

App Store Honour System - ahammad
http://www.mahdiyusuf.com/post/32803382210/apple-app-store-honour-system

======
arrrg
The music industry sells music on Apple’s iTunes Store with zero DRM†. I can
send it to anyone and they can just play it. Just like with apps, I can also
log in on a friend’s PC and re-download my music. Using the music industry as
a counter-example in this article is hilariously misguided.

Of all the digital stuff Apple sells, music is by far the easiest to pirate.

—

† No watermarks either. The tracks contain the Apple ID of the purchaser as
well as purchase date and time as metadata that is easy enough to strip away.

~~~
lucian1900
A watermark would be hard to spot by its very nature, so it could still exist.

~~~
erikano
Two people could register accounts, using their own names, addresses and
credit cards, from different computers and Internet connections, with
different ISPs from some geographical locations sufficiently far apart (e.g.
different countries). Then, they would buy the same stuff and strip the meta-
data from the files. Next, they hash their files and compare the hashes, by
only telling each other half of the hash.

E.g., person 1 would tell person 2 that the first 32 characters of the sha-256
hash (represented as a hexadecimal string) was
"47905a1f67a826d1ca5321e3473266d9". Person 2 tells person 1 that the remaining
32 characters are "7616ac096cb069098bcd2e12b2ed0c0d".

In our scenario, these two people have no interest in tricking each other - so
they use the files that they bought and tell the truth when stating their part
of the hash. The company from which the files were bought are assumed to not
know that these two people are working together, since they might otherwise
serve the same watermark to the two people.

Edit: In fact, these "two people" could even be just one guy who traveled to a
foreign country, purchased a brand new computer, a pre-payed card, went to a
library and registered with bogus details, bought some files. Then, s/he
traveled to another country where s/he did the same thing (new computer, pre-
payed card, went to some Internet café and used other, bogus, details to buy
the same files) and compared the hashes as described above.

Edit 2: Or, s/he could order the pre-payed cards online, bought from two
separate resellers using bitcoins, and use two separate VPN-s (also paid for
with bitcoins) from a computer that was assumed to not leak any sensitive
information (because the computer was bought for this purpose, and therefore
never used for anything that could be tied to him/her, s/he used an Open
Source Operating System, and s/he switched out the NIC and the USB-stick used
to boot the computer between each time), with each VPN session being made from
different places sufficiently away from your home, and at times sufficiently
far apart (3-6 months, maybe).

------
jmduke
Correct me if I'm wrong, but wouldn't this be blocked by device authorization
limitations (5 per account)?

For instance, I have a PC, a Macbook Air, iPad, and iPhone; those take up four
of the five authorizations. I could theoretically then spend this last one on
the friend, sure -- but I'm fairly confident that devices can only be linked
with one account at a time.

Furthermore, I'd argue that this issue would only be relevant with relatively
expensive Apps. Frankly, I pirate music because most of the stuff I'm looking
for is either otherwise unavailable or exorbitantly expensive -- conversely,
the amount of effort it takes to pirate a .99c app isn't work the headache and
coordination.

I'd argue that this has been Steam's biggest success, as well -- reducing
piracy because it's comparatively too much effort.

~~~
arrrg
For personal use, you can install apps on all Macs you own or control. There
is no limitation in the number of Macs. Presumably installing an app for a
friend could also be a legal use – since you control that Mac as demonstrated
by logging in.

Even when there was a number limit, it never crossed the PC–iPod barrier. When
music still had DRM you could play it on five PCs/Macs and an unlimited number
of iPods.

------
sksksk
Ultimately does it matter?

As a developer, what's more important to you: more revenue or noone pirating
your software?

I'd say it's possible (and I'd guess, probable) that for the vast majority of
App developers, they get more net revenue from the increased exposure and ease
of payment that the App store provides than they would get from trying to sell
the software through their own channels.

------
tbirdz
The real issue here is proprietary software. If all software was free
software, then software piracy would be eliminated.

>Would it be impressive to be able to assert that every single copy of your
software was paid for?

I can assert every copy of software I run on my machine is 100% free software.
However, I didn't pay for it.

------
tehwebguy
The entire basis for this article is a straw man:

> It’s fairly trivial for me to buy an application and simply stroll over to
> my friend’s computer, login using my credentials and download the
> application without much issue.

Sure, but you're not most App Store users. It's absolutely _not_ trivial for
most people to do this, but a huge pain in the ass.

------
jiggy2011
I don't know if it would even be possible to make piracy completely impossible
without having some hardware lock on the device to make sure it only runs
signed software, I'm going to assume that there is a pirate version of just
about every game on Steam available on a torrent site somewhere.

I'm also not sure I like the idea of having an always-on internet based DRM
built into every bit of software I use. Not being able to play a game because
my internet connection is down is one thing, having it completely cripple my
ability to get any work done is another thing altogether. In fact that may
drive legit users towards piracy, since you would only need to be stung by
that once.

------
dbezona
It's really not that simple though. If you use your account to download the
app on your friend's device, the download is still associated with your
account, not your friend's. Any subsequent attempts to update, restore, etc.
that app will require entering your account credentials.

I can't imagine there are enough people dealing with that hassle to material
effect sales.

~~~
richardlblair
The whole updating/upgrading argument can be made for all software. Many
pirated versions of operating systems and major software suites can't be
updated, but this doesn't stop a huge number of people from pirating it
(Windows, Office, and Photoshop to name a few).

There are plenty of apps on the app store where all you have to do is zip up
the application's directory and send it to a friend. This means that you don't
even need to log into your account on their Mac. All you have to do is install
the update, zip it, and toss it in dropbox or send it in an e-mail.

This is a gaping hole in Apple's infrastructure. While circumventing piracy
completely is impossible, it really shouldn't be this simple either.

~~~
arrrg
I’m pretty sure that “gaping hole” is there by design and I’m happy about it.

Know that it exists and don’t use the App Store if you don’t like it. Simple
as that.

~~~
richardlblair
I can honestly say that I hope developers do avoid the app store.

------
icebraining
_The music industry surely doesn’t share our mindset, they will just sue you
into oblivion._

No, they won't, because it's impossible. They'll sue an extremely small
proportion of the "pirates" and lose money in the process:
<http://www.techdirt.com/articles/20100713/17400810200.shtml>

Ridiculous is thinking this is a better approach than not suing your
customers.

 _Would it be impressive to be able to assert that every single copy of your
software was paid for?_

Yes, absolutely! What kind of web browser would one use?

Of course, if you mean a licensed instead of paid, then not, it's not. Here:
<http://www.debian.org/distrib/>

------
Tyr42
This actually boosted Minecraft's sales, I think. I know that I've shown the
game to a friend, and just left it there in the non-updating state and they
ended up buying the game. It's how I had the game before I bought it.

------
JimmaDaRustla
Some may argue the fact that it is limited to the act of authorizing and
installing which prevents the simple distribution of the application (if
copying *.app doesn't work). But, this is even worse in a "re-distribution"
kind of way - people who bought the software, can now leverage their account
to resell the applications at a lower cost - the customer just needs to
temporarily provide the computer for distribution of the apps/games.

I personally know of this KIND of thing happening, and their customers are
delighted at their service.

------
Monotoko
There's an app on the iOS cydia store that allows you to have any app from the
App Store for free. I have it on my phone and use it very very rarely (when
I'm not sure if a £9 app will do what I need it to) - I still buy most of my
apps and honour the system.

------
googletron
I would really be interested in people's thoughts.

