Cagy.org
Doing stuff since the late 1970's

How efficient are paywalls? A quick check on an online newspaper paywall in Belgium: DeMorgen.be

2021-01-17T23:44:40+01:00

The scenario

  1. Someone posts an interesting article link
  2. You click the link...
  3. OMG a PAYWALL!

The question

Are all paywalls equal or are some more equal?

Let's investigate

Let's check out https://www.demorgen.be/ , a quality Belgian newspaper, as our target.

When looking at the source code, it seems all artcile content is present in the browser, but a Javscript is triggering a layer that prevents reading the content.

Paywall -VS- Article content

So, lets use Curl to fetch the article html and thus ignore javascripts to active the paywall.

Curl the article and store it

Using DOMxpath queries we can get the relevant article titles, images and paragraphs.

Extract article content using DOMXpath Query

 

And we have a working POC: https://pwe.cagy.org/?articleURL=...

The answer

Most paywalls are effective. Some can be evaded easily.

All other Belgian online newspapers did a much better job at protecting their precious content, even newspapers from the same media group (DPG).

Let's report this to DeMorgen.be, maybe I can get a Bug Bounty reward or at least a Responsible Disclosure?

TLDR: No.

DeMorgen.be joined the https://www.intigriti.com/ Bug Bounty platform. In the project details you'll find:

Can we create a Chrome Plugin to open a blocked article with one click?

Lets create a simple Chrome browser plugin to open a page with a blocked article in the Paywall Evader website.

And we have a winner.

Thank you DeMorgen.be for not caring about paywall evasions!


Cagy.org • v0.1337.0.42.0.1984.0.666.0.3,14159265359.0.50210.001 • Marquees are obsolete, its use is discouraged.