Seems like you should have some way to know you are paying.
Zero-click is eminently abusable: how many 402-returning iframes is one page allowed to embed? If the answer is finite, people who want to surf without paying can surf in an iframe. Ways to overcharge and ways to avoid payment would abound because you can't add access restrictions as an afterthought. Even a trusted-site model would allow for other sites embedding trusted paid content, and other "containment" problems. The only way to prevent abuse is to have the use confirm the payments, as only the user can judge whether they're accessing new content they want to pay for.
this can be solved pretty easily with aggressive ratelimiting, maximum payouts, disallowing use in iframes (i can't see much reason for it, they're mostly used for ads), graphed expenditures, and other such things. you don't have to be entirely automatic to improve ux, just mostly automatic for the things that people care about.
A rate limit means either you can only view one restricted article per time period, or once you've viewed one you can download all the others for free, or some compromise that fails a bit in both directions; a rate limit also allows a page to refresh itself every $rate_limit seconds and keep re-charging you while you're afk (now multiply by N tabs). There would be endless such problems because the goal itself is a bad idea; allowing people to charge you without your consent leads to people taking your money without your consent. Not being looted requires a way to specify when payment should be allowed, but only the user can decide what constitutes a fair "unit" of payable content.
I feel like this could be solved with a simple, non intrusive notification of sorts. It could be implemented in a number of ways. 1 small pop up in upper right with FYI you're being charged. It wouldn't restrict your access or make you interact. 2 small notif in upper left with FYI you've been charged, click here if you didn't want to be charged. 3 small notif with FYI you need to pay. Click to confirm payment. Click to always auto confirm payment on this site. If not paid in 30-60 seconds then it looks you out of content until you pay. My understanding is they are removing the 5 step process requiring personal info and cc numbers and addresses so that micro payments are instantaneous and easy. Keep in mind that anything less than 4 steps is an improvement. We basically just need a one click payment like Amazon for every site. Sent from mobile. Apologies for not being more thorough or graciously typed.
1 & 2 allow losing money in proportion to time spent afk; 3 sounds workable. I agree that simplifying to 1-click would be a vast improvement. But pay-without-even-doing-anything is getting carried away; requiring some action to confirm a payment is more than an inconvenience. The confirmation could be implicit in the link to the content -- a special-looking link could skip the payment confirmation prompt (which would be used if the same URL is reached by any other means). This would have much of the convenience of 0-click, while meeting the sanity requirement that payment is not made without action agreeing to it.
Another option is implementing an undo style - like Google has with deleted emails - so that you have zero action required but still control to a point. Obviously a bit of diligence is required but if we are talking about micro payments then it's not the most horrible thing in the world if a few slip by. Modern browsers also have a lot more information about a user's current state. With a couple scripts on my site I can pretty much always know if a user is active or not and even throw up a massive modal dialog when they are about to leave the page. If people are doing this shit for newsletter sign ups, something should be able to be done for an idea like this. I do still believe that implementing user controlled certification (yes I'm okay giving my money to this site) is the easiest way to curb abuse. We only need to watch out for the single sites that you visit occasionally or may land on from Google. Almost all the sites I currently visit I trust and I trust not to abuse that trust. And in reality there are really only a handful of sites I visit. Sites like NYTimes and Facebook, etc. The occasional time I'm going to be visiting a site that would pull the abusive behavior you're speaking to, I'm going to be begging for control and knowledge and confirmations. Have you ever heard of our used little snitch? It works very well. It's annoying as hell at first bc you are bombarded with pings from every site but after a couple days, I'm rarely bothered with notifs. When there is a notification, I certainly look carefully and appreciate the intervention. Another option is implementing an undo style - like Google has with deleted emails - so that you have zero action required but still control to a point. Obviously a bit of diligence is required but if we are talking about micro payments then it's not the most horrible thing in the world if a few slip by. Modern browsers also have a lot more information about a user's current state. With a couple scripts on my site I can pretty much always know if a user is active or not and even throw up a massive modal dialog when they are about to leave the page. If people are doing this shit for newsletter sign ups, something should be able to be done for an idea like this. I do still believe that implementing user controlled certification (yes I'm okay giving my money to this site) is the easiest way to curb abuse. We only need to watch out for the single sites that you visit occasionally or may land on from Google. Almost all the sites I currently visit I trust and I trust not to abuse that trust. And in reality there are really only a handful of sites I visit. Sites like NYTimes and Facebook, etc. The occasional time I'm going to be visiting a site or does that would pull the abusive behavior you're speaking to, I'm going to be begging for control and knowledge.