The following blog post, unless otherwise noted, was written by a member of Gamasutra’s community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.
Since I'm a technical guy the first part will describe the technical implementation, then followed by the benefits this has for legit customers and the drawbacks for non-legit customers. Although this is aimed at MicroSoft Windows and PC Gaming in particular, the principle applies to Apple Mac and Linux as well as other platforms.
(Originally posted on my website EmSai.)
Roger Hågensen considers himself an Absurdist and a Mentat, hence believing in Absurdism and Logic. Has done volunteer support in Anarchy Online for Funcom. Been a Internet Radio DJ with GridStream. Currently works as a Freelancer, Windows applications programmer, web site development, making music, writing, and just about anything computer related really. Runs the website EmSai where he writes a Journal and publishes his music, ideas, concepts, source code and various other projects.
A few basic things first.
First of all there is no perfect solution, anything that is executable or stored on end-user hardware can be cracked in some way no matter how elaborated it is, and all it takes is for one individual to be able to do that, once that has happen that person gives a copy to others who in turn give it to others, none of those people need to worry about the protection as the cracker already have. This is true for disc checks, online checks, save games stored online, regardless of implementation it can be circumvented, disabled, emulated, replaced and so on.
Meanwhile the legit owners get annoyed, or end up with various issues some real and some philosophical while others are consumer rights related, and in some cases law conflicting. So what is the goal of DRM? It is to prevent copying, period. What is the best case scenario? Delay cracking for a few months and prevent casual copying, and lately DRM is becoming less and less effective, DRM seems to only be able to limit pre-launch leaks, and in some cases failing that. Pre-launch leaks is not DRM related at all, it's more an issue of trust and not keeping tabs on your own merchandise while not looking.
So, back to DRM (Digital Rights Management), or copy protection, scratch that, copy prevention, no not that either... I'm not sure what to call it, but whatever it is, it's not prevention/protection/right management nor anything close to that, it's more like product lock-in and product expiration and greed all wrapped into one, I guess you can tell I'm no fan of DRM or Copy protection systems, at least not any of the past or current ones I've seen out there.
What is The Ideal Copy Protection?
The answer is simple, The Ideal Copy Protection is "Value Added".
What the heck does that mean? It means that the value of a legit copy should outweigh that of a non-legit copy so much so, that a pirate would seriously consider buying it, whether they actually do or not is another case, but if the product is good and they can afford it then they most likely will. Think of digital pirates as the client group of your fiercest competitor, then try to think of ways to lure them from your competitor to you company and your products. This is the unwritten law of the Free Market. A pirated product is no longer your product, it's a competing product, but it's also a lesser product, or at least it should be, but most methods used today actually allow the pirated copy to add value by simply reducing or eliminating any and all inconveniences for the consumer.
What would you choose (ignoring the social morality issue for now) if you had the choice between a free and hassle free software and a non-free software with an overly annoying hassled procedure to get it running and use it? I know what my answer would be, and I think I know what your answer would be too.
So what can you do as a developer/publisher? Ignore the pirates, and make potential customers realize that by getting a legit copy/becoming a legit owner that they get some value added, something that no pirate can give them.
But before detailing legit owner benefits, let me just do a quick technical outline of how the Ideal Copy protection should be implemented, and don't worry it's not overly technical, but be prepared to maybe look some terms up in Wikipedia if you are unfamiliar with them.
How to make The Ideal Copy Protection.
If a CD/DVD distribution then the following steps should occur:
- 1. Autorun or Manual start of Installer.
- 2. The Installer does not require Elevated Privileges, but if the user chooses "All Users" then elevation must be performed, you could do a RunAs but Mictosoft advises to run a executable which has a administrator elevation manifest instead.
- 3. The Game/Program is installed, any updates of support files like DirectX and so on should use the official runtime redistributable, these will prompt elevation if necessary, or the OS will auto elevate them in some cases, not really your concern, you just need to execute the installer and check for success or failure.
- 4. At some stage during installation preferably at the end when completed, ask the user for the product serial. For a non-elevated install aka normal user this would be the current user, but for a elevated install this would be an administrator while you actually want the user that initiated the install, if possible try to add support for an unattended install with a way to provide a serial and target user. Do simple serial validity check to ensure the user actually typed it correctly, so that if it's a HEX or numeric or alphanumeric that it only contains expected characters, is the right length, maybe add a checksum to it for self checking, inform the user if it seems wrong, if they keep messing up again and again, offer a link to a support page or phone number or something like that as it's likely there is either a bug or the issued serial is wrong.
- 5. If the user choose to enter the serial then store the serial under the users roaming preferences folder, on Windows 7 for example this defaults to C:\Users\(username)\AppData\Roaming use the appropriate OS API to retrieve this path, essentially it should be the same location where the save games are stored or where the player profile or game or program config is stored. Inform the user that the serial is required for the software to function.
- 6. Although this part is optional it's highly advised as many as possible do this as this is one of the steps needed for the Value Added part. Allow the user to register the software, let email be the minimum info and optionally name and address and so on, inform that registering with email is required for Value Added, support, updates and much much more, make registering sound life important and wonderful, just make sure you can back up any claims you make. Remember to keep registering optional, you'll see why a bit later.
- 7. The CD/DVD is now no longer needed, but reminding the user to make a backup of it is a good advise, why not take the chance to give tips on how or even what product to use. Telling the user to also write down, copy to the clipboard (just use a normal text field) or even allowing the user to print out the serial as part of a mini-quickguide with links to website support page, support numbers, and whatever else would be suitable for a one-page sheet of paper.
- 8. If you give the option to run the software at the end, make sure it does not run elevated, let the autorun/install wrapper exe run the program instead.
Running The Software
- 9. When the user starts the software do the same as in step 4, 5 and 6, in fact, do exactly the same, code-reuse in this case simplifies thing, use the same serial/registration exe or dll etc. Why repeat this step? Well, it's possible the user did not want to enter the serial or register during the installation. Show the exact same dialog for consistency.
- 10. Now here's the important part and why the registration should be optional. After a certain amount of time, let's say maybe a year, the software should no longer needs the serial to actually run, it is only during that "initial period" that the serial is required for the software to run. There are at least two ways to do this, one is to hardcode the start date and compare with current time, and the other is to hardcode the end date and check if passed. Maybe intermix the two and spread checks throught the program at different intervals. The install or first run of the software will still ask for the serial, it's just now optional. Depending on the distribution, a way to minimize the impact of fake serials especially during the initial period is to not pre-generate the serials at all. Instead generate the serial upon purchase instead, and when possible tie the serial to the user at once before download or installation. Providing a manual interface/website for retailers that does not automatically contact your server is advised, this would be regular physical retailers, let them enter the customers email and get a serial in return, a serial that is now tied to that email. Once the user gets home they register the software using the same email and serial. In both these cases, even if someone made a fake but valid serial, even if it matches a real one, they will not gain anything, a bit later I'll let you know why.
- 11. Any patches, downloadable content, expansions, or addons should probably update the serial/registration expiration date every time possible to a year after their released date. This way a year or so after the last update or the final patch or extra content or (hopefully not) the demise of the company, but more usual it would be the eventual end of line support of a product. This avoids the "final patch" issues that so many are concerned about for current DRM solutions, if support for it is gone then the budget for that patch probably is as well, or the company went under and nobody can patch it, or the source files got nuked, or upper management decides to not waste time on it. And when it comes to productivity software it certainly minimizes the risk of legal claims, which can happen due to not being able to use the software that they created something in but they are unable to export their data from it.
- 12. If the user chooses to register then the serial get tied to their "account", this may be an existing account or a new one, make sure to properly brand the registration so the user clearly knows where it's being registered, this avoids issues with a user ending up with multiple accounts. Make sure they are informed if the name of the account system etc. changes, which could happen during mergers or branching, or if it's separated into it's own service.
- 13. I'll mention more about the account stuff a bit later, but I'll touch on a particular account feature here as it's tech related. Serial trade transfer. In particular games tend to be traded/exchanged, either someone gifting it to somebody else, or trading for another game. The account system should if possible provide a Escrow feature. User A and User B have agreed to trade, User A locate their game in their profile's game list, select it and who they wish to trade with and choose "Trade", User B does the same. If this was one of the Users gifting the game to the other it would be similar, except that the giver would indicate they want nothing Traded back. But in this case a full trade is requested and after User B has clicked "Trade" the details are frozen, and both will have the opportunity to choose Accept or Cancel, this system can be realtime or non-realtime and is easy to implement. The title/name of the game is shown to both in the Trade Escrow, and since the system has validated the serial it can ensure to either party that the listed game name is actually the game they are trading. Both click accept and the serials are swapped and each game is now re-registered to their new owners. At this point the new owner might benefit from a download offer, maybe a near cost only digital download, or even offer them a "backup" copy of the disc in the mail, more on things like this below.
- 14. In the Game/Software ask if they wish to login but do not require it. If they do log in, offer access to various extra features, obviously you could offer nothing extra at all but that'll hardly gain you many customers right? Provide a optional news feature so that the user can get to know about new benefits of being a registered aka legit owner. At the very least send them a welcome email, bragging of all the things they'll get, new content, planned features, discounts and much much more. Just make sure you can keep the promises you make.
What are the benefits to the paying consumer?
But it all depends on what support you are willing to offer. A consumer does not just buy the product these days. They actually pre-pay for the software, the support and service for the life of a product, too many developers/publishers fail to realize this. Those who do realize this tend to beat their competition all the time. If you do not plan to provide any support, then forgo the registration altogether (unless you want the statistics) and prepare to sell the product dirt cheap. So what can you offer a legit owner that has registered?
Why not offer a digital download, either a low cost/near cost only download, or a free bittorrent download which moves most bandwidth cost from the servers to the user, it could also mean way faster download than directly from a overloaded server half across the world, this could also be leveraged during patching and downloadable content and extras or expansions, anything really. When possible also offer a "backup copy", this should be just a plain disc, it could even be a burned disc, just make sure it's got the product name and room for the user to write the serial on it, offer it for cost only and shipping.
Support services like asking for help via the website, email, phone is made available to registers users. Add as much "Value Added" material as you can. Offer the manual as a digital download, preferably printable and navigational and searchable for offline use. Offer media like the game soundtrack for download, concept art. "Behind The Scenes" featurette for download, offer outtakes of voice cast or motion capture actors and so on.
Make being a registered user a part of something bigger than simply playing a game. Internet play and multiplayer available for registered users, embed chat for registered users, messaging for registered users. Able to make posts on the official discussion forum, special "members only" forum for registered users of particular products, you'll find these will quickly become an exclusive club all on their own. Give special special forum avatars. Give certain registered owners that have proved themselves the honor of being a moderator in certain parts of the forums. Recognizing the games or software they own and allowing them to show others that they have them should also be possible. Although it should be optional for those really private folks.
Only legit owners that have registered will be able to download patches and updates, or get downloadable content, or get expansions or addons. Give registered owners a discount for new expansions or addons or downloadable content that have a price. Give them discounts on other products as well. Run regular raffles where registered owners can win stuff. Run promotions with hardware makers for discounts on hardware if they are the registered owners of certain software.
For games, why not offer save game backups, and how about free save game restoration, luckily it does not happen often but corrupt savegames can and do happen. As the developer you hopefully know how to parse a savegame and rescue as much info as possible from it, then give a fixed savegame back to the player, all those hours they thought was lost are now saved. (pun intended)
Other things to give a registered owner would be a downloadable or online game guide, walkthrough, developer cheat codes/command console to use in single player, maybe some MOD tools, or a Game Editor/Campaign Editor/Level Tool, make it easy for registered owners to create and share custom/user created content for your product, provide a ranking system so they can vote on the best, release a regular newsmag or email or similar where users and the things they create are mentioned.
Treat your valuable customers as what they actually are, that they are valued. And you will quickly see that they will in return remain loyal, they will even support you in return, they will spread you brand, convince others of your product (if it's good obviously), they will be more likely to get some of your other products, even if they aren't exactly what they would have wanted, or they do not have a need for it that much but they still like it because it's from you. You will find a growing community, and at times the support they give each other may actually ease up the pressure on your own support department, and the word of mouth would beat even the best viral PR campaign.
The whole point is, make those who pirate your product, those non legit users, make them feel like an ass for not buying it, make them look in envy what all those legit users get.
This may not be the answer you where hoping for when starting to read this article. but trust me, you will sell as good as or better than you did previously. Consumers will love you.
It will mean a lot more work, but these days you are not just selling the product but your support, service, community and more, all into that single sale, and if you throw the typical DRM on that thing your smarter competitors will win the market from you, because they are already working on most of the things mentioned in this article, and it's working.
Remember, The Ideal Copy Protection is "Value Added"!