Product Protection
Afar provides Afar Shield, a tool that allows you to shield and protect your products against leaking and unauthorized copying. This guide will go over how to use Afar Shield to protect your products.
For the step-by-step tutorial on how to shield your products with Afar Shield, please refer to the Afar Shield Tutorial.
The Problem of Leaking
When you sell a product on the Afar platform, the client who purchases it will receive the product file as part of the transaction. If the product file is not protected with a whitelist (something that verifies the person using the product owns the product), the client can easily share the product file with others, allowing all of them to use the product without purchasing it. This practice is a form of piracy known as leaking, and it can be a big problem for sellers, since it can lead to lost sales and revenue.
The Problem of No Obfuscation
Assume you have a method in your product that verifies that those who use the product own it, but that code is written in plain, unobfuscated code. In such a case, a leaker can easily find the code, remove it, and allow the product to work without that verification, thereby accomplishing nothing. This means in order to ensure your product is protected against unauthorized copying, you need to both implement a whitelist for the product and hide the code that performs the whitelist verification via obfuscation.
The Big Problem with Current Solutions
In the past, many providers such as myPod, Parcel, Vendr, and Vault have provided whitelist APIs you can use with your code to verify the ownership of the product. This is a good first step to protecting your product, but as mentioned before, if the code is not obfuscated, leakers can easily find and remove the whitelist verification, rendering it useless. Some of the mentioned providers have also provided obfuscation tools, but there is still one more major security flaw:
The whitelist can easily be bypassed in less than 20 lines of code.
This means that if you simply put a special set of 20 lines of code in any obfuscated script using the whitelist APIs these providers have given you, leakers can easily bypass the whitelist and allow the product to work without verification, which completely defeats the purpose of having a whitelist in the first place.
How Afar Shield is Different
Afar Shield is immune from the current security flaw that other providers' whitelist APIs have. Although we won't go into the technical details of how Afar Shield works, we can say that it is designed in a way that makes it impossible to bypass the whitelist verification with the current exploitation methods used.
Here's a quick overview of the protections Afar Shield provides:
| Provider | Whitelist API | Obfuscation | Environment | Module Bypass | 20 Line Bypass |
|---|---|---|---|---|---|
| Afar Shield | ✅ (Automatic) | ✅ (Automatic) | ✅ Server and Local | Currently Immune | Currently Immune |
| myPod | ✅ | ✖️ | 🟡 Server-Only | 🔴 Yes | 🔴 Yes |
| Parcel | ✅ | 🟡 Paid-plan only | 🟡 Server-Only | 🟢 Mitigation In-Place | 🔴 Yes |
| Vendr | ✅ (Automatic) | 🟡 Paid-plan only | 🟡 Server-Only | 🟢 Mitigation In-Place | 🔴 Yes |
| Vault | ✅ | 🟡 5/day for free | 🟡 Server-Only | 🟢 Mitigation In-Place | 🔴 Yes |
| ClearlyDev | ✖️ | ✖️ | ✖️ | ✖️ | ✖️ |
Do I have to pay to use Afar Shield?
The price will always be free for all sellers on the Afar platform. If you can sell products on the Afar platform, you can use a basic version of Afar Shield to protect those products, at no additional cost.
We believe it is morally wrong to deny or charge sellers for the most important part of protecting their products. We will always provide a basic version to all sellers for free.