Sorry, we could not find the combination you entered »
Please enter your email and we will send you an email where you can pick a new password.
Reset password:


By Thomas Baekdal - July 2019

Let's talk about that thing with Chrome Incognito Mode and Metered Paywalls

As you have probably heard, Google will update Chrome and fix a bug that allowed websites to detect when people were in incognito mode. And ... well, many people in the media are quite upset about it because it also eliminates the ability for newspapers to stop people from circumventing their metered paywalls.

Some have even gone so far as to say that this is the end of metered paywalls (it is not).

Before, in Google Chrome, you could use a loophole to detect whether people were in incognito mode, and either ask people to login or simply block their access (which several newspapers had started doing), but now with the coming update, newspapers will have no way of knowing whether a person is in incognito mode or whether they are just a first-time visitor.

So, several people have mentioned this to me, and ... well ... we need to have a talk about this, because this is a battle that you should not fight. But there are really three things we need to think about here.

But we are also going to talk about some of the larger business models and regulatory issues that are linked to this.

Let's start with the impact.

It's the wrong thing to worry about

I tweeted about this a while ago when we first heard about it, and I said that it won't have any impact, and that publishers would be much better off focusing their attention on other things.

Let me explain what I mean by this.

The concept of a metered paywall is to give first-time visitors a frictionless way to see an article, but to add a level of friction to repeat visitors, thus encouraging them to subscribe.

Obviously, the metered paywall itself is just one of these friction points. There may be other friction points where not paying makes the experience just a bit more convoluted than for people who subscribe.

Of course, this concept is not unique to the media industry, in fact, we didn't even invent it. The concept was invented by the file-sharing sites of the early 2000s.

Remember back before streaming when music and movie piracy was booming? The way most people downloaded movies was by going to a file sharing site.

The business model they had was ... uh ... "interesting" (as a publisher, I really don't like them). But what they had was two models.

Non-subscribers could download a single file per day, at very low speed, often after having to wait for maybe a minute to even start the download, and there were other limitations and annoyances.

The "offer" was then that, if you subscribed, all those annoyances and limitations would go away. As a subscriber you could download as many files as you wanted, at your full internet speed, and there were no nag screens, no annoying ad pop-ups, and no wait times.

Of course, all of these sites claimed that they were fully legitimate services, and that they were in no way monetizing and facilitating piracy, but we all know that they were. And most of these sites have long been closed down, either by force, or simply because the market changed (i.e. streaming happened).

But this is essentially how the 'metered paywall' started. It gives non-subscribers a more limited experience than your full subscribers. And your ability to convert people from one to the other is defined by the combination of how annoying those limitations are, and how much better things would be if people subscribed.

Mind you, this is not limited to metered paywalls either. Full paywalls are based on the same concept, but now we just have total limitations, in that you can't see any content without paying.

Instead, some publishers might give you only a free sample. For instance, a fitness publisher might make a 30 day training plan and give people the first three days for free.

It's not a metered paywall, but the overall concept is the same.

And even at the other end of the scale, where the content is free but monetized by advertising, we still see this play out. YouTube, for instance, is a good example of this. Here you can watch every video for free, but are constantly annoyed by the preroll videos, where you have to wait five seconds before you can skip.

So, you can instead subscribe to YouTube Premium, where this annoyance goes away. Now you can watch all your videos without annoying ads, but you also get other features, like being able to play videos in the background and other useful things (as well as YouTube Music).

So the metered paywall is not really a special form of monetization, it's just one of the many variations of models that compares the value you get when you subscribe, and the level of annoyance or limitations you put up for those who don't.

The key element, though, is the value part. It's how strong that value is, and also how frequently you use it, that defines what specific model you can use. And there is a general rule of thumb that the higher and the more specific the value you provide, the stronger the paywall you can create.

For instance, Disney+ has no problem in creating a full paywall, because the value of Disney's brands is so strong and so specific that people don't need to test it out to 'try it'.

For newspapers, though, we have a bit of a problem, because while the older generation sees value in subscribing to a print newspaper, online news is not really that valuable ... nor is it specific ... nor is it unique.

As a result, newspapers really struggle with the value part, and very often there is no specific thing that people can see that would instantly make them subscribe.

Again, it's nothing like Disney+. If they say, "Do you want to subscribe to watch The Mandalorian exclusive on Disney+?" Many people would say, "Hell yes!!"

But if you say, "Do you want to subscribe to read this story about ... uh... people protesting in Hong Kong?" (the top news story on the largest newspaper in my country, in Denmark, as I was writing this), most would say, "Nah... I'm good."

Obviously, as a newspaper you will say that you are also writing a lot of other things, but this is a fundamental problem. The value isn't focused, unique or good enough to drive a conversion.

And this is where the metered paywall comes in, because by giving people free access to read 5-10 articles per month, you can kind of build up a habit over a very long period of time, where even though each individual article would never convert people, over time, you might give people a glimpse of value that they suddenly feel compelled to pay for.

It's not a bad model. But you have to remember what the problem really is.

And this whole thing then brings us back to the discussion about Google Chrome, incognito mode, and how I now see publishers being angry that they can no longer detect this.

My perspective on this is that this is a complete waste of time to worry about.

I mean, think about it. What would entice more people to subscribe? Would it be to detect the few people to use incognito mode, which in itself is still a form of friction, and then use that to try to get a tiny percentage of them to convert?

Or... is it to focus more on defining the value that you offer as newspapers, so that people can see a reason to pay?


Why are we even talking about incognito mode?

This leads us to the second thing.

What about privacy regulations?

Another important factor here is about regulations. The US is far behind on this point, but as we all know, in Europe we have GDPR, and there are coming changes to the ePrivacy regulations which will make all of this even more regulated.

But what you might not know is how far the EU might take this, and what things they are talking about demanding from browser manufacturers.

Let me quickly summarize it.

First of all, in one of the drafts for the coming ePrivacy changes, they define privacy like this:

Article 7 of the Charter of Fundamental Rights of the European Union ("the Charter") protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one's communications is an essential dimension of this right, applying both to natural and legal persons.

This is important. In Europe, the privacy legislation is not just any regulation. It's a human rights regulation. It redefines the very baseline of how you think about privacy.

This is something particularly people in the US don't quite understand in the same way, because there is a very big difference between how people in the US and how people in Europe define their rights.

Let me generalize this to an extreme degree (there are obviously many nuances).

In the US, the definition of your rights is defined around the freedom of the individual person to make their own choices.

In terms of privacy, this means that when most people in the US talk about privacy, they mean "people should have the right to decide for themselves if they want to sell their private data".

In other words: Your rights to privacy = your choice!

In the EU, we don't think about things like this. Instead, our definition of freedom is based around what we are entitled to have. So we are not saying that people "should have a choice", but that "you are entitled to have this no matter what".

You can see this difference in the current GDPR regulation.

With GDPR, you are legally required to get explicit consent from each person before you are allowed to collect any personal information. But because the EU is defining people's privacy as a form of entitlement, the GDPR regulation explicitly says that:

Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation')

This means that, even if you can get people to consent to giving you more data, you are not legally allowed to collect it.

This is the opposite of the US way of thinking. In Europe, you are entitled to a stronger level of privacy, even if you choose not to have it.

In other words: Your rights to privacy = An entitlement!

This is a big difference.

Mind you, we see this in many other parts of European society as well. One example is with healthcare.

In the US, again, most healthcare discussions are centered on how people should be allowed to freely choose whether they want healthcare. As a result, the US healthcare system is based on insurance, where people can try to choose which one, and at what level they want.

Again, Your rights to healthcare = your choice!

But in Europe, we don't think about it like this at all. Instead, in most countries in Europe, healthcare is seen as a public entitlement, which means that you have the right to healthcare, even if you can't pay.

For instance, if I get sick, I don't have to make a choice about anything. I can just book an appointment with my doctor, which again is provided as a form of entitlement that I just have, and they will take care of me.

I don't have healthcare insurance, I don't have to worry about what coverage plans of healthcare there are, because I don't need it. I'm entitled to full healthcare regardless of my personal choices or financial status.

So in Europe, Your rights to healthcare = An entitlement!

Just stop and think about this for a moment. It's an entirely different way of defining your rights.

And for privacy, it means that the EU thinks about privacy as something that you are entitled to have no matter what, and as such, no company is allowed to create any service that demands that people give that up.

I want to give you a simple example. Take the Washington Post.

When it had to become GDPR compliant, their approach to this was to think about it from the US perspective (and even their US lawyers thought about it this way).

The result is that, when you visit Washington Post from Europe, you are presented with this:

What the Washington Post is doing is to give you three options.

You can either:

From a US perspective, this sounds perfectly reasonable. You are giving people a choice, and that's what true privacy is about ... right?

But no! ... From a European perspective, this is massively illegal, even today with GDPR. You cannot do this, because this fundamentally creates a system where your privacy is a point of force.

With the Washington Post, you are not entitled to have privacy no matter what, now it has become a form of currency that you are forced to pay (in one way or the other).

I repeat, this is not legal!

When I tell this to US publishers, they get really anxious and start to say that this means that they can't do business.

For instance, they say "but then we can't do advertising", but no that's not what this means.

As publishers, you can do advertising as much as you want, but what the EU is saying is that you cannot make business models which depend on forcing people to be tracked.

This is why sites like Google have a very clear 'Ad preference' page where you can simply turn ad tracking off. It will still show you ads, and those ads will still be targeted to whatever it is you are doing (aka contextually targeted), but you are no longer being profiled.

What you see here is the effect of GDPR. Google cannot make their services dependent on tracking people.

It's the same with premium content. I have heard US publishers say that GDPR requires all their content to be published for free, but no, that's not what's going on either.

When people subscribe, you are obviously allowed to create an account (which contains personal information), but what you are not allowed to do is to make that depend on tracking.

So, again, the Washington Post's model of creating two subscription plans, one with a cheaper price and tracking, and one more expensive version with no tracking, doesn't work.

This is not legal. You cannot create a business model where the monetary exchange is based on people's level of privacy.

Or to put it simply, the EU is putting an end to the idea that privacy is a form of currency, and instead turning it into a basic form of entitlement.

So... what does this have to do with Chrome and incognito mode?

Well, think about it.

What many publishers did was that they detected when people were in incognito mode and then demanded that they login to read the content (and then be tracked).

You see the problem here? You are denying people's right to privacy, and making access depend on being tracked.

I mean, again, this is fundamentally against what the EU is saying. You are not allowed to do that. Privacy is not a choice, it's an entitlement, so you are not allowed to force people to give it up.

So, this whole thing really has nothing to do with Google, because as publishers, you were the bad guys. You were the ones who wanted to stop people from having privacy.

Sure, many people also did it to circumvent the metered paywall, but it doesn't change the regulatory problem with it.

On top of that, in the draft for the upcoming ePrivacy legislation, the politicians are explicitly calling on browser manufacturers to create a system for this.

Here is the exact quote:

The methods used for providing information and obtaining end-user's consent should be as user-friendly as possible. Given the ubiquitous use of tracking cookies and other tracking techniques, end-users are increasingly requested to provide consent to store such tracking cookies in their terminal equipment. As a result, end-users are overloaded with requests to provide consent. The use of technical means to provide consent, for example, through transparent and user-friendly settings, may address this problem.

Therefore, this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application. The choices made by end-users when establishing its general privacy settings of a browser or other application should be binding on, and enforceable against, any third parties.

Just stop and think about what this really means.

On one hand it sounds really great, because it means that you can just set a general setting in your browser, and then all the GDPR consent dialogs go away.

However, it also means that the future of privacy will be far more strict. Today, for instance, we hear publishing talk about 'consent rates', where they discuss different means of mostly tricking people to give their consent to tracking.

With this change, as a publisher, you would be legally bound to abide by the setting they have already set, and as such none of that trickery will be legal.

You see where this is going?

The EU is not fooling around anymore. Obviously, this specific section is not part of the regulation yet, and it may never be. But it gives you a kind of insight into what is happening here.

Privacy is being turned into a basic entitlement that you just have. It's not a choice anymore. You can't trick people into giving their permission to be tracked.

This is a big change!

And ... this leads us to the final point.

What does the public want? And what image do we want as publishers?

Usually when you have big legislation that impacts all parts of society, the public and the politicians are not aligned. Think about Brexit as an example.

They say the Brexit side got the majority vote, but they didn't. 51.9% voted to leave the EU and 48.1% voted to remain. That's not a country in agreement, that is a country in almost total disagreement.

And it's kind of insane to think about. The UK is now moving ahead on something that there is no agreement about at all in the country.

But what's interesting about the privacy legislation is that the public totally agrees with it.

If you go out and ask regular people what needs to change about online privacy, they will overwhelmingly tell you that they want more privacy, that third party trackers need to be stopped, that sending personal data, or trading it, should be illegal, that you should have complete transparency over what is being collected and for what purposes, and that you should always have the right to tell a company to delete whatever private information they might have about you.

This is what the public is currently demanding!

As journalists we say the same thing. Literally every single day, we see stories from newspapers calling out some other aspect of privacy, tracking, data-brokering and data collection ... including newspapers going as far as to recommend that people delete their Facebook accounts.

And finally, we have the politicians, who are now implementing this exact thing.

It's astonishing. The level of agreement across the board about where this needs to go is so crystal clear.

As a result, most companies have realized where this trend is heading. For instance, we see how all the tech companies have implemented far more privacy-focused things, and turned it into a strength.

This is something brands do all the time. When faced with a problem, they turn fixing it into an advantage. We see this in every single industry. When the fashion retailer H&M was faced with accusations of unsustainable clothing, they responded by not only trying to fix it (it's complicated), but also to create a new fashion line called "H&M Conscious", which has now become a bestseller.

This is how you deal with problems you face and trends in the market.

So think about this as a publisher, the role you have, and how people perceive you. What are you doing?

Well, what you are doing is this:

I'm sorry, but have you not been listening to anything the public, your own journalists or the politicians have been saying at all?

How can you, as a publisher, even remotely think this is the way you want to present yourself to your readers? Have you no situational awareness at all?

And even worse, if you choose not to accept, you are then directed to go through a confusing, non-transparent process of managing your preferences.

I mean, just look at this. How the heck is anyone going to know what this actually means? What the hell is or No reader has ever heard about them, they have no idea what they are doing, whether they can be trusted or not.

Everyone knows who Google and Facebook are, but what you see with publishers is what many call the 'dark web' of tracking. Nobody has any idea what all these trackers are really doing. This is not a 'Privacy Center'. This is a 'Privacy Violation Center'!

Another and slightly better version is this one:

Here you are actually presented with a choice, which is certainly better. But still think about the message you are sending.

The public is demanding more privacy, and your response to that is to ask them not to have it.

Can you imagine if this was how H&M had done this? That when people demanded more sustainability from them, their response was to say, "we hear you, but will you please not want that?"

I'm sorry, but this is idiotic beyond belief. As publishers you are being anti-privacy. Every single day you are actively focusing on making it as hard as possible for people to have privacy, you are making the control of people's privacy as non-transparent as possible, and you do all of this in an attempt to trick and convince people to give up their privacy so that you can send personal data to this dark web of tracking.

Of course, when I say this, the most frequent feedback I get is: "But it's not our fault"!

I'm sorry... what? That's not a valid excuse!!

I talked about this many times before. You really have to stop saying that.

Can you imagine if any other company said that? Imagine, for instance, that Facebook just said, "it's not our fault", when Cambridge Analytica took data and used it in ways that were against Facebook's terms of use.

How would you as journalists have reacted to that? Would you have just said, "Oh yeah, Facebook had already stated in their terms of use that the data couldn't be used this way, so let's just focus on Cambridge Analytica instead!"?

No, of course not. You would have hammered Facebook to the ground (as the media industry did anyway). You would have called upon them to take responsibility, because it was happening via their site.

More importantly, how did the legislators look at this? Did they just say, "Oh yeah, sure... this wasn't Facebook's responsibility."?

Again, no. They fined Facebook!

The same thing applies to you as a publisher. It is never acceptable to say "It's not our fault", because it is always your fault. You are solely responsible for what is happening when readers visit your newspapers.

In fact, GDPR makes this abundantly clear. It states:

The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 ('accountability').

The controller is you, the publisher. You shall be responsible for anything that happens on your site, including how any of your third party partners use the data.

More importantly, it's your readers we are talking about here. People are not visiting Google when they read your newspaper, they are coming to you.

And so, if the way it works today is not acceptable to the public, then it's your role and your responsibility to change this so that you can be trusted by your own readers.

But, some say to me ... "then we can't make money!"

Again, stop making excuses!!!

Can you imagine how people would have responded if H&M had said that sustainability was 'too expensive'?

Find a way to do this, and do it now! Take control over what is happening on your own site.

As I wrote earlier, the trend here is crystal clear. And all the tech companies are already changing things on their end, creating more control, more transparency, more privacy-focused and encrypted services.

Right now, the only industry that still doesn't get this is our industry, the media industry.

And this brings us back to the incognito thing. When we first heard about this, I heard two media executives say that the "EU should stop Google from doing this."

I'm sorry, there is no gentle way to say this, but wake the f*** up!

They were saying the EU should force Google to allow publishers to track people when they specifically demand privacy. That's just never going to happen.

Google has a lot of flaws, but with this, it's not Google who is wrong. It's the media industry. It's the same when Facebook created encrypted messaging which would dramatically improve privacy.

How did we respond? We started complaining that it also meant that we couldn't uncover things in our investigative reporting. And while that may be true, there is not a single person in the world who thinks that it's acceptable to have unsecure messaging, just so that your work as a journalist is slightly easier.

This is not going to happen. You are on the wrong side of this trend!

It's time to get on the right side! More than that, it's critical for the future reputation of our media industry! ... and no, not in a year or so. This crisis is happening right now, and as a publisher, you should be in 'we need to give people better privacy' crisis mode.

You need to turn publishing into a privacy-focused service right now!

As I said before, the trend here is crystal clear, and the public, politicians, and your newsrooms, all want better privacy. As publishing companies, you need to stop resisting this, and start turning it into a strength.

What is the media industry's version of "Conscious"?


The Baekdal/Basic Newsletter is the best way to be notified about the latest media reports, but it also comes with extra insights.

Get the newsletter

Thomas Baekdal

Founder, media analyst, author, and publisher. Follow on Twitter

"Thomas Baekdal is one of Scandinavia's most sought-after experts in the digitization of media companies. He has made ​​himself known for his analysis of how digitization has changed the way we consume media."
Swedish business magazine, Resumé


—   thoughts   —


Why publishers who try to innovate always end up doing the same as always


A guide to using editorial analytics to define your newsroom


What do I mean when I talk about privacy and tracking?


Let's talk about Google's 'cookie-less' future and why it's bad


I'm not impressed by the Guardian's OpenAI GPT-3 article


Should media be tax exempt?