You can't pirate a web app

…or can you?

Since the dawn of consumer computing, people have pirated applications. Why should web apps be any different?

Ripping off website designs or application concepts is nothing new. Though usually maintaining such a rip-off is costly and requires a significant effort to maintain. Not to mention one is always playing cat and mouse.

I’ve noticed recently the trend towards fat clients. This is where the application is written using an MVC javascript framework (Backbone, Sproutcore, Cappuccino, etc…) and the application simply uses a JSON API on the server and renders all the views on the client.

A great deal of logic and assets are stored on the client. The server is merely used as a lightweight data storage and control system.

So if you can write a replacement server, it’s trivial to “pirate” a web service.

An example

Let’s take QuietWrite for example. A rather nice web-based text editor developed by James Yu.

If we simply save the page to disk, most of the core functionality already works!

pir-start

Of course, editing text is not very useful – we need to save it too.

pir-fin

To sum it up, within an hour I was able to replicate the backend enough so that I could save documents.

After finishing the working implementation, I was surprised to find out that James supplies the source code to an example app CloudEdit which has a similar API to QuietWrite.

I needn’t have written all that code!

Given how easy it is to deploy an app nowadays you could potentially rip off an application, stick your own ads on it, and get it running all within a day. You can even get free updates for the front-end straight from the original developer.

Provided this fat client trend continues, I wonder how long it will be till we start seeing “CD Keys”, SecuROM, and other elaborate anti-piracy solutions in web applications.