My background in development is entirely commerical/business, not gaming, but in that area I have had to deal with issues of licensing and copyright protection of APIs (not the product itself - just the API). After some thought we ended up developing a trivial protection system using easily-reverse-engineered license keys purchased by the third party developer company. Althought it in no way prevented software theft, it did provide evidence that software theft had taken place, which was good enough for my bosses.

Possession of a key issued to a legitimate third party organisation whose content was copyrighted, was in itself a copyright theft. Use of that key was therefore in some way illegal. The important point seemed to be that (a) the software was protected (however trivially) and (b) the method used to gain access to the software prevented casual or mistaken use by a third party. I put the case to my bosses that theft is a law-enforcement issue, all I could do was provide some basic protection such that there could be no defence of ignorance (i.e. "I didn't know it was copyrighted" or "it was open source code I found on the web"). It was made easier for me because we work exclusively in the Microsoft .net world where all code is open and trivially decompiled - just like (for instance) JavaScript - so there is no real technical protection from copyright theft.

Interestingly the prevention of theft of the companies IPR was their main reason for investigating web hosting - it prevented the software from ever leaving our premesis, so was inherently secure. Didn't end up being a strong enough reason to actually convert it for the web, which probably reflects more on the weight given to copyright theft over and above, say, user experience.

Phillip.

I'd just leave it to my distribution platform (Steam, Apple App Store, Windows Store, etc.) to handle the DRM and focus on making a good game. I would not lose time with it myself, it's just not worth the effort and I don't care to play that cat-and-mouse game with hackers. People who will crack your game are usually not going to buy it anyway. I'm guilty of having pirated games in the past but those were either games I was never going to buy, or games that I wanted to try before buying. I have never pirated a game from developers I trust to not make cheap cash grab games. I have never pirated a Blizzard game, for example.

More importantly, sometimes DRM itself might be the reason why people don't want to buy your game. Don't make it safer and easier to pirate the game than to buy it legit. Mass Effect 3 has been massively pirated, and I bet that one of the reason was that people didn't want to install EA's Origin's DRM/spyware/cloud on their computer. I decided to just not play the game (rumors about the ending cooled my excitement anyway) but those I know that have played it on the PC have all pirated it. Although unless you're called Ubisoft or EA you probably don't have the means to invest into draconian DRMs like Origin or Uplay so you can probably ignore this issue.

You might want to go the always-online way, but if you do so you need to ADD VALUE to the always online factor so that it's not just an annoyance for the players. A lot of people have complained against Diablo III's always-online feature (and who am I to tell them that they're wrong) but personally I grew a large friend list by playing World of Warcraft, so being able to chat with my friends while playing any Blizzard game makes always-online awesome for me. I wouldn't play the game offline even if I could.

On a side note, I have once successfully used a protection scheme to force the customer to pay the full price of a software when I was working for a company that made industrial machines. I hid the lock/unlock flag into the machine's RAM on a chip. Of course he could have "easily" hacked it, but when you're buying hardware that is one-of-a-kind and costs 5M$, you don't want to risk breaking it (plus voiding your warranty) by hacking the chips for the 5k$ software add-on... Of course, games are all software, so you can't do anything like that.

when I finish implementing my licensing methods, would all of you try to crack it for me to see how secure my scheme is?

Of course not. That would be illegal.

not necessarily if we do it under the spirit of development testing and I give you permission to test my security.

 

Of course not. That would be illegal.

 

That would depend on what jurisdiction you're in, (Allthough i can't think of any jurisdiction in which it is illegal when you have the copyrightholder and system owners permission)

indeed:)

More importantly, sometimes DRM itself might be the reason why people don't want to buy your game.

This, and 100 times this. I own legitimate copies of excellent games, but I still run the cracked versions because of one important DRM technique of the time period: requiring the disc to be in the drive. My main computer is a laptop, and I am always on the go. I rarely sit in one place, and while I'm often seated in my living room, my PC games are upstairs, since they are rarely used. I simply do not want to carry the disc on me, when I have the harddrive space to hold the entire game. It isn't necessary, and it is cumbersome enough for me to buy the game and run the cracks that would allow me to not need the disc. First, carrying the discs sucks. Second, spinning up a CD drive is loud, and can be slower than just as easily reading from the harddrive. Third, having my optical drive spinning while I play drains my battery life and heats up my machine unnecessarily. Fourth, running the game from a removable drive is very useful if you move from machine to machine in a public area, like a school, so cracking it to do so is desirable.

These are all ways that local DRM frustrates me. I was very leery of always-online DRM when I started playing Phantasy Star Online 2, for one very big reason: I played Phantasy Star Online in the offline single player mode intermittently for many years! Dealing with the fact that if I wasn't connected to the Internet, I could not level my character was a tough hurdle, when I had been playing the game's predecessor for 10 years. However, I eventually accepted it as a necessary step (PSO was filled with hackers and cheaters).

So, let it be known that there is yet another type of customer: if you sell your game with DRM, and I buy it, I will still try to break it to remove the burden that was imposed upon me, despite me doing the right thing. I was very glad that the versions of Quake I, II, and III: Arena that I have for Linux install and ask that you copy the data from the legitimate Windows discs to the install directory, instead of requiring that the disc be in the drive like installing the Windows versions. I own the Ultimate Quake collection, so that is not the problem.

Most DRM solutions are trivial to bypass and generate "valid" keys once folks get even a basic sampling of keys.

Any decent DRM system will use public key cryptography to make sure that the only practical way to generate valid keys is to have the private key.

Of course that doesn't stop someone hacking the code to remove the check or replace the public key, but at least it lets you easily and reliably identify pirates.

Most DRM solutions are trivial to bypass and generate "valid" keys once folks get even a basic sampling of keys.

Any decent DRM system will use public key cryptography to make sure that the only practical way to generate valid keys is to have the private key.

Of course that doesn't stop someone hacking the code to remove the check or replace the public key, but at least it lets you easily and reliably identify pirates.