I feel like this could be solved with a simple, non intrusive notification of sorts. It could be implemented in a number of ways. 1 small pop up in upper right with FYI you're being charged. It wouldn't restrict your access or make you interact. 2 small notif in upper left with FYI you've been charged, click here if you didn't want to be charged. 3 small notif with FYI you need to pay. Click to confirm payment. Click to always auto confirm payment on this site. If not paid in 30-60 seconds then it looks you out of content until you pay. My understanding is they are removing the 5 step process requiring personal info and cc numbers and addresses so that micro payments are instantaneous and easy. Keep in mind that anything less than 4 steps is an improvement. We basically just need a one click payment like Amazon for every site. Sent from mobile. Apologies for not being more thorough or graciously typed.
1 & 2 allow losing money in proportion to time spent afk; 3 sounds workable. I agree that simplifying to 1-click would be a vast improvement. But pay-without-even-doing-anything is getting carried away; requiring some action to confirm a payment is more than an inconvenience. The confirmation could be implicit in the link to the content -- a special-looking link could skip the payment confirmation prompt (which would be used if the same URL is reached by any other means). This would have much of the convenience of 0-click, while meeting the sanity requirement that payment is not made without action agreeing to it.
Another option is implementing an undo style - like Google has with deleted emails - so that you have zero action required but still control to a point. Obviously a bit of diligence is required but if we are talking about micro payments then it's not the most horrible thing in the world if a few slip by. Modern browsers also have a lot more information about a user's current state. With a couple scripts on my site I can pretty much always know if a user is active or not and even throw up a massive modal dialog when they are about to leave the page. If people are doing this shit for newsletter sign ups, something should be able to be done for an idea like this. I do still believe that implementing user controlled certification (yes I'm okay giving my money to this site) is the easiest way to curb abuse. We only need to watch out for the single sites that you visit occasionally or may land on from Google. Almost all the sites I currently visit I trust and I trust not to abuse that trust. And in reality there are really only a handful of sites I visit. Sites like NYTimes and Facebook, etc. The occasional time I'm going to be visiting a site that would pull the abusive behavior you're speaking to, I'm going to be begging for control and knowledge and confirmations. Have you ever heard of our used little snitch? It works very well. It's annoying as hell at first bc you are bombarded with pings from every site but after a couple days, I'm rarely bothered with notifs. When there is a notification, I certainly look carefully and appreciate the intervention. Another option is implementing an undo style - like Google has with deleted emails - so that you have zero action required but still control to a point. Obviously a bit of diligence is required but if we are talking about micro payments then it's not the most horrible thing in the world if a few slip by. Modern browsers also have a lot more information about a user's current state. With a couple scripts on my site I can pretty much always know if a user is active or not and even throw up a massive modal dialog when they are about to leave the page. If people are doing this shit for newsletter sign ups, something should be able to be done for an idea like this. I do still believe that implementing user controlled certification (yes I'm okay giving my money to this site) is the easiest way to curb abuse. We only need to watch out for the single sites that you visit occasionally or may land on from Google. Almost all the sites I currently visit I trust and I trust not to abuse that trust. And in reality there are really only a handful of sites I visit. Sites like NYTimes and Facebook, etc. The occasional time I'm going to be visiting a site or does that would pull the abusive behavior you're speaking to, I'm going to be begging for control and knowledge.