402: Payment Required

David Humphrey
10 min readSep 28, 2015

I’ve been interested to watch the increasing debate around ad blocking in iOS 9, and especially the heated nature of the discussions, which have been filled with polemic, hand-wringing, and even regret. Apple loves to stir things up, both by shipping and refusing to ship standard and emerging technologies. With iOS 9 Apple hasn’t actually shipped an ad blocker; instead, by adding content filtering hooks to Safari, Apple has made ad blocking possible, and changed the rules that govern how we experience the web.

This isn’t the first time that changing the rules has so dramatically affected the advertising landscape. In 2007, while Steve Jobs was unveiling the first iPhone in California, the local government in São Paulo, Brazil was busy passing the “Clean City Law”. The new law mandated the removal of all outdoor billboards and advertisements. By doing so, the world’s 4th largest metropolis declared war on advertisers. The transformation, as you can imagine, was intense. Much has been written on São Paulo since the ban, and nearly a decade later, despite predictions to the contrary, it remains in effect.

Photo by Tony de Marco

Apple’s new content filtering and São Paulo’s Clean City Law both use code — one via the law, the other through software APIs — to enable the creation of ad-free public spaces. If São Paulo’s example provides any clue for us about what Apple’s decision might mean, I think it points to the possibility for a conversation about commerce and economic progress separate from the dominant narrative of advertisers. Which is to say, the enactment of such “laws” against advertisements means that we need to start having more serious conversations about how to enable and support the digital economy through methods that don’t rely solely on advertising income.

Free vs. Fee

I had a discussion on Twitter about this, which was also echoed by Charles Stross on his blog:

is there any way to get to a micro-billing infrastructure from where we are today that doesn’t involve burning down the web and starting again from scratch?

It’s fine to tear down the billboards, but in a world where we have come to depend so completely on ad-based revenue for the funding of web content, we now need to provide other means, and legitimate, ubiquitous means to sustain and grow it.

For many, the mantra “information wants to be free” has guided the web’s construction. This ideal then comes to inform the ways in which we collaborate, the ways that our software gets built, and the choices we make about access. At the same time, and for just as many, the web is an economic engine, a source of employment, a way to sell and buy goods. Both of these are well understood and equally well represented for any user of the web, and one can’t go a day without running into both, and hybrid forms thereof.

The free vs. fee duality of the web exists in a continuum. Rarely, if ever, is a user able to operate completely freely on the web, since ad networks, trackers, analytics, and other data collection mechanisms monetize our activity. We have allowed the web to get papered over by ads, bloating downloads and subjecting users to security risks and privacy invasions via third-party scripts hiding in web advertising. We participate in, even if we do not explicitly opt-in, to being part of the web’s implicit economic goals.

We also choose to do so in active ways. I have purchased all kinds of things online and will continue to do so. It’s fast, easy, and incredibly helpful for someone like me who lives in a rural area, where access to goods and services is limited.

We’ve been trained, especially in this post-iPhone era, that it’s good and natural to pay a small amount for things we like. Today, users of the web are also users of mobile, which has, for good or ill, normalized the concept of an app store, in-app payments, and other forms of micropayments for software, services, and content. This shift directly affects the web, and should influence how we evolve the web.

The Potential for User Agents

Despite what some will tell you, the (mobile) web isn’t dead; in fact it’s bigger than ever. Steve knew that “web browsing” was key to the success of mobile, and it’s remained so in iOS versions 1 through 9. The ferocity of the ad blocking debate only serves to underscore the dominant place of the web on our devices.

But while the web and web browsers have remained central to the success and experience of mobile, web browsers have not done enough to allow content consumers and creators to operate fully within the free vs. fee continuum. User Agents, our web browsers, do surprisingly little to broker transactions with services on the web. What does exist has been built within the context of authentication, paywalls, and bespoke commerce solutions. The ad blocking discussion highlights our total lack of imagination, where a browser’s role is reduced to “render” or “don’t render.” There are a whole world of options in between that we should be exploring.

This all-or-none approach is rightly leaving content providers feeling upset. I would argue that your browser should be helping you safely, securely, and easily make purchases of content and services across the web. What’s more, it can do this while at the same time granting new economic opportunities to merchants, service providers, artists, and content creators, all of whom need the creation of new revenue opportunities.

Amazon, Apple’s App Store, and Google Play have all become places that I regularly make purchases; I’m hardly alone in this. Partly this is out of necessity: if you want content or goods on these platforms, you have to purchase them where they are being sold. But beyond supply and demand, I also use these stores because they are well made, secure, and I have built up trust in them over many hundreds of successful transactions. I use them because I want to buy what they are selling, and they make it incredibly easy: I like using them.

And while I don’t have the same level of trust in randomwebsite.com, and its custom purchase form, I do trust my browser. In fact, I trust my browser more than anything else on the Internet, and certainly more than any other app or site connected to it. I trust it enough to remember my passwords, keep my browsing history secure, and to be invited along to every web site that I visit. So what if my browser could help me pay for content and services I want to acquire or access online? Why isn’t the one app I trust above all others able to help me as a consumer? Why are ads the only dominant way that users can pay for things on the web?

HTTP: Future Use

Web sites and services rely on standard HTTP response codes to indicate that a request has succeeded or failed. The fact that you’re reading this page means that you’ve already experienced a 200 response, indicating that everything worked OK. You’ve likely also seen lots of 404 responses, which indicate a page or resource could not be found. A good example of a 404 would be this page about my 2014 Nobel Prize for Literature.

What if, in addition to responding to 200s, 404s, 401 (unauthorized), 403 (forbidden), and 405 (not allowed), web browsers made it possible for sites to send the nascent 402 HTTP response code: Payment Required. The spec says this code is reserved for future use. Friends, I’m here to tell you that we’re living in the future, and it’s time to figure this out.

Let’s Go Shopping!

We already have models for this, and it isn’t hard to imagine how this might work. Let’s consider a few. First, take the Kindle Store. Here you have a plain old web site that lets you easily search for and explore book titles. At the point where you want to read one, you are presented with a Buy now with 1-click button. Clicking it does just what it says, and suddenly, instead of being denied access to that book’s content, you can read it.

Another example is Netflix. In order to access any of its movies and television shows, I have to pay to access all of it. This is a common model based on subscriptions vs. purchasing individual items (consider Netflix vs. the iTunes Store). It hardly seems worth explaining how this works, but for completeness: one creates an account, including credit card info, and is then able to access content hosted on the site. Content which having been paid for by me, is delivered free from ads.

That extra step of requesting credit card or payment info from a user is what’s really changed in recent years. Today, when you start using an Apple computer or iPhone, or when you want to use iTunes or Google Play, you are asked right away to enter your payment (e.g., credit card) details. In doing so you’re establishing upfront your ability to purchase, rent, subscribe, etc. content and services accessed via this computer, phone, and app. The economic realities and potential of the platform is established right away.

Beyond Search: (Micro)payments

In the same way that browsers baked search and search engines into the experience long ago, so too could payment providers be added. Imagine if I could set my browser so that it was configured to use my Visa, PayPal, Stripe, or whatever payment processor I chose. Next, give content providers a simple way to indicate that resources at the other end of a URL have a cost structure. When a site responds with a 402 HTTP response, what if it could include enough extra info to allow my browser to present me with transaction options for getting to the content? Then my browser can do more than just inform me that I’ve been blocked from accessing the content: it could work with the remote site to broker a transaction, and allow me as a user to simply click a button and pay for access.

Apple’s App Store and Google Play have proven that people are willing to pay small amounts for content, so the argument that no one will pay if you ask is old and tired. What these stores have also shown us is that by making the transactions easy, understandable, and centrally administered, users can and do build trust in order to participate in the market.

Imagine a user watches a movie on imaginary-movie-service.com, maybe it’s stored at imaginary-movie-service.com/movie/13413414545. Now they share that link, and you see it and decide that you’d like to watch it as well. You click the link, and imaginary-movie-service.com responds with a 402, which your browser sees and then presents you with the info you need in order to complete the transaction: paying $1.99 to rent it and watch during the coming days.

It’s interesting to ponder all the ways your browser could help here. Obviously some content is click-to-buy (a download), and other content is streamed (you’re renting), and some content would want a subscription (your whole blog vs. a single post). What about the complexities of charging taxes for people in different regions, or dealing with currency exchange rates? When the New York Times does all this for content behind its metered paywall, it does so with internal infrastructure, employees, and IT resources to which the web’s long tail doesn’t have access. But what if your User Agent really did act on your behalf in these cases, and also on behalf of the content creators?

People want to participate in the digital economy, and already do in a dozen different ways on mobile. We should do more to make it easy on the web. Of course not everything on the web needs to cost something, and I’m not arguing that every site charge for its content, and go behind paywalls. Much as Apple isn’t blocking ads by providing content filtering APIs, browsers can provide a way for sites and users to opt in to integrated payments — no one is forced to buy anything, but at least the transaction is finally an explicit choice for the user: as the size of the ad blocking controversy has revealed, we lean more toward the fee side of the web than we realize with bundled ads, and do so implicitly.

Browser vendors need to get ahead of this. At the time of writing, two of the top twelve paid apps in the Apple App Store are ad blockers: Purify Blocker (#7) and Crystal (#11). I’d love to see Mozilla especially take the lead here, and offer new and significant ways to do more than the browser’s current render vs not-render ads. For one, having integrated payments is a potential revenue stream in the same way that search engine defaults have been. Apple and Google make a lot of money brokering app store purchases (each takes a 30% cut), and the web has the potential to be the largest app store in the world, with the browser playing a central role in the transactions. There was a time when the “Buy” button was antithetical to the trajectory of the browser. I’m not so sure that’s the case anymore.

Thanks to Cassie McDaniel, who offered comment on this piece, as well as providing wireframes.



David Humphrey

Believer, Husband, Dad, Writer, Birder, CS Prof @ Seneca College, Mozilla Firefox Developer, JavaScript, Squash Player