34

If a user download commercial software through the official, corresponding website, but use a product key which you did not legitimately purchase (e.g. websites that offer a list of product keys for free), does that harm anything other than the company who made the piece of software?

I was wondering if the person who generated those product keys can see which user(s) have used that key and are able to harm them in any way.

Kerim Oguzcan Yenidunya
  • 456
  • 2
  • 9
Ben
  • 343
  • 1
  • 3
  • 4
  • 2
    Exactly *how* does one go about getting these product keys? Its sone thing for you to get the string `AAAA-1234-BBBB-5678` and enter that into the license page. It is *quite* another to download some software that prints out the product key. –  Mar 29 '15 at 00:53
  • @MichaelT You've never heard of a key generator? – Loren Pechtel Mar 29 '15 at 21:44
  • 8
    @LorenPechtel Indeed I have. And I was hoping that Ben would clarify if he means "finding the string `AA...` online, or downloading some a key generator. The two options have *very* different risks on a given machine. I bring this up because there is a fair bit in the comments on the answers that the OP may not be aware of. It would be helpful if Ben would clarify the means of obtaining the keys. –  Mar 29 '15 at 21:49
  • You question is unclear. Are you asking about the risks of installing a trojan when running a key generator or cracking software? Or are you asking if the software developer can determine whether you are using cracked software or a generated key? – iyrin Mar 29 '15 at 23:53

11 Answers11

42

In short: yes. Any software can harm you.

Legally: If the authors of the software find you are using illicit copies of their software, they are at liberty to file a civil copyright infringement claim against you. Software commonly "phones home", even in the form of checking for new updates. They may not go after you if you're a poor individual, but they love taking businesses to court, even if it bankrupts a small business.

Technically: Some authors have even put in attack code that runs if you use their software with a well-known pirated product key. This might be funny (for example, the game Crysis gives pirates a gun that shoots chickens instead of bullets) or it might be serious, like deleting all your personal files.

Morally: The software authors trust you to buy their software legally; you abuse that trust. You trust them to leave your computer unharmed when they find you using an illicit key. What if they abuse that trust? If they delete your entire hard drive when their software recognises an illicit key (regardless of phoning home -- software can have an embedded list of known pirated keys), what are you going to do about it?

Ultimately, your piracy might drive the authors to other means of making money, such as selling your personal information, which harms everybody, including licit users.

Personally, I would recommend you find free software that allows you to achieve the same aim, instead of using cracked proprietary software. Instead of cracked Windows, use Ubuntu. Instead of cracked Photoshop, use GIMP. Instead of cracked Word, use LibreOffice. Instead of cracked Maya, use Blender.

Stuart Caie
  • 1,497
  • 1
  • 9
  • 7
  • Copyright only affects distribution. When a software is distributed illegally, only the one who distributes the illegal copy is breaking the law. The consumer is not. – Philipp Mar 27 '15 at 11:34
  • 16
    That's not generally correct. Please check the local laws affecting you. Copying and distribution are two separate acts, and both require licensing from the copyright holder. Many countries consider using an illicit product key to be copyright infringement. Some consider installing the software itself to the point at which a unlicensed copy is made. Often the terms and conditions you agree to while installing the software open you up to further liability. – Stuart Caie Mar 27 '15 at 14:12
  • 2
    Arguably related real-world example, though it involves a false positive rather than an actual pirated key: http://blog.dilbert.com/post/105476872276/boring-little-story-about-my-windows-computer – Harry Johnston Mar 27 '15 at 23:43
  • @Philipp - Copyright affects all copying, not only distribution, and the camel's nose which brought all software under copyright law was the minor detail that, in order to run a program, the computer must _copy_ the software from storage into active memory. Running software without a valid license, is, therefore, potentially a violation of copyright law, depending on your local copyright laws. – Dave Sherohman Mar 30 '15 at 09:37
  • I like your answer, but I disagree regarding the part that software authors can harm you. Although technically possible, and there are probably even a few real life examples, they would actually be breaking some laws themselfs. If you can prove that they either stole your personal information or that the disk was completly erased, these people would be in real trouble. It's not that difficult to discover this and, of course, the higher profile the software has the worst it becomes for them legally and in reputation. – nsn Apr 02 '15 at 10:04
  • it is illegal to booby trap your code to destroy information outside of illegally obtained information (the pirated software) it would be a lawsuit waiting to happen. – Malachi Apr 28 '15 at 18:33
  • There are company nowadays that they sell your data even if you buy there product. The problem is that we are not in control of that. No one knows. So cracked or not they stil can share your information. –  Mar 01 '19 at 12:55
29

I'm not an expert in the matter, but if you have a legitimate copy of the software in question and not a "cracked" copy then the main concern for you would be that the company that created the software would know that the key you used is not yours (you're the 300th person to use it). From there they could either prevent the software from working or attempt to take legal action. I've never heard of someone that I know of having legal action taken against them. If you're using a product key as a kind of "trial" mode then you're probably just fine; although, I obviously don't suggest outright pirating the software.

If you're using a cracked copy that includes a product key or is "pre-activated" you are at the mercy of whoever cracked it and I wouldn't trust that at all.

o0'.
  • 736
  • 1
  • 8
  • 13
GingerBeard
  • 627
  • 1
  • 5
  • 13
  • 3
    Unless you cracked it yourself of course ;) – Theolodis Mar 27 '15 at 10:58
  • 4
    Couldn't the owner of the software, upon detecting that a cracked key was used, also "accidentally" open up security holes or delete your hardrive? – StrongBad Mar 27 '15 at 12:31
  • 20
    @StrongBad That's assuming you can reliably detect that a cracked key was used.. delete even a single legitimate user's hard drive by error and your product is finished. Seems like a pretty big risk for very little gain. – Thomas Mar 27 '15 at 12:40
  • 13
    @Thomas actually, even deleting files from a non-legitimate user will likely bring you hell and infamy. – o0'. Mar 27 '15 at 14:22
  • 1
    @Theolodis: You're still at the crackers mercy then. Only you might trust him :-) – Bergi Mar 28 '15 at 15:02
  • 2
    Imagine if Microsoft just deleted random files from ungenuine(?) copies of Windows. What kind of backlash would happen there? – Cole Tobin Mar 28 '15 at 23:37
  • This reminds of of Windows XP, where 90% of the users had the [same key](http://en.wikipedia.org/wiki/Volume_license_key#Notable_keys). That key stopped working with the first service pack. –  Mar 29 '15 at 03:02
17

One thing that has not been mentioned in the other answers: although using an illicit key might or might not be harmless, it usually correlates with malware infections - the key-generator, the key distribution website etc. are likely to contain trojans or other malware targetted at the less-savvy users.

Piskvor left the building
  • 1,644
  • 15
  • 14
16

No.

Only the manufacturer of the software can know what key you have used and only if the software "calls home" for (re-)activation. Using a non-original key (for example, one provided by a key generator) will not give anyone back-door access to your computer/program.

Mast
  • 444
  • 6
  • 14
  • 17
    How can you be so sure about that? Even in times before calling home, there were programs (I think I remember at least one case of a popular computer game) where the functionality of a cracked version (including known leaked keys for some future path version) would change the program's behavior (such as the game missing some necessary details to get past level 2). Weren't there windows versions that refused to install (security) updates when they thought the installation wasn't legitimate? – Christopher Creutzig Mar 27 '15 at 14:09
  • 75
    Whoah! Careful there! While using a key from a keygen isn't likely to give anyone back-door access to your computer, *downloading* and *executing* a keygen is quite a popular vector for attack. – Iain Galloway Mar 27 '15 at 14:10
  • 4
    @ChristopherCreutzig: In the cases you describe, the key isn't causing the problem. The problem is caused by a _known defect_ activated by a specific set of circumstances, by _the original developer_. – Williham Totland Mar 27 '15 at 14:31
  • 8
    @WillihamTotland If I use the key, I have the problem. I think that falls under the phrasing of the question, “does that harm anything other than the company who made the piece of software?” At some level, yes, the bits in the key are not the instructions the processor executes, those have been programmed separately. I'm not sure how useful that distinction is in practice, though. – Christopher Creutzig Mar 27 '15 at 14:35
  • @ChristopherCreutzig It's a moral philosophical question, I suppose… – Williham Totland Mar 27 '15 at 14:46
  • 2
    This still does not mean it's okay to use the keygens (obviously) since the keygens could be programmed to access your personal files WHILE giving you keys. Doesn't sound like a good trade-off to risk. – John Odom Mar 27 '15 at 21:19
  • 5
    @IainGalloway Downloading a keygen is a totally different story. It's the key itself which is focus here. – Mast Mar 28 '15 at 10:05
5

A lot of software "calls home" nowadays. So using a cracked key, you may be broadcasting to the software editor that you pirated the product. Whether they sue you or not is their prerogative, but that sure looks like harmful to me.

Bruno Rohée
  • 5,221
  • 28
  • 39
1

This obviously depends on what type of software you are talking about, and what position the persons who cracked it are in.

If the system connects to some central server on a regular basis to verify that the product is legitimate, and that it is unlocked with a legitimate key, then I suppose there is a chance that someone could get compile a list of users using the same key. That again, requires this "someone" to have access to the server the software connects to for verification.

Whether this "someone" is in general likely also to be the person who generated the illegitimate key would be speculation. If anything, I would be more worried about the company behind the product coming after you for using an illegitimate key (though I suppose they would be more likely to just disable it, rendering it useless).

In essence, it boils down to this:

If you are just entering an activation-code into a legitimate piece of software, there is little chance of anything bad happening (unless the software communicates with a central server which just happens to have been hacked).

If on the other hand you use a piece of software that has been changed somehow (e.g., downloaded from somewhere other than the vendor's official site, or cracked using some other automated tool), then you can't really know whether or not your software can be trusted.

Kjartan
  • 999
  • 11
  • 17
1

Your computer would probably be fine, but I wouldn't trust the files it manages. An infamous company, "Yoyogames", decided to have a little fun with people pirating their software. They overwrote the user's images with skulls and crossbones.

The problem, of course, was a false positive destroying legitimate users' work.

Matthew G.
  • 11
  • 1
1

I'm surprised that nobody has mentioned the invincible Red Scorpion in Serious Sam 3 as an example. Pirated versions of the game had this unkillable enemy that would appear and attack the player.

A product key that is found not to belong to you, when it "calls home" to activate, could trigger some unwanted feature in the software.

Red Scorpion in Serious Sam 3 news item

VictorySaber
  • 171
  • 6
0

Maybe

If the key is used to encrypt sensitive data, and that key is reused in multiple locations, then your privacy is at risk.

Consider a serial number for 1Password that encrypts the local database. If that serial number gets out on the net, it's possible that that key can be used to decrypt the corresponding secrets. (1Password doesn't work this way, but it's an analogy )

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
0

Not directly, but I can see 2 indirect ways:

  1. If the software phones home, the company might catch you using a key they know is cracked, and try to track you down and punish you (whether themselves or through legal intermediaries).
  2. If you are using a cracked key, you are probably using cracked software, so you are exposed to risk from that.

A key, by itself, cannot compromise your computer in any way, unless the software is explicitly programmed to act maliciously in response to a cracked key (it's still a question how it will tell which keys are cracked...). The key is just a password for you to prove that you have the right to run the software (ie. that you obtained a license to that program by buying it).

But this is a bit of a moot point because no one just uses a cracked key for no reason - they use it because their software is also cracked (so #2) and even if you have legally obtained software, just putting in a cracked key is not necessarily safe (because of #1).

In the olden days it used to be that programs would simply run a mathematical operation on the key and decide whether they accept it or not (and even earlier, there would literally be a few questions with a secret answer). The exact algorithm would be secret and hard to guess, so you would basically only be able to run the software if the developer generates a correct key for you. Crackers would reverse engineer the algorithm and generate their own keys - it's hard to see how a software could distinguish between keys generated by copyright infringers and keys generated by the developer (in fact, its ability to distinguish this was the algorithm in the first place, and that has already been defeated at this point). Granted, often the crackers then distribute the key generator with a virus in it, so there's that.

After internet became ubiquitous, companies have moved on to just maintaining a list of keys they received payment for, and making software phone home to check. Now "cracked keys" come from someone who works at a company with a volume licensing key, who then leak that key. If the developer catches on, they may revoke that key to render it useless. Since the key was intended to be legitimate (and initially was), it's hard to see how it would harm your computer. But, like I said, if the software phones home, you'd be making yourself conspicuous.

Superbest
  • 1,094
  • 8
  • 20
0

In some circumstances, yes. The software silently downloads an update and the update sees the key is blacklisted--and quits working at an inopportune time. (Say, in front of clients or prospective clients.)

Loren Pechtel
  • 763
  • 4
  • 9