HACKER Q&A
📣 illegalmemory

Is there a “privacy focused” way of software licensing?


Hello HN, I was working on a desktop software and wanted to enable purchasing a one time license for usage. I really don't want to collect email / user name / IP address and so on of the customer ( imagine zero server component if possible ), but at the same time don't want the same license to be used on multiple devices (malicious users to exploit this system). Is there a way to achieve this? Anyone having experience to share in the field ?

  👤 ezekg Accepted Answer ✓
Using an API like https://keygen.sh, you are in control of how you “fingerprint” devices, so creating an anonymized fingerprint should be pretty easy using a secure hashing algorithm. You can check out the privacy policy for info on data retention for things such as IPs in log data. Privacy-focused licensing isn’t *super* hard. Activating a ‘new’ device is as simple as deactivating the original device and activating the new device.

(Disclaimer: I’m the founder.)

👤 tacostakohashi
Hardware dongles and license servers (run internally at the client company) are traditional "solutions" for this use-case.

https://en.wikipedia.org/wiki/Software_protection_dongle

https://en.wikipedia.org/wiki/LM-X_License_Manager

👤 gradschool
No experience here, but I'll bite. Have the application call home for authorization with an anonymous device fingerprint and a license key set up during installation. It's not too big of a job for an AWS Lambda function or similar if you don't want to run a server. Allow users the option replacing one fingerprint with another when they get a new machine, and rate limit the fingerprint changes if abuse turns out to be that much of a problem.
👤 sophiebits
Contracts are not foolproof but probably good _enough_ if you’re selling to legitimate businesses.
👤 verdverm
How do they purchase it?

What if they buy a new computer?

What OSes do you support?