A friend of mine removed a paywall deleting the DOM element that covered the page and all functionality from the site was intact.

Generally, that's all it is.

Honestly, I'm able to do that on about half the sites with a paywall

I generally don't though, because it kinda feels like stealing

Most site owners and developers are fully aware of how easy it is. So if you meet someone who works at a site like that, don't pretend like you're giving them a heads-up by letting them know their paywall can be bypassed. They know.

It's often not seen as 100% necessary to prevent devs from bypassing the paywall as the majority of users don't do it.
And since basically no one can use devTools on mobile devices it's not as big of an issue now that mobile traffic dominates most sites.

On my site we use a server-side paywall. If you aren't a paid subscriber we simply don't output any article text in the initial HTML rendered.

The first reason every site doesn't do this is: Cache and traffic load. If you let every single article request go through to your application server to determine who gets to read it or not - that's too much traffic. Most sites prefer caching the article to reduce the amount of traffic to the origin server.

The second reason is that you might wanna let users read 3 articles for free before getting a paywall. And since that counter is kept clientside it's easier to handle the paywall clientside too.

Follow up: The way my team solved server-side paywalls is basically to let our application server render 2 versions of each article (one full and one locked-down-version) which are cached on an edge-server. The edge-server also runs the function that decides which users are entitled to read the full version.

BUT a minor part of our content still uses "soft paywalls" - the stakeholders want users to be able to read a 3 of those articles per week before getting paywalled. And the checking of that counter is something we can't do in a perfomant way on our edge-server - so that's handled by a dumb clientside paywall instead. Everyone knows it can be bypassed but it's not seen as a big issue.

@jiraTicket I must say that although there's not many options, using the "show simplified view" mode on Google Chrome actually removes a lot of unwanted click bait ads/videos and popups on most websites. It's of course not nearly as useful as dev tools, but at least those advert-ridden news sites with videos every paragraph are readable in this.

@NEMESISprj You're right, ReadModes (both on safari and chrome) probably bypass most soft paywalls.

Except on sites that replace/delete the content as they inject their paywall.

If that's how it was implemented, I don't think it was any worthful website to be proud about.

Another compelling reason for client-side paywalls is search engines. You get to show up on Google while also making users pay.