Need Anti-Abuse system

I'm working on a object visualizer tool. This is a pretty straightforward thing to do in Unity and that is not the problem. The problem is, I have to compile and send a 'demo' to my clients for them to make sure everything is working and pay me.
I can either send them and hope they don't scam me. Create a 'demo' but since the app I'm making is very simple, has very litle features, It can almost be considered a 'demo'. Or I have to implement some sort of Anti-Abuse system.
I've searched the asset store for such a thing but haven't found anything.
What kind of anti-abuse features do you recomend me to do? Make the application only work within a certain date? Online verification (would make me have some server to handle those verifications)?
I'm open to ideias.


Details about my product:
It is sort of a gallery with cool effects like exploding views of 3d objects.
Each person/company that I sell this to will provide my with a predetermined list of objects that will show in the application. The list will be static.
My client will show this gallery to theyr clients to help them sell theyr products.
As I said before it is a simple application. Not that much user interation. Just a camera rotating around objects and pressing 'next item'. Not much more then that.

 

This sounds like a terrible way to handle contracts. You dont need an "anti abuse system" whatever that is, what you need is to have an actual written formal contract in place with your client so they are legally bound to pay the invoice, in clear terms that explains what they will recieve and what you will be paid for.

Clients dont "scam" you unless you did not do the right research into who you are doing business with before starting, and started doing business with someone without the proper paperwork in place. I recommend also looking into escrow for payments, but that will do little if you are entering into work relationships with people you believe will "scam" you, as the problem there is based on how you are finding and entering contracts.

 

Normally when client is untrusted a decent approach is to send them a video of the project in action, untill you're paid.

Additionally you could give them remote access to a limited user account on your machine to test the application. They'll be able to test it, they won't be able to have it, and you'd be able to discuss things over voicechat with them meanwhile.

That's pretty much the safest approach to ensure your project is not being stolen.

Honestly, though... this kind of mexican standoff phase in contracts is very tiring. Another option is escrow, which was commonly offered by freelancing services, but those services also often do not protect from chargebacks, meaning a rogue "client" can screw you over anyway, so it is false security.

You're talking from position of a eu/us, most likely with a country in mind where you have a chance of solving problems in a court. You might also be thinking about having contract with a business.

That does not apply when you're dealing with an individual (no information to research), you're in "legal wild west" type of country, your chance of legal recourse upon being taken advantage of is zero, and contract is smallish scale.

Basically, the rule of the thumb is not to give them deliverables until you're paid. Once you established business equivalent of "rapport", you can relax a bit.

Lots of people work this way. Or used to.

 

Yes thats fair enough. I am in the UK and I run everything through my company, and everybody I deal with are businesses including when they are an individual, so I guess it is very different for me.

I have done dodgy contracts in the past through things like upwork with people in other countries where I have been worried about getting scammed, but I swapped to only working with people in UK, US, Canada, Australia and EU and that made things a lot easier.

In this case, personally I would say escrow is the best course of action but as you say that does not prevent chargebacks which would negate the feeling of safety.

If OP is not already doing their freelancing through their own company, I recommend setting up a limited company as that will (in most countries) provide an extra layer of legal protection when dealing with things like contract work and helps with disputes. But ofcourse it comes at a cost and takes up significant time running a company and dealing with accountants etc.

In the UK we call the way of working you are describing "working at risk", which sometimes is also done in B2B contracts when you are sure they will accept a project but want to get started before it becomes official. In general, its recommended not to work at risk unless you absolutely have to. But I understand that is not always possible if dealing with an individual.

 

I havent researched enough to decide going freelance or opening a company but with either I am somewhat legally protected because I'll allways be able to prove (through emails and other conversations) that I have delivered the product and did not receive the payment.
But, since the cost of my product will be relatively low, If I have to engage in a legal dispute, my costs will quickly outweight my due payment. Not to mention all the court hassle.
If they don't pay, I can get the money through legal means, but I don't think it would be worth it. That is why I'm searching for this anti-abuse system.
I guess a quick sample video should be enough until professional trust is established, as @neginfinity sugested.

Apreciate your answers so far guys.

 

Binary files(?)

Whilst they are not 100% secure (and there are stronger ways to encrypt/obfuscate data) you're still going to have to pawn through the memory to try and find out what is inside it before you can go about trying to modify it or inject your own code.

AFAIK.... To get to the juicy data inside of a binary file you need to already know what is inside of it... therefore requiring you get your hands dirty and look through memory to figure out/reverse engineer the structure/contents.

Use a basic time tracking system and serialize it to a binary file. When the application is opened just deserialize the binary file, check if they have time left, if not don't let them use the product.

1) Use an integer to count minutes(?) hours(?). Don't call it something obvious like "TimeLeft" etc. Obfuscate it.
2) Serialize it using a binary formatter.

Code (CSharp):

1. public class RandomName : MonoBehaviour
2. {
3.  
4.     private int wkjhefccoweybmrty_euefhjwef = 0;
5. }
6.  
7. class StoreTheData
8. {
9.     private int private_wkjhefccoweybmrty_euefhjwef;
10. }

3) For each minute the client uses the product, increase the count.

3A) If they reached the "max time" allowed then just place a canvas that is set to raycast target so it blocks everything, serialize the data and tell them they have used all of their time.

3B) If they close the application before using all of their alloted time, serialize the data then when they load it next time - deserialize the data, check if they have time left, and then go from there.

This would effectively give you a way to offer a "1/2/5/6 hour trial" and then render the application unusable *

* again... unless they have someone who is literally going to have to pawn through memory captures to figure out the contents of the binary, and if they had someone willing to do that I assume they would just build their own system.

if you need a tutorial on how to serialize/deserialize data to/from a binary file:

https://learn.unity.com/tutorial/persistence-saving-and-loading-data

(Checkout the 2nd half of the video).

 

Send the full project to me and I will estimate if it is worth any "Anti-Abuse System".
Also for the record. Who is your client ?

 

This is very BOLD.

 

Is it in the contract that the client will be receiving time limited demos? Because if I were a client I wouldn't be very happy receiving demos that were time limited if it wasn't already agreed upon that they would be that way because it's very likely I would want to trial the demo with my company for longer than a guessed time limit.

A far better solution in my opinion would be to watermark the software and/or include a message dialog that pops up stating that this is a demo and that it was developed by a certain party for a certain party. This way if they tried to sell it for any reason it would be very obvious to the person buying that it wasn't legal to do so yet.

 

No, there is no contract. OP is seemingly unable to leverage the protection of an actual signed contract in order to safeguard their work, so I offered a solution to their problem of needing to provide a live build that the client can't just keep and say "thanks but we're not going to pay you".

If they were using a contract then it would sort of negate any fears they might have about not getting paid because a contract would (presumably) dictate it's either a yearly license or one-time purchase which would be enforceable.

I think OPs main concern is not getting paid for the product rather than it being resold and their client might potentially be ok with not paying for the product in return for having to look at a watermark (since there is no enforceable contract).

 

If you want to have a DRM it would make sense to invest into something that is battle-tested instead of trying to implement a basic DRM yourself.

That's because unity projects are very easy to alter to the point where you can extract source code and modify game logic in matter of seconds. Disabling this kind of safety check. It is on script kiddie level.

 

Well, no, because a contract is only worth what you can either trust or enforce. If I were an unscrupulous sort I could easily ignore the terms of a contract with an overseas provider with little fear of consequence. This is doubly true for small items of work, because the cost of enforcing a contract is likely to be more than you'd get out of winning the fight.

True, but this works both ways. If there's no agreement about exactly what the demo entails then they can't exactly complain that you didn't do what you agreed, either.

Someone mentioned a watermark, which is actually a great idea for multiple reasons. The ownership status is just one of a few things it could be communicating, which could include handy stuff like the exact version and the build date - incredibly useful for any bug reports and/or support requests your client may make. Also useful is an ever present reminder that it's not ready for production use yet.

Code (csharp):

1. "Ricardo Coelho - Development build - v0.1.3 - 4/11/20 - for testing purposes only"

Of course, that'll still only make a difference to a client who cares about such things.

 

Well yeah but I was just providing a basic solution for OP... I doubt they are going to go enterprise-level and implement something like Babel Obfuscator in order to transform assemblies. Maybe OP does require something more robust than binary files.

That's true. Doesn't even guarantee payment when you have a contract with a company in the same country but at least it's better than nothing at all and you could at least write it off as an accounting loss and maybe get it back via paying less corporation tax.

 

I'm loving the discussion here guys!
So far I'm more convinced towards the watter mark (either a full screen one or a small one on a corner) or an annoying popup every minute. Will take a look @Havyx sugestion as well, but I'm not convinced on it.

 

Popup will be too annoying to the point where people just might decide to discard the project.

You can, however embed watermark into scene materials/sprites in the demo or even into geometry. Something that is not too annoying (just stamp "demo version" everywhere). This will not be trivially easy to fix even if they extract the project.

 

Popup solution can be easily implemented, with none invasive manner.
Basically after time elapsed, lets say one hour, popups shows and informs users, "this is a DEMO".
You can define, how long need to take, before user can click to disable demo.
Then timer is reset and start counting again.

If there are any saving settings, you can define, that settings are not saved in DEMO version.
So in case of restart app, all will be reset to default.

It really depending on application use. Also, whether cost / gain is worth it, to spend much time on such features / obstructions.

 

Since my target clients aren't that technologically litterate, I'm not too worried about reverseengeneering my code.
Maybe a popup that allows the first 5min of usage unimpeded and then becomes super anoying comming up every minute or so.
Maybe instead of naming it a demo in the popup, disclose it is an unpaid/unlicenced product? Could this be too much?

EDIT: Added a small description of the application I am trying to build in the first post.

 

See this is simple to resolve.
You tell them demo contains some examples, and 1 or 2 of their products, to prove you can deliver.

That's demo.
If client want full version, with their items, she/he need to pay full price.
Since they know how it works, quick video with their items would be sufficient.

Done.

 

I'd probably place a semi transparent image on top of the output which basically creates a watermark saying "DEMO VERSION" across the whole thing.

 

Contracts are worthless for enforcement in the small time freelancing world. (And often in the big time project world too). Often the cost of taking the client to court runs more than the entire project. And that is before you start dealing with international clients, where there simply isn't a court to enforce the contract. If either party chooses not to meet their contract terms, then its game over.

Where contracts are useful is for setting out who does what, when things are to be done by, who owns bits of the project, general expectations and so on. For example in games its often useful to spell out who owns the IP. In regular software liability is often important. And so on.

But just having a contract doesn't mean one party will magically do all the work, and the other party will magically pay them.

 

I agree 100% @Kiwasi . In my case, having a contract would serve more as a deterrent to prevent bad behaviour than an assurance of pay, because I would never take the case to court as the expenses would easily outweight the gains.
Popups and watermarks seems to be where its at for my problem.

 

That's not my reading of @Kiwasi's post. My interpretation is that it's about communicating and setting expectations, and I agree with that completely.

A clear contract is a useful thing even when both parties are acting in good faith.

 

My main point wasn't that a contract is a good idea because it is enforceable - rather that it provides some amount of protection insofar as you may be able to write-off the bad debt and therefore reduce the amount of corporation tax which would go some way to compensate you for the work/time.

If you have a £5,000 contract and you never got paid then at least there is the possibility to write it off (or use a debt collection agency if you are in the same country) and subsequently reduce your corporation tax by £5,000 - essentially recovering your money.

Additionally, it would be much easier to put a lien against the debtor if you have a contract. Also, if the company in question has any unpaid share capital than the shareholder would have to pay the sum to the amount of the unpaid capital.

Contract is £5,000 with Company B. Company B refuses to pay.
Company B sold 1000 shares to an investor 5 months ago as unpaid share capital for £5/share.

This would mean that you could recover your funds through paid-up share capital as this is a personal obligation of the shareholder to pay unpaid shares.

You could also object to the company closing down if they still owe you money (although depending on where you sit in the creditor line it might not be worth it).

Again, I'm not saying having a contract is air-tight but it certainly provides more legal protection with regards to asset recovery.

This only really applies to the UK as I don't know how other countries work in detail.

I think, where possible, having a contract (even if you don't plan on enforcing it or taking the company to court) is a positive thing because, as mentioned earlier:

 

This is INCREDIBLY country-specific.

 

Its the case in UK, US, Canada and a lot of the EU, so I would say its not that specific

 

Contracts are quite helpful even in freelance world when you are paid for milestones.

 

I did state "This only really applies to the UK as I don't know how other countries work in detail."

However, I find it hard to believe that there is any country (outside of the 3rd world) that does not have some sort of system in place for writing off bad debts. A friend of mine has a friend who lives in Djibouti and runs a business importing heavy machinery and even they can write-off bad debt.

So if a tiny country in Africa allows businesses to do this I don't see why it wouldn't be standard practice in most countries.

A business needs to be able to write-off expenses and if they can write off expenses I don't see why you can't write off bad debt.

Imagine some hard-working guy in Nigeria who started a business importing salt from Russia at £4,000 per Kilo (I have no idea how much salt is worth) but his latest shipment doesn't arrive. The company in Russia claims the goods were lost in transit and they will not replace them.

This guy is now down $4,000 and doesn't have their product. Not allowing them to reduce their corporation tax would be a recipe for disaster. This means the Nigerian government has a vested interest in keeping their business alive and presumably offers some remedy for applying tax relief to the business owner who just lost £4,000.

 

Virtually all of this can be done with a simple invoice/purchase order/email chain.

A contract is for spelling out the details in a complex transaction. It doesn't provide any special protection from dodgy business partners.

 

A lot of what is discussed in this thread would cost more in lawyer fees than you could expect to recover. Allowed to do something, and a smart financial move to do that thing aren't both true often times.