Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Is there a “privacy focused” way of software licensing?
3 points by illegalmemory 11 days ago | hide | past | favorite | 12 comments
Hello HN, I was working on a desktop software and wanted to enable purchasing a one time license for usage. I really don't want to collect email / user name / IP address and so on of the customer ( imagine zero server component if possible ), but at the same time don't want the same license to be used on multiple devices (malicious users to exploit this system). Is there a way to achieve this? Anyone having experience to share in the field ?

Using an API like https://keygen.sh, you are in control of how you “fingerprint” devices, so creating an anonymized fingerprint should be pretty easy using a secure hashing algorithm. You can check out the privacy policy for info on data retention for things such as IPs in log data. Privacy-focused licensing isn’t *super* hard. Activating a ‘new’ device is as simple as deactivating the original device and activating the new device.

(Disclaimer: I’m the founder.)

Thank you ezekg, I appreciate your privacy policy ( We believe in the GDPR and increased privacy for everyone. )

I will try to look more into it if something can be cooked up without the requirement of a server or service. Otherwise might go ahead with something like this.

No problem. I’m big on privacy myself, so my business is also. If you don’t want to use a third-party and/or server, and you’re able to get the device fingerprint upfront, you could generate signed license keys [0] with an embedded fingerprint so that it only works on certain devices. Though that would mean a new device would need a new license key.

[0]: https://keygen.sh/blog/how-to-generate-license-keys-in-2021/

Hardware dongles and license servers (run internally at the client company) are traditional "solutions" for this use-case.



No experience here, but I'll bite. Have the application call home for authorization with an anonymous device fingerprint and a license key set up during installation. It's not too big of a job for an AWS Lambda function or similar if you don't want to run a server. Allow users the option replacing one fingerprint with another when they get a new machine, and rate limit the fingerprint changes if abuse turns out to be that much of a problem.

Thank you very much, your solution and one by ezekg sounds a lot similar: anonymous fingerprint + service or some lambda function to do some work.

The good part is it is simple and efficient. I can open source the device fingerprint part/server code (or link to a third party like keygen`s policy) and have my privacy policy in place.

The not go good part is I still need a service running ( the core point was the if there is no server there would be no remote logs, so clients have 100% peace of mind )

I might go ahead with the solution in case something interesting doesn't come up. (I was also looking at NFT based approach, where each license is NFT and can be verified on a blockchain)

Contracts are not foolproof but probably good _enough_ if you’re selling to legitimate businesses.

This will actually be downloaded by normal non-technical end users, I am not sure if contracts are enough in this case.

How do they purchase it?

What if they buy a new computer?

What OSes do you support?

>What if they buy a new computer?

To be honest I am myself struggling with this question and I dont have a clear idea yet, but I definitely would like to support it.

>What OSes do you support?

Linux, windows and mac native applications.

do you mean totally native genuine compiled code, or electron/js?

this changes things on the client side.

I do mean native genuine compiled code

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact