Stopping Flagrant Piracy of Mint

That's just sad. Mint is well worth paying for. Why don't you people go collect some cans and recycle them and collect some money to buy mint. HA! Help the environment AND Shaun Inman all at once.

Yeah, lame idea considering they are probably too lazy to get a full time job, let alone collect a few hundred cans. Oh well a thought.

I'm glad Shaun wants to keep this thing open at all costs. And I for one will continue to buy Mint licenses when needed (I've gladly given him $90 for 3 licenses so far, but I would have paid double for the great product he's selling). But I'm not sure his idea for the toolbar is the right way to go. It would be trival for someone to modify the script to be undetected by his toolbar (changing file/directory names or possibly variable/method names). Then Shaun would just be wasting his time fighting pirates when he could be developing or selling more software.

The only other idea I can think of is deeply deeply integrating a ping-back system into Mint itself, making it difficult to use the app without Shaun's knowledge. Make it so it sends to Shaun the web address from which the mint install is running every week or two (to not flood his server with pings). If you nested this functionality deep enough in the code and had it activate infrequently enough to not waste bandwidth, you would un-invasively protect Mint from piracy. The pirate would have to go through the code and change a large amount of it to remove this functionality, so it would still be possible to pirate Mint, but a few more hoops would have to be jumped through.

Unfortunately, I think that any method you choose to try to prevent piracy will be worked around. While these measures may decrease the numbers of pirates, I doubt there is a surefire way to stop them dead. Unfortunately, it often becomes neccessary to write off the pirates as individuals who wouldn't purchase the product in the first place and simply not concern yourself with it.

Man, this stinks. I'm not sure what can be done, aside from having Mint "call home," to notify a database under Shaun's supervision which URLs are using Mint, contrasting that to which ones are licensed.

It is a shame that Shaun has to take the time to deal with crap. I bought Mint and am extremely happy with what I got for my $30. These guys hacking Mint need to get out of their mom's basement and get a job and pay for it.

I don't know of a good unobtrusive way that this could be stopped. All I can think is something that calls home and sees if the domain Mint is installed on is in some database on Shaun's side. Then if not it would send something to Shaun of the domain it is illegally installed upon. Also, I supposed Mint would have to check if this routine is installed, otherwise it could just be removed and never call home. But I am sure they would fine away around this check as well.

I think Shaun's idea of a Firefox extension would be good. I would gladly run it on my system.

Surely most of the pirate installs are on low volume sites? How often are the Firefox monitors going to hit them?

I think you can choose Open Source or to protect your licence scheme, not both. Open Source expects some responsibility on the part of the installer, and unfortunately can't physically protect otherwise. The only way to really protect his code is to close the part of the source, (a controller, perhaps?), and permit access to all of the child functions.

I'd say 1 step could be to use the Zend Optimizer and in compressing the code you will limit the number of people who can pirate the software. Obviously not 100%. The other way would be to encode a key that will let it work only with the given domain. So each customer key a unique key. Of course a clever coder could work around this having the source code to look through. Perhaps a combination of both of these and throw in a little extra validation to check the server as part of an automatic "check for updates" feature that happens to also check a client database to verify they are a customer.

Ultimately anything that can be done to limit piracy is good but there is no way to stop a determined hax0r.

Oh yeah, has Shaun tried asking nicely to stop? heh.

I hope this doesn't become another developer wasting their time trying to combat piracy. I love Mint. And I think Shaun does great work, but many a developer has placed untold hours into combating piracy; and they seem to so rarely ask the question of is it worth it.

Now, don't get me wrong. I'm not encouraging pirates; or encourage Shaun to do nothing. I just don't think he should waste a lot of time and energy on developing solutions to combat piracy. Obviously, he could benefit from the additional purchases of Mint, but let's face it most pirates don't purchase. They aren't going to purchase, it's not even a consideration. So it's not a matter of converting thefts to sales; it's more an issue of stop wasting time to verify if every support request qualifies for support.

To that I say, "batten down the hatches". Do the things you already know you should do. There has been a list of items on Inman's website of things he can do to better centralize the Mint experience. Do them. Make sure integration of forums and purchasing is in place. With the exception of "pepper" developers, I'd assume that most support question exist about installation. I could be wrong, I've never visited the support forums; so that's just my thought. But I use Expression Engine by pMachine; and a couple other pieces of PHP Software, where the developers have made sure that the username and id that you create at purchase, automatically identifies you in support forums. Non-registered users can still ask for support, but have different access levels.

Reduce the amount of time it takes to identify pirates so you don't provide support (this also has the benefit as reducing the amount of time it takes to identify legitimate users for support). Continue the denial of support to pirates, and move on. All the way back in 2003, Unsanity wrote two articles about piracy that have always resonated with me. The first is Software Protection & Piracy and the second is Pirate Me Not. This quote from Software Protection & Piracy has always stayed with me:

I think there is a thin balance between bringing sufficient anti-pirate protection and wasting time you could have spent improving your product. Your software should be fairly well protected, but do not forget about legal users who bought it and are expecting you to improve the software functionality. —slava at January 28, 2003 05:54 AM

I'd rather see Mint improvements, or even modifications to the Mint licensing than to have Shaun waste hours upon hours coming up with more and more clever ways to combat piracy. Do the basics and get out. Pirate Me Not had some good protection tips. Obviously not all could be implemented by PHP Developers but many can. Also, no developer should be an island, speak to other PHP Developers. I highly recommend giving Rick Ellis and or Paul Burdick over at pMachine.com a call or email. They've implemented a system that seems to work well for them. I'm certain, it's been improved over time, and they probably have many of insights to what works, doesn't work, and what things just act as a great big time suck, despite having some benefits.

And while this probably isn't the most appropriate forum for it, I'll say it anyway, consider a license change. I own five licenses for EE (Expression Engine); and have purchased even more for clients, and friends. Of my five licenses, at least three host multiple domains under a single install. In fact one install hosts eight domains. Not subdomains, but actual domains. It's done for a reason, but needless to say, while, I'd love to have Mint on this site, I'd have to purchase eight licenses upfront, and then remember to by a license every time I add a new domain.

So rather than become a pirate, I just didn't buy and install Mint. I should add, it wasn't even the $240 price tag to handle the single site with multi-domains, though that did give me pause. What really stopped me was, the knowledge that, I'll be adding more domains to this single install in the future; and having to deal with licensing per domain instead of per install, was just off putting. Call me an optimist, but I think of those people who would pay for your software, people pay for well-developed software; software that is constantly improving; situationally affordable software; and support. And though it's last, don't undermine the need for support, many a casual pirate (not the people who hack and redistribute, but the people who think I can get it here for free, it can't be that wrong) have been turn into customers by needing assistance.

So do the things you already know, will make it easier for you to provide excellent support and service to your customers, while denying access to non-customers with no additional or minimal effort; and let the pirates fight amongst themselves. My two cents.