I work for a major publisher alliance group. Our members recently been experimenting with a paywall since we are in a transition to completely moving away from Ads. We’re even going to drop support for Google’s AMP in near future because of this, as they control everything on the page.
We were considering making an app that unites all member publishers. The app is the last resort and we want to make make the content open to people with less friction. Some of our members have been doing trials on a web based metered paywall. It turned out to be successful for many of them.
There turns out to be a problem. There are no effective ways to enforce metered paywalls on the web. Users can simply circumvent them by opening the incognito/private browsing mode, clearing cookies/cache etc.
On Android there appears to be access to a standard property called deviceid, which is difficult to change.
This may not be the most appropriate way to address the problem on the web however, because user-extensions are often able to override what the API’s return.
As per my understanding, we need a standard built in DRM module to enforce a metered paywall. What the module would enforce is that we received the correct ID, and to apply adequate resistance to modification of this ID. In the end we know that anything that runs client side cannot be trusted. However as long as it works for >95% of the devices, it is considered to be good enough.
We had considered directly discussing with Google regarding this. However, since we don’t want to lock users on a specific browser, we thought it would be more appropriate to discuss this openly.
I’d like to clarify that we need a DEVICE id not a USER id. We should be able to get the same id irrespective of the account the user is logged in with on the browser profile
I realize the privacy concerns, but as long as there is one permission prompt for the first visit to the domain, that is enough. There should not be a need to click to agree the prompt again once the user has agreed for a particular domain name.
TL;DR: We need a unique device ID, whose integrity could be validated. aka: DRM
PS: Thanks to GDPR and other similar regulations, most of the members intend to move away from advertisement based revenue within the next 1-2 years. Cant be more happy as the Ad’s based model is not sustainable in the age of adblockers.
Edit: I’d like to add that statistically the people circumventing the paywalls were insignificant few months ago, but now we notice that many users are circumventing them to read the content.