March 2011
« Feb   Apr »

Shooting down paywalls

Now there’s a wall between us, somethin’ there’s been lost
I took too much for granted, got my signals crossed
Just to think that it all began on a long-forgotten morn
“Come in,” she said, “I’ll give you shelter from the storm

The State of Paywalls

Another high profile publication is putting up walls. The New York  Times is planning on charging again. Their paywall is up in Canada, and will be up globally by the end of the month. And it looks to be one of the least secure implementations yet. They seem to have done everything on the client. So, first, the content is always actually on the page. They just pop an obscuring <div> on top of it so that you can’t see the content, and stop the browser scrolling. This guy has already written a 3-line script for dodging it which I’ll reproduce in full:

//Prototype is already installed on NYTimes pages, so I'll use that:
$(document.body).setStyle( { overflow:'scroll' } );

So one way for non-techies go get around the paywall is to use something like the above in a Greasemonkey or similar script. Or, if you want to be more dramatic about it, you could even use this spaceship to shoot away the offending HTML elements. It’s cool as you can shoot the paywall and the ads together.

Using an HTML element destroying spaceship to tear down a paywall

The New York Times also have a 20 free articles per month thing going. Again, implemented client side using a cookie. Delete your cookies from the site, and it is all yours. Getting around this paywall is so easy that it looks like they didn’t even try to properly protect the content. And maybe they didn’t.

In fact, there is a strong argument to say that a secure paywall isn’t a good idea. The Times of London have a well implemented, pretty secure paywall, but they are one of the few. The Wall Street Journal, probably the most successful pay wall of the lot, do a simple referer check. If you’re coming from Google, you get access. So if you’ve got the energy, just search for the headline on Google to get your free access. If you’ve got less energy but more skillz, just spoof your referer using Spoofy or something. This also works on the New York Times site.

The Problem

The root of the problem is getting the balance correct between social sharing and decent security, and we all know how users hate (and I mean proper, vitriolic hate) hitting a paywall when clicking on a shared link.

When it comes to the crunch, there are only three models that are possible to securely implement:

  • Option #1: No real security that a monkey couldn’t avoid. This is the NYT, WSJ and many more. But this will stop the vast majority of folk “stealing” the content. The biggest downside is probably the press reaction too the joke of a paywall, as has just happened with the NYT.
  • Option #2: Allow limited access to non-paying users (first click free, 20 free articles per month, or whatever). However, in order to do this securely the user must register first. And although registration is less of a barrier than asking for a credit card, it’ll still scare people off in droves. And if registration is too easy without a valid email address check, you’ll get a whole load of Donald Duck’s registering. Off the top of my head I can’t think of anyone doing this at the moment.
  • Option #3: The Full Monty. All users have to pay to see any protected content. The Times of London are doing this. I really don’t like this option for most people as new readers will be hard to come by. You might do well from existing loyal fans, but in the long term I can’t see it working. Sharing is caring and all that.

The Solution

Fucked if I know.

With all of the above models, not all of the content needs to be protected. The Times of London protects everything. As does the pr0n industry. Others only protect parts of their site. Some protect content until it is a bit stale (a week, or maybe an hour in financial services). I quite like The Daily’s model. They simply don’t bother to try to protect the stuff on the web site. I don’t think they’re even bothered by the sites popping up allegedly circumventing the paywall. You pay for the iPad app and hopefully that offers such a lovely experience that it is worth it.

My view is you probably want the paywall to leak, so superficial security is probably best. You certainly want people posting links to your content on FaceBook, Twitter and the rest.  The people that try to “hack” it probably wouldn’t have paid anyway, so you’ve got some nice differential pricing going there already. Especially if you’re getting ad revenue too. Maybe show a lot more ads to the non-registered users.

Of course, if it is easy enough for my deceased grandmother to bypass, you’ve got problems. No-one will pay, and you’ll piss off the people that already have. But if you lose 3% or something, it doesn’t sound like the end of the world. Comparable to shoplifting in retail.

Now this clearly doesn’t work for single, high value assets (books, movies, music) where people will go to a lot of effort to get their grubby little hands on a single item of content. But for newspapers and magazines, it is probably time for most publishers to choose Option #1, give up on 100% security, hope that legitimate experience is a whole lot better than the cheating experience and accept that there are some people that won’t pay for anything.

Or a better solution

Wait! Before we give up, I think Option #2 is the long term solution. No-one seems to do it at the moment because the registration barrier is big and people won’t even register to see content shared with them. But what if they were registered already? If a publisher could throw their proprietary registration system out the window and allow access through Google, FaceBook or TheNextBigThing, they would be laughing. Then they could provide proper, secure metered access/first click free/X free per month and lots lots more without scaring users off. And, of course, when they can do their one-click payment through the above things get even better, but that’s another topic.

Secure paywalls aren’t that hard, and these leaky things offend my sensibilities. I’m not aware of any publishers doing this properly at the moment. Or are they? Let me know. Over and out.


  • Facebook
  • Google Bookmarks
  • Digg
  • LinkedIn
  • StumbleUpon
  • Technorati

4,799 comments to Shooting down paywalls