Share-aware: A new shareware model proposal By Floydman, Bachelor in Computer Sciences Floydian_99@yahoo.com Floydman@hacker.am August 15th, 2000 You can distribute this document freely, as long as no changes are made to the file, or as long as credit for it is not pretended by someone else. All comments and suggestions about the material presented here should be directed at floydian_99@yahoo.com. If future versions of this document include add-ons coming from other people than me, then proper credit to the various authors will be clearly identified. All version updates of this document are to be released by me. You can find this document online at http://www.geocities.com/floydian_99/ Abstract The goal of this paper is to present a new way for shareware software authors to license their products and try to make a decent living from it. I don't know if something similar is already in use, but if not, I hope this will benefit shareware authors. Preface Shareware programs have been around for a long time, even before the Internet went commercial, and it's main advantage is that it lets potential buyers to try the software before deciding if they buy it or not (imagine if Microsoft was a shareware company!). But it also has a few problems. Many people due to pay the software under the license agreement fail to do so for a number of reasons (that I will not discuss here), thus preventing software authors from receiving much needed income. I will present here a different way for shareware authors to get their fair share (pun intended) of the software pie. Targeted audience This document is presented to anyone who has interests in intellectual property, software authoring, online privacy, shareware and computing in general. Table of contents 1. Introduction 2. Some shareware models 3. A Pandora's box: spyware 4. Turning corporate guns against itself: share-aware 5. In conclusion 1. Introduction One of my previous papers has leaded me recently to speak (on e-mail) with the author of the software related in my paper. I took the opportunity to tell him that I was really surprised (and very pleased) to find out that his software was available for free on the Internet. I mean, freeware isn't new, but we rarely see it anymore. He told me that he used to try to sell his software for a while but it didn't translate into enough revenue to rely on it for a living (so he got a real job, to quote him). That's too bad because it's really a good piece of software (like many other shareware programs available on the Net). I asked him (naively, I admit) why he didn't put it free for personal use, and charge companies for commercial use? That's what he was doing, he said, but it turned out that most companies didn't bother to pay for the software (even Fortune 100 companies), for a variety of reasons which I won't discuss in this paper. And he's right, I've seen it myself at previous workplaces (but they at least did something about it, never too late to do the good thing). So instead of making a big hassle with big companies to get his honestly earned money, he simply put his software for free. Around the same time, much noise was done on the net about so-called "spyware", used in some commercial software. This spyware was sending to its homebase server data about user downloading habits. The companies denied that such use was made, but a lot of individuals are skeptic of this. These companies have announced recently that they will remove such "features" from their software, since "it was never used" according to them. But who knows what other softwares out there that could have the same functionality? With these two events happening around the same time, it mixed in my mind, and I came up with the idea that I present here in this paper. I'd like to know what software authors and privacy advocates (or whoever have a valid opinion about this, i.e. no flames) thinks about what is presented here, and if it could really solve some shareware authors chores. 2. Some shareware models Shareware has been around for a long time, and there are various flavors of it. This chapter treats about various existing shareware models for background information only. First, there is freeware. In this model, things are quite simple: usage of the software is provided free of charge, and distribution is encouraged. No modifications to the code or credits are allowed, and nobody can charge for distributing it (except maybe for the price of the medium). In some cases, donations are suggested, but it is up to you if you want to send monetary encouragement to the author. Then, there is what I call the "classical" shareware model, which consist of indicating in the license agreement that the software is free of charge for a specific time period, usually 30 days, known as the trial period. When the trial period is expired, the software remains fully operative, but you are required on faith's basis to remove it if you don't purchase the software. Paying for the future usage of the software usually benefits you by having support, news about releases and patches. Sometimes, nag screens are used (nagware?), as a reminder to pay your due to the author. These nag screens are disabled when you are a registered user. Cracks are also usually available on underground Usenet newsgroups and websites to illegally disable these nag screens. A variation of the classical model, that I will call here "com-ware", is to provide the software free of charge as long as it is for personal use. If you are a business or use the shareware for commercial use, you're required to pay the licensing fee to the author if you continue to use it after the trial-period is expired. Here again, nag screens can be encountered. Then there is "trialware", which means that the software will perform only for a restricted use, and will not be able to operate partially or completely until you pay the licensing fee for the right to use the full potential of the software. This could be software that stops to work after the trial-period is expired, or after a certain amount of tries. It could also be some functions being unavailable. There are two type of trialware: those who can be unlocked, and trialware releases. The first type is where a registration number is provided when you register so you can unlock the disabled features (much like when you get rid of nag screens). The disadvantage here again for the author is that cracks are available on the Internet. The second type is a special "trial" release, which contains only the code relating to the allowed features. If you want to purchase it, you're most likely to receive a different, complete version either on CD or from a secure-download on Internet. It is intended to replace the previous installation. All these models all share two things in common: 1) code can not de modified, 2) it relies mostly on trusting people's honesty. It's on this point that the shareware ideology often fails to delivers it's promises. I want to put a word also on Open Source, which is not exactly a shareware model (I think some open-source software have a price tag on it), but I want to discuss it here anyway because it allows users to modify the code to suit your purposes. This is really interesting, because it lets you participate in the development of the software. You can customize the software to suit your needs. If you come out with valuable code or bug fixes, you submit your code to the entity responsible for releasing official versions for future releases. 3. A Pandora's box: spyware OK, this is far from shareware, I agree. It made the news recently that some companies (RealNetworks, Netscape/AOL, NetZip) had features built in their software that was sending info to the motherbase about downloading habit of their users with extreme precision, along with name, e-mail address and unique-ID. Each instance of the software has a unique number, which makes it possible to track a single machine. These companies claimed that this was not used with the intent of tracking down users habits, and planned to remove these "features" in the next version, if it's not already done right now. The stir started when software publisher Steve Gibson made some research to confirm some rumors (that proved to be true after all). For more details on this, go see http://grc.com/. This kind of software is bad. I'd almost say evil. But my Bible isn't the book that talks about God, and all, but 1984 from George Orwell. To me, today's corporate powers are the Big Brother described in Orwell's book. But then I thought, "if it's good for them, then why not the other way around?" 4. Turning corporate guns against itself: share-aware From here, maybe you already have a clue to where I'm going. If you don't, don't worry, here it comes. Everyone knows that companies see enormous potential in the web as a way to sell things. The sad part is the ways they take to achieve this. They want to know more about you, the customer, so they could better target your liking in their advertising. And as long as they don't get caught, any way is good to collect data. This is life, as we know it in North America today. The catch is, these companies are customers too, from a shareware author's point of view, so their logic can be applied against them, but with a sense of ethics. What I have in mind is a derivation of the "com-ware" model. The software remains free for personal use, but commercial use is charged. Upon the trial-period expiration, the installed software could "phone home" and send the DNS suffix of the machine (which you could get by doing a "ping -a" with the IP of the host). I insist that no other information than the domain name should be sent (except for the IP address, for communication purposes), as our goal is to track companies, not specific machines (an audit of fraudulent companies will take care of that). We also want to avoid collecting information about users, especially those who legitimately uses it freely. The goal is to extract the company name from its DNS name. In most cases, it is really easy like companyname.com or net1.companyname.com. Don't just rely on .com, you could have companyname.on.ca, which is an internal network name based on geographical location (Ontario, Canada in this example). As for personal users DNS names being sent, results may vary. It will make sense to discard the dial-up.isp.net and cable.dsl.isp.net, since they are most likely to be individual users who are legitimate to use the software for free. Notice that by taking only the DNS suffix, we don't pick up the user's machine name, which improves user privacy while still enabling the authors to get their due. The DNS names that you're not so sure about where they fall, I suggest this. If there's only one instance or two of a DNS name you are not sure, let it go, it is most likely to be a legitimate use, and if not, so what! You're at least getting the big fish now, which is better than before (at least, I hope it will). Common sense should rule. If you want to make sure, try finding out with whois requests. I also suggest that the data be sent via port 80, like the spyware do, so it will pass through firewalls like a charm. If possible, don't use HTTP, make your own custom server that listen on port 80 to receive the data, and don't send it in cleartext. In order to be fair and as non-intrusive as possible, the license agreement should specify that the DNS name is sent to the author's registration site for customer validation purpose. The DNS name should be sent only when the trial-period has expired. The registration server then receives the data and stores it in a database and sends an acknowledgement (ACK) back to the shareware. Then after some time period (let's say 15 days), the share-aware will phone home again and wait for an ACK or a NACK (not-acknowledged). The ACK means that the software is OK to be used as is, and will remain silent ever after. The NACK means that the software is being used illegally (unless the check is in the mail). The confirmation (ACK or NACK) will be made by a human person in order to avoid false positives. Then you contact identified companies to inform them of their non-compliance to the user license. Normal legal procedures should then go underway (i.e.:you make a deal, or they remove the software, or you get them in court). Of course, this model is not entirely foolproof. A company could know that the software sends data packets, could analyze it and determine the destination, and block this traffic at their routers before installing the software. But a company doing so would also be knowingly fraudulent, and will have no case in front of a judge if they get caught. 5. In conclusion I have presented here what I think is a new way to publish shareware software which should make available great software freely available to single users, but which will also permit shareware authors to get their due and be able to finance other software projects. By targeting the companies, the same companies who defend so intensely copyrights and privacy rights when it comes to their stuff, but are more "flexible" when it comes to other people's stuff, everyone should benefit (even the companies, who will have no choice than to put themselves in legality). If this model deliver its promises, it could turn into a cornerstone event in computing history. Of course, it's not perfect, and probably will not get all illegal copies, but it should still get a whole lot more than previous shareware models (except maybe for trialware releases). Getting the company name from its DNS is only one way to get the information. If someone thinks of another way that is more efficient/accurate/simple to achieve the same (or better) result, or have some input that would benefit this model, I'd like to hear from it at floydian_99@yahoo.com. If you're a shareware author and you plan trying this model, I'd like to hear about it as well, to see if it lives up to its promises.