Four lines of code is all it takes for The New York Times’ paywall to come tumbling down

“The New York Times paywall is costing the newspaper $40-$50 million to design and construct, Bloomberg has reported,” Joshua Benton reports for The Neiman Journalism Lab.

And it can be defeated through four lines of Javascript.

Benton reports, “The Times paywall doesn’t launch in the United States for another week; the paper has plenty of time to plug this particular Javascript vulnerability, which goes by the name NYTClean, if it wants to. But the real question is: Is this a hole they really want closed? Or is this one of the intentional leaks in the wall?”

Read more in the full article here.

[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]

Related article:
New York Times erects paywall, rolls out digital subscriptions; agrees to Apple’s terms – March 17, 2011


  1. This makes zero sense. Implementing that paywall would take an experienced programmer, what, a week? A month? Let’s see…on page load, you check to see if the user has a subscription. If so, show the article. If not, then you still show the article, but check how many page hits from that IP+computer in the last day/month; if the max # of views is exceeded, then put up a floating div with your “please buy now” enticement, plus a background div with an opacity set to 50% or whatever, and you’re done.

    How does that cost 30 million dollars?

  2. RNN by Al Jazeera… (Real News Network)… The brilliant Hillary Clinton said so…

    The title to this shouldn’t be hard to do… heck even a fake pimp and prostitute can beat the main street media on the fraud that was ACORN, and then NPR… next, the AFL-CIO?!

  3. it’s good to know there ia a hole in the wall. If I accidentally got diverted into the putrid swamp that is the New York Times I need to know there is some way to escape their alternate reality and get back to the real world.

  4. I tell people
    “don’t use javascript it’s insecure”
    I always tell them to do it in c
    But nooo they say
    “but ‘the web’ is the most portable platform out there blablalbab”(you know what I mean)

    And then this happens and I smile and make a blog comment.

    1. So-called ‘JavaScript’ is the rat flea on the Internet. Will its bite be harmless? Or will it give your computer The Plague?

      The proper name for this mess of scripting code is ECMAScript. Actual JavaScript from Netscape was bastardized over a decade ago with crapcode from Microsoft, imaginatively called ‘JScript’, and crapcode from Adobe (via Macromedia) called ‘Action Script’. Then throw in an old shoe or two and you get what is erroneously still called JavaScript of today.

      I’d personally enjoy seeing JavaScript thrown off the web, much like Flash, and replaced with something seriously secure. Then again, that’s what actual Java was supposed to be and that proved to be a total FAIL. (0_o)

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.