Niemann Journalism Lab
Harvard University / Cambridge, Massachusetts USA
Monday 21 March 2011
That was quick:
Harvard University / Cambridge, Massachusetts USA
Monday 21 March 2011
That was quick:
Four lines of code is all it takes
for The New York Times’ paywall
to come tumbling down
by Joshua Benton
The New York Times paywall is costing the newspaper $40-$50 million to design and construct, Bloomberg has reported.
And it can be defeated through four lines of Javascript.
That fact is both the problem and the opportunity of a leaky paywall. There is no one consistent, workable price for online news content. For the vast majority of people who read a news site, the price they’re willing to pay is zero; for a few, it’s something more. The key question of the Times paywall — and of any paywall, really — is how to maximize the revenue generated from those two extremes and the various gradations in between.
The Times’ approach is to create a relatively high price point — $15 to $35 a month, depending on the package — for those willing to pay. For those who are very casual fly-by readers — those who read fewer than 20 articles a month — the site remains free, and the Times makes money from advertising. And for those in the middle — readers who lack the brand loyalty to want to pay, but nonetheless like to see Times stories pop up in their Twitter feed — the social media “leak” in the paywall will keep letting them in for ads.
That kind of nuance makes for a much more precise instrument than a blunt-force paywall. But it also puts the onus on you to get all that nuance right. Get it wrong and you risk angering readers — or letting would-be paying customers in for free.
The Times paywall doesn’t launch in the United States for another week; the paper has plenty of time to plug this particular Javascript vulnerability, which goes by the name NYTClean, if it wants to. But the real question is: Is this a hole they really want closed? Or is this one of the intentional leaks in the wall?
The parable of NYTClean
In my piece Thursday looking at the paywall — currently only live in Canada — I noted that, when you reach your 20-article limit and try to read more, the contraband article actually loads just fine in your browser — it’s just quickly covered by an overlay obscuring the article and reminding you to pay up:
The full text of the article is still visible in the page source. And as I mentioned in responding to a commenter — and as is evident to anyone who can right-click on a page and choose “Inspect Element” — the overlay is nothing more than a little CSS and Javascript.
Unfortunately for the Times, there are plenty of popular (or popular-among-nerds) tools that tactically remove little bits of CSS and Javascript. There’s Greasemonkey, there’s Stylish — not to mention the ease with which a browser extension in Firefox, Chrome, or Safari can be built to strip out code. As I wrote:
…not to get too far into it (although many bearded people will in the coming days, I can assure you), but yeah, as far as I can tell it’s just a set of divs generated by some javascript. Although I couldn’t quickly find that script in any of the linked .js files, certainly someone nerdier than me will.
So an attempt at a set of Firefox/Chrome/Safari extensions named FreeNYT can’t be too far off. Although I’m sure the Times has already thought of some creative things to counter that too.
Well, consider the first shot in the NYT paywall battle fired. Canadian coder David Hayes has just released NYTClean, a bookmarklet that, in one click, tears down the Times’ paywall.
“Released” is probably even a little strong — it makes it sound like there was an extended development process. All NYTClean does is call four measly lines of Javascript that hide a couple
by Joshua Benton
The New York Times paywall is costing the newspaper $40-$50 million to design and construct, Bloomberg has reported.
And it can be defeated through four lines of Javascript.
That fact is both the problem and the opportunity of a leaky paywall. There is no one consistent, workable price for online news content. For the vast majority of people who read a news site, the price they’re willing to pay is zero; for a few, it’s something more. The key question of the Times paywall — and of any paywall, really — is how to maximize the revenue generated from those two extremes and the various gradations in between.
The Times’ approach is to create a relatively high price point — $15 to $35 a month, depending on the package — for those willing to pay. For those who are very casual fly-by readers — those who read fewer than 20 articles a month — the site remains free, and the Times makes money from advertising. And for those in the middle — readers who lack the brand loyalty to want to pay, but nonetheless like to see Times stories pop up in their Twitter feed — the social media “leak” in the paywall will keep letting them in for ads.
That kind of nuance makes for a much more precise instrument than a blunt-force paywall. But it also puts the onus on you to get all that nuance right. Get it wrong and you risk angering readers — or letting would-be paying customers in for free.
The Times paywall doesn’t launch in the United States for another week; the paper has plenty of time to plug this particular Javascript vulnerability, which goes by the name NYTClean, if it wants to. But the real question is: Is this a hole they really want closed? Or is this one of the intentional leaks in the wall?
The parable of NYTClean
In my piece Thursday looking at the paywall — currently only live in Canada — I noted that, when you reach your 20-article limit and try to read more, the contraband article actually loads just fine in your browser — it’s just quickly covered by an overlay obscuring the article and reminding you to pay up:
The full text of the article is still visible in the page source. And as I mentioned in responding to a commenter — and as is evident to anyone who can right-click on a page and choose “Inspect Element” — the overlay is nothing more than a little CSS and Javascript.
Unfortunately for the Times, there are plenty of popular (or popular-among-nerds) tools that tactically remove little bits of CSS and Javascript. There’s Greasemonkey, there’s Stylish — not to mention the ease with which a browser extension in Firefox, Chrome, or Safari can be built to strip out code. As I wrote:
…not to get too far into it (although many bearded people will in the coming days, I can assure you), but yeah, as far as I can tell it’s just a set of divs generated by some javascript. Although I couldn’t quickly find that script in any of the linked .js files, certainly someone nerdier than me will.
So an attempt at a set of Firefox/Chrome/Safari extensions named FreeNYT can’t be too far off. Although I’m sure the Times has already thought of some creative things to counter that too.
Well, consider the first shot in the NYT paywall battle fired. Canadian coder David Hayes has just released NYTClean, a bookmarklet that, in one click, tears down the Times’ paywall.
“Released” is probably even a little strong — it makes it sound like there was an extended development process. All NYTClean does is call four measly lines of Javascript that hide a couple
s and turn page scrolling back on. It barely even qualifies as a hack. But it allows you access to any New York Times story, even when you’re past the monthly limit. (I just tested it out with a Canadian proxy server — works just like it says.)
(Obligatory note: I think the Times is right to ask regular readers to pay, and I think their paywall is basically well designed. Me, I just became a print subscriber last week, using the Frank Rich Discount. Support your local journalist!)
Leakiness: a bug and a feature
Now, the Times paywall is, to a certain extent, defined by its leakiness. The various holes — external links from social media and search biggest among them — are no accident; they’re the result of some (correct, I say) thinking about hitting the right balance between fly-by and dedicated readers, between those who come in the front door and others who arrive from the side.
But the tradeoff for those holes is that they’re designed to be a pain to use if you’re a dedicated NYT reader. Click an occasional Times link when it comes up in your Twitter stream? No problem. But if you’re the kind of person who goes to nytimes.com every morning and clicks on four or five articles, you’ll quickly find it’s a big pain to go search for a headline in Google or Twitter every time you want to read another David Carr piece. (A similar workaround has existed for Wall Street Journal stories behind its paywall for years, but it’s doubtful anyone other than the most desperate reader has ever used it much.)
This CSS-and-Javascript hole, however, isn’t difficult to use at all. One drag into your bookmark bar, then one click whenever you hit a blocked article.
And yet this workaround is so blindingly obvious to anyone who’s ever worked with code that it’s difficult to imagine it didn’t come up in the paywall planning process. The other major news paywalls — WSJ, FT, The Economist — don’t actually send the entire forbidden article to your browser, then try cover it up with a couple lines of easily reversible code. They just hit you with a message saying, in effect, “Sorry, pay up here” whenever you stray past the free zone.
And that leakiness is actually a defensible choice, I think, on the Times’ part. Imagine a Venn diagram with two circles. One represents all the people on the Internet who might be convinced to pay for nytimes.com. The other represents all the people on the Internet who (a) know how to install a bookmarklet or (b) have read a Cory Doctorow novel. Do you really see a big overlap between the two? If someone is absolutely certain to never pay for the NYT, then it makes sense to squeeze a little extra advertising revenue out of them on the rare occasions when a link sends them to nytimes.com.
The problem with that model, though, is that it assumes inefficiency. It assumes that the happy-to-pay crowd (or the grudgingly-will-pay crowd) never find out about the workarounds — or at least that the workarounds remain complicated enough that they won’t want to bother. One click, though, ain’t all that complicated.
And that nudge-nudge approach to security through obscurity also assumes that the Times will be, at some level, okay with people using workarounds. It’s a tough balance: tolerating them so long as they boost advertising revenue and continue to give people the impression nytimes.com is available to them; breaking them when they prove to be too popular among people who might otherwise pay.
To get an idea what that balance looks like, check out statements from two top Times officials in the past few days. First, Eileen Murphy, NYT vice president of corporate communications, talking to the Canadian Press:
She said the paper will be watching for attempts to circumvent the digital subscription system and the limits in place, like if Twitter users tweeted links to the entire paper.
“If it was something blatant…that is likely something that we would make an effort to go after,” Murphy said.
“If there was some real attempt to game the system in some way that was not appropriate it’s something we would certainly look at.”
Psst…if you’re looking for someone who tweets a whole bunch of links to NYT content, I know a guy.
Or Martin Nisenholtz, in his interview with Peter Kafka:
…we want to make sure that we’re not being gamed, to the extent that we can be…We’re obviously going to be vigilant over the next couple of months, in looking at the ways that people are doing that…
I don’t think we’re going to spend enormous resources to go tracking people down. But at the same time, we’re going to obviously work to see where the source of these workarounds are, and work to close them off, if they become substantive enough.
But in looking at the research that we did, we expect [paywall jumpers] to be a very significant minority, a small, small number of people. When you look at your Twitter feed, based on the people you follow, it probably seems like it’s looming very large. But in the scheme of things, among people who don’t live in Silicon Valley or don’t cover it, the vast majority of people do not have this on their minds.
That last bit gets at the issue: You can afford to let nerds game your system. You probably want them to game your system, because they (a) are unlikely to pay, (b) generate ad revenue, and (c) are more likely to share your content than most.
The danger is when it becomes easy for non-nerds to do it. And that’s the risk of any leaky paywall — the risk that you might calibrate the holes incorrectly and let too many of your would-be subscribers through. Something like NYTClean — or the many tools that will soon follow it — could be the kind of thing that tips the balance in a way that hurts the Times.
(Obligatory note: I think the Times is right to ask regular readers to pay, and I think their paywall is basically well designed. Me, I just became a print subscriber last week, using the Frank Rich Discount. Support your local journalist!)
Leakiness: a bug and a feature
Now, the Times paywall is, to a certain extent, defined by its leakiness. The various holes — external links from social media and search biggest among them — are no accident; they’re the result of some (correct, I say) thinking about hitting the right balance between fly-by and dedicated readers, between those who come in the front door and others who arrive from the side.
But the tradeoff for those holes is that they’re designed to be a pain to use if you’re a dedicated NYT reader. Click an occasional Times link when it comes up in your Twitter stream? No problem. But if you’re the kind of person who goes to nytimes.com every morning and clicks on four or five articles, you’ll quickly find it’s a big pain to go search for a headline in Google or Twitter every time you want to read another David Carr piece. (A similar workaround has existed for Wall Street Journal stories behind its paywall for years, but it’s doubtful anyone other than the most desperate reader has ever used it much.)
This CSS-and-Javascript hole, however, isn’t difficult to use at all. One drag into your bookmark bar, then one click whenever you hit a blocked article.
And yet this workaround is so blindingly obvious to anyone who’s ever worked with code that it’s difficult to imagine it didn’t come up in the paywall planning process. The other major news paywalls — WSJ, FT, The Economist — don’t actually send the entire forbidden article to your browser, then try cover it up with a couple lines of easily reversible code. They just hit you with a message saying, in effect, “Sorry, pay up here” whenever you stray past the free zone.
And that leakiness is actually a defensible choice, I think, on the Times’ part. Imagine a Venn diagram with two circles. One represents all the people on the Internet who might be convinced to pay for nytimes.com. The other represents all the people on the Internet who (a) know how to install a bookmarklet or (b) have read a Cory Doctorow novel. Do you really see a big overlap between the two? If someone is absolutely certain to never pay for the NYT, then it makes sense to squeeze a little extra advertising revenue out of them on the rare occasions when a link sends them to nytimes.com.
The problem with that model, though, is that it assumes inefficiency. It assumes that the happy-to-pay crowd (or the grudgingly-will-pay crowd) never find out about the workarounds — or at least that the workarounds remain complicated enough that they won’t want to bother. One click, though, ain’t all that complicated.
And that nudge-nudge approach to security through obscurity also assumes that the Times will be, at some level, okay with people using workarounds. It’s a tough balance: tolerating them so long as they boost advertising revenue and continue to give people the impression nytimes.com is available to them; breaking them when they prove to be too popular among people who might otherwise pay.
To get an idea what that balance looks like, check out statements from two top Times officials in the past few days. First, Eileen Murphy, NYT vice president of corporate communications, talking to the Canadian Press:
She said the paper will be watching for attempts to circumvent the digital subscription system and the limits in place, like if Twitter users tweeted links to the entire paper.
“If it was something blatant…that is likely something that we would make an effort to go after,” Murphy said.
“If there was some real attempt to game the system in some way that was not appropriate it’s something we would certainly look at.”
Psst…if you’re looking for someone who tweets a whole bunch of links to NYT content, I know a guy.
Or Martin Nisenholtz, in his interview with Peter Kafka:
…we want to make sure that we’re not being gamed, to the extent that we can be…We’re obviously going to be vigilant over the next couple of months, in looking at the ways that people are doing that…
I don’t think we’re going to spend enormous resources to go tracking people down. But at the same time, we’re going to obviously work to see where the source of these workarounds are, and work to close them off, if they become substantive enough.
But in looking at the research that we did, we expect [paywall jumpers] to be a very significant minority, a small, small number of people. When you look at your Twitter feed, based on the people you follow, it probably seems like it’s looming very large. But in the scheme of things, among people who don’t live in Silicon Valley or don’t cover it, the vast majority of people do not have this on their minds.
That last bit gets at the issue: You can afford to let nerds game your system. You probably want them to game your system, because they (a) are unlikely to pay, (b) generate ad revenue, and (c) are more likely to share your content than most.
The danger is when it becomes easy for non-nerds to do it. And that’s the risk of any leaky paywall — the risk that you might calibrate the holes incorrectly and let too many of your would-be subscribers through. Something like NYTClean — or the many tools that will soon follow it — could be the kind of thing that tips the balance in a way that hurts the Times.
- 30 -
No comments:
Post a Comment