Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Tracking Free Downloads, Practicality

By sgp in Internet
Mon Mar 11, 2002 at 08:54:29 AM EST
Tags: Help! (Ask Kuro5hin) (all tags)
Help! (Ask Kuro5hin)

I've written some software for my company, which will be made available for free (as in beer) via our website. The PHBs are interested in selling the software later, if it's popular enough.

There are certain (e-commercey) requirements made of me, which I've not had experience of dealing with before. I'm sure in the K5 community all these issues have been dealt with, and solved before - what have you done? What works? What doesn't? How should I, could I, distribute this software?


The software is a simple utility package to be made available to customers. We want to keep track of who uses it, and who they are. As such, we want to discourage free copying, instead encouraging people to download it from us, in exchange for some pretty unobtrusive personal information. This way, we know how many people are using it, what kind of industry they're in, etc.

The personal information we intend to gather is just two things:

  • Identity (in the form of a valid email address)
  • Company Name
We'd also request things like job title, how you heard of us, etc, but on an optional basis.

What has been proposed so far, is to give customers a binary which is hardcoded to them - ie, contains "Licensed to example.com" to discourage uncontrolled copying, so that people get it from us, and we know who's using it.

It'd also have a timebomb to encourage customers to download it again, so that we can monitor who's just tried it, and who really uses it. This is particularly important as we plan to sell it later - we want happy customers to come back and pay, not just keep using the free download indefinitely.

Our target audience is sysadmins, so a web-based solution should be painless for them, and hopefully painless for us. Type your name, email, company name into an HTML form and get the software.

What I have not yet worked out, is what happens between entering the registration information, and getting the software. The PHBs want it entered into a database (a simple CGI script can do that, possibly use Java). Repeat customers should be able to just log in without re-entering all their data - for when we offer other stuff for download in the future.

Whatever process we put in place, doesn't have to be 100% secure, just discourage casual copying.

Cookies or .htaccess files for repeat customers are the obvious solutions; however cookies require that you use the same browser again (which is inconvenient); .htaccess is open to password sharing ("Get this - it's great. Log in as 'john', password 'doe'"). What experiences have K5 had with these methods? What other options are available?

Giving the customer a unique URL to download from is another option, but to only allow one download from that URL would cause problems if the download broke off partway though, forcing the (still only potential) customer to re-register. A variant on this would be enabling that URL for a limited time period.

One simple solution would be to email the binary to the customer, but again, we want to know who's using it, and one customer could too easily forward the email to friends.

Ignoring my previous complaint about cookies, if I gave each customer a download URL (eg www.example.com/download/customer/johndoe) could I set up cookies such that only John Doe can get it from that URL, even if he forwarded it to his friends? How easy is that really to circumvent?

I'm sure the great minds of K5 have dealt with these, and much more complex, issues, before. What wisdom can be imparted to a humble techie who's become a programmer and is now being asked to invent sales techniques?

TIA, K5....

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
How to control downloads?
o .htaccess files 1%
o .htaccess files and unique URLs per customer 1%
o Cookies 1%
o Cookies and unique URLs per customer 1%
o Email it 4%
o Unique URL per customer, maybe time-limited 14%
o Anything is pretty easy to break through 19%
o There's no way you can control downloads 55%

Votes: 68
Results | Other Polls

Related Links
o Also by sgp


Display: Sort:
Tracking Free Downloads, Practicality | 116 comments (83 topical, 33 editorial, 0 hidden)
One way to do it (4.25 / 4) (#1)
by tftp on Sat Mar 09, 2002 at 10:12:34 PM EST

Generally, you can't control the distribution of your s/w once it is out of your hands. In your case, you should NOT be doing anything with logins, cookies etc. - it is a hassle, and too difficult to maintain.

Instead, just email the binary to the address provided. Your worry that the email can be "forwarded" makes no sense: any file can be sent over email. If the s/w is big then you only email the key.

You should also know that a lot of people will not be giving you any personal info. They'd rather use some other s/w, or download it from elsewhere (yes, it *will* end up somewhere else!)

Re: one way to do it (none / 0) (#3)
by sgp on Sat Mar 09, 2002 at 10:25:54 PM EST

It's certainly small enough to be emailed - around 200kB.

Yeah, anything can be emailed - by building each version tailored to your login info - it generates reports which say "Generated for one.example.com" - it'd be pretty useless to a sysadmin at two.example.com (yeah, he could edit the report very easily - that's half the point of the software, it gives him editable, customisable reports) but it's hassle for him to hide the fact (from his boss) that he "borrowed" it.

Genuine question: Is emailing the key any different from emailing the code itself?

Sure, some people don't want to say who they are. That's a loss to us, I guess (not speaking for the PHBs, but I guess that's what they'd say). An email address and company name (plus a no-spam promise) isn't too much to ask. Unless we vet each application by hand, give a hotmail address. Human-checking of applications beats the whole simplicity side of using the 'net. As I say, we're not after 100%, just the best info we can get.

Sure you could download it, giving "John Doe" and "Example.COM" (or a Hotmail address) as info, and distribute the software via anon. ftp worldwide, but again, the "bugware" side would make it inconvenient. I guess I could add text to the standard report saying something like "Get the official software from mysite.example.com" just to make life more of a pain...

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Re: one way to do it (none / 0) (#6)
by tftp on Sat Mar 09, 2002 at 10:32:37 PM EST

Genuine question: Is emailing the key any different from emailing the code itself?

It is no different, because the rest of the software contains 0 bits of distinguishing information (unique to the site, owner etc.)

it's hassle for him to hide the fact (from his boss) that he "borrowed" it.

If the s/w is free then he does not need to hide that fact. Also, sed s/foo.com/bar.com/g is not a rocket science.

[ Parent ]

sed (none / 0) (#10)
by sgp on Sat Mar 09, 2002 at 10:39:28 PM EST

I've done enough to stop that; it's encoded in a pretty simple way at the moment. One poster has suggested license keys (which would presumably be short strings encoding this information) - that would have to be really well encoded to hide what's what. As it is, I think a diff on two differently-licensed binaries would provide some useful starting points, but not enough to change the string. (5 minutes more work would probably do it with the current method I'm using, though).

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

About diffing the binaries (none / 0) (#17)
by tftp on Sat Mar 09, 2002 at 10:47:37 PM EST

If you create a hash of the license block (and optionally encrypt it) then any change in the license text will result in entire hash being completely different. This will reveal the location of the license block, but not how to interpret it. More on this approach in the other thread.

[ Parent ]
I don't really edit binaries by hand but... (none / 0) (#8)
by vadim on Sat Mar 09, 2002 at 10:33:34 PM EST

All it would take to get rid of that is to get a binary editor and make the first character of that string \0. Problem solved.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]
Yeah, but... (none / 0) (#9)
by sgp on Sat Mar 09, 2002 at 10:37:10 PM EST

You've got to find the start of that string first... I've said, I'm not after 100% secure, just good enough. I'm not storing "example.com" in the binary, but something which can be translated back into "example.com". If you got two binaries under two names, you might start to find where it's stored, and how, but if you found it, your solution as stated would generate interesting results, I think (but not the intended results).

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Emailing key vs code (none / 0) (#105)
by davidduncanscott on Tue Mar 12, 2002 at 05:48:14 PM EST

Is emailing the key any different from emailing the code itself?
If the company mailserver blocks anything that looks like a binary attachment, yup, it's different.

[ Parent ]
That a good point (none / 0) (#106)
by sgp on Tue Mar 12, 2002 at 08:15:02 PM EST

I send binary attachments (most often innocuous PDFs, but sometimes others) quite often; how common is it to block all attachments?

I'm sure something could be worked out for those situtations... though web-based downloads are a lot easier, since every IT department has to enable port 80 however insecure it is (and how much worse MS try to make it with SOAP, but I'm getting beyond myself here, so I'll stop).

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

to major corps, that is.... (none / 0) (#107)
by sgp on Tue Mar 12, 2002 at 08:16:11 PM EST

Edited the whole meaning out of my sentence. Edjit :=)

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

I don't know (none / 0) (#110)
by davidduncanscott on Wed Mar 13, 2002 at 12:38:09 PM EST

I'm sure the practice increases markedly after each Outlook virus outbreak, but to what extent I have no real idea. I've certainly seen mail servers that strip incoming (and even outgoing) exe's and zip's.

[ Parent ]
size matters (none / 0) (#111)
by sgp on Wed Mar 13, 2002 at 05:26:02 PM EST

I've come across a few which block emails over a certain size, too - presumably to stop mailbombs, though it seems strange that they'd suspect their own employees from mailbombing!

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Login system (4.00 / 2) (#2)
by CaptainSuperBoy on Sat Mar 09, 2002 at 10:15:48 PM EST

I'm going to make this brief because I normally get paid to give this kind of advice.

I would implement a system where your customer would register for a login and password. You can require as much or as little information as you want. The download section would be HTTP authenticated, using the customer's login/pw. MSDN basically does this for downloads, except they use your Passport ID.

I'm primarily MS, so I can tell you it would be trivial to do this with ASP. While I don't have much experience with PHP or mod_perl, I know you can control HTTP authentication with both of them. The choice of database back-end is yours.

As for discouraging casual copying, that's a bit harder. Your software guys can implement whatever copy-protection they like.. if your program is popular enough, people will get over any restrictions and trade it. If your program is of limited interest, you're in luck - people won't care enough to crack it. I'd hesitate to modify the executable for each customer - it's costly in CPU time and it can introduce software errors. Better to devise a license code that incorporates the date, and the customer's name into it. So it expires, and it can prominently display who it's registered to.

--
jimmysquid.com - I take pictures.

License code... (none / 0) (#5)
by sgp on Sat Mar 09, 2002 at 10:31:01 PM EST

License code containing the license info seems a complex strategy; I'm currently encrypting the licensee info. with a v. simple algorithm (to avoid s/one.example.com/two.example.com/ hacks), but giving out license keys (which basically contain the customer name and timebomb) would have to be encrypted better, since they'd more obviously contain that info, and be much smaller than a binary.... any ideas how this can be done, without the binary itself giving the answers away too easily?

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

License key design (none / 0) (#13)
by tftp on Sat Mar 09, 2002 at 10:42:08 PM EST

I'm currently encrypting the licensee info. with a v. simple algorithm (to avoid s/one.example.com/two.example.com/ hacks)

I don't know how you can prevent the user from running such a filter on the output report.

license keys (which basically contain the customer name and timebomb) would have to be encrypted better

Embed an MD5 hash (or similar) into the license; the hash will be generated from the license itself, but it has to be slightly modified. It won't be really secure, but probably good enough for your purposes.

The real solution, of course, is to sign the license with an asymmetrical cipher (DSA, RSA). The key inside the binary will be used to verify the signature. Then the only way to hack the s/w is to change the binary (either the key, or the checking code.)

[ Parent ]

That's a nice idea... (none / 0) (#22)
by sgp on Sat Mar 09, 2002 at 10:58:20 PM EST

and yes, good enough for my purposes. Good point, I should have thought of that already.

Oh, and the output report - the idea is, the utility creates a report for you, which contains "This report was generated by blah licensed to blah" - but the report, once generated, belongs to you, for you to hack by hand as much as you like.

Like a WP's "New Letter" wizard might create a doc with your address, the date, and "Dear ...", the WP code belongs to its author, but the letter it's helped you to write is (c) yourself.

All I'm interested in, is who's got the code, not what they do with it. (Though obviously it'd be nice to know how useful they find it, what they'd like improved, etc. etc.)

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Have your cake and eat it too! (none / 0) (#34)
by CaptainSuperBoy on Sun Mar 10, 2002 at 12:14:21 AM EST

Though obviously it'd be nice to know how useful they find it, what they'd like improved, etc. etc.

Well, that comes from the part of the software that phones home every day and tells you what e-mails they wrote, what web pages they visited, what they did with your software.. didn't I mention that part? I guess I forgot.

--
jimmysquid.com - I take pictures.
[ Parent ]

Timebombs are useless (3.71 / 7) (#4)
by vadim on Sat Mar 09, 2002 at 10:29:53 PM EST

It took me about an hour to write a quite nice VB program. The system is simple:

Install a shareware program.
Write a small config file for the anti-timebomb exe, and change the shortcut.
Use the program normally

Then anti-timebomb will change the date, launch the program, wait a while and quit. Or, although I never needed it can wait until it shuts down. If I needed I would also make it use SendKeys to click the "Evaluate" button for me, or make it advance the date a bit every time.

Never underestimate how much time people can waste to get rid of something even a bit annyoing. Other easy fixes are a windows touch(1) utility. Once I was bored and found most apps use their own date to do the check.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.

Date (none / 0) (#7)
by sgp on Sat Mar 09, 2002 at 10:33:28 PM EST

The utility is really aimed at medium-large Unix servers, where hacking the system date would cause more problems than it would solve. Again, I'm not after 100% secure, just enough to prevent casual sharing (when you can get a "kosher" copy from me for just your email address and company name).

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Oops. (none / 0) (#12)
by vadim on Sat Mar 09, 2002 at 10:41:32 PM EST

I must have missed the Unix part. If it comes with source, somebody with enough time still could patch the C library or the kernel just for your program. And use chroot, LD_LIBRARY_PATH, or something else.

My point is that you seem to be bothering way too much with it. The more effort you put into protection, the highest is the probability of somebody having fun working around it. If your tool is really so useful, offer a subscription. A sysadmin who likes your tool could find it useful to get an email when a new version comes out.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]

I'm inclined to agree... (5.00 / 1) (#16)
by sgp on Sat Mar 09, 2002 at 10:46:52 PM EST

I've got to admit, that I largely agree with you. I'd rather give it as GPL, maintain the code, coordinate patches, etc. As it is, I've written the code on company time, they own the code (which is fine by me, can't argue with that, they've paid me to do it). They want to distribute it in this way, (ie, tracking for now, selling it later), I'm the peon asked to implement it.

As it is, I intend to build some kind of community spirit (open-access bug database, RFEs, etc) around the software, which, IMHO, will both increase the credibility, and therefore increase the number of users. But my $0.02 is worth about $0.01....

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Make sure... (none / 0) (#15)
by Ken Pompadour on Sat Mar 09, 2002 at 10:46:24 PM EST

That you hard code that information in one of the class files or executable you give them.

Compile it in and create an archive 'just in time', as it were.

Noone will ever bother to reverse engineer the tool.

...The target is countrymen, friends and family... they have to die too. - candid trhurler
[ Parent ]
Yeah, that's the plan (none / 0) (#18)
by sgp on Sat Mar 09, 2002 at 10:49:09 PM EST

It's a pretty small tool, takes around 1 min to compile on an average system. JIT compilation and packaging. I'm sure some people will give it a go; I've roughly coded the data, but not too well - on the basis that it's not national secrets we're selling, but it'd just be nice for people to let us know we're using it.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

What part of "not 100%" don't you unders (2.00 / 1) (#75)
by sgp on Sun Mar 10, 2002 at 07:34:41 PM EST

The post states that it does not have to be 100% secure. Also, not explicitly stated, this utility is not aimed at random Windows boxes, but mid-to-high-end Unix servers, where hacking the clock is not something you do lightly, if you respect your data.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

date-changing backfires (none / 0) (#88)
by j1mmy on Mon Mar 11, 2002 at 11:49:20 AM EST

I would often set the date ahead a couple years for dealing with time-bomb software. When I worked at a bank a number of years ago, I did this when installing some piece of shareware on a co-worker's machine. She had a calendar/scheduler package running that could pop up daily/weekly/etc. reminders. I set the date ahead five years or so. She had an awful lot of windows to close.

[ Parent ]
The problem (4.12 / 8) (#26)
by vadim on Sat Mar 09, 2002 at 11:19:40 PM EST

They're asking you to do something that's been tried for many years without success, controlling how the information is distributed. Not even the most fascist government can do that completely.

I think this will annoy most people. There are people with different mindsets. For example, if your program is useful enough, I will crack it. If it's easy enough to duplicate, I will write my own and distribute it for free. I wrote a program to split files (for Windows) simply because I didn't like any of those I tried. Busy sysadmins, privacy fanatics or people with little patience will probably get annoyed by the limits and perhaps go find something else. Of course a few people won't mind. But in the end, you'll simply annoy some people and won't add anything useful to your program.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.

Valid points all... (5.00 / 1) (#30)
by sgp on Sat Mar 09, 2002 at 11:30:36 PM EST

I'm aiming to minimise the annoyance factor.

IMHO (and I may be wrong) many people are happy to supply an email address (when given a decent privacy policy) in return for free (beer) software which makes their lives easier. GPL isn't possible unfortunately (PHBs).

I believe that the program is useful enough to use, but very difficult to replicate (it uses hard-to-find information to represent data in usable ways), and I want to find a suitable balance between NDAs and the GPL.

Of course, anything's crackable if it's worth cracking. By aiming at sysadmins (ie, corporate users with cash; it's pretty useless for private users), and a token price if/when it is sold, and simple what-kind-of-people-are-using-it information while it's a free download, there should be little incentive to crack it. I don't want to spend as much effort on securing the code as I did on writing it - that would be pointless.

So yeah, maybe some people will crack it. If I get the balance right, though, most people will register it, find it useful, and get benefit from it. Believe me, I wasn't thinking "profit" when I wrote it, I was thinking "useful". I have the business acumen of an earthworm.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Privacy Policies... (none / 0) (#100)
by Canar on Mon Mar 11, 2002 at 09:09:39 PM EST

I ignore them, if i can, and use a fake e-mail address if one is needed, unless a minor correspondance of some sort is required, in which case I have a specific spam e-mail account that I use for throwaway stuff. That and/or a self-hosted e-mail server for the really anally retentive services (Graal, bah!)

The thing is, I'm just sick of everyone and their dog having a privacy policy. I don't care to enter my email addy (Although canar@hehe.com is tiny, foo@bar.ca is even smaller), et cetera. Privacy policies are typically pages long, all in legalese. I just wanna get the goods and be out.

Maybe this is just me, but this behavior also seems like most of the (semi-serious) 'net users I know as well.

[ Parent ]
yeah.... (none / 0) (#101)
by sgp on Mon Mar 11, 2002 at 09:21:01 PM EST

but there's three kinds of people, as far as I can tell:
  • Those who give out their email address to anyone (aka idiots)
  • Those who check every detail before giving anything away (aka privacy freaks)
  • Those who never/rarely give valid info anyway (paranoids)
Okay, so I've labelled everyone negatively, where I could also give positive values to each one (like trusting, sensible, aware - for example).

Most people "just wanna get the goods and be out", though - I've not even bothered drafting a privacy policy yet, it'd be interesting to write one and see how many people read it. Think I'll try that on my vanity domain, just for interest...

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Authentication key (4.00 / 1) (#36)
by Khalad on Sun Mar 10, 2002 at 12:47:53 AM EST

Do something like how most programs nowadays require CD keys, except authenticate the key on-line before unlocking the program. So people can download and redistribute it to their hearts' content, but have to receive a key from you before being able to use it.

Personally, though, I hate programs that operate this way and would probably avoid yours if I could. You'd better hope it's so good you don't completely piss off potential users before they even get to try it.


You remind me why I still, deep in my bitter crusty broken heart, love K5. —rusty


I hate them too (5.00 / 1) (#52)
by sgp on Sun Mar 10, 2002 at 08:04:20 AM EST

This technique just seems to get in customers way, without benefitting the developer significantly.I'd rather have it run cheerfully on any system anywhere, but just to know (without calling home, spyware-fashion) who's using it and what they think of it

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

This question is rather braindead (3.00 / 3) (#40)
by scanman on Sun Mar 10, 2002 at 01:37:10 AM EST

I really hate people who do this kind of thing. If you want my e-mail address, company name, or number of goats I own for the purpose of sexual gratification, why not just ask me, instead of trying to bait me with a "free" download? I don't believe I have ever entered valid information into such automatic privacy abuse systems. If it insists on a valid email address, I will just use a throwaway account on yahoo. Then, after blatantly abusing me, you want me to form a "community" around you? This article would be much more appropriate here or here.

"[You are] a narrow-minded moron [and] a complete loser." - David Quartz
"scanman: The moron." - ucblockhead
"I prefer the term 'lifeskills impaired'" - Inoshiro

I don't care (3.00 / 3) (#51)
by sgp on Sun Mar 10, 2002 at 08:01:52 AM EST

Sorry to deflate your ego, but I don't care about anything about you, other than that you're one user using my software, and that you're a different user than the other users.

I'm trying nothing to bait you - I just want to know what you think of the software. I may want to sell it to you later on,if you like it.

I'm not giving you this software in order to get information out of you, I'm asking for information about you in order to give you the software.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Yeah, right... (5.00 / 1) (#86)
by tekue on Mon Mar 11, 2002 at 10:22:55 AM EST

I'm not giving you this software in order to get information out of you, I'm asking for information about you in order to give you the software.
I'm sorry, but this is a lie. You are asking for information which is not needed to allow people to download the software and run it. If you'd just like to know if people like it, put a form on your homepage for this purpose, if you'd like to know how many people downloaded the software, run some kind of web statistics software.

Please, don't lie and try to tell us, that you're not going for the e-mail addresses. You don't need my e-mail address to know if I downloaded the software, you're quite set with my IP and date/time. It won't be precise (as e-mail isn't), but you've wrote yourself you don't need precision.

The least obtrusive method would be allowing the standard downloading (a simple link) and a registration generator (creates the key for a given company name and shows it to you). ~15 minutes to implement it web-wise, maybe an hour to write the code for the program to use it. You'll know how many companies use it and that should be enough IMO.

I'd also change it into "works for 15 days until you register it, after that it's forever". If I ever see a program that requires to use the network to run (and me browsing for some registration code is using the network!) I simply delete it. I haven't got enough time for some evaluation crap (and I instantly prove myself wrong by typing this in:).

As a side note, how many mid-big server admins do you expect to run some strange, registration-only, binary-only software on their systems? I don't run proprietary binaries on my simple web-server, let alone some $M IBM mainframe.
--
Humanity has advanced, when it has advanced, not because it has been sober, responsible, and cautious, but because it has been playful, rebellious, and immature. --Tom Robbins
[ Parent ]

re: yeah right (none / 0) (#89)
by sgp on Mon Mar 11, 2002 at 12:14:21 PM EST

As I said in the story, though, counting downloads is pretty useless if it's getting emailed around left, right, and centre. Please see this post for a more detailed look at this.

I expect a lot of mid-big server admins to run registration-only binary-only software on their systems; many of them entrust their data to Veritas Volume Manager, which is all of these things (and very awkward to get a license key for)

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

As for the binary-only... (none / 0) (#113)
by tekue on Fri Mar 15, 2002 at 09:13:49 AM EST

If your company is as trustworthy as Veritas Software, then you might be ritght--I wouldn't run your program anyway, but (presumably) I'm not exactly your target audience. :)

On the other hand, if your company is relatively unknown, you may get burned.
--
Humanity has advanced, when it has advanced, not because it has been sober, responsible, and cautious, but because it has been playful, rebellious, and immature. --Tom Robbins
[ Parent ]

not sure what you mean... (none / 0) (#114)
by sgp on Fri Mar 15, 2002 at 07:57:48 PM EST

Many big nix shops depend on Veritas, so I'm assuming (?) that you're calling them, as a company, and their software, trustworthy.

My company is nowhere near as big as Veritas, so while we (and the software) may be trustworthy, the issue of getting trust in the big corporates could be an issue. I'd never entrust my data to a company I'd never heard of; however, this software just reports on your system, and doesn't require root priveleges (depending on how you run it).

The phrase you may get burned troubles me, though, since I'm not quite sure what your post means; how, by being unknown (which we are) will we get burned? The only things I can think of are:

  1. We won't be trusted because we're not known - I don't see this as a big problem, since we're not (unlike Veritas) storing data, we're just reporting on the system.
  2. Being unknown will limit the number of people who install our software - this could be a factor; hopefully, as its usefulness spreads, more people will use it.
  3. The software is likely to be pirated because we're an unknown with (presumably) not enough cash to chase/sue pirates

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

And... (none / 0) (#90)
by Ken Arromdee on Mon Mar 11, 2002 at 02:20:34 PM EST

I'm sorry, but this is a lie. You are asking for information which is not needed to allow people to download the software and run it.

And even if he's sincere, how are the customers going to know this? He'd be a non-bad-guy who looks just like a bad guy. A prudent customer would treat any request for personal information as the worst possible case--because for all they know, it could be.

[ Parent ]

Just ask! (4.44 / 9) (#41)
by QuickFox on Sun Mar 10, 2002 at 02:16:59 AM EST

If all you need to know is whether each download is a first or a repeat, then just ask! Don't keep track of each customer. Just put two radio buttons on the download page: (*) First download, (*) Repeat download. Much simpler!

If you don't waste the customers' time on registration you might instead add more radio buttons: (*) First download, (*) Repeat / very satisfied, (*) Repeat / moderately satisfied, (*) Repeat / needs improvemet. It's not just simpler, you also get more useful information!

Whatever you do, take great care that you don't do anything secretive and spyish, or even seem to do something like that, else the reputation of your company might plunge to the sewers. Especially after asking for help here.

Give a man a fish and he eats for one day. Teach him how to fish, and though he'll eat for a lifetime, he'll call you a miser for not giving him your fish.


Terrorists can't threaten a country's freedom and democracy. Only lawmakers and voters can do that.

I agree (5.00 / 2) (#58)
by Secret Coward on Sun Mar 10, 2002 at 10:14:25 AM EST

I agree. If someone asks for my company name, I will make something up. If someone asks for an email address, I will randomly pick one of my throw-away accounts. Such questions are obtrusive, and I'm not going to answer them just to try out some silly tool.

Asking the user straight out if this is the first time they downloaded, is unobtrusive and I would answer it honestly. Such a question would also indicate to me, that you are not bothering to obtain this information through other means. That's a big plus.

The first, and default, radio button should be "No answer". Along with the radio buttons, you could also include a textbox in case the user wants to comment.

[ Parent ]

good idea (none / 0) (#87)
by deadplant on Mon Mar 11, 2002 at 10:40:05 AM EST

I like this idea. Just ask a few non-intrusive (no names/addresses) questions with the download and leave it at that.

I never provide truthfull info to some site I've never seen before. I don't give out my real info until AFTER I've tried your software and deemed it worthy. You can get my real info when I come back to buy the software (provide links, maybe a reminder in the software).

You'll certainly get more honest answers this way, let the user tell you if they're downloading for the first time or whatever. Rather than asking for an email address and then tracking it yourself.



[ Parent ]
re: just ask (4.00 / 1) (#93)
by sgp on Mon Mar 11, 2002 at 06:09:17 PM EST

I think I'll really push for this approach - thanks for a great suggestion - it's clean, simple, transparent. Easy to download, people keep their anonymity, we get our information.

PS. what's the opposite of deja-vu? I was sure I'd sent this reply already :-|

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Validity of Gathered Data (4.25 / 4) (#42)
by csmacd on Sun Mar 10, 2002 at 02:20:55 AM EST

Many people attempt to do this sort of thing, with some degree of success (new york times, for example).

However, on many download sites that require me to login, I go by many names, including Mickey Mouse, Donald Duck, IHateRegistrations, etc. I think you get the idea. Let's take Diskkeeper (WinNT Defragment Utility) for example. DK lite is available for download after entering free registration info. How many discrete users are there of this product? Well, I've used 5 different names, and I would guess that I've downloaded it 200 times. (Never had my CD when I needed it) So, are there 200 users? 5 users? 500 users? Honestly, there is 1 user, me.

How do you get good information? You don't.

All registrations do is hack people off. What do I get for registering (and continuing to use that registration)?

If your company wants to release this as a free product, do so (put some <flash>ing ad or someting on the product. If you want to make money at it, put it in a box, shrinkwrap it, and get ready to answer my call when I can't get it to work exactly like I think it should.

If you release this product (free or fee), and it is good, people will copy it, it will get cracked, and somebody will make an open source version of it, that's life.

info: good vs none (none / 0) (#97)
by sgp on Mon Mar 11, 2002 at 07:47:36 PM EST

In a way, I'm not too bothered if it's good - all I want to know really is how many people are using it. However, asking people to come up with unique lies seems like wasting everybody's time

On a personal level, though, I'm surprised that you use different information each time you get it - I tend to feed the same lies to the same companies ... I'll only give one company one of my email addresses - if one gets filled with spam, I can lose that one, but not the rest.

f you want to make money at it, put it in a box, shrinkwrap it, and get ready to answer my call when I can't get it to work exactly like I think it should. - I'm planning on answering your email with the free one anyway - at that point you'll lose your precious anonymity, of course :-)

somebody will make an open source version of it, that's life. - It'd take a sysadmin with about 3-5 years' experience to produce by hand what this utility does. That's what you get for registering. So a GPL rival is possible, but not likely in the foreseeable future.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Can you remember ids and passwords? (none / 0) (#109)
by richieb on Wed Mar 13, 2002 at 08:11:53 AM EST

On a personal level, though, I'm surprised that you use different information each time you get it - I tend to feed the same lies to the same companies ... I'll only give one company one of my email addresses - if one gets filled with spam, I can lose that one, but not the rest.

The problem with a lot these registrations is that they want your userID to be unique. Now my default userID is "richieb", if that's taken I make up something else (note if the second choice doesn't work i give up). I also have a single password that I use for such registrations, so that I don't have to remember 15,000 passwords.

So, if I need to download the software again and I forgot my id/password from the last time I downloaded it I just make up a new one to be used just this time - I don't expect me to remember it the next time.

...richie
It is a good day to code.
[ Parent ]

You've thought up an amazingly poor solution. (4.11 / 9) (#45)
by autopr0n on Sun Mar 10, 2002 at 04:48:23 AM EST

Your whole web-based system is, well, retarded. And a complete waste of developer time and energy. A web based method of getting an email address? A Time-bomb to make sure they keep registering!? WTF?

I mean I work professionaly, so I know how idiotic some of these things can be... but damn.

What you need to do is put the access control into the binary, Perhaps something like microsoft's activation. When the user installs they are prompted, in the software for that information via a gui or if it's a command line via a '-register' option. There could also be an option to register via the web if they'd prefer, and get back a password

You could also embed an id number in each download so you could see if people were passing the binary around or whatever.

Another possiblity would be to send back anon (or non anon) usage data via a user settable option. You should probably be upfront about this, as people might not like being spied on.

And you definetly don't want to put a timebomb in, especialy if there's no way to buy it... I mean, what if you get knocked off the net one day and you need the tool? could suck a lot.


[autopr0n] got pr0n?
autopr0n.com is a categorically searchable database of porn links, updated every day (or so). no popups!
spyware (none / 0) (#53)
by sgp on Sun Mar 10, 2002 at 08:09:17 AM EST

The -register type option seems to get in the user's way quite a lot .... emulating MS techniques would make me more k5 enemies than I've made myself already by not GPLing the source!

Something like getting a unique pass of the Web could be worth thinking about

I don't want any more detailed information about users than just the fact that they're using it, and some reasonably accurate idea as to how many of them there are, so accumulating and sending usage data seems excessive.

As for being knocked off the net, its current implementation says when it will expire each time it's run, so there's plenty of chance to get an updated version.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

re: Spyware (5.00 / 1) (#61)
by Mysidia on Sun Mar 10, 2002 at 01:15:00 PM EST

As for being knocked off the net, its current implementation says when it will expire each time it's run, so there's plenty of chance to get an updated version.

This is very obnoxious, worse than crippleware -- this sounds just like your plain-old crippleware except that registration isn't permanent. When it becomes a pay program, gonna charge the users a monthly fee to continue using it?

Since you want to know who's using the program, why not just prompt the user?

Force the user to go to the trouble of downloading and installing something new every couple months, and they'll stop using the program pretty quickly (or hate the people distributing it and vye for an alternative).

Taking something free, making it non-free, and then forcing users of the free thing to pay for it to continue use is also a fast way to lose your users -- once they see it free, their expectations are raised.

This system seems like an attempt to "give people the program to use" but "not really give them the program to use", what is this, free beta testing or what?

-Mysid

-Mysidia the insane @k5
[ Parent ]
Phew, big misunderstanding (none / 0) (#98)
by sgp on Mon Mar 11, 2002 at 07:54:58 PM EST

Taking something free, making it non-free - it's never been free (apart from Beer). The free download is to gauge interest, get feedback, before a for-sale version (which would of course be permanent)

once [users] see it free, their expectations are raised. - in what way, exactly? I've not said Free as in speech - read the 1st sentence of the article again. All I've said, is it's a free (beer) download, which we're planning on selling in the future.
All we're after at this stage, is gauging the interest - which registration gives us, and download numbers don't.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

And if everything were made of ice cream... (4.25 / 8) (#46)
by Sunir on Sun Mar 10, 2002 at 06:16:44 AM EST

You will only hurt yourself by asking for registration information. No one likes to register because, frankly, it's rude. There's nothing you can offer me to that's worth handing over my mailing addresses just so you can spam me from a jurisdiction where I can't remove your testicles.

"People get intimidated by a zillion questions. And they feel like it's intrusive if someone wants their address right off the bat." -- Vicky Valandra, Vividence as quoted from "The Riddle of the Abandoned Shopping Cart." The Industry Standard (December 2000-January 2001
The best way to get people to download the software from your site is to update the software frequently with features so useful they are worth the hassle of downloading a new version. If you're not willing to do this, you won't be able to create a market for it anyway. Not like that argument is going to make it very far with e-commercey types.

Alternatively, after a fresh install of the software, have the software contact the mothership in order to activate. Do this openly, blatantly, with the user's consent, and only once. Never secretly send information back to the server unless you have aspirations to join an Italian boys choir. If the server is unavailable, activate the software anyway. Make a point of telling users that the software will activate by default if the server is unavailable. Make doubly the point of saying this is the last communique to the server ever.

Provide a way to manually activate the software for users who are paranoid that the software is sending secret messages to the Martians. The easiest way is to generate a GUID on the client, transform it to English, and provide a web page to mystically hash it on the server (to English), whose output the user has to copy&paste to the software. (*) Compare the output from the server to the expected value on the client.

(*) Bonus points if the software automatically pastes what's on the clipboard after it regains focus. That is, provided it's well-formed. It's a good idea to provide an extra value at the end to error check, ala ISBNs and credit cards.

If you really are desperate for information about the customer, ask them nicely if they'd like to contribute to a product development survey. You'll obviously want to do this after they have used the software for some time, so just leave a little menu option or link lying around for them to find. You don't really need their name, just their occupation, what they like about the software, and what they hate.

"Look! You're free! Go, and be free!" and everyone hated it for that. --r

don't get the icecream reference, but... (none / 0) (#77)
by sgp on Sun Mar 10, 2002 at 08:04:23 PM EST

You don't really need their name, just their occupation, what they like about the software, and what they hate.
I'm not asking for names... bonuses such as "what you like" and "what you hate" would be nice, along with "how you heard of us" (which I did mention in the article).

The register-once-it's-installed thing just seems (to me) more privacy-invading than registering to download it.... Once I've got something, I expect to be able to do what I want with it; what really puts me off (personally) is something that seems to be free, but as soon as I try to use it, starts asking personal questions. It makes me wonder what else it'll ask later, or exactly what it's sending back to mother.

I'd love for it to keep having new features so useful that it's worth downloading the latest version... however, if all I can show is that 50 people have downloaded it, the fact that 5000 people are using it (being unknown to me) doesn't help me convince my management that it's worth continuing with... the more people that I know have downloaded it means the more time I get to spend on updating it. See also this post for more detail

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Why do you want the information ? (4.00 / 1) (#48)
by Simon Kinahan on Sun Mar 10, 2002 at 07:25:01 AM EST

If there's some legitimate purpose, like being able to distribute bug fixes or support, then you don't need to do anything except stick up a registration/login page in before the download. People will do it because its easier to register than to try to find someone else with a copy. Usually people only copy software within organisations or groups of friends, and therefore anything you need to communicate to your customers will be communicated anyway.

If, on the other hand, you're just looking for names of IT professionals you can "target" advertising at, then I'm not going to help you, and I don't believe there's much you can do short of lawsuits anyway.

Simon

If you disagree, post, don't moderate
Not a spammer (none / 0) (#50)
by sgp on Sun Mar 10, 2002 at 07:54:56 AM EST

There's no intention to do anything nasty with this information; for bugfixes, support, but also to gauge the interest. If 5000 people use and like the software, but we only see 50 downloads happening, we'll (wrongly) believe that it's not got the interest level to be worth developing further.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

OK (none / 0) (#55)
by Simon Kinahan on Sun Mar 10, 2002 at 08:49:33 AM EST

Then I suspect you can rely largely on its being easier to get the software from you than from anyone else.

Measuring usage is a bit tricky. I suggest you just put a box on the registration page marked "how many people do you think will be using this software".

Simon

Simon

If you disagree, post, don't moderate
[ Parent ]
Scenarios (4.00 / 1) (#54)
by bobpence on Sun Mar 10, 2002 at 08:20:41 AM EST

You can always build registration into installation, as do a lot of programs already; no need for a disk key, hard drive lock, etc.

But if your going to charge for it later, and add nagware to boot, why would anyone use it? I'll buy something that does what I need, even knowing that I'll pay maintenance or upgrade fees to get new versions. But if it starts free and I have no visibility as to when and how much the charges will be, I'm better off with a competitor's predictable product.

If Microsoft had presented Internet Explorer this way - we'll charge someday, can't say when or how much, but you will need to upgrade because of new features - Netscape would be in a much better place today.
"Interesting. No wait, the other thing: tedious." - Bender

Wouldn't rewards work better than deterrents? (4.40 / 5) (#56)
by squigly on Sun Mar 10, 2002 at 08:56:42 AM EST

Why not simply have the software check for new versions every time it starts, and offer to download and install the latest version. Release a minor upgrade every month or so. Make sure that people have the ability to turn this feature off, avoid the temptation to release a new version more than once per month, and only keep track of how many downloads of each upgrade you have.

We can assume that each download correlates to roughly one person (people might want to turn autoupdate off, or the download might fail skewing your results) who uses the software sufficiently often that they want the latest version.

People wil get it from you because its easier than copying from a friend. If it is a really good piece of software, then people will want to upgrade. What was an inconvenience for the customer now becomes good customer service, and it hasn't cost you any extra.

good point (none / 0) (#65)
by sgp on Sun Mar 10, 2002 at 06:02:18 PM EST

I don't want to have it call home every time it's run - that would be impractical as many of the systems it is run on will probably not be connected to the internet. But some way of reminding users where to get updates from could be useful.

It's the assumption that one download == one user which I'm not too sure about - a few downloads and a lot of filesharing would result in me thinking that nobody's interested and not maintaining it, even though the reality could well be that there are tons of people using it. Inversely, if I assume that ten people are using it for every one download, but in fact only half the people who downloaded it are still using it, I'd be wasting my time developing software that nobody wanted.

The convenience thing is a good factor, though; if it's as easy or somehow better (eg, get a newer version) to download than to grab a copy, then that'd make everyone a winner.

Carrots are much nicer than sticks!

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

I actually considered this once (3.00 / 3) (#57)
by vadim on Sun Mar 10, 2002 at 10:06:03 AM EST

I wrote a few programs I give out for free, and that don't have a very broad audience (it's only useful if you play the Creatures games). Once I considered adding this option to my installer, but in the most open way possible:

It would add an extra screen with a complete explanation and an unchecked by default checkbox to send usage information.
If you check it, the program will open a browser to http://server.com/register.pl?program=foo&version=1.2.25

The Unix way could be telling the user to lynx -dump the address. I think it's nice, open, not intrusive, and could me some information about how many people still use it. I don't get many bug reports, so I don't really know how many users there are. However, recently somebody told me it's quite popular among german players

But in the end, I never wrote that feature, and never needed it. But if I ever really consider adding it, it would be this way. Another thing I could add is bug reports this way. Add a tiny program to report bugs to your server. With a bug report you can ask for the email address (make it optional!) because this is the only justification I can think of to ask for it. Or give a newsgroup or your email address instead.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.

I think your company is overthinking the problem.. (4.57 / 14) (#60)
by ucblockhead on Sun Mar 10, 2002 at 10:52:49 AM EST

If you are offering a free download, then the best way to discourage copying is simply to make the download as simple as possible. Looking at my own behavior and that of friends, coworkers, etc., if someone asks "can I get that", the response is generally a link to the download site, unless the registration process is obnoxious or the download is huge. You are probably better off just ignorning the problem of copying.

But even ignoring that, I think your central problem is that you are asking for info on download. Don't. Put a registration screen in the program itself that runs on first install. That way, you don't have to care about copying.

And finally, the more information you ask for, the less useful information you'll get. Also, the more benefit you give the user for giving valid info (like, say, cheaper upgrades when you start charging) the more valid info you will get.

Technical solutions to marketting problems are almost always a bad idea. The more you try to force users through a certain path, the more they will deviate just to spite you. Your best bet is to simply be clear and open about everything you are doing.
-----------------------
This is k5. We're all tools - duxup

path of least resistance (3.00 / 1) (#67)
by sgp on Sun Mar 10, 2002 at 06:23:01 PM EST

I think most people tend to follow the path of least resistance; so yes, making the download as painless as possible is the best way of encouraging people to download.

As for putting the registration section into the program itself, isn't that more intrusive than just asking for an email address on download? Once I've got a program installed, I expect it to just sit there and get on with its job, whatever I've had to do to get it (pay cash, give an email address, whatever)? I'm not making a statement here, just asking opinion.

Technical solutions to marketting problems are almost always a bad idea - too right! I've had a much easier time writing the software than getting through this bit of pleasing techies (which is of course the goal of the software) to now having to please management, too - makes me feel a bit like the man-in-the-middle!

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

oops - always preview! (none / 0) (#68)
by sgp on Sun Mar 10, 2002 at 06:29:17 PM EST

Sorry, got that last paragraph totally bass-ackwards. I meant to say that the easy bit (for me) is pleasing techies, which is easy in the writing process, since I've only got one goal; the hard bit is pleasing both techies and management at the same time. That's what makes me feel like piggy.

Shot myself in the foot a bit, there!

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Why not the path of no resistance at all? (none / 0) (#69)
by vadim on Sun Mar 10, 2002 at 06:34:46 PM EST

Use my way. Make the program downloadable without any questions, and on the first run ask the user if s/he'd be so nice to lynx -dump http://foo.com/register.pl?program=report&version=1.0? There's hardly anything less intrusive. The user can't even do it unintentionally. So the feedback you get will probably be good.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]
feedback (4.00 / 1) (#72)
by sgp on Sun Mar 10, 2002 at 07:22:21 PM EST

The feedback I'd get would probably all say nice things about me; "Thanks, I liked your software, enough that I bothered to do this for you."

Whilst that might make me feel nice for a minute, I'd rather hear from the people who hate it :-)

That's not to say that I'm a masochist, but bug reports are more useful than flattery. Maybe prompting with a hate-URL?! A "Your code sux because..." link

Bug reports and RFEs are something I'd really like; what I really need in the shorter term, though, is an idea of numbers of people using the code at all.

It'd be great to get 50 bug reports. They'd be far more useful in the context of total number of users, though....

If 100 people download it and I get 50 bug reports, I suck.
If 1000 people download it and I get 50 bug reports, I suck pretty hard, but it's not useless.
If 5000 people are using it regularly, then 50 informative bug reports would mean a great v1.2!

That's really why all we want to do at the moment, is get the thing spread around, used and useful, encourage people to submit bugs and RFEs, or, to put it another way, "be known to us". I've got to have some way of investigating a bug report... if you're AC#12345 then I can't fix it, unless you give all the relevant info in one shot. A web-based thing may be possible, let's see. As I've repeated enough by now, I don't care who you are, what you do with goats, where you buy your books or CDs, just that you're using the software.

Maybe something like a registration (pre/post download) with an "I'd rather keep it all to myself, thanks" option - maybe give ACs a UID they can use if they want to remain anonymous but keep submitting bug reports as themselves...

One thing I really see is rewarding bug reports - that'd be one reason for an AC to keep coming back with his UID=12345, if he submits bug reports, we don't care who s/he is. I don't know what form these carrots would take - free updates for a year, somesuch. Ideas welcome.... It's seen as about a $10-$30 thing (but charging isn't something that's really been looked into in detail yet... price per copy is less important than popularity).

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Well... (none / 0) (#78)
by vadim on Sun Mar 10, 2002 at 08:04:59 PM EST

Getting hate feedback is hard. I only did that kind of thing once, when I decided to email a bug report explaining my thoughts on the IglooFTP program. It was quite insulting, but the thing was really infested with bugs. Normally I simply wouldn't bother. And as somebody said, you can't be sure how many users you have. Some people will use throwaway accounts, some will get a copy from a friend, so you can't be sure of how many users do you have.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]
Life's hard (none / 0) (#79)
by sgp on Sun Mar 10, 2002 at 08:19:34 PM EST

I'd get nothing out of "oh steve i love you you must be really good-looking, great fun to be around, hugely fertile, and here's a naked photo of me" - remember, this software is for sysadmins, not bikini models...

I'd like to think I'm pretty thick-skinned. And if software doesn't do what it claims to do, then it deserves hate-mail.
My RH7.2-based firewall's ext3 FS went tits-up today; if I could provide details, I'd submit a bug report. Unfortunately, I had to get it fixed; a few fsck's and reboots fixed it. Ext3 deserves a flame; there's no point telling the developers since I can't give details.

Sure, if someone just sends me mail saying "it sucks", then I can't do much... if they say "it sucked under these conditions", then that form of hate-mail is constructive. I'm not married to my software; I can take criticism of it.... if any developer could say with a straight face, "This code is perfect" then I'd never believe another word from his mouth. The code in question is open to some pretty wild variables, I'm sure there must be situations I've not been able to create / envisage ...

Maybe it's just the way I am; software ought to work as stated; if it doesn't, it's broken.
If it's broken, and I wrote it, and can fix it ... get the hatemail flooding in.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Heh (none / 0) (#81)
by vadim on Sun Mar 10, 2002 at 08:42:16 PM EST

Note, I said bug report. It wasn't a polite email, but it was pretty informative. I just explained all my thoughts after finding an awful lot of bugs after the first attempt to do anything, which IMO is a sin. It was so it simply shouldn't have been released.

BTW, one way of getting feedback is searching Google. I just did and it clearly showed that one of my biggest programs is probably not used by anybody besides me, but the other is still quite popular :-)
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]

efficiency (none / 0) (#82)
by sgp on Sun Mar 10, 2002 at 09:06:06 PM EST

A more efficient (for the bug-reporter and the developer) method would be email - having to post a web-page saying "product X sucks", waiting for it to be grabbed by Google, then hoping for the developer to find it, is much less efficient than emailing a (listening) developer.

What I'd love would be for people to say, "This is working in 99% of cases; it didn't get it right this one time, let's see if they care, drop an email", and to get a response within a day, either asking for further info or with a fix.

In the space within which this utility works, there happens to be a very simple way of a user gathering all the relevant information - making submitting bug-reports pretty painless - though as ever, a human commentary is always useful too.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Trade-off (none / 0) (#71)
by ucblockhead on Sun Mar 10, 2002 at 07:06:09 PM EST

Yeah, it's a trade off. IMHO, having a non-webby registration form is less obnoxious than schemes to prevent me from copying something.
-----------------------
This is k5. We're all tools - duxup
[ Parent ]
Think I get your point... (none / 0) (#73)
by sgp on Sun Mar 10, 2002 at 07:26:59 PM EST

I don't care if you copy it or not, I'd just like to know if somebody "new" gets that copy. I'm not out to prevent anyone copying it (that's pretty impossible), just make life more convenient for those who've told me they've got a copy.

Downloading from the web isn't the only way of telling me you've got a copy - registering the one you got from a friend is another way, and makes it more up-to-you.

But why is non-webby better? It's all going to boil down to internetty, what does it matter if it's port 21, 25, 80, or any other?

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Many considerations. (4.00 / 3) (#62)
by seebs on Sun Mar 10, 2002 at 03:43:28 PM EST

First: Every barrier you create to playing around with the software, no matter how trivial, reduces the number of users who will try it. A download form is an inconvenience in a way that a URL isn't, and *will* discourage some number of users.

Make sure you document *EXACTLY* what you will do with information provided. If you want people to provide an email address, be aware that you'd better make sure you *ask* permission before sending promotional mail there. Ideally, ask them at the time of "registration".

If registration is optional, many more people will *try* your software.

You cannot defeat anyone who makes an active effort to bypass your mechanisms.

As to the repeat customer thing, your best bet is probably some kind of userid/password thing.

My advice is, don't try to outsmart people who want to bypass this; let them play. It's less work for you, and you won't change the outcome much either way.


repeat customer (none / 0) (#99)
by sgp on Mon Mar 11, 2002 at 07:57:24 PM EST

But there's no way to implement a "userid/passwd thing" for repeat customers if original customers provide no information!

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Sure there is! (4.00 / 1) (#103)
by seebs on Mon Mar 11, 2002 at 11:08:07 PM EST

Here's my userid, here's my passwd.

You don't need to know who I am, where I'm from, what system I'm running, what my demographics are, how you can reach me, or *ANYTHING* else. You just know that I signed up as "falken" and gave you the password "joshua". But that's enough for you to know that I already downloaded this, and that I already made my decision about how much information to give you.

So, have a registration form with *EVERYTHING* optional. That'll work; people will fill it out, and maybe some of them will give you information, and you have some solid evidence that any information you get, people were willing to share.

And, once again, let me reiterate the two most important points:

1. You must say what you will do with any information you get. (Note that, if you say something fairly aggressive and marketing-oriented, you won't get any information.)

2. You must not break your promises. If you don't say I'm getting signed up to a mailing list, and you sign me up, I'll think of you as a spammer forever.


[ Parent ]
What you could do... (4.00 / 1) (#76)
by Talez on Sun Mar 10, 2002 at 07:46:51 PM EST

is do what Inprise does and let the binary go free but send the vital licensing key to a valid email address. This licensing key is created by a CGI script or external C program or whatever and the result is pumped through a form letter and then sent off via the mail server.

Si in Googlis non est, ergo non est
Don't quit your day job (4.20 / 5) (#91)
by BeBoxer on Mon Mar 11, 2002 at 05:29:14 PM EST

as they say. Speaking as somebody who works in Unix boxes pretty much all the time, I find a number of things about your proposal distasteful.
  1. A timebomb feature. Do you know what I do with software that suddenly and randomly stops working? I stop using it. Period. Your software probably has enough unknown bugs in it without you intentionally creating more.
  2. A bait and switch. If your software is good enough to sell, sell it. If you want to give it away, give it away. But don't try to get me hooked and then switch the terms. This is sleazy marketing and I don't do business with companies like that.
  3. "Bugged" software. If what should be a free download is clearly tagged with my ID, I'm going to ditch the software. Plain and simple. Having it save my name in a .rc file as a preference is one thing. Having a hidden ID field encoded in the binary is sneaky. I don't like sneaky companies.
If I sound harsh, well sorry, but that's the way I feel. You are trying to solve a problem of your own creation. You say you want people to download your software instead of grabbing a copy somewhere else, and then proceed to list the ways you are going to complicate the download process. The best way to get people to download the software is to make it as easy as possible to download! Where I work, as a bunch of Unix weenies, we know better than to email binaries to each other. That's something silly Windows lusers do to spread trojan horses around. If I find some great software and want to show it to other people, I'll just email a link to the web page. The only time multiple people would be using the same download would be if they were all running the same binary on the same machine.

Sorry to go off on a rant here, but it sounds to me like you guys want a study done on the market for your software and are too cheap to pay for it. Step 1) Release "free" software, but add on a bunch of privacy intrusions in preparation for step 2) activate "timebomb" which breaks the software for everyone whose using it. God forbid they use it for anything important. Step 3) Market the hell out of the no-longer-free software. Bah.

This whole question reeks of BS. If you are honest about encouraging downloads and encouraging casual copying you would make downloads as easy as possible! Which means just letting people download it. I mean really, if the problem is people not downloading the software, how is the solution making it harder for people to download the software? It's not. No, the real reason to require personal information for downloads is to gather valuable marketing information about the market for the software. No more. No less. If your bosses are telling you otherwise, they aren't being honest with you.

this is my day job :-) (4.00 / 1) (#92)
by sgp on Mon Mar 11, 2002 at 05:54:19 PM EST

Starting at the end: the real reason to require personal information for downloads is to gather valuable marketing information about the market for the software. - Yes, I said so - we want to know how many people are using it. Counting downloads tells us absolutely nothing.

Now the middle: I agree completely with you - the easiest downloads are single-clicks. And Unix admins don't tend to email binaries around. So this is worth considering, though my reservations about this I've already listed here.

and then the beginning:
1. A timebomb feature. Do you know what I do with software that suddenly and randomly stops working? I stop using it. Period. Your software probably has enough unknown bugs in it without you intentionally creating more.
Nothing random about it- every time it runs with the default settings (it can be run silently, too), it'll clearly state when it expires. About unknown bugs - all nontrivial software contains bugs, but your wording is poorly chosen, IMHO, without knowing much about the software

2. A bait and switch. If your software is good enough to sell, sell it. If you want to give it away, give it away. But don't try to get me hooked and then switch the terms. This is sleazy marketing and I don't do business with companies like that.
For one thing, it's worth getting feedback about what people think of it, and would be prepared to pay before selling it - both to help fix a price and to offer features we'd not thought of - traditional market research is one way, but by giving it away, the general public get something out of it sooner. Also, how would our market researchers find the admins to ask? We'd be encouraging the dodgy tactics they've used to get their lists; what if they start spamming people with questionnaires about it without our permission?

3. "Bugged" software. If what should be a free download is clearly tagged with my ID, I'm going to ditch the software. Plain and simple. Having it save my name in a .rc file as a preference is one thing. Having a hidden ID field encoded in the binary is sneaky. I don't like sneaky companies.
Different uses of the word "free". I clearly state in the first sentence of the article that it's free (as in beer). And I think I'm being pretty open about it being tagged; each report it generates contains "Licensed to ABC123 Ltd.", it's pretty obvious. So there's nothing hidden in it. It's companies who say there's nothing hidden that you've got to watch out for.


There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Which is all valid (3.00 / 1) (#102)
by BeBoxer on Mon Mar 11, 2002 at 10:32:06 PM EST

Your responses are all valid. After all, most of this comes down to personal feelings. Myself, I just have a very low tolerance for this kind of thing. I have no idea what percentage of people are like me, but I'll probably never try your software because I don't want to mess around with the registration and all. Make a free trial version I can download and run no strings attached and if it's great, maybe I'd buy the real version. But I'm not going to jump thru a bunch of hoops to try out some freeware. I'm not saying you're right or wrong to try and do all this stuff. I'm just saying that I personally probably won't be bothered.

Every now and again I'll bother registering for some free piece of software. I did it for StarOffice because, well, under Solaris you don't have many choices. The last time was to try out a native Solaris build of Mozilla. (BTW, if you want to see how not to run your registration, check out Sun's.) When, after going thru the pain of trying to register at Sun's site, their build of Mozilla didn't even work right on my Solaris box, I decided right then and there that I would never have another Sun on my desk. And their poor registration system did have a lot to do with that decision.

So yeah, maybe I'm turning into an Open Source Zealot. But quite frankly it's because I'm tired of the bullshit commercial software vendors try to pass off on customers. If open source kill the commercial software industry, so be it. They can sit around with their lawyers and heat their homes with EULA's for all I care. There will still be computers, and their will still be programming jobs. But I'm completely off topic now. Sorry for the rant.

[ Parent ]

Sun Registration (none / 0) (#115)
by sgp on Fri Mar 15, 2002 at 08:31:07 PM EST

I've registered with Sun myself, for StarOffice originally, I think, but it's also useful on soldc.sun.com (Solaris Developer Connection, or something!), forum.sun.com, etc. I can't remember what info I gave them, but I've had a decent flow of info from them in return. And no spam.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

another route (none / 0) (#116)
by 5150 on Sat Mar 16, 2002 at 10:12:36 PM EST

I have to agree with almost every argument BeBoxer has made. I would add a bit of an explanation from a power user.

I always look for freeware and shareware to meet my needs. I avoid like the plague anything that requires inordinate registration obstacles or severely limits my uses of the program to be downloaded. I further avoid programs that truly time bomb. I don't mind providing basic demographic info, I think providers (whether it be programmers or government officials) need to know their users. Any other information I avoid. What is the end result, I don't get spammed, I get a program that I need, if I like it and find it useful and dependable I let my sysadmin and co-workers know about it. Many of the programs I have downloaded have had different licenses depending on whether you are an individual or an organization. Trust me, the second I tell my sysadmin that we need a program two things happen, (a) he trusts my opinion and will follow through politically and financially to ensure that we get the desired program and (b) he ensures any licensing requirements are met.

In the end, this process works extremely well. The programmers get needed info about users that are interested in their code, the user (me, in this case) gets to take programs for a test run, if it meets the need, the parent organization makes it a standard application, the programmers get needed info about the users that find their code useful and are compensated for developing a useful program.



[ Parent ]
assuming it's a win32 thing... (4.00 / 1) (#94)
by kstop on Mon Mar 11, 2002 at 07:23:57 PM EST

PPP or Plus 4 or whatever it's called now, from http://www.softwarekey.com.

I've used it with Delphi and Borland C++. It has interfaces and/or modules for most popular Win32 languages. The C API is nice and clean, and it can do pretty much everything you want. It also has a web-based licencing option, tho I haven't used it (and am vaguely planning on writing my own, as I modified the licencing mechanism pretty heavily).

Be warned however, that you *will* feel dirty all over after using it, if you have anything approaching a soul. Also, it isn't 100% secure, but it's good enough for all but the most determined, who deserve a reward anyway.

thanks, but.... (5.00 / 1) (#96)
by sgp on Mon Mar 11, 2002 at 07:31:30 PM EST

(a) It's a Unix utility, not a Windows app.
(b) Yeuch... I feel dirty just seeing the front page of their website! Those colours! And the rest...

FWIW, I'm personally in favour of the just ask approach, and think I've got a decent chance of arguing for it by quoting some of the comments posted here; it suits my morality, and does what management have asked of me.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Use Optional Registration (none / 0) (#104)
by hengist on Mon Mar 11, 2002 at 11:39:20 PM EST

and ask them nicely on the download page to register. This is what I've done with some software that I release over the web. The interested ones (the ones who are actually using the software) will register. The ones who just download the software, decide they don't like it, and never use it again will not. Simple as that.

As others have said, what you are planning will turn people away from downloading your software. I appreciate, though, that it is your PHB wanting this: maybe if you brought this discussion to their attention, you could change their mind?

There can be no Pax Americana

Casual copying saves bandwith (none / 0) (#108)
by richieb on Wed Mar 13, 2002 at 07:54:38 AM EST

Just a side comment about casual copying. Why do you want to prevent people from distributing your software to others? What you really want is for people who like and use the software to register on your website.

If your software is passed around from person to person, you save bandwidth on your servers. Just make it easy to get to your website for registration.

Forcing registration at download time doesn't mean that info you collect will be of any use (ie. downloaded by "John Smith" from FOO.COM).

Also, if you are going to sell the software later, better add some new features that people will be willing to pay for.

...richie
It is a good day to code.

true ... (4.00 / 1) (#112)
by sgp on Wed Mar 13, 2002 at 05:36:29 PM EST

All I really want is to know roughly how many people are using it. I just find it rude when software uses my phone line to call to its mother, even if it asks first. I'd rather just tell its mother "your little baby's going to be spending a while with me" beforehand.

But maybe that's just me... certainly a few people here have supported the idea, which I find somewhat surprising.

I'd soon lose a bandwidth war - I've got as fat a pipe at home as the company servers have (and being dynamic IP, it's signifcantly cheaper, too!)

And there's a ton of new features in the pipeline, don't worry. It's pretty solid as it is, but there's plenty of room for new features.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Tracking Free Downloads, Practicality | 116 comments (83 topical, 33 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!