Information about PingPlotter server-side registration code validation
Starting with version 2.30, PingPlotter registration keys are validated on the PingPlotter servers (http://www.pingplotter.com).
Why is this happening?
Although we really didn't want to have to do this (it took a considerable amount of time to implement), it was a measure made necessary by some of the hacking community (a key generator was released). The upside is that the implementation is pretty non-intrusive for real registered users, but there may be some concerns about privacy. This document is a brief overview of how this works.
The server side validation code was designed specifically to stop keygens from working - both the current version, and other versions in the future. It was *NOT* designed to cause problems from people that want to use it on multiple PCs personally (in fact, the PingPlotter single user license specifically allows installation on multiple PCs). It was not designed to help companies monitor their license count usage. It was designed to make the use of unpurchased registration keys more difficult (hopefully, just difficult enough that people will feel it's worth $39.99 to register!).
What information is sent to the PingPlotter servers?
When you enter your registration code into PingPlotter, the following information is sent:
- Your user name (as you entered it in PingPlotter)
- Your registration code
- The current version of PingPlotter
- A hash describing the machine you're currently running on.
What machine specific information does PingPlotter send?
Of interest to some is the machine specific hash that will be sent. This is an MD5 hash of your machine information, including information about your hard drive (the serial number), your CPU, your bios, and your Windows install. This information is "hashed" before it is sent. This hash (MD5) is specifically designed so that the information that went into making the hash can't be determined from the hash (ie : there is no way the PingPlotter servers can find out any information about your machine from the hash).
OK, why is this information being sent?
The PingPlotter server responds with a "validation key" which is stored locally. Each time PingPlotter is run, the machine specific hash from the validation key is compared with your machine. If this changes, PingPlotter will go back up to the server automatically to refresh this key.
This process is completely transparent for you, the registered user - you need do NOTHING except enter your registration key - even if you buy a new computer, reformat your hard drive, or any other similar activity.
The reason we use the machine information (MD5) is so that if PingPlotter has already validated against the server, it doesn't have to go back up to the server again each time you run it. This means we're not tracking your usage habits - because we only need to validate your key when you initially enter it or when your machine information changes.
What if I'm not happy with this arrangement?
If you've purchased PingPlotter and don't agree with server side validation, please contact firstname.lastname@example.org to discuss alternatives, or if you have questions about this process.
Note: If you're running PingPlotter on a PC or network without internet access, PingPlotter will continue to work. This is also the case in the unlikely event of Pingplotter.com not responding, or being shut down for some reason. This validation scheme is meant to foil key generators, not to inconvenience registered users. There should be no situation where a valid registered user is unable to run PingPlotter because of the new validation logic.
Thanks for your understanding and support!