it’s necessary because otherwise the full product would be compromised as well, but think about it. Is that really the first experience you want a potential customer to have with your product? Either:

A. They have to buy a $40 dongle just to try it out,
B. Before they can try your product they have to sort through licensing BS to get it registered, and whatever the licensing middleware is doing is their first experience with your product and is representing your work.

There’s a point where you stop protecting yourself from piracy and start walling off customers from your own software, and copy protection middleware is a big one. I’ve wanted to buy Cubase, Nexus, EWQL and others for years but the reasons above are why I never will - companies like Native Instruments, Apple, iZotope, and even smaller ones like LennarDigital can fill the same roles while respecting me as a customer and they’re the ones who get my money.

Not to say you shouldn’t have any copy protection (anyone would be insane not to IMO), but if it involves licensing some kind of middleware you’re doing it wrong. JUCE comes with brilliant and simple remote product activation built in with the juce_product_unlocking module (formerly juce_traktion_marketplace) which has a way nicer user experience. You could even make it silently ping your servers periodically to do license checks (not built-in, but it would be simple to set up).


#7

Most of those folks already have the $40 dongle because they bought ProFools and it came with an iLok. Also, it’s not a “handful of teenagers”. it’s thousands upon thousands of users with laptops and desktops who would rather run cracked software that doesn’t call home or eat up CPU cycles talking to a dongle than be fully legally licensed. Sure they might buy a legal copy, but they still use the cracked one because it’s easier than dealing with a dongle that doesn’t work all the time.


#8

I must say @jonathonracz your opinion is only one side of the coin.

As a developer:
For my private side projects I avoid dealing with protection much as I know that if anyone insist they will crack whatever you’re doing. it’s not worth the time especially for small developers that can focus on actual product development.

For the company I’m affiliated with,

  • They’ve decided to go with iLok. I’ve been to some tradeshows/conventions with our company and you don’t know how many times people come and say “could you please make your products iLok based? I really want to be able to transfer them easily…”.

  • We had few users saying how iLok is bad and we had few refunds due to switching to iLok. but when I say few I mean about 1-2 people in the past year…

  • Prior to iLok most support was regarding activation/deactivation of in-house protection system. for products using iLok we’re seeing less support tickets.

  • Most protection mechanisms those days allow the option to go with disk-based authorization.

As a user (I’m actually came from music more than developing due to my families requirements to bring food on the table :slight_smile: )

  • I’ve always been an iLok fan. but maybe that’s old school… I really liked being able to go anywhere and use my software without activating/deactiving a studio machine I DON’T own.

  • It really depends on the product… Ableton or Native’s current activation is pretty nice (leave a side NI’s downloader hell). but while I don’t think I’ll try to install an application on a studio machine. I do expect sometimes to be able to get my plug-ins on another machine. this is where dongles wins.

  • Drivers you’ve mentioned, that’s a pro-user/dev word. a user don’t care. he just wants click-click-type-click-activated. when this is fails for any reason. this is where you loose the user.
    as long as the drivers aren’t bad thing IMHO when they’re written well. (I’m not saying the protection frameworks mentioned here written well but just saying that’s a driver is less a concern - technically all developers with VST/AUv2/AAX could write malicious code so… should people avoid plug-ins?)


#9

@jonathonracz so may I ask what experience you base this long rant on? Have you ever used any dongle based protection in one of your plugins? Can you compare between plugins that are protected and plugins that are not? Ever removed it and saw the effects it had on sales first hand?


#10

My rant comes from my experiences as a customer who owns a variety of dongle and non-dongle protected software. I don’t plan implementing it in any of my plugins because of the reasons stated above. The company I currently work for (doing pro audio/video dev) functions under the same principles. UX down to licensing should be (paying) customer focused, not ease of development focused (though having both when you can is certainly nice).

@ttg’s reasoning (and I’m sure yours as well, when you were adding copy protection to your products) is perfectly valid from developer and business standpoints. There are old school folks, possibly with a lot of star power behind them, who would prefer to have all their licenses on a USB stick tucked away in their studio. Plenty of people don’t care if they have to install kernel drivers, etc. etc. Also as far as I’m concerned the most recent instances of hardware-protected software are basically uncrackable, which is a huge win for the company.

I’ve covered why I think extreme copy protection is bad from a consumer standpoint, but even from the developer side there are drawbacks that turn me off from ever attempting it. You have to license the copy protection, maintain it in your own software, deal with the blowback from users when it fails (and when it works, but customers have to get BS “zero downtime” “insurance” to protect themselves) see the iLok database blowup in 2013.

I’m just glad there’s some actual debate going on here. There are absolutely different ways of looking at the issue. At the end of the day it depends on your target market (mega star pro users aren’t the be all end all for success!), how much you’re trying to charge, how much you care about UX, small bedroom/laptop producers, exposure through cracked copies, etc. Of course as your product grows in popularity all these variables change.


#11

It is all said, and I follow all points. There is no chance to solve that problem to everybody’s pleasure (just put customers, pirate/play/undecided customers and developers into one equation and you see why)

Just adding one point for iLok: as a PT user already has a dongle, the money is not the issue. A big benefit of PACE is, that they handle generation of licenses when selled in AVIDs marketplace. That way you have a third party to control, that they don’t sell what they want.
Unfortunately that is not possible with the signing only solution, and for the better version (which does also protect against reverse engineering IIRC) you need a big portfolio of plugins to make it pay out.

So if I were to buy a copy protection/licensing scheme, it had to come with a vivid shop that sells my products as well… I think, that’s the system behind plugin alliance, but that seems to be an exclusive club too…

Just my 2ct.


#12

Also Propellerhead’s shop for Reason Rack Extensions, which are tightly coupled with the software both in functionality and copy protection.

You make a great point. If there’s an ecosystem where hardware copy protection is a forced part of using the host (like Pro Tools), then integrating their copy protection into your plugin for their format is probably a win (and usually required anyway). You get better integration with the host and smoother licensing for folks already used to the system. Like AAX and Rack Extensions.

Where my vehement rejection comes in is when a customer is forced to adopt a whole dongle (and the headaches that come with them) to use a single plugin without any other licensing options.


#13

@jonathonracz OK, so you’re purely talking from a customers perspective. Here is a developers perspective with the experience of using the eLicenser system for the past nine (9) years:

Nexus 1 did have a license file and some other trickery when it was released in 2006. Sales were very good and we were quite happy. About three months after release it was cracked and sales went down roughly 50%.

Almost two years later (August 2008) we released Nexus 2, this time with the eLicenser copy-protection (dongle, not the “soft”-eLicenser system) and our sales were again very good and steadily increasing. In October 2009 a cracker group found a weakness in the eLicenser system and exploited it, essentially cracking all plugins using it in one fell swoop. Our sales dropped to 1/3 (not by one third, no to one third of before). Overnight. No exaggeration, it was devastating. According to our experience (not wishful thinking) 2/3 of all “customers” would rather steal our software than pay for it.

About 3-4 weeks later, Steinberg patched the weakness and released an updated SDK, which restored the full protection. Our sales very slowly recovered, but since there was a “fresh” crack available, it was really slow going. Now, that we almost put 8 years between the crack and the latest version (crack was 2.2.0, current version is 2.7.4) our sales are good again, but only because the crack is so outdated and only comes in 32-bit and only for Windows.

You simply can’t compete with “free”. As soon as there is a crack out, 2/3 of your potential customers won’t give a rats ass if you and your company survives or not. They just want new toys.

We would love to ditch the dongle, as it creates a lot of extra work (support, shipping, and some extra code) for no real “benefit” (to the customer). But what are we supposed to do?

Would you go to work everyday, if your boss tells you that you will now make only 1/3 of what you made yesterday for the foreseeable future, because of “reasons”?


#14

Thanks for sharing. I’m sorry that happened to you. Obviously that huge disparity in sales you faced is a big argument on the developer side for the adoption of strong copy protection (survival), and it’s definitely shitty so many customers don’t care about the hard work that goes behind maintaining and developing high-quality software.

@RustyPine hopefully this thread gives you and your company a lot to think about. Once you choose a side it seems like it would be really hard to move back one way or the other.


#15

I would still like @RustyPine to PM me. I have interesting info to share, not for public eyes.


#16

Kind of OT but I sold UI components years ago and even developers would rather steal your components then pay. I did not have any type of obfuscation things, just relied on that fact I started to offer my source code with the components. This is when OS software was really just starting.

On Android the same thing, the funny thing is, there would be no market to steal from if half the developers like the ones posting here were not so passionate about creating their software and dreams, which in turn kept offering great things to steal.

I don’t know, sometimes I just want to give up but then other times it seems like things kind of work out in weird ways. I have no experience with copy protection and audio plugins for sure.


#17

I am always surprised of often people will use open-source code that is under incompatible licenses (e.g. GPL or LGPL) and when challenged will reply “nobody can see what I used, so why not use it?”. But then they get angry if the product get’s pirated.

I can’t wrap my head around that. Either find another project with a compatible license (BSD, MIT etc.) or roll your own. Most GPL/LGPL projects will also grant a commercial license (for a small price) if you ask.


#18

I really appreciate all the input here. It’s great to hear stories from different sides of this issue.

I do think that target market is significant when assessing copy protection. For higher end, more expensive gear it may even add value in that the customer knows/feels it’s more “exclusive” if their products aren’t cracked and freely available on torrent sites. In a way it gives them an advantage and validates their purchase. Of course, if you want your brand to go down that path…