The software is a simple utility package to be made available to customers. We want to keep track of who uses it, and who they are. As such, we want to discourage free copying, instead encouraging people to download it from us, in exchange for some pretty unobtrusive personal information. This way, we know how many people are using it, what kind of industry they're in, etc.
The personal information we intend to gather is just two things:
We'd also request things like job title, how you heard of us, etc, but on an optional basis.
- Identity (in the form of a valid email address)
- Company Name
What has been proposed so far, is to give customers a binary which is hardcoded to them - ie, contains "Licensed to example.com" to discourage uncontrolled copying, so that people get it from us, and we know who's using it.
It'd also have a timebomb to encourage customers to download it again, so that we can monitor who's just tried it, and who really uses it. This is particularly important as we plan to sell it later - we want happy customers to come back and pay, not just keep using the free download indefinitely.
Our target audience is sysadmins, so a web-based solution should be painless for them, and hopefully painless for us. Type your name, email, company name into an HTML form and get the software.
What I have not yet worked out, is what happens between entering the registration information, and getting the software. The PHBs want it entered into a database (a simple CGI script can do that, possibly use Java). Repeat customers should be able to just log in without re-entering all their data - for when we offer other stuff for download in the future.
Whatever process we put in place, doesn't have to be 100% secure, just discourage casual copying.
Cookies or .htaccess files for repeat customers are the obvious solutions; however cookies require that you use the same browser again (which is inconvenient); .htaccess is open to password sharing ("Get this - it's great. Log in as 'john', password 'doe'"). What experiences have K5 had with these methods? What other options are available?
Giving the customer a unique URL to download from is another option, but to only allow one download from that URL would cause problems if the download broke off partway though, forcing the (still only potential) customer to re-register. A variant on this would be enabling that URL for a limited time period.
One simple solution would be to email the binary to the customer, but again, we want to know who's using it, and one customer could too easily forward the email to friends.
Ignoring my previous complaint about cookies, if I gave each customer a download URL (eg www.example.com/download/customer/johndoe) could I set up cookies such that only John Doe can get it from that URL, even if he forwarded it to his friends? How easy is that really to circumvent?
I'm sure the great minds of K5 have dealt with these, and much more complex, issues, before. What wisdom can be imparted to a humble techie who's become a programmer and is now being asked to invent sales techniques?