Paywalls For Minimalists

One of the reasons why companies like Substack have such a strong hold on creators is pretty simple: It’s hard to build a paywall.

You have to deal with a lot of really hard stuff, like logins and payment methods. And you’re dealing with vendors left and right. Your readers’ passwords get spread around the internet like wildfire, and honestly, do you want to contribute to that?

And worst part: If you use things like magic links, your readers might find themselves having to log in a dozen times.

Recently, I talked to Nieman Lab about the magic link issue, and between that and my recent Substack rant, I’ve come up with a couple of thoughts. I’m sort of at a point where I think the best way to solve the platform problem is to make it as easy as possible to put a paywall in front of anything. Even a static website.

And it needs to be a kit that anyone can follow, with as many open source parts as possible.

But there are a couple of problems: First, while payment technologies like Stripe are widespread, they are probably just above the knowledge range of the average person. Second, readers are unlikely to trust a website they’re not familiar with or have never used before. Finally, you don’t want to be managing more personally identifying information than you have to.

I have a solution to this, and it’s Ko-Fi, the creator economy tipping platform.

Ko-Fi: Sorta like a platform, but not really

Why Ko-Fi, you might ask? Well, a couple of things: First, it has avoided the trap that Patreon has run into with the App Store, which has forced that company to reset its model repeatedly. Second, its model is flexible and easy to parse—you can put as little or as much work into it as you want, a sharp difference from the pressure that comes with running a Patreon or a Kickstarter.

Finally, its pricing model is extremely fair and strongly favors the creator. If you’re making a lot of money, you can pay $12 a month for its Gold plan and that’s the service’s full cut. As platforms go, it is one of the best of its kind. You can do everything on the Ko-Fi platform, or you can do nothing. That is the right level of respect for creatives that a crowdfunding platform needs. (The similar Buy Me a Coffee could also work for this, but it doesn’t have the Gold plan, which means Ko-Fi is significantly cheaper if you grow really big.)

Plus it has something really easy to work with from a development standpoint: Webhook support. A webhook, for the uninitiated, is basically a way to tell a web application to do something by visiting a URL. It’s sort of foundational to how modern web applications work.

(I will note that Patreon supports them as well, but with references to wanting to focus on its core experience, which effectively means support may be hard to come by.)

One webhook, an open-source ecosystem

While you can bury webhooks in code, they are also plenty useful in automation platforms like Zapier. As you may be aware, Zapier and I had a falling-out a few years ago, but the good news is that there’s a quite-good open-source alternative called Activepieces. It can be hosted anywhere, even on an old laptop, and the self-hosting platform PikaPods also supports them.

On top of this, you don’t need to be tethered to an email platform to send out emails. Thanks to email sending tools like Listmonk and Keila, it is possible to send emails out to thousands of people using self-hosted software. (PikaPods also supports Listmonk, but sadly not Keila.)

Alas, platforms like Gmail tend to be finicky about the senders they’re comfortable with, so you’re probably stuck with something like Amazon SES or Mailgun. SES, it should be noted, costs a grand total of 10¢ for a thousand emails, meaning you can send out messages to thousands of people a few times a month for less than $10.

So we know that we’re probably stuck with Ko-Fi for payments and a large bulk sender for email, but you can basically run the rest of this stack using open-source tooling. Our flow looks like this:

1. A person subscribes to a Ko-Fi membership that costs them maybe three bucks per month.
2. After the transaction, Ko-Fi hits a webhook managed by Activepieces, which triggers a JavaScript package that interacts with Listmonk.
3. With Activepieces’ prodding, Listmonk adds the user to a paid list, then sends an email to the subscriber with a tokenized link to a webpage on your site.
4. That webpage, after you enter a passcode, adds a first-party cookie that allows you to disable advertising on the website, or opens up new parts of the site, or what have you.
5. When you send emails, you tailor your emails for that paid list.

No complicated content management system—in fact you can run this playbook on any page that uses JavaScript and CSS. Got a static site and want to gate your content? There are your marching orders. If you want, you can even set up an RSS feed to go through Listmonk, so once you get the templates set, you can forget it.

Plus, it’s cheap, while limiting platform exposure to the things you have no business doing. Just a webpage, a single platform, a bulk email service, and a couple of open-source apps that you can host just about anywhere. Sounds crazy, right? Well, this is what I spent the last day or so building. And … it works.

The art of loose magic

You might be wondering, how do you secure this? Easy: Magic links, but with a twist. Basically, one of the frustrating things about magic links is that you have to load a new one every time you want to log in somewhere. Instead, I decided to build a low-key two-factor system. As an end user, you’re asked to click a specific link, and then enter a code that’s in the email. Don’t have the code? Email doesn’t match the hash? You’re not getting in.

(For the nerds, it’s using HMAC tokenization to keep things client-side as best as possible.)

But this approach does have some flexibility that standard magic codes don’t. The code only works in a certain time frame—about a month, with a grace period during the month after, but it does not expire the second you click. That makes it so that you can share it with other devices more easily, or with a coworker who you think would love Tedium if not for the modest amount of ads.

As for the decision to use passcodes: It’s important to have a secure posture, but let’s be honest, if you’re hosting articles about exploding pop bottles, people shouldn’t be sharing their passwords with you. But this approach means that you can share a login over a limited amount of time.

My goal is to eventually share this as a “kit” of sorts on GitHub, that anyone can follow. I will probably put something behind a paywall for it (probably some starter email templates designed by yours truly), just to prove it works, but also to support the project.

Anyway, Tedium does not have a paywall, really. Instead, it’s more of a way to turn off ads. If you would like to try it, sign up for a $3 monthly membership on Ko-Fi.

(By the way: I plan to expand to existing paid supporters soon, whether on Patreon or Ko-Fi. I talked about this about a year ago, but it has taken time to finally get it across the finish line. But this weekend, the pieces fell together.)

This was a fun project, and it took me about a day, start to finish, to get something working. If you’re a Substacker looking at the abyss, let me be clear: You can do it too.