Kagato98 opened this issue on Oct 06, 2002 · 22 posts
Kagato98 posted Sun, 06 October 2002 at 6:11 PM
Since I've been working on my labratory lately, I've been thinking of various ways on how to protect my product. Through the MP, I can't think of a way. However, If I were to sell stuff through my own site (something I plan on doing in the future) then I can think of several ways. It would be possible to leave little 'foot notes' in certain poser files without corrupting them. For each different user, I could generate a different foot note. I would have to do this manually, but I don't see that as much of a problem seeing as I won't have hundreds of people purchasing my items - the only drawback is not having an automatic download system. I've been thinking though - would it be possible to set up a CGI script or something similar to automatically leave a footnone in the poser file, and then zip it up? ( I vaguely know what CGI can do, but I have done no research in this field at all) . Lets just assume that I had left a footnote in the file, and had found it floating around the web - Obviously I could figure out where it came from. What would I be able to do then? What stops the warez person from saying their computer wasn't hacked into, or that someone didn't come over and take it from their computer without their knowing? Basically, if I found a way to add footnotes, what good would they do? I know it's a big question....Maybe this isn't even the right forum ;) . If that's the case, mods, feel free to move it.
wgreenlee1 posted Sun, 06 October 2002 at 6:36 PM
wheatpenny posted Sun, 06 October 2002 at 6:51 PM Site Admin
Contact poserworld. They claim to have some new technology that marks each file as it's downloaded so they can figure out who's been putting them up on the p2p sites...
Jeff
Renderosity Senior Moderator
Hablo español
Ich spreche Deutsch
Je parle français
Mi parolas Esperanton. Ĉu vi?
Kagato98 posted Sun, 06 October 2002 at 7:33 PM
Right - well, if the technology exists, are we actually able do DO something with it? I mean, are we able to press charges for the pirating of our products?
CyberStretch posted Sun, 06 October 2002 at 7:47 PM
Since most Poser files use plain text (ie, you can open them in notepad/wordpad), if you added something that did not alter the object itself, someone could just go in, edit out the "footnote", resave, and the "protection" is gone. You may want to check with the Python gurus, there should be a way to write a script that would add a footnote and, say, a random-generated alpa-numerical sequence or a predefined set of text to the Poser files.
PhilC posted Sun, 06 October 2002 at 7:50 PM
If your work is any good it will get pirated. Yes you could watermark it, yes you could probably work out who gave away the first copy. Whether you could, in practical terms, do anything about it is questionable. Would it take up a lot of creative time trying? Certainly. The only thing that stops piracy is one's own personal code of conduct. We are all on the honor system. I'm not giving away any secrets when I say that I can download my entire catalog in an evening from P2P networks. Does that affect the amount of groceries that I can buy at Wall Mark? Yep. Can I do anything about it? Nope. More to the point I do not worry about it I just keep pushing out more stuff. Something that, in my opinion, the bulk of pirates do not have the whit to do.
I would certainly not, nor encourage others to, circulate corrupted copies of their files containing viruses. Also I would never stoop, not suggest that you, insert into the ZIP a corrupted blMilWom.obj & rsr or similar, in the knowledge that it would not be spotted amongst the mass of other Poser files.
But some would ;)
Kagato98 posted Sun, 06 October 2002 at 8:09 PM
CyberStrech: they could remove it, but it could be made to blend in to one of the files. It would be very hard to spot. Open up a .cr2 file in a text editor and you'll see what I mean. I guess in the end, there's really not much you could do to stop pirating. I think the footnote thing is the best idea that I've ever heard of though - And yes, I did come across it on Beyond Bent. It might be worth while to get in contact with Davo in a few months and see how that holds up - how often those sets show up in comparison with his other products.
nerd posted Sun, 06 October 2002 at 8:16 PM Forum Moderator
I protect my products by adding external value. Almost every product has a members only goodies page. The password changes frequently and the wAREZ kIDZ dare not ask for the new password. This offers some protection to my products with out using cumbersome registration and crippling activation schemes.
The Nerd
Kagato98 posted Sun, 06 October 2002 at 8:38 PM
Nerd: I don't undestand, how do you distribute your members only page password?
nerd posted Sun, 06 October 2002 at 9:00 PM Forum Moderator
I keep a list of my legit owners. The only snag is the offsite stuff. People who buy from places such as the Market Place here need to send an email to get a new password. Yes, I have complete records of every single purchase, ever. I feel this method actually improves the value of my products and diminishes the value of wAREZ versions. As of about 5 days ago the pirate version of Poser 5 became better than the legal one. No registration and activation hassle. I know that will be an unpopular opinion, but I feel there are better ways to secure a product than torturing your paying customers. "Why do you frequent the wAREZ groups and P2P?" is the next question you'll ask. Well the real answer benefits my customers. When I see one of my products I know it's time for a password change and a batch of new enhancements for that product. Instead of punishing my customers I pamper them. It's a helluva lot harder to find a customer than to keep one. Steal my stuff: Fine! I'll make the stolen version obsolete!
I really hate wAREZ
jval posted Sun, 06 October 2002 at 9:03 PM
I'm not sure that identifying the original purchaser of a distributed file always means that the purchaser distributed it. For instance, my notebook computers have twice been sent in for warranty repair. My Poser Runtime directory is far too big for me to even consider deleting it and reinstalling everything when the computer is returned. As the computers were each in service for several days, who is to say what may or may not have been copied from the hard disk before their return? Generally one cannot simply copy program installations and expect them to work on Windows machines. But it would be a trivial task when it comes to Poser runtime files. I think that if one is going to accuse someone of distributing software for piracy purposes it would be a good idea to have a lot more evidence than that someone bought the original of a pirated copy. If they sued back for defamation of character or something similar it could be a rather expensive risk. - Jack
Kagato98 posted Sun, 06 October 2002 at 9:31 PM
nerd: That's a pretty good idea. It's still not very hard for the pirate to put your updated stuff up on the p2p networks though - one of your members has to be the pirate, and since he's a legit member, he gets all the updates. All he has to do is put them into the shared directory. Still, it's a good idea. The pirate can't be THAT diligant. jval: I never thought of it that way....The idea has it's loopholes. I think the farthest I would go would be to not sell to that person again. Hmm....Here's a new idea. How about various merchants get together. The merchants that make similar stuff should get together - the Scifi merchants, the clothing merchants, etc - and they should all add footnotes in hard to spot places. When they find their products on warez groups/p2p software, they can notify all the other merchants boasting similar products. If another merchant in that group has found this person warezing, they can boycott selling to them. It's just an idea - it would take all the merchants getting together though, and not just a few.
jval posted Sun, 06 October 2002 at 9:41 PM
...It's just an idea - it would take all the merchants getting together though, and not just a few. I don't know. This would be a massive effort and I am not at all sure that all merchants would agree. Even if they did, how long would they keep it up? You can put locks on your doors but then you'll find that you stil need the police. The police can catch a thief but then they find they need the courts. And if the courts actually find someone guilty the guilty party is back on the street in short order anyhow. I think the only reasonable course is to accept that theft will happen. Then you just get on with business and keep your legitimate customers as happy as possible so that they will have every reason to return for more. What's that line from that hack movie... "resistance is futile?" - Jack
Ironbear posted Sun, 06 October 2002 at 11:02 PM
I'm not certain it's possible, not completely. There's ways such as Nerd, Poserworld, and BeyondBent use that can make it tougher, but just until someone decides to find a way around the PW embedding, or BeyondBent's method. Heh - I've had people tell me my freestuff files have been upped on the p2p and warez networks... now how silly is that? Anyone can DL those for free here anyway. shrug I don't happen to run any p2p, but not for philosophical reasons - there's enough non warez uses for it that I wouldn't see any need to justify having it - but I detest the spyware and adware a lot of it loads, and WInMX won't run on this system for some reason. [And I'm too lazy to putz with it and figure out why] That's got possibilities Kagato. A few logistics problems... unless you only sell from your own site where you can do manual DL enabling, it'd be hard to boycott someone from all the brokerages someone might sell at. Still...
"I am a good person now and it feels... well, pretty much the same as I felt before (except that the headaches have gone away now that I'm not wearing control top pantyhose on my head anymore)"
futuramik posted Mon, 07 October 2002 at 1:41 AM
I have seen our products on P2P, considering the modest number sold thats pretty amazing, am I peeved? yea.But would that person have bought it if they didnt get it free? probably not. At least one person had the decency to give credit to us on there post with there stolen goods LOL.
So if you catch the person, wot are you going to do about it?
When the product value is $20 do you think the authorities want to know about it?
Live with it is my advice and be flattered that someone thought your stuff was good enuff to steal.
For every protection device you think of there are 10 people waiting to break it. Just look at poser5 it took wot? a fortnight?
soulhuntre posted Mon, 07 October 2002 at 2:43 AM
Some thoughts: * Instead of hiding a "signature" in the files that coudl be removed, you could alter some poser setting by .0001 or so. If youw ork on a small decimal level over 5 settings or so you will gain 5 digits of information... enough for your purposes - and it will be difficult for peopel to just "rip out" an extraneous line. * It's VERY easy to hide data in JPG files - and there are already command line tools to do it. Do a search for "stenograpy" ... or you can do it in Photoshop with "digimark" - I think they have a free version? * Nerds method works well too... and might make a good adjunct to what you are thinking. * Taking LEGAL actionw ould be a real expensive proposition... but at least you could send them a scary email :) * The merchants blacklist of people suspected of warezing sounds like a good idea - but like all blacklists the danger is someone falsly accusing someone else as a form of attack or retribution.
MadYuri posted Mon, 07 October 2002 at 3:16 AM
soulhuntre > * The merchants blacklist of people suspected of warezing sounds like a good idea - but like all blacklists the danger is someone falsly accusing someone else as a form of attack or retribution.
Blacklisting has one really nasty drawback: this forum. If someone you blacklisted makes a stink your sales will surely drop. It doesn't matter who is right or wrong, if the shit hits the fan everyone gets dirty.
Kagato98 > However, If I were to sell stuff through my own site (something I plan on doing in the future) then I can think of several ways.
Err, but then you get only a tenth of the sales. Every two weeks I buy some items from Renderosity (the other week I buy from DAZ, hehe). But in all the time I only purchased two times from a merchant's own site, it is just too risky.
Nerd (also billy-t and some other vendors) have the right idea: added value for loyal customers. Works like a charm. :D
ChromeTiger posted Mon, 07 October 2002 at 3:42 AM
A view from the inside: I used to work as a bench technician, and worked for several different shops, some larger than others. And yes, some techs have no problem whatsoever searching and duping customer hard drives. I've known a few techs who had systems setup specifically to ghost a customer's hard drive(s), then they'd access the setup at work from home via FTP or TELNET and port the files out. I myself have had files 'liberated' from my system, thanks to a faulty firewall setup. In fact, I've even seen a few on the P2P network...I've since beefed up security (I hope). The age of the 'always on' connection has, I believe, significantly contributed to the increase in software piracy. Finding a back door into someone's system is almost always possible, as long as that system is powered up and connected to the 'net. It's a problem that won't go away any time soon. I fully support the vendors in protecting their livelyhood (or supplemental income). And I greatly appreciate the vendors, like Nerd, Blackhearted, and others, who go the extra distance to make the purchase worth it. The emails I get for bonus items or free updates always make me feel that my money was well spent, and certainly ensures that I'll be back for more. Just my two bits worth, as a tech insider, a purchaser, a hacker victim, and perhaps someday, a vendor. CT
Questor posted Mon, 07 October 2002 at 4:47 AM
The age of the 'always on' connection has, I believe, significantly contributed to the increase in software piracy. Finding a back door into someone's system is almost always possible, as long as that system is powered up and connected to the 'net. It's a problem that won't go away any time soon. An extremely valid point and in light of the SubSeven Trojan variants something that should be seriously considered by people. Firewalls and AntiVirus are not the be all and end all of security protection and it's perhaps surprising how easy it is to spoof these things. For those who have AV/FW on their system protection is increased considerably. The existence of so many (still) infected systems with email viruses is a good indication of how many people are STILL not taking security seriously. One thing that I've found that can be useful to combat trojans and spyware is Pest Patrol (http://www.pestpatrol.com) It's more efficient than AdAware and recognises embedded trojans and a large variety of spyware that can be missed by AV and Firewall software. Trojans are fun toys that open your computer to hostile persons without launching warnings. Some of them operate by adopting a name (explorer.exe, netscape.exe etc etc) in the knowledge that firewall permissions for those are already setup. Others have different techniques, some are unsubtle and scan the system for open ports lighting up firewall alerts every few seconds. I've run the software on systems for people when asked and it's quite surprising how many people are infected with a variety of spyware and trojan infected files - and not warez related files either.
pdxjims posted Mon, 07 October 2002 at 10:04 AM
There is no way to 100% protect software. If its good enough, someone will crack it. Cr2 files are the easiest of all to hack (I modify one a day - for my own purposes only). However, for every cracker out there, and every cheat, there's 100 people who will buy the product legit. I don't worry that my stuff gets pirated. I sell enough of my real software (business - not Poser) to make up for it. The people with pirated stuff don't get support, or fixes, or updates. Life's really too short to worry about the pirates. You'd spend every day checking gallery postings for something you've done, and checking the user name against your database of legit users. And the people who do use pirated stuff probably wouldn't pay for it anyway. Even Micro$quish doesn't go after the small cheaters. And lets face it, Poser content is only going to be got by small cheaters.
Tirjasdyn posted Mon, 07 October 2002 at 5:47 PM
Hey nerd I have a question when did you start doing that? I don't recall anything when I bought your backdrop. :) There are people who hack and crack just because they can and leave what ever they do to the mass of warez kitties out there. it seems like a power thing in some ways. Though there is no 100% I don't see any reason why not to try it. I think it would be interesting to know your clients and keep a loyal base of customers. It's how most small business's thrive.
nerd posted Mon, 07 October 2002 at 6:23 PM Forum Moderator
Tirjasdyn, There was an update for the backdrop a few months back. But, I didn't send out a mass mail on that one. To get the update just re-download the backdrop. The Backdrop is one of the few products that doesn't have it's own goodies page. But, that may change soon as I have a bunch of new settings for it.