The simplest option is to treat it as a rejection. Users aren't going to be dreaming up (choosing a recent article at random) URIs like /politics/federal/chiefs-of-ontario-says-trudeau-s-carbon-price-is-discriminatory-and-demand-a-review/article_9c995f63-1e26-56c6-9048-79781a9b649c.html in order to get there without some referring party.
Negotiations between Google/Meta and the news organization when defining the service contract can explore alternative options (access token, for example) should it be an imperative, for some reason, that the referrer still be inaccessible. People are allowed to talk to each other.
If that case is beyond "who cares?", which I suspect is not, once the user is granted access to the news the first time then they can be given subsequent access regardless of referrer.
Users are going to be opening links from emails, SMS/MMS/RCS, other apps, and sites which do care about their users' privacy so, yes, this would be a problem for many people.
It can only be a problem for the news agencies – and only if those users are a significant number to impact profitability. If those users don't matter, restricting their access doesn't matter. Who cares if someone who isn't helping your bottom line can't access the content you expect payment for? That’s the whole point of this – to keep out those who are not helping the news business.
Now, each successful entrance into an article via allowable referrer would come with an access token to allow future access absent of referral. When sharing in the small scale, the news agency can simply allow these links to be shared. But if the reach grows wide, suggesting that a major tech source has picked up the link and should be using their contractually settled upon authentication mechanism instead, then the token can be invalidated.
> You should want their views a lot, not try to keep them out!
Views don't pay the bills. They only want viewers who are willing to pay to play (even if by proxy). C-18 ensures that payment is made, else user access is restricted by legal force. Which is the same outcome if it were done by technical force. They don't care about the restrictions on users who are eschewing payment in either case.
Any IM service not operated by a major tech company that the news organization wouldn't also want to collect compensation from is going see such a small number of referrals, who cares? Same goes for the number of people who are going to take the time to hack around it. Who cares?
Negotiations between Google/Meta and the news organization when defining the service contract can explore alternative options (access token, for example) should it be an imperative, for some reason, that the referrer still be inaccessible. People are allowed to talk to each other.