How does one achieve this in a sane, reasonable way in 2022? I don't want to ship an annoying "activator" program like something from Autodesk or Adobe, which goes against the idea of my simpler applications.
On the other side of the spectrum I feel like I could just provide a link to a zip on an S3 on the payment confirmation email, but that is easily shareable and looks unprofessional.
Is there something that can be done with encryption/activation keys that would not require the program to phone home to validate itself every time its launched?
How do you people earn money from your desktop applications?
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.h...
From the user's perspective, they don't know they're downloading it from S3, because my site triggers the download automatically when they click the "download" button.
Anything else requires phoning home or exotic solutions like hardware tokens.
Quote from Stack Overflow:
“Simple answer - No matter what scheme you use it can be cracked.
Don’t punish honest customers with a system meant to prevent hackers, as hackers will crack it regardless.
A simple hashed code tied to their email or similar is probably good enough.”
As in, a simple license and trial mechanism that may not be bullet proof but is enough such that an uninstall and re-install of the trial is not enough to allow them to use it for free forever, and that a license key needs to be entered somewhere to remove the trial limit restrictions.
You can invest time effort and money in stopping your app being cracked, but that's time effort and money your not spending making your paying users's lives better. Most people do not visit Warez sites to find cracked versions of software, and most people who do visit Warez sites never pay for software anyway -- you won't lose money to these people.
A simple license key that validates locally is the easiest solution -- no dialing home, nothing overly complex. Any extra effort needs to be warranted -- as in, you're losing $1000s a week because of lost users who would have paid but don't because they can use your app without a valid license.
Then you sign (HMAC) something unique to the user (such as email address) along with an expiry date.
That signed message becomes the 'key' they enter.
The software validates the message at the same time as parsing out their email address and the key expiry date from the message.
This doesn't require any phoning home.
This doesn't stop multiple use unless you start requiring an initial phone home where hardware IDs are provided and incorporated into the hashed+signed message. That only requires phoning home once and doesn't need phoning home every start.
To those who disagree, I humbly submit that you haven’t been in the position of selling an installed app and seeing most use of it pirated.
Another mechanism is to release new features. That way, a cracked version has a limited time value.
There are probably some people who have done the offline activation thing and then never brought the device in question online again (or blackhole Figure53’s DNS from that device), but I think Figure53 has decided to just eat that cost, and I doubt it costs them much.
When you pay for the software, it generates an account you can use to log into their website and allows access to the paid version of the product.
Not sure if it phones home, but having a login/password combo restricting access to the paid version of your product would likely be "good enough" without having to use "check if I'm registered" online logic.
Of course, if they decide to share the program then you don't have any recourse but that might not be a huge problem, depending on how honest your customers are.
It will not prevent multiple use without phoning home but I don't think it's that much of an issue. Pirates are not going to pay for your software anyway.