It's a rare day when a shareware programmer gets firm statistics on the extent of software piracy, but just recently, I got that chance.

You see, the company I work for writes and publishes shareware -- software that encourages users to make lots of copies and share them with friends. It works like this: we write a game or utility and make it available for download and on low cost CD, so that anyone can install it and try it out for a while -- kick the tires and drive it around the block a few times, so to speak. If they like it, they can buy the product; if not, they just delete it or pass the CD on to someone else.

We make money, and stay in business, by selling software that competes with commercial products for quality and entertainment value, yet priced so that it doesn't stretch the pizza-and-beer budget of the average college student. There's no bait-and-switch going on, you get a fair chance to try out the product and consider if your $25 could be better spent elsewhere. Consider that amount will cover a burger run and movie ticket for about 3 hours entertainment, but a good game can entertain you for days or weeks -- and we won't make you watch Jar Jar Binks.

Just a few years back, Ambrosia's software was distributed on the honor system. You could download the software and use it forever, scot free except for the friendly reminders that you had the software for 1500 days and still hadn't beaten level 6. Now, obviously this was a pretty big leap of faith on our part, but it also built up an almost cult following among Mac users. What we lost in sales, we made up in good will. It wasn't ideal, but it was certainly idealistic, and helped put the founder Andrew Welch through college and kept all of the employees supplied with pizza and beer. (I think there's a law of conservation at work there.)

And as things go, this was all fine and good -- except that eventually Andrew graduated and everyone else got sick of pizza and beer. Ambrosia grew from an interesting sideline into a full time place of employment. The company became an entity with its own purpose, its own office space, and its own gravitational pull. It also had an insatiable appetite for cash, because as any MBA will tell you, the lifeblood of business is green.

This period of growth and rampant consumption was constrained only by the limited diet afforded by the generosity and honesty of others. Basically, money was tight. Perhaps it was the success of Captain Hector in encouraging players to register Escape Velocity that planted the seed, but it was apparent that either pizza and beer had become a lot more expensive or that people weren't quite as honest as we'd been led to believe.

Locking The Front Door

Shortly after I joined the Ambrosia team, Andrew forwarded me an article that illustrated the benefits of crippling software. In short, the author of a shareware program found that people were 5 times more likely to register and unlock a crippled version of his software than they were to register software that came fully functional from the outset. It was the final straw in our camel-breaking, decision-making process. We would still make shareware, but we would no longer stand there waiting for handouts on the street -- we'd charge admission.

Well, let me tell you, we heard about it. Many who had praised us for our idealism were now calling us sellouts. It didn't matter that little changed for our paying customers -- they still got their codes quickly, and had unlimited access to the game -- it was the principle of the thing. Well, okay, it was a little inconvenient if you'd lost your code or wanted to install it on your new PowerMac 7500, but we were staffed by people who could resolve that with just a phone call or an email.

I mean, we like being cool and fair, but even a cult-following can get tiresome (cultists don't shower, they track in mud, and they leave you to pick up the check). Besides, the mantra kept repeating in our heads: 5 times as many registrations, 5 times, 5 times. I don't think it ever was quite that good for us, but there was definitely an increase in sales that helped us weather some tough times. (No, we never actually ran out of pizza, but there were times when we had to mop up spilled beer with borrowed rolls of toilet paper.) It was a hard decision, but it was a business decision and it turned out to be the right one.

Time passed. Our staff continued to grow and evolve, and my wife and I begat our son Luke. Now, let me tell you, nothing brings home how untenable your professional and financial situation is like having a family. When it was just my wife and I, we could fool ourselves into thinking that we were just coed roommates living on a college budget -- but no more. Pizza and beer had given way to diapers and life insurance.

Diapers and Life Insurance

So, I'm working for this shareware company, and I want to make sure that my job is secure. You have to understand that even a 10% variance in our registrations means that someone may need to start checking the classifieds. At the same time, it's becoming more evident that people aren't just not paying for our software -- they are actually going out of their way to share license codes with others over the Internet. Some ingenious folks have even reverse engineered our software and figured out how to generate their own license codes.

Now, we don't live with our heads in the sand. We knew what was happening. The Internet was the great facilitator of homework assignments and world peace, but it had also become a way for people to get codes for any software they wanted. We felt action was required, but we remembered the trauma of our last change in policy when we required people to register the software instead of just asking nicely.

So over the course of many lunches (many of which didn't include pizza or beer, but did involve some yummy sandwiches from Arby's), we discussed various ways for improving the whole registration system from our standpoint without making the process onerous for our loyal customers. Simplicity was the keyword. The final piece of the technical puzzle fell into place one weekend as I drove through Canada, when I recalled a bit of algebra that would make our license code algorithm quite secure without violating any treaties or munitions bans.

When I finally contacted Andrew, I said to him one word: "Polynomials".

The blank look on his face continued for a long time as I explained how we could factor the serial numbers, secure our products, and even distribute codes that would expire and stop working when exposed to prolonged sunlight. With his grudging consent, we sketched out and implemented the first pass at the "new Ambrosia registration system."

The fundamental change we made was to place the date a license code was generated into the code itself. That timestamp is then used at just one point in the process: it forces the user to activate the product within 30 days, or the code expires and won't activate anything, Now, and this is important, the timestamp has absolutely no effect on the operation of the software after the code has been entered. Once personalized for the user's computer, it remains fully functional forever (unless someone wipes the system clean).

Snapz Pro X

We first shipped the new features in the latest version of our flagship utility, Snapz Pro X starting in June 2001. Over the course of the summer, the system silently and steadfastly worked as intended. Most people didn't care that the license codes were now 12 digits instead of 8, and registrations continued apace. It wasn't until September that we received any negative feedback.

You see, Apple had upgraded the operating system and most people were paranoid enough to perform a clean install. This meant that the data file containing the software registration was lost as well, and most of them needed to reenter their license codes. It also meant that anyone whose serial number was generated before August needed to contact us (by phone or email) to get an updated code. Of course, these people had paid already, so we renewed their codes quickly and free of charge.

Now it's been our experience that people are often too busy or forgetful to store their license codes in a safe place, so it's inevitable that every major system release is followed by a barrage of requests for missing codes.

To handle the tremendous load of people who had misplaced their codes, as well as those who saved them only to find they had expired, we created a email address dedicated to generating new codes. When the user entered the code, he was prompted to send us an email (it required only a click), and someone would respond to the request as soon as possible. Yet we were constrained by the laws of time, space, and the New York State Department of Labor, so our staff was only available to answer requests during regular business hours.

We decided to remedy this problem, after several customer complaints, by automating the process of renewing an expired code. When an expired code is entered for Snapz Pro X, the user is encouraged to request a new license code from our automated server -- right then and there! Renewing the code code only takes 2 extra clicks, maybe an extra 30 seconds overall, but it puts the power back in the hands of the user. He can decide when to update his system, install software, and renew his license code at his leisure. Even at midnight just before a 4 day weekend.

So you are probably curious about the benefits of expiring codes -- I mean, why would anyone even want this hassle? Let's look at the 3 categories. For our paying customers with an Internet connection, the extra work is minimal: an email sent to Ambrosia that's answered within 1 business day. For those organized enough to save their original codes codes, there isn't even a wait: they get the code on the spot. The only inconvenience comes to those people trying to enter a pirated code.

Which brings us back to the question, "how many people are using pirated codes?" Well, the plain fact is that most people are honest unless given a chance to be dishonest. If they stumble across a working license code for software, or maybe do a quick Internet search, then they can quickly enter the code and cover their self-loathing with the adrenaline rush of blasting aliens and squishing fish. It's only the most hardcore computer user who will try to reverse engineer the software and crack the copy protection -- and I'll be honest, there's isn't much a programmer can do to stop them. Crackers enjoy the challenge itself, the tougher the better, so that if they want it badly enough, they'll find a way.

While historically it's been difficult to measure piracy, our experience is that the vast majority of computer users don't have the time or inclination to modify the software to bypass any license checks. Here's the rub: these users might actually buy the software if it weren't so easy to find pirated codes. Thus, expiring codes are a good way to defeat (or at least hamper) this kind of casual piracy -- the serial numbers stored in databases and posted to the Internet are only viable for a short while before they must be renewed.

Ironically, it's these casual pirates that are helping me measure the impact of piracy on our sales.

You see, in order to renew their stolen codes they must contact a computer in our office. Of course, there's nothing nefarious about it -- they send us the user name and expired code and get back a new license code, or a suitable error message. We don't encrypt the data, we don't grab any personal information, and we don't even open a connection without the user's explicit permission. But when he clicks that bright shiny "Renew" button, our server records the product, user name, and the Internet address he came from.

And for the last 2 days, starting right after we posted the latest update to Snapz Pro X, our server has been very busy. Out of the 194 different hosts that tried to renew a license code, 107 of them sent in pirated codes. Incredibly, more than 50% of the people installing the update are entering one or both of the pirated codes we've known about for months. Some of these people even tried several different variants on the names when the server refused them access ("maybe I misspelled it"), and one guy got so frustrated he pounded the Renew button over and over every 4 seconds ("WHY click IS click THIS click NOT click WORKING???") until our server blacklisted him for flooding.

Now, you don't have to remind us that the sample isn't statistically valid. Nevertheless we think that it's a reasonable approximation of the truth -- if not a little conservative. It certainly reinforces our perception that casual piracy is both significant and widespread.

So, maybe I didn't look these people in the eye, but they know I'm watching them. They indicated a real interest in our software when they thought they could use it for free, and this gives me hope that someone may yet decide that registering is easier and more satisfying than stealing our hard work. If not, then either they were forced to stop using the software or they'll likely encounter me again, somewhere down the road. And next time, I'll bring Captain Hector.

I also hope that this article explains to our customers (and other computer users out there) the impact that piracy has on small software firms like ours. I hope that they can appreciate our decisions regarding the registration system, and agree that the extra 30 seconds and 2 clicks are a minor inconvenience. If everyone pays for the products they like and use, companies like Ambrosia can stay in business and continue making cool products for everyone to enjoy.

Finally, I hope that these changes give me a little more job security, so that I can continue doing what I love to do with some of the coolest folks I have ever met. Because I plan on working here as long as I possibly can, making great software, and saving enough money so that my kids can eventually go to college. And enjoy their share of beer and pizza.