[diggum]

Shortly after a big upgrade to the application I worked on, we started to get bug reports on our forum about a pretty ugly bug where a modal window would get “stuck” after clicking OK. The window would no longer respond to users but the application would act as if it were still up, and the only way out was to kill the process and lose all the unsaved work.

Understandably, the complaints got louder and angrier as no one on our engineering or prerelease teams were able to reproduce it, but easily half the bug reports were all about this issue and identical. After 2 weeks of trying every configuration of video card, OS, and any other alchemical recipe we could think of, my partner on the test team stumbled upon the license crack online while searching for anyone else having this problem but not having reported it to us directly.

As a brief respite from this ongoing madness, he decided to install the crack on a clean machine and aee how it worked so we could report it. Lo and behold, the problem reproduced on the first try. This whole time, indignant, angry users who were actively threatening our team and vowing to never use another product from our company had been bested by a poorly written crack.

Before exposing the secret, I asked dozens of the most vocal and vicious reporters to please email me a particular log file, and give me contact information where we might get in touch with them as we were close to cracking the case. (Pun intended, and this was before we had very clear rules around personally identifiable information, but even with the policy at the time, these weren’t our customers so I felt less anguish about it.). I received all of it and more, invited them to share their experiences on the forum threads, and then tactfully but clearly explained exactly why they’d seen this problem. I offered to work one on one with anyone who felt my accusation was in error, but not one single affected user replied or followed up after that message.

[AndrewStephens]

I was a junior developer on a heavily used utility that was frequently pirated. The company tried a few strategies to deal with this but one of the best was incredibly sneaky.

This was before validating license keys over the internet was really possible so a lot of people just used our application with a key from a public cracking site. Of course, we also knew about this list of cracked keys and our application would pretend to accept them. But if you actually tried to use the application, it would appear to be doing something for several minutes but fail with a mysterious error inviting the user to submit a log file to support.

Of course, the log file was secretly marked to indicate that it had come from a pirated copy and the customer would get a polite call from the sales team.

It worked out pretty well, a lot of customers didn't know they were using pirated software (or so they claimed; somewhat plausible given the nature of the utility) and were happy to pay and the sales team got a lot of solid leads. Evil vanquished, good prevailed, and I got paid.

[bonestamp2]

This is great!

We had a problem with piracy for awhile. We spent nearly a million dollars on some of the best licensing software out there and over 2 years of tweaking it to try and eliminate all attack vectors and we still had piracy. We learned even the best anti-piracy methods will be broken eventually. In the end, the proper solution was pretty simple... we just rewrote our application as a web app and now only people who pay can login.

I mean come on people, if you're using professional software and expect to be paid for your work, pay the other professionals for their work too.

[gvurrdon]

Excellent tale. It is sadly unsurprising that users get so upset about software they don't pay for.

If I may be permitted a brief comment, I recall several years ago a situation where we received complaints that our rather computationally-intensive software was running on some people's laptops without them having installed it, rapidly draining their batteries and heating the machines up, and what did we think we were playing at hijacking their systems?

It turned out that the culprit was a modified version of our software for a distributed computing project that would apply the credit generated to one particular account, presumably belonging to the user who had distributed the cracked version. IIRC (though I may be mistaken) they were distributing it bundled with some other cracked Windows software.

[JdeBP]

You are not alone.

* http://jdebp.eu./FGA/4xxx-hacker.html