Cookie monster versus "soft" paywalls
Pretty much everybody who's talking seriously these days about asking users to pay for news content is pointing at the same model: Leave the website open to casual visitors, but require heavy users to sign up as paying customers. Let people see perhaps half a dozen stories a month, but if they show signs of high interest, present them with a bill for the content they're consuming.
That's the model being planned at the New York Times. It's the model that Journalism Online has described as having the most support in its talks with newspaper publishers. (I don't know what model Rupert Murdoch is planning, but then I suspect he doesn't either.)
The goal of this model is to preserve most of the site traffic that enables an advertising revenue model to work, while getting serious users to support the journalism they find valuable.
But there's a technical problem: HTTP cookies. To let casual visitors in the door while challenging regular users to pay, you have to rely on cookies, and the cookie monster won't let you do that. Cookies just aren't very reliable for that purpose.
Lots of websites require that cookies work. You can't log in to buy a book, schedule a hotel room, post a comment or check your bank balance without cookies. They generally work fine for that purpose. So where's the problem?
Those sites use what are called session cookies. When you log in, the website hands your browser a token that uniquely identifies you. If you log out, or close your browser, or reboot your computer, that token is thrown away.
This is fine for a short session, but to track how many pages you've read this month on the Daily Bugle's website, we're going to need cookies that last at least a month.
Fortunately, the cookie standard supports long-lasting cookies.
Unfortunately, human beings throw them out.
All modern browsers can be configured to accept cookies but destroy all cookies at the end of a session, or on a schedule (perhaps monthly). This takes some action on the user's part, so most people don't do it. But many do.
In fact, a Comcore study found that 38% of users cleared out their browser cookies during the month of December 2006. And 7% of uses were "serial resetters," clearing their cookie stores four or more times a month.
This has a lot of disturbing effects on your traffic measurements, but let's stay focused on the paid-content issue.
Every one of those cookie-clearing visitors is going to knock a hole in your "soft" paywall, because your paywall can't know who they are after they've flushed the cookie jar. They're going to waltz right through that hole and read whatever they want. They will never see your "please pay for access to this website" request.
And it's going to get worse. Newer browsers have "anonymous browsing" modes that make this easier, and if you expect your users not to take advantage of such tools, you're fooling yourself.
I suspect that all of this will be greeted by "well, duh" by web geeks everywhere, but unfortunately most journalists and managers have no idea how these things work, so it needs to be said. You can't have your cake (a working ad model) and eat it too (a genuinely secure paid-access model).
You have to settle for a numbers game. Can you achieve a workable, "good enough" mix of free, paid, and "should have paid but didn't" access?
As you put together a spreadsheet to analyze this, be very careful with your assumptions.