license validation

Paul J. shared this question 13 months ago
Discussion Open

I agree with the comments by Marcelo L. on the topic of license validation - which I don't seem to be able to add to. Telling me your management's licensing decision doesn't solve the problem. It is the problem!

I generally use my desktop for work, but occasionally use my laptop for work away from home. I prefer not to connect my laptop to a guest/open router I cannot trust, potentially exposing it to malware, hacks, etc. Or, I may not have a network connection available. In either case, your 30-day timer is effectively a 30-day license. On the one hand your perpetual license is technically fraud because of the timer and on the other hand you are forcing people to expose themselves to unwarranted cybersecurity risks. Hmmm, Imagine DHS investigating your software as a gateway for cyber security risks... civil lawsuits, etc. I don't think that whomever, established this 30-day timer policy thoroughly explored the risks of this decision. No other application on my computer has ever operated this way. If you folks can't find a way to solve this issue, it might be time for me to see what else is available. I shouldn't have to keep track of when the last time I used this app was! I shouldn't have to expose my computer to insecure network connections to reset my license timer. I have used MM for probably 20 years without this kind of handcuffs, and I love the product. As Marcelo said, this is ridiculous.

Replies (8)

photo
1

Hi Paul,

Thanks for the feedback. Our license system is part of our cloud infrastructure for which we have SOC 2 certification. Connecting to our servers once per 30 days to validate your license is a secure process.

The primary reason for we require checks every 30 days is to prevent scenarios where malicious user 1 uses a perpetual license key to assign the license to their account, then go offline forever which allows them to pass the license key to user 2 who can then move the perpetual key to their account, then user 2 goes offline forever and passes the key to user 3, and so on.

We are open to suggestions here, but any solution would need to still prevent unlawful use of perpetual licenses.

photo
1

Hi Sia.

SOC-2 doesn't do anything for me at the (open) router level (think hotel, airport, starbucks).  Your policy forces me to potentially use open routers that expose my PC to hacker scumbags. Hundreds of vendors like MM are able to protect their licenses without the methodology MM is using. If nothing else, one obvious solution is to tie the license to the computer ID. Maybe the issue is between individual users and cloud services. Even here, vendors operate in the cloud environment all the time with better solutions than the one MM is implementing.

This isn't a technology limitation. Rather it is the result of an uninformed management.

Paul

photo
1

Hi Paul,

I agree with your comments, and this issue has been raised by me and others many times - for example, see:

https://community.mindmanager.com/topic/1436-provide-a-genuine-perpetual-version-of-mm-ensure-that-subscribers-always-have-access-to-validation

https://community.mindmanager.com/topic/1428-is-winelse-mm2021-and-beyond-need-internet-connection-once-per-month-how-can-air-gapped-pc-use

In response to the call for suggestions I will reiterate a simple compromise solution - extend the licence window from 30 to 90 days. This leads me to a question - if Microsoft can adopt a 90-licence period, why can't MindManager?

https://learn.microsoft.com/en-us/azure/active-directory/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime

photo
1

Hi Alex.

I didn't realize MM20 didn't do this sort of monitoring. I will have to verify this. MM20 is perfectly fine for my needs. I'll have to go back and see if I have all the installation parts to install MM20 and remove MM22. This would be another solution. Another, is to purchase ConceptDraw which uses an older version of MM without timers. Another, is to file a class action suit against the company for creating cybersecurity vulnerabilities. 

It might be informative to note that the same company, Corel, has recently instituted an upgrade policy for their CorelDraw product line whereby you must have a subscription license with them, and if the subscription is not continued you can't access the work you did with that and previous licenses. In my case, I have locked down the last perpetual license and won't be purchasing this product from them anymore. Another solution is to petition the board of directors to remove the current CEO from their position. Clearly, there is something rotten going on in this company. This might be a "heads-up" to sell your stock in this company if you had some.

To put a final edge on the conversation with an analogy - imagine owning a car that had to have a computer chip reset in it every 30 days or the car wouldn't start. Are you arguing that a compromise would be to have it reset every 90 days? By the way, it is rumored that Tesla is already headed in this direction in the form of software performance upgrades.

photo
1

Hi Paul, as I said, the 90-day option is a compromise solution, one that could be easily implemented by MindManager. It's not perfect but it's also the approach that Microsoft uses with Office, and plenty of people seem to be able to live with that.

photo
1

Be aware that MindManager 2020 is not supported on Windows 11. The orphaning of applications by Windows is an inevitable process. You would need to decline the endless nagging to upgrade Windows 10 to 11.

photo
1

While MM20 isn't officially supported on Windows 11, it may still work depending on your computer and Windows installation, and I suspect a fair degree of luck. However, it can be buggy and some specific features may not work.

My wife runs MM20 on her desktop and laptop, both of which have Windows 11 - but it is a lot more buggy on the desktop which is only a few months old and came new with Win 11. It seems to run more smoothly on her much older laptop which was upgraded from Win 10 to 11. It may be that MM20 is slightly more compatible with Win 11 upgrades than original installs.

photo
1

Hi Nick.

Thanks for your reminder.

I can't remember when I let MS migrate my desktop to Win 11.

I bought a new desktop backup PC, installed Win 10 on it, and turned off the TPM security chip via BIOS that MS uses to harass you into migrating to Win 11 (TPM chip required by Win 11).

So I could run MM20 on this machine.

I agree with you about the orphaning process.

photo
1

Hi Alex.

I agree with you that 90 days is better than 30.

But many people will still get jammed at 90 days as well.

There are many "standard" techniques used to enforce licenses that don't subject their customers to the issues raised.

Unfortunately, Corel holds all the "cards".

So if I want to use their products, I have to either play their game or find another vendor.

Based on Corel's behavior, I take it as a warning to start looking for an alternative, e.g., LucidChart, ConceptDraw. Neither are as advanced as MM22 so the selection criteria becomes "good enough" :-)

photo
1

I broadly agree with your concerns, but I'm curious. Given your views, have you stopped using Microsoft Office products which also have a 90-day validation window?

photo
1

Hi Alex.

The short answer is no.

This may be in part because I have a 5 user license.

Between my wife and I, we use the Word portion of Office 365 almost daily and the other apps once a quarter, or so. I am the sole user of MM22.

---