Yes, if they are sensible it is built into their cost model in the same way that a physical store will build in for shoplifters and credit card fraud. As with all crimes, it is the honest people that end up paying for it. Normally by using a call back - the software will periodically send a message back to the developers and they check that everything is as it should be, if it isnt then there is normally a "kill" command sent back to disable it (often after warnings etc). The code however can be rewritten to remove these and so the protection is gone. Others try to do an almost "thin client" type setup where some key process to the software is done on the developers server and the validation occurs during this - it cannot be removed as the software then doesnt work (or at least this function doesnt) but then the developers must have much more powerful servers as they are having to do processing for every user of every website running its software which may be cost prohibitive and a hacker could always still change the program and write their own module to do what the dev server does but this is somewhat risky as the devs could always change the outputs and make it incompatible.