Hello HN,
I was working on a desktop software and wanted to enable purchasing a one time license for usage. I really don't want to collect email / user name / IP address and so on of the customer ( imagine zero server component if possible ), but at the same time don't want the same license to be used on multiple devices (malicious users to exploit this system).
Is there a way to achieve this? Anyone having experience to share in the field ?
Using an API like <a href="https://keygen.sh" rel="nofollow">https://keygen.sh</a>, you are in control of how you “fingerprint” devices, so creating an anonymized fingerprint should be pretty easy using a secure hashing algorithm. You can check out the privacy policy for info on data retention for things such as IPs in log data. Privacy-focused licensing isn’t *super* hard. Activating a ‘new’ device is as simple as deactivating the original device and activating the new device.<p>(Disclaimer: I’m the founder.)
Hardware dongles and license servers (run internally at the client company) are traditional "solutions" for this use-case.<p><a href="https://en.wikipedia.org/wiki/Software_protection_dongle" rel="nofollow">https://en.wikipedia.org/wiki/Software_protection_dongle</a><p><a href="https://en.wikipedia.org/wiki/LM-X_License_Manager" rel="nofollow">https://en.wikipedia.org/wiki/LM-X_License_Manager</a>
No experience here, but I'll bite. Have the application call home for
authorization with an anonymous device fingerprint and a license key
set up during installation. It's not too big of a job for an AWS
Lambda function or similar if you don't want to run a server. Allow
users the option replacing one fingerprint with another when they get
a new machine, and rate limit the fingerprint changes if abuse turns
out to be that much of a problem.