I guess it all depends on your definition of unnecessary. Checking to see if a license is legitimate seems like a reasonable thing to do.

Well, that’s the crux of the issue. It’s of no value to legitimate users.

Again, the upside seems to be that unscrupulous unregistered users who are already committed to never updating Sublime would have to perform a trivial workaround in order to continue avoiding a nag dialog. The downside is offending large numbers of actual and potential users. As to whether that offense is justified, I venture no opinion; the fact is, a lot of users are going to have very strong negative opinions. It is a certainty that this measure will keep some users from buying a license, and it’s not obvious that it will cause any pirates to buy one instead.

I have no personal stake in this; on one hand, I’m a registered user, and on the other I’ve already blocked connections to the licensing server. And as I said before, I have no insight into whatever business data has impelled this move. It may be that these concerns are and ought to be overridden by clear evidence that this new measure will help rather than hinder Sublime’s continued success. Either way, I’ve said my piece, you don’t owe me any further explanation, and I don’t mean to start an argument.

I would say it’s of no negative value to legitimate users.

It is normal, expected, and the poster got ‘angry’ for what is basically a non-issue.

May be, change it to check once a week, so paranoid people can worry about some other company.

I thought it was every 10 seconds then I went to check, but now I see it is only once 10 seconds after Sublime Text to start.

@gerry, are you angry about the check being in HTTP instead of HTTPS?

If I understand correctly, anyone intercepting you connection can steal your Sublime Text license. I wonder what kind of licence theft trouble this has already done with Linux users.

Now knowing this, I would not put (or perhaps think twice before put) my licence on a Linux machine. Hopefully I never had done it. Ironically while on Linux machines, I already had been using the latest stable version available for testing without my license.

No, we hash the license signature before transmitting.

Mmm, two questions, then:

• what happens if working in an environment with no internet access?
• what about privacy (i.e., what happens with the collected data, things like that)?

Sublime Text will work exactly the same with or without an internet connection.

Jon Skinner and myself are the only people with access to the server, and the information is only used to see if a license has been revoked between when the build was released the current date/time.

Ok, thanks.

It’s a privacy issue. It only being HTTP just exacerbates the issue.

I think for it to be dismissed by people as a non-issue is complete nonsense.

I’m not particularly upset about this feature, I’m just kind of confused that it exists. My gut says that the Venn diagram between “users who are interested in using Sublime’s development builds but can’t/won’t purchase a license key of their own” and “users who know how to edit a HOSTS file and block a domain” is roughly a circle. This “call home” doesn’t get in the way of legitimate users, which I appreciate, but I’d be impressed if it had any significant impact on the piracy rate of the software.

[quote=“botoggle, post:14, topic:33474”]I’d be impressed if it had any significant impact on the piracy rate of the software.
[/quote]

Well, it is like a lock on your house. A knob lock, or even basic deadbolt isn’t going to stop someone determined to get into your house, but helps “keep honest people honest.” A combination of various mechanisms makes it less trivial to pirate, and pushes users towards being a customer.

I don’t really like this. For one, as gerry rightly states, it is a privacy issue. Whoever is able to look at this data is irrelevant, it matters that someone is. But also, introducing DRM is a statement. It speaks loud and clear, and what is sais is “I don’t trust my paying customers”.

Almost ALL of the software on your machine is making some sort of contact with it’s parent company to check for licenses and updates.

Why not just build some fast read-only set of compromised/revoked license hashes into the .exe itself and check it only on upgrade (once, then remember the key is OK). This is what some software does, it does not require phoning back home, and it is IMHO enough.

Anyway, if you want to do right super-tight, you’d need to enforce DRM (Internet connection) otherwise this license check makes no sense, because one can always block license.sublimehq.com on firewall, or redirect to some bogus local server, and ST will run with revoked key.

Phoning back home to check the license every time app starts is pretty bad, I often open/close it several times a day etc. this makes me worry about my privacy, since you definitely can identify me with hash of my license.

Or putting this in other words, if you don’t trust me (you check my license), why I should trust you? (you don’t misuse this tracking data)

Hmm I guess I don’t really like this particular feature, sorry. I have a valid license. But I don’t lile software which calls home. (the argument that other software does so as well is void!).
I will simply add license.sublimehq.com to my hosts file and disable the communication and see what happens.
Why did you guys add that feature? for years it was unnecessary. Good thing that gerry saw this.

I described above that it allows us to provide refunds and revoke licenses that have been shared. Basically, it is an extra layer that helps slow down the spread of pirated licenses, especially in regards to unlocking development builds when a user does not possess a legitimate license. We are not tracking users in any way – honestly we have enough to do in developing the product that tracking just wouldn’t make sense.

It’s 10 seconds after start, not every 10 seconds.

Then simply employ offline method for your expired/pirate license checking needs, and everyone will be fine with that.

Please see Sublime Text calling home to license.sublimehq.com on every start?. It addresses the entirety of your comment, and more.

Then consider the following:

1. putting the official (legally binding) statement on the website that no data is collected during the license check

2. reducing number of checks to one per week - that will eventually make tracking not feasible, but will still keep the revoked, pirated keys blacklisting possible

Come on… as developers of a project this size, one would hope you’d realize the utter futility of anti-piracy measures. 1) You implement a licensing system, 2) people figure out a way to bypass it. Repeat ad infinitum for the ultimate zero-sum game. To quote Seven of Nine, “This activity is truly unproductive. The end result has no use. No necessary task has been accomplished. Time has been expended. Nothing more.”

If you’re interested in lowering instances of piracy, your only means of doing so is by improving the value proposition for the (potential) end-user, by either adding/improving functionality to match the price, or lowering the price to match functionality.