The Internet is completely full of ads . It is the way that many web pages have to subsist, and a way to offer free content to users without them having to pay for it. Some media, however, prefer to choose to include payment walls in exchange for a monthly subscription to access certain content, and a small flaw allows them to be skipped.
Specifically, the bug is something as simple as adding a period to the end of the URL . By doing so, some websites do not show ads, and it is even possible to break payment walls in some American media. It has been a Reddit user who has discovered that, by adding a point to YouTube URLs (just after the .com), the videos do not show ads.
In the case of media such as The New York Times, it is possible to bypass the payment wall to access some news simply by adding that point. The failure can be exploited easily on the computer, and it can also be done on the mobile if we choose the option “Computer version” in the browser, since the change seems to occur at the server level.
Be “Explicit” with Domains, Reason for Failure
The failure is related to the fact that the domain that ends in point is the first one at the hierarchy level, also called “ fully qualified domain name”, or FQDN (fully-qualified domain names) . These types of domains are useful if we access a specific website from an internet.
For example, if we are in a university with a second level domain “campus.edu”. If we access from a university computer, we can access “login.campus.edu” by typing only “login” in the browser. However, imagine that there is a website that you want to access from the university that is outside the university called “http: //www.login”. Putting “login” in the browser takes you to “login.campus.edu”. So if you add the period to the end of the URL (“http: //www.login.”), You can go to the full URL outside the university because it works regardless of local DNS resolution.
In addition, with YouTube the domain fails to load the ads because they are designed to be resolved with “youtube.com”, and not with “youtube.com.”. It also “breaks” cookies and doesn’t save a browsing history, so you can’t disable things like autoplay on YouTube, and there’s no viewing history either.
As is usually the case with these types of tricks, once they are made public, websites usually patch it fairly quickly. Therefore, it is expected that, for the next few days, the affected web pages will fix it and prevent them from taking advantage of the trick simply, something that they can avoid by blocking any external connection to that hostname.