No code is completely safe

I was reminded of a question I answered on Stack Overflow a while back, relating to protecting code written in JavaScript, from being copied/plagiarised, which reminded me of the topic of copy protection for software.

Of course, when anyone puts in blood, sweat, tears, and a hell of a lot of hours into a project, they naturally want to protect people from using it unscrupulously. But it amazes me to the extreme lengths that some will travel to in order to protect their work, which often offers little positive gain in tackling the problem.

The irony of the matter is that these extreme measures usually do absolutely nothing towards stopping the people who the measures are implemented to stop. Sure, it’s not as easy to copy software for the average user, but those who really have their sights set on that expensive application and don’t want to pay will somehow manage to get around it.

In fact, all the protection measures usually do is to simply annoy genuine customers who do pay for the software, and do use it in a legitimate manner, which just worsens their overall experience of the software. Why implement such extreme measures to cater for the small minority of users who misuse your software, when instead you should focus on the vast majority of honest users, and improving their experience. After all, their custom and satisfaction are the base for the success of your software.

When software comes bundled with protection measures such as dongles, or product activation over the Internet, it just makes genuine users spend more time dealing with the actual acquisition of the license to use the software, that, frankly, they don’t want to do. It also increases the price of software in the long-run, since more developers have to be hired to implement these methods, and in cases such as activation via dongles, there are physical costs associated with the mechanisms. One particular annoyance of mine in this field is Microsoft’s Genuine Validation Tool; for those who haven’t had experience with it, it is a download that checks for a valid Windows registration key, which, if found then enables you to download updates from Windows Update and the MS Download Centre. Of course the scheme is labelled as making it “easier for you to recognize counterfeited software, and help you if you have been a victim of it” but it is just an annoyance that everyone has to go through, and makes the experience less smooth and straightforward. The chances are that most people who are using counterfeit versions of Windows know they are doing it.

I’m not saying don’t protect your software from being misused full stop. Of course, there are some measures that should be implemented so that it’s not completely unprotected. Serial numbers and other simple mechanisms that stop the average user from simply making unlimited copies of the software is a simple way to accomplish this, and doesn’t use too much of the user’s time. But when developers go to such extremes, and the focus shifts from the software itself to protecting the software, in order to fight a lost battle, it seems a waste of time, resources and money.