Poll: Product activation in the garden of good and evil

What do you think of Scrivener’s new product activation requirement?

Hello,

As you may have noticed, Scrivener 1.52 introduced product activation. In a way, this is a bit of an experiment. Scrivener 1.0 was originally supposed to have product activation, but I never included it because I couldn’t think of a way that would make it “fair” enough; that is, I could never think of a way that product activation in Scrivener wouldn’t end up inconveniencing regular users. I have finally introduced it in 1.52, partly because of the number of pirated serial numbers circulating the internet, and partly because I thought of a way it wouldn’t - or at least shouldn’t (in practice there have been some teething problems) inconvenience paid users. I’m posting a poll on this process, though, as I want your feedback - the last thing I want to do is upset users of Scrivener, as the risk of losing the good will of existing users far outweighs the risk of piracy.

Before doing the poll, please read the pertinent information below:

1. Most software these days has some sort of product activation, whether big companies such as Adobe or the software of smaller companies such as Ulysses, Mellel etc. In Scrivener, the only information that gets sent during this procedure is your serial number. All that happens is that it gets sent to the eSellerate servers (eSellerate is the company that runs our web store and provides our serial number system - you will have gone through them when you purchased Scrivener) and then the eSellerate servers check to see if the serial number was generated by their system. If so, the serial number gets activated on your machine, and you don’t have to do it again unless you install on a different machine.

2. There is no limit to the number of activations you can make for a single copy of Scrivener, so unlike some software, Scrivener won’t stop working if you update your OS or reinstall too many times - you’ll never have to ask us for permission to use the software you paid for. All it does is refuse pirated serial numbers and allows us to check every few months that no serial numbers have been activated thousands of times. That’s the extent of it.

3. If eSellerate or L&L disappears from the face of the earth, Scrivener won’t try to activate - it only tries to activate if it can detect the eSellerate servers. Likewise, if you have no internet, it won’t try to activate either. In these cases, Scrivener will continue to working as registered - so you don’t need to worry about Scrivener failing to work if you’re in a situation with no internet connection where you need to reinstall everything for some reason.

In other words, the activation procedure in Scrivener is very, very “light”.

I’m also very realistic about this: you are never going to prevent hackers from pirating your software. Ever. Will Shipley, founder of the Omni Group and now of Delicious Monster, put it well; he said that developers should only implement anti-piracy procedures to the extent that someone has to actively choose to pirate it; that is, the user has to take a definitive step into piracy and cannot do so “accidentally” as it were. I think this is a good policy. The new activation procedure in Scrivener is really not intended to go any further than this - it’s easy to circumvent for those who really want to take that step, just because otherwise it would be problematic for regular users. However, let’s face it, up until now Scrivener has been exceptionally easy to pirate - you just needed to grab a serial number and that was it, done. And there are plenty of otherwise honest people out there who end up using pirated serial numbers for whatever reason (I’m not going to pretend that my younger self never did anything like this; it would be hypocritical to claim otherwise). The new, one-step serial number activation is really intended for such would-be-users, who will see the activation panel and think, “Oh, whoops, yes, I actually use this software and ought to buy it.” Those who then go out looking for a crack, or who go to the effort of circumventing the activation procedure - well, they were never going to buy anyway.

So, that is my thinking about this extra step. I’m trying to be completely up-front and honest about all of this, as I know users (quite rightly) get very nervous about this sort of thing, and anti-piracy measures are one of the most sensitive topics on the internet right now with many fiercely disagreeing about how far such measures should go before they become obtrusive. So now I want your opinion. I’ve had one very angry e-mail and a couple of suspicious e-mails so far - not bad considering the thousands who have upgraded - which is probably to be expected, but I really don’t want to upset any paying customers or valued users.

If everyone really hates activation, I’ll rethink it and possibly even remove it (especially if it seems to have no effect anyway, and definitely if the teething troubles of users wrongly getting “not recognised” errors continue). So, please take part in the poll and post your opinions. If you really hate it, explain why; if you think it could be done better, please tell us how.

We’re not trying to upset anyone or trying to make valued honest users feel like a pirates - that’s the last thing I want. So let us know. But don’t shout at me - I admit I want paying for my hard work, but I don’t want to offend anyone in the process.

Many thanks and all the best,
Keith

Based on what you say, it sounds perfectly reasonable to me.

Particularly like the safeguard of it not trying to authenticate if it can’t find the servers - prevents if becoming very annoying nagware if you happen to be working offline on the road, or as you say, if something hapens to the company or its servers.

Yes, activation seems a fair response to your piracy problems. You provide a very generous trial period which should be enough for users to decide whether to buy it or not so it isn’t exactly a risky purchase.

Also it sounds like there are enough safeguards to make sure legitimate activated users aren’t going to find the software fails to load, or find themselves incorrectly reported as pirates, etc.

It sounds to me like you have the right attitude to it - i.e. make it an active step to pirate, and don’t inconvenience users.

However I will say that I still don’t like it because of the chance however small that it will stop me using the software I’ve paid for.

That, and the fact that as a developer myself I know this stuff doesn’t work. It is always going to be possible to circumvent these checks and in fact you have made it especially easy by defaulting to ‘working’ when there is no internet connection. And, if your checks work, then what will happen is that someone will create a patched version of your program that just skips the check (I’ve had this happen to me with a piece of software I developed - it is just as common as pirated serial numbers).

What you might think about instead is just reminding people in an obtrusive way that the software is not registered. This provides no incentive to pirate it and it reminds those who are willing to pay that they haven’t.

It’s very odd but true that writers and would-be writers, who are the first people who ought to be supporting the protection of intellectual property, can be the worst to undermine IP by ripping off commercial software (which is ‘written material’ in many ways too). You’re being very generous in making it so light, Keith. Have no worries/fears whatsoever.

I found it to be painless so far in practice, and I’ve been very impressed by the classy way it was implemented and presented to Scriveners users. Many developers/publishers are not so cool.

I agree with the views of bodsham and kukkurovaca.

H

Actually this tends to go wrong more often and that really ticks me off. I paid for this %$#@ thing now get that message off my screen!!

As long as Keith keeps with this plan (i.e. if your connection is down it defaults to working) I am OK with it. It is annoying but I am willing to go along for the test. I assume that if this really doesn’t do much (i.e. Keith sees no reduction in pirated serial number activations), then he will go with another plan.

Apollo16

For me, it was so quick and unobtrusive that I was not inconvenienced one whit. Having installed 10.6, I then went through all my software checking whether it worked under SL, upgrading where I knew there was an upgrade … other apps did similarly to Scrivener; SnapzPro, I think it was, said that my licence was out of date and promptly provided me with a new one.

To me, it was just part of the upgrade process. I’m sure that for those who have had trouble with getting the activation through the eSellerate server the process was disturbing and I sympathise, but I have no problem with developers attempting to identify pirated copies of their work and taking steps to block them.

Mark

I’m fine with the activation as described.

When it ran during the recent upgrade it made me nervous, though. I had assumed that putting in my purchase code way back when had already “activated” me. Had something had gone wrong in the upgrade? Was going to look like a pirate? Was Scriv going to stop working??!!!

Fortunately it didn’t take too long or I might have seriously panicked.

Amberdine - I think this is one of the problems, in that we introduced activation in an update rather than right from the start. I understand it could feel a little dishonest on our part, which is why I’ve been going to pains to explain it where I can (for instance, it was explained in the newsletter that went out to the 3,000-odd users signed up for that, as well as here). But obviously the majority of users just use the software and don’t want to be bothered with newsletters and so on, so it may have seemed odd to them. One reason for introducing it at this stage is that I want to get it right in 2.0, too, so wanted to see how effective it would be, etc.

Apollo16 - if it doesn’t work (or if it annoys too many people), I’ll probably just drop it. I wouldn’t be comfortable trying anything more intrusive or more suspicious, and online activation is fortunately about as far as eSellerate go anyway. I’ll be interested to see how long it takes for a cracked version to appear somewhere. Scrivener being so small-fry, I wouldn’t think it would be worth anyone’s bother - I was surprised when serial numbers started turning up. If cracked versions of 1.52 start turning up pretty quickly, then there’s not much point and I’ll most likely just drop activation.

All the best,
Keith

After installing Snow Leopard I’ve launched scrivener for finishing a project started a couples of days ago and after few minutes Scrivener was telling me ‘Hey, a new version of Scrivener is out’. I was thinking that it would, at least, improved Snow Leopard compatibility but I was feeling painful because at least i could run the binary in ‘32 bit mode’ and solve my compatibility problems, it hey would have happened. Instead the first thing that come up to my eyes after the ‘replace & restart’ procedure it is a small rectangle that is warning that your copy of scrivener is not activated (yet), it also suggest to activate it because it’s a ‘nevermind thing’ and it is also an easy task, so I went ahead and I’ve activated it.

After it’s activation I went to L&L website for reading the releasing notes and I felt really sad discovering that neither a word was written about the validation process; threads concerning the validation process were popped, after, on the forums. This behavior didn’t lighten my sad mood by the past minutes before, it’s seems to me a sharp cut between L&L, as a company, and Scrivener user basement. I say this because I really appreciate the interaction that L&L put between it and its users, it’s not like all those big company for whom the client after the payment is only a number and no more.

I can understand that, in part, it is a method for protect not only your work but also your daily gain, because Scrivener was born as an hobby but now is your everyday job as it is now; I can understand that you protect your work not for being rich but only for eat everyday or for a normal everyday life. Perhaps I think that more protection around Scrivener won’t keep pirated copies away or pirated serial. This is the endless story of mouse and cat but, imho, protectionism or coercion are not the solution from my point of view. Those are not the solutions, from my point of view, because those guys who crack protections doesn’t cracks for moneys but only for challenge, so a big protection is not safe from them so neither Scrivener is too. In my point of view the problem is peoples who use cracks for stealing others works, others ‘daily earned money’, and those peoples are a cultural problem that should be faced by a low starting point: education. If you grow up someone w/ the idea that labour in general should be paid because it deserve the prize of its sweat, less peoples would steal a software with a crack if they think for a moment that in the world there is someone who starts working at 8:00 am for the P.A. behind a desk and someone who starts its work at home programming a software.
So in my point of view a more restrictive protection on Scrinvener is not the goal for protect ‘business’; there are other way of protect Scrivener without a disciplinar and coercive method for earning the goal; perhaps you could start with an educative method that could collect more ‘fruits’.

Sincerely,
matteo.

Hi Matteo,

Thanks for your feedback, much appreciated. Certainly we’re not “rich” - we’re too small a company - though I wish we were! Scrivener does earn me a living, though, and I’d like to keep it that way as it’s a nice job, not least of all because of the interaction with customers such as yourself and others who have posted here, and I certainly wouldn’t want to tarnish that relationship in any way.

You are right that the new activation should have been mentioned in the release notes on the website - I have just updated it to mention that. It was rather late when I posted the release, and I did it under time constraints as Snow Leopard was impending in the same week that David - the other L&L guy - was away and I had some of my best friends visiting for the week. I didn’t want to include notification of activation in the release notes that appear in the automatic update checker, I fully admit that - it would sort of defeat the object as anyone using it without a legitimate serial number would just choose not to update. But it should have been in the notes on the site and has been added. Also, as I mentioned above, it wasn’t just a matter of me only admitting to this after the fact - I informed everyone signed up to the newsletter in advance.

I am taking all of these opinions firmly on board, though.

Thanks again!
All the best,
Keith

My first reaction when the activation dialog popped up was in the line of “what the …?” I’m not quite sure if it was out of surprise or annoyance.
I am a professional software developer so I totally understand the reasoning behind the activation process, a lot of software I’ve worked on ended up with some sort of DRM wrapper and activation checking procedure. However, lately I’m getting more and more annoyed by the way software companies (and lets not forget large media corporations) handle software and digital media ownership.

When buying Scrivener, you also buy into the warm fuzzy support-a-small-software-developer feeling. The activation process diminished that a tiny bit.

After reading about your light approach, the fuzzy feeling was totally back again by the way.

I’m not sure what my standpoint on DRM is, I don’t like it, but it could also be a necessary evil.

gr.jakko

Thanks for your feedback. To be honest the whole issue of activation has been a discussion point (of contention) within L&L. I say “within L&L” - that really just consists of me and David arguing. David, doing the sales and monitoring bit, has been really pro-activation, whereas I have always been anti-activation (he’s going to read this and think I’m making him the bad guy - he is! Evil, I tell you!). The “light” approach in 1.52 is a compromise and sort of experiment. I’ve tried to do it in such a way that won’t upset anyone, but hey, that’s always impossible. It’s a juggling act, really. There are a good number of users who like the “warm fuzzy” feeling of L&L (and I do too - it’s something I wouldn’t want to lose), but there are many who have no idea we’re a small company and assume we’re some sort of corporation anyway.

I have always been of the conviction that if you make the software good enough, even many who start by pirating it will eventually buy it - indeed, we’ve had a few sheepish but welcome e-mails from users who have pirated it and now want to know how to enter a legitimate serial number because they like it enough to buy. But on the other hand, Scrivener’s a cheap product - we’re not charging as much as Photoshop, for instance. I don’t know what that means, though - it probably just means most people who pirate Scrivener are never going to buy anyway.

All of this feedback is certainly very useful, either way.

Thanks again and all the best,
Keith

I’m #2 for “here’s why.” The ‘hate’ options don’t really apply…

• I don’t like apps that continue to phone home after I’ve already paid and entered a valid serial. A check on piracy is one thing, but wasn’t that accomplished when I entered the number in the first place?

• I haven’t experienced it in Scrivener, but code checks that fail incorrectly can really mess up your workflow. MS is probably the archetypical example of this, and it’s disturbing to seeMS type behavior in programs I’m otherwise fond of.

• I don’t believe for an instant that Scrivener’s goal in opening network connections is to broadcast my persona info to nefarious types. Doesn’t mean they’re not out there waiting to receive it when Scrivener transmits it. I like to keep that kind of thing to a minimum.

Just for the record: I did read the info you posted about how very non-invasive Scrivener’s mechanism is. It’s certainly encouraging as compared to how some of the big software companies do things.

I don’t have any problem with the security activation scheme neither do I have any conviction it will have the intended effect. One intent on theft will not be deterred by even draconian security measures, let alone the relatively minimalist L&L scheme. On balance, I have to go with removal but if BK is or becomes convinced otherwise of the PA’s effectiveness that’s fine by me too.

I don’t have anything much to add, because I have never been someone who has been bothered by activation, DRM etc. I see it more or less as a necessary evil.

However, I await your results with interest, because I will probably need to make my own decision about this pretty soon.

Matt

Hi Keith,

Firstly, thanks for asking.

I fully support reasonable measures to ensure license purchase and compliance - simple. And, in the case of Scrivener, your prevailing ethos has clearly always been, and remains, “a small contribution by many” - as opposed to “a big price only for the few”. So, to my mind, this makes it even harder to make a case for shirking becoming a validly licensed user if you want to continue to enjoy benefit from the product beyond the (already generous) trial period.

As to the extent of such measures, I’d personally be confident that any genuine situation could be resolved by contacting L&L. For you as essentially a two-person business though, I think the real question here is for you to determine the right balance between a slightly “forgiving” automated process versus a stricter one where you may need to manually respond to several user enquiries from around the 24 time zones.

The only issue I had with your new process was not knowing about it before the window popped upon running the .dmg for 1.52 - it took me by surprise and I wondered for a second whether it was an erroneous/malicious script. I take your point in this thread that it was in your newsletter - I’m not subscriber (I prefer this forum). But, to the other point raised in this thread, with a steadily improving product I personally don’t feel you have anything to lose by flagging an activation requirement in advance: users who then choose not to become validly licensed are then simply stuck at 1.51 forever.

Finally, I feel that your goal of not making any user unhappy is unachievable. It’s a noble intention, Keith, which gives further evidence (if it were needed) to your user-community of your personal integrity and values - but with an installed user base of greater than several thousand, well, something will always grieve one or two folks. What matters is your intent and response - neither of which I’ve ever had, or seen herein, any cause to question.

Continued best wishes.

Regards from Downunder, Andrew.

PS: Congratulations on regaining the Ashes…

PPS: You did look tired on that Biblio Tech piece! An excellent feature though - well done.

My only concern, is when protection makes installation difficult in some ways.

In the past, I had troubles with Native Instruments, for their over-complicated protections system. They recently switched to a very easy system, that seems to work flawlessly and doesn’t ask for a hour to enter a code.

Adobe has an easier protection system (just enter a code), but it was funny when I had to ask assistance, after de-installing the demo for CS4 also prevented my CS3 from working. I gave the assistance clerk the name of my boss, while signing my mail message with my name. He answered that he could not give assistance to my boss, since the product was registered to my name. I guess it was monday morning.

Who remembers the times protection codes had to be read aloud by phone during an international call?

Paolo