While I fully support this instance, I wonder what else Cloudflare has set to "Censored", apart for the obvious CSAM
Kwpolska 2 hours ago [-]
1.1.1.2 is their malware-blocking DNS, and 1.1.1.3 is their parental-controls DNS. If you want an unfiltered DNS, use 1.1.1.1 - which resolves archive.today just fine, although archive.today itself refuses to work on Cloudlfare DNS.
sgbeal 2 hours ago [-]
> 1.1.1.2 is their malware-blocking DNS, and 1.1.1.3 is their parental-controls DNS. ...
TIL, thank you. Time to go tweak my pi-hole server...
arvid-lind 2 hours ago [-]
I'm just curious, given all the other options that respect your privacy and don't put data collection at the center of their business model, why do you use Cloudflare on your pi-hole?
sgbeal 46 minutes ago [-]
> why do you use Cloudflare on your pi-hole?
Because "if it ain't broke, don't fix it." i'm not one of those users who want to endlessly tweak their ad blocker. i want to set it up, clicking as few checkboxes as necessary to get it going, and then leave it. However, (now) knowing that Cloudflare filters different only each of their servers, i'm incentivized to go tweak a number in the config (as opposed to researching the pros and cons of every possible provider, a detail i truly have no interest in pursuing).
daymanstep 1 hours ago [-]
Which options respect your privacy?
travoc 56 minutes ago [-]
AdGuard DNS servers are excellent.
nom 44 minutes ago [-]
quad9
TZubiri 34 minutes ago [-]
what is the vector here? dns traffic is practically anonymous, there would have to be some very specific and purposeful trickery going on to link dns traffic to an identity. It sounds like something more hypothetical than a tangible threat model
TZubiri 36 minutes ago [-]
Today we are one of the lucky 10k
surgical_fire 1 hours ago [-]
I have no idea why anyone would use Cloudflare DNS, much less trust their more filtered versions.
8cvor6j844qw_d6 6 minutes ago [-]
Same thoughts. Cloudflare DNS is noticeably slow to resolve on some of my devices.
Switching to literally any other DNS and the same domains resolve instantly.
Could be a issue specific to my location or devices, but its been consistent enough that I stopped bothering.
saaaaaam 1 hours ago [-]
I use cloudflare DNS because it’s faster. But should I worry, having read your comment? What is the downside to using it? What would you recommend instead?
surgical_fire 31 minutes ago [-]
Quad9.
Many years ago I used Cloudflare, and more than once I had issues with them blocking websites I wanted to access.
I absolutely despise that. I want my DNS to resolve domain names, nothing else.
For blocking things I have Pi-Hole, which is under my control for that reason. I can blacklist or whitelist addresses to my needs, not to the whims of a corporation that wants to play gatekeeper to what I can browse.
akerl_ 11 minutes ago [-]
So… why not use 1.1.1.1, cloudflare’s resolver that does not block resolution?
1.1.1.2 and .3 are explicitly offered with filtered responses.
Hamuko 2 hours ago [-]
The "censored" part of archive.today seems unrelated to the filtering itself. 1.1.1.3 flags Pornhub.com as "EDE(17): Filtered" but archive.today is "EDE(16): Censored".
I think there are two angles to look at this. Yes, there’s the attack on the weblog. But there’s also pressure on archive.today, e.g. an FBI investigation [1] and some entity using fictitious CSAM allegations [2].
Jani Patokallio who runs gyrovague.com published a blog post attempting to dox the owner of archive.today.
Jani justifies his doxing as follows "I found it curious that we know so little about this widely-used service, so I dug into it" [1]
Archive.today on the other hand is a charitable archival project offered to the public for free. The operator of Archive.today risks significant legal liability, but still offers this service for free.
It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone. The only credible reason for Jani to publish something like this is if he desires to cause physical harm to the operator of archive.today
Or are we just looking at an unhinged fan stalking their favorite online celebrity?
People were critical of the Banksy piece, but this is much nastier. At least Banksy is a huge business, archive.today does not even make money.
Mogzol 1 hours ago [-]
All your comments are painting archive.today as an innocent victim in all this, but in addition to the DDoS, they have been caught modifying archived pages as well as sending actual threats to Patokallio [1] which in my opinion seem far worse than the "doxxing".
Just the fact alone that they modified archived pages has completely ruined their credibility, and over what? A blog post about them that (a) wasn't even an attack, it is mostly praising archive.today, and (b) doesn't reveal any true identities or information that isn't already easily accessible.
From my perspective at least, archive.today seems like the unhinged one, not Patokallio.
Patokallio started with his completely unprovoked doxing of archive.today. Doxing someone is an implicit threat of violence, why else would you need their physical identity if not to reach out and touch them?
Both parties here come across as unhinged, but one is clearly much worse than the other.
gyrovague-com 2 hours ago [-]
Jani here. What you describe as "doxxing" consisted of a) a whois lookup for archive.is and b) linking to a StackExchange post from 2020 called "Who owns archive.today" [1]. There is literally no new information about the site's owner in the post, all names have been dug up before and are clearly aliases, and the post states as much.
I don't see how this description changes the fundamental nature of your actions.
Even a half-assed attempt at doxing is still an attempt at doxing.
It'd be much easier to accept that you're acting in good faith had you deleted the post when it became obvious that the target doesn't appreciate it.
You could still do that, and it would very simply be the right thing to do.
thomassmith65 1 hours ago [-]
If the site operator is working for the FSB, doxx away! Although the world needs a better alternative to Internet Archive, it shouldn't be an alternative that is an arm of an authoritarian government.
walletdrainer 49 minutes ago [-]
So you published an article trying to dox the operator of archive.today, but you were lazy about it?
I fail to see how that’s supposed to be any better.
croes 52 minutes ago [-]
Isn’t doxxing most of the time just collecting data from multiple public sources and connect them?
walletdrainer 48 minutes ago [-]
Yes, that is exactly what “doxing” almost always refers to. It’s a very disingenuous response.
tomalbrc 34 minutes ago [-]
You disgusting weasel
KronisLV 9 minutes ago [-]
> It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.
Why even do that, then? Why not just make a public post of theirs like: "Hey, here's someone trying to doxx me, and here's the unfair and fictitious bullshit the lying government is trying to pin on me. Here's all the facts, decide for yourselves."
Why do something as childish as DDoSing someone which takes away any basic good will and decency/respect you might have had in the eyes of many?
That way, it'd also be way more clear whether attempts at censorship are motivated by them acting as a bad actor, or some sort of repression and censorship thing.
I don't really have a horse in this race, but it sounds like lashing out to one own's detriment.
dgxyz 2 hours ago [-]
I'm wondering if Jani is possibly going to walk into the wrong party here and get burned. I did some public archival stuff about a decade ago and it was state sponsored and for the intelligence community. I'm not suggesting this is but it'll be very much of interest to competing intelligence services as it's an information control point. None of those are the sort of people you start pissing off by sticking your dick in it. FBI is likely just one of the actors here.
derefr 2 hours ago [-]
You seem the right person to ask about this: why don’t we see any public web archivers operated by individuals or organizations based in countries that aren’t big fans of aiding or listening to American intelligence?
rdevilla 3 hours ago [-]
Perhaps Mr. Patokallio would like the same scrutiny applied to his own life now - it's only fair, and we have the technology.
rcakebread 2 hours ago [-]
Read the archive.today blog, whoever is running archive.today already made many posts about Patokallio and his family members.
Hamuko 3 hours ago [-]
So the two angles are that archive.today is doing something illegal and also being investigated by American law enforcement?
stuffoverflow 6 hours ago [-]
Archive.today's attack on https://gyrovague.com is still on-going btw. It started just over two months ago. Some IPs get through normally but for example finnish residential IPs get stuck on endless captchas. The JS snippet that starts spamming gyrovague appears after solving the first captcha.
winkelmann 6 hours ago [-]
I'm not a web developer, but I've picked up some bits of knowledge here and there, mostly from troubleshooting issues I encounter while using websites.
I know there are a number of headers used to control cross-site access to websites, and the linked blog post shows archive.today's denial-of-service script sending random queries to the site's search function. Shouldn't there be a way to prevent those from running when they're requested from within a third-party site?
sheept 5 hours ago [-]
You can't completely prevent the browser from sending the request—after all, it needs to figure out whether to block the website from reading the response.
However, browsers will first send a preflight request for non-simple requests before sending the actual request. If the DDOS were effective because the search operation was expensive, then the blog could put search behind a non-simple request, or require a valid CSRF token before performing the search.
bawolff 4 hours ago [-]
> I know there are a number of headers used to control cross-site access to websites
Mostly these headers are designed around preventing reading content. Sending content generally does not require anything.
(As a kind of random tidbit, this is why csrf tokens are a thing, you can't prevent sending so websites test to see if you were able to read the token in a previous request)
This is partially historical. The rough rule is if it was possible to make the request without javascript then it doesn't need any special headers (preflight)
5 hours ago [-]
JasonADrury 5 hours ago [-]
[flagged]
47282847 4 hours ago [-]
One side publishes words, the other DDoSes. One side could just ignore the other and go about their business, the other cannot. One is using force, which naturally leads to resistance and additional attention, the other is not.
Both sides look like they have been bullied in the past and not found their way out of reproducing the pattern yet.
JasonADrury 4 hours ago [-]
SF, DS, KF all only publish words. Presidents use words to direct planes to drop bombs on schools full of little girls.
It's deliberately obtuse to suggest that "words" aren't a big deal.
>One is using force, which naturally leads to resistance and additional attention, the other is not.
I'd say attempting to dox someone and then spreading that information is deploying far more significant force than a minor lazy DDoS attack.
Doxing or attempting to dox someone is effectively threatening them with physical violence. A DDoS is nothing at all in comparison.
croes 4 hours ago [-]
Words can have bad consequences.
We‘ll see what will happen to Banksy after Reuters published words.
throwingcookies 5 hours ago [-]
> The blog is still online and only exists as a part of a harassment campaign targeting archive.today
The blog has a lot of more posts on random topics. Why do you imply that the owner of the bloh is part of a harassment campaign and "only" that is the reason for this years old blog to exist?
JasonADrury 5 hours ago [-]
Because all the content in the past 4+ years is about archive.today?
There are only two posts about archive.today on the blog, and one of them only exists because archive.today started DDoSing them. I fail to see how you could consider the entire blog to be a "harassment campaign", especially considering that the original blog post isn't even negative, it ends with a compliment towards archive.today's creator.
winkelmann 5 hours ago [-]
> all the content in the past 4+ years is about archive.today
Okay, there's one filler post I missed. I'm sure it took a lot of time to write the 16739382nd post explaining what the various things on a boarding pass mean.
ahhhhnoooo 5 hours ago [-]
They have posted twice in four years. Once doing some digging into who runs archive today, and a second time to respond to a ddos attack.
Writing about being ddos'd seems eminently reasonable. So if you elide that, you are talking about a single article in four years.
It's genuinely nothing.
JasonADrury 4 hours ago [-]
The purpose of a thing is what it does.
throwingcookies 3 hours ago [-]
> The purpose of a thing is what it does.
What is the purpose of the DDoS JS in the archive website then? Not DDoS?
JasonADrury 3 hours ago [-]
I'm sure it's DDoS, just like the purpose of gyrovague.com is to attack archive.today
Easy stuff, no?
4 hours ago [-]
jrflowers 4 hours ago [-]
This is a weird way of saying that you wish gyrovague updated more frequently. You could just say “Big fan of his writing, I’d love it if he posted more” if your only complaint is that there aren’t enough recent blog posts on that website
4 hours ago [-]
longislandguido 4 hours ago [-]
You think DDoS (which is illegal btw) is okay as long as you don't like the target?
RobotToaster 4 hours ago [-]
Harassment an doxing are both illegal.
JasonADrury 4 hours ago [-]
I, like almost all people, firmly believe that dropping bombs on people is okay as long as I find the target sufficiently despicable.
Why are you pretending to be surprised by this view that is held by approximately every single person in the world?
Or do you think we should have different standards for DDoS and actual violence?
DaSHacka 2 hours ago [-]
Considering the site itself is an illegal archive of websites, I think its obvious most of us don't treat what's 'legal' as a guide to whats 'moral'.
riedel 4 hours ago [-]
While I would it also better to a bit redact names and details mentioned in the original article in hindsight, I hardly find real defamation. I guess you want to provide random unproven evidence if someone is target of various foreign law enforcement and commercial sites.
In the article they even call for donations to archive.today . As far as I read the tone of the post is full of admiration. Funny thing is that IMHO the rather childish JavaScript attack gives credibility to the post after all.
In all this I somehow hope that we see a legal solution to all this major global copyright crisis that has been reinforced by LLM training. (If you want conspiracy theory: that I guess would be easy monetization for archive these days selling their snapshots)
JasonADrury 3 hours ago [-]
Defamation? No.
Doxing? Yes.
It's clear that the person running archive.today does not actively publicize their identity.
> As far as I read the tone of the post is full of admiration
Exactly like an unhinged fan stalking a celebrity.
riedel 1 hours ago [-]
Totally agreed. Thanks for raising awareness.
Thinking about it, I think we might need better platform rules, maybe even regulations on this. There seems to be pretty much no line of defense, which might explain the rather desperate DoS. If you take anonymity as a right, discussion like ours here on HN are dangerous as well, as they easily make otherwise difficult to find knowledge easily visible. So while a single fan page might go unnoticed, in case of doxing amplification is also a problem. Just my spontaneous thought.
Edit: one afterthought. The story about hacking together a response to the GDPR takedown request quoting press rights and freedom of speech using an LLM shows actually the deeper problem. Actually rights come with obligations (at least ethical ones). At least in Europe press standards are typically rather aware of doxing risks. While actually celebraties also successfully use legal defenses, i still think the defenses for activist are weak balancing interest here (at least if you made something of public interest)
riedel 1 hours ago [-]
While you article is insightful. Can the blog author please redact the actual names and nicks from your orginal blog post (including the exact places where to find the information). As this was discussed below. While I think you had good intentions, but it might be good to also reflect on the rights of that person not be identified.
Edit: I misread the comment initially as from someone with more insight. However, I guess it is obvious that anyone can see the JavaScript and participates involuntarily in the DoS.
throwingcookies 5 hours ago [-]
Why is archive today attacking that website?
nailer 5 hours ago [-]
The linked blog contains a story about who funds archive today and they presumably don’t like being exposed.
JasonADrury 4 hours ago [-]
The crucial context here is that archive.today provides a useful public service for free.
Jani Patokallio runs gyrovague.net in order to harass people who provide useful public services.
It's not surprising that the owner of archive.today does not like being exposed, archiving is a risky business.
drum55 3 hours ago [-]
Should providing a public service absolve all sins?
JasonADrury 3 hours ago [-]
So far, the only sin archive.today has been accused of is retaliating against a guy attempting to dox them.
That's a pretty small sin in my book. To be written off as wildly unsuccessful but entirely justified self defense.
DDoSing gyrovague.com is silly, not evil.
The content on gyrovague.com which targets archive.today is evil, plain and simple.
Permik 55 minutes ago [-]
archive.today has a documented history of altering the archived content, as such they immediately lose the veil of protection of a service of "public good" in my books.
Just my 2 ¢, not that it really matters anymore in this current information-warfare climate and polarization. :/
baal80spam 17 minutes ago [-]
> archive.today has a documented history of altering the archived content
Wow, I had no idea. Thanks.
JasonADrury 7 minutes ago [-]
Archive.org has an even worse history of this, FWIW.
It allows website owners and third parties to tamper with archived content.
Archive.today is by far the best option available.
miken123 3 hours ago [-]
> So far, the only sin archive.today has been accused of is retaliating against a guy attempting to dox them.
I think you're missing that circumventing paywalls is unlawful in most parts of the world.
animuchan 2 hours ago [-]
Respectfully, it's not, in most parts of the world.
choo-t 2 hours ago [-]
> I think you're missing that circumventing paywalls is unlawful in most parts of the world.
And a necessity if you want to archive the content correctly, also necessary if you want the archives to be publicly available.
Hamuko 3 hours ago [-]
Not really sure if circumventing paywalls is that unlawful across the world, but basically copying and pasting an entire web page is just clear and simple copyright violation.
vachina 3 hours ago [-]
I know it's petty. But don't act surprised when you find your garbage strewn all over your lawn next morning after you flipped off your neighbor the fourth time.
kuschkufan 3 hours ago [-]
Look at "i-pay-for-all-online-articles-always" over here.
steveharing1 2 hours ago [-]
You mean just to keep their secrets hidden they hurt others?
choo-t 2 hours ago [-]
Like most companies or state ?
As an individual, keeping their identity private is the only way to prevent oppression.
throwingcookies 5 hours ago [-]
Thanks. I am so confused by this social drama, I feel like I am getting too old for this.
ryandrake 4 hours ago [-]
It’s truly weird and unhinged the extent to which two rando Internet People are willing to grief each other.
throwingcookies 3 hours ago [-]
Parasocialweb 2.0 I suppose.
VERIRoot 5 hours ago [-]
well that exposing is hurting more than 2 for sure
_moof 6 hours ago [-]
Good. You don't get to use my computer for a DDoS. I don't care why the DDoS was happening. I wasn't asked, and that's a serious breach of trust.
rdevilla 6 hours ago [-]
[flagged]
winkelmann 6 hours ago [-]
Call me naive, but I still believe that people generally disapprove of their internet connection being abused to conduct cyber-attacks.
rdevilla 6 hours ago [-]
There are many things people disapprove of that others will unilaterally visit upon them anyway. This is the world of 2026. It's not a normative claim but a descriptive one of the reality we live in today.
longislandguido 5 hours ago [-]
Breach of trust by a site whose unstated primary purpose is bypassing paywalls and ripping off content?
20 years ago during the P2P heyday this was assumed to come with the territory. Play with fire and you could get burned.
If you walk into a seedy brothel in the developing world, your first thought should be "I might get drugged and robbed here" and not what you're going to type in the Yelp review later about their lack of ethics.
bawolff 4 hours ago [-]
Well if we are going to use this analogy, 20 years ago virus scanners also flagged malicious stuff from p2p as a virus, and people still thought putting malicious content on p2p was a shitty thing for someone to do (even if it was somewhat expected).
Nobody was shedding any tears 20 years ago for the virus makers who had their viruses flagged by virus scanners.
kay_o 4 hours ago [-]
Given they are retroactively tampering with past archives it's not exactly trustworhy in the first place
JasonADrury 3 hours ago [-]
Are they tampering with the actual content, or the stuff (login ui, etc) which they have always been open about tampering with?
I always thought that mainstream media sites with paywalls were pretty far down there in the tier list of websites though. Not sure if this analogy lands unless irony was the goal.
f-serif 4 hours ago [-]
A bit context if you are confused why Public DNS server blocking websites. 1.1.1.2 is Malware blocking DNS server similar to AdBlock DNS server. It is not 1.1.1.1 and 1.0.0.1
The DNS tuneling flag alongside C&C/botnet is the odd one — that category implies data exfiltration or firewall bypass, not just aggressive crawling or DDoS behavior. Would be interesting to know what traffic pattern triggered it.
bunbun69 1 hours ago [-]
Good. What archive.today is doing is illegal
croes 50 minutes ago [-]
Two wrong don’t make a right.
Cytobit 21 minutes ago [-]
True, but not relevant.
croes 10 minutes ago [-]
Relevant because Cloudflare manipulated the DNS using a false reasoning
razingeden 7 hours ago [-]
Cloudflare dns has gone back and forth on whether it wants to resolve them since 2019. It’s taken that away and restored it again (intentionally? mistake?) at least four times.
The c&c/botnet designation would seem to be new though.
winkelmann 6 hours ago [-]
As far as I am aware, all previous issues with archive.today and Cloudflare were on account of archive.today taking measures to stop Cloudflare's DNS from correctly resolving their domains, not the other way around.
The current situation is due to Cloudflare flagging archive.today's domains for malicious activity, Cloudflare actually still resolves the domains on their normal 1.1.1.1 DNS, but 1.1.1.2 ("No Malware") now refuses. Exactly why they decided to flag their domains now, over a month after the denial-of-service accusations came out, is unclear, maybe someone here has more information.
Hamuko 5 hours ago [-]
Sounds a bit like when "Finland geoblocked archive.today". In all actuality, there was no geoblocking of the site in Finland by any authorities or ISPs, but rather it was the website owner blocking all Finnish IPs after some undisclosed dispute with Finnish border agents. When something bad happens, people seem a bit too willing to give archive.today the benefit of the doubt.
akerl_ 7 hours ago [-]
Have they? The thing I remember previously was archive.is, and it wasn’t a block, archive.is was serving intentionally wrong responses to queries from cloudflare’s resolvers.
This is notably not a change to how 1.1.1.1 works, it’s specifically their filtered resolution product.
Intentionally, I believe? archive.today iirc has explicitly blocking Cloudflare from resolving them at various times over the years due to Cloudflare DNS withholding requesting-user PII (ip address) in DNS lookups.
Looking forward to when Google Safe Browsing adds their domains as unsafe, as that ripples to Chrome and Firefox users.
vachina 3 hours ago [-]
> Cloudflare dns has gone back and forth.
Just tells me they are an unreliable resolver. Instead of being a neutral web infra, they actively participate in political agendas and censor things they "think" is wrong.
hrmtst93837 7 minutes ago [-]
If you want "neutral" DNS now, run your own resolver and hope upstreams don't backstab you ltaer, because outsourced trust never come free.
akerl_ 1 hours ago [-]
1. As noted in prior comments, Cloudflare wasn’t blocking this site previously. The site operator chose to make their site unresolvable by Cloudflare.
2. 1.1.1.2, the resolver being discussed in this post, is explicitly Cloudflare’s malware-filtered DNS host. 1.1.1.1 does not filter this site.
PeterStuer 4 hours ago [-]
Otoh, without archive.today a substantial % of HN posts would be unreadable for nearly all of the audience.
henearkr 4 hours ago [-]
I doubt it.
You may have mixed it up with archive.org.
JasonADrury 3 hours ago [-]
I suggest you double-check that. Archive.today/archive.is is the one which bypasses paywalls and makes unreadable content readable, not archive.org
henearkr 2 hours ago [-]
Ah! You may well be right. Thanks.
That's bad then, to depend on that for paywall bypass...
I hope very much that the situation evolves into a more satisfactory one.
DanielHall 2 hours ago [-]
[dead]
5 hours ago [-]
charcircuit 7 hours ago [-]
When the heat dies down, hopefully this flag gets removed.
dydgbxx 6 hours ago [-]
Why? It’s accurate and if the owner has chosen to do this for months now, why should we ever trust they won’t again? Nobody should ever use that site and every optional filter should block them.
There's probably a worthwhile discussion to be had about what it takes for a site in this situation to be removed from blocklists. An apology? Surrender to authorities? Halting the malicious activity for a certain period of time?
Regardless, another user reports the attack is still ongoing[1], so this isn't a discussion that's going to happen about archive.today anytime soon.
I suppose “evidence that the site’s leadership has permanently changed” would convince me. Whoever decided to put in the code that causes visitors to DDOS someone should never be running a web site again.
tumdum_ 50 minutes ago [-]
So, in your mind, there is no way for an individual owning archive.today to recover from this?
charcircuit 6 hours ago [-]
>Why?
Because once the problematic content is removed it should no longer be blocked.
>It's accurate
It is neither a C&C server for a botnet, nor any other server related to a botnet. I would not call it accurate.
>Nobody should ever use that site
It has a good reputation for archiving sites, has stead the test of time, and doesn't censor pages like archive.org does allowing you to actually see the history of news articles instead of them being deleted like archive.org does on occasion.
3eb7988a1663 6 hours ago [-]
The site started doctoring archived versions as part of the petty feud. That is, what was supposed to be a historical record, suddenly had content manipulated so as to feed into this fight[0]. There is no redemption. You want to be an archive, you keep it sacrosanct. Put an obvious hosting-site banner overlay if you must, but manipulating the archive is a red-line that was crossed.
...On 20 February 2026, English Wikipedia banned links to archive.today, citing the DDoS attack and evidence that archived content was tampered with to insert Patokallio's name.[19] The decision was made despite concerns over maintaining content verifiability[19] while removing and replacing the second-largest archiving service used across the Wikimedia Foundation's projects.[20] The Wikimedia Foundation had stated its readiness to take action regardless of the community verdict.[19][20]
That line of argument is rather misleading, as some kind of content manipulation is inherent to the service an archive that violates paywalls has to provide. It needs to conceal the accounts it uses to access these websites, and their names and traces are often on the pages it's archiving.
Did AT go beyond that and manipulate any relevant part? That's rather difficult to say now. AT is obviously tampering with evidence, but so is Wikipedia; their admins have heavily redacted their archived Talk pages out of fear one of these pseudonyms might be an actual person, so even what exactly WP accuses AT of is not exactly clear.
charcircuit 4 hours ago [-]
While I disagree with that action I still trust the site as a reliable source. Redemption is possible. Maybe not for Wikipedia, but I don't care about that site and consider it rotten.
JasonADrury 5 hours ago [-]
[flagged]
tredre3 5 hours ago [-]
If archive.today was known to be run by God himself, I would still describe what he is doing as a DDoS and breaching the trust of its users by abusing their browser and bandwidth to conduct his battles.
JasonADrury 5 hours ago [-]
I think you replied to the wrong comment? That doesn't address what I wrote in any way whatsoever.
Unless you're arguing that the response by archive.today retroactively justifies the behaviour of Jani Patokallio, which would be a bizarre take.
InsideOutSanta 5 hours ago [-]
It's not just problematic content, it's criminal behavior. And the site has a bad reputation for archival, given that the owner altered the content of archived articles.
JasonADrury 4 hours ago [-]
>It's not just problematic content, it's criminal behavior.
How is that supposed to be a big deal when the one of core services archive.today provides is obviously illegal anyway?
InsideOutSanta 1 hours ago [-]
I'm not sure how illegal copyright violations really are, given that all major tech companies are doing it. DDoS attacks, on the other hand, are pretty clear-cut.
I also think "but they also do that other crime" doesn't help their case.
charcircuit 4 hours ago [-]
The site commits copyright infringement by showing you content it doesn't have the rights for. This is not the kind of site to go on about morals for.
>the site has a bad reputation
Not compared to archive.org. archive.is has a much better track record.
InsideOutSanta 1 hours ago [-]
I'm not sure whether you're making a joke or confusing the two websites.
walletdrainer 43 minutes ago [-]
You’re just not at all familiar with the subject.
Archive.org is awful. It allows site owners and random third parties to edit old archived pages.
Archive.today does not.
gbear605 6 hours ago [-]
It is in fact a botnet - they’ve been hijacking user browsers to act as a botnet to DDoS.
charcircuit 4 hours ago [-]
Are Hacker News users part of a botnet since they link to sites that when people click they go down due to all of the traffic? Am I part of a botnet if I have HN open as it means HN can execute javascript? I think it's stretching the definition.
JasonADrury 6 hours ago [-]
[flagged]
quotemstr 6 hours ago [-]
Because it's not the place of a DNS resolver to police the internet.
qzzi 5 hours ago [-]
1.1.1.1 is simply a free DNS, 1.1.1.2 blocks malware, and 1.1.1.3 blocks both malware and adult content. It's a service that does exactly what it's supposed to do.
ryandrake 5 hours ago [-]
If I specifically choose a DNS server that promises to not resolve sites that will use my computer in a botnet, then it is that DNS resolver’s place to do that.
dqh 5 hours ago [-]
This particular revolver is an opt-in service for users that want Cloudflare to block anything that Cloudflare designates as malware.
bawolff 4 hours ago [-]
Literally what the product is here.
bawolff 4 hours ago [-]
Unlikely unless their behaviour changes.
They arent being flagged because of the attention.
algolint 1 hours ago [-]
[dead]
ddactic 4 hours ago [-]
[dead]
3842056935870 6 hours ago [-]
[dead]
chloecv 3 hours ago [-]
[dead]
andor 5 hours ago [-]
Bulletproof hosting service not happy that someone is running their C&C infrastructure elsewhere
Rendered at 11:44:11 GMT+0000 (Coordinated Universal Time) with Vercel.
Ditto for their other domains like archive.is and archive.ph
Example DoH request:
$ curl -s "https://1.1.1.2/dns-query?name=archive.is&type=A" -H "accept: application/dns-json"
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"archive.is","type":1}],"Answer":[{"name":"archive.is","type":1,"TTL":60,"data":"0.0.0.0"}],"Comment":["EDE(16): Censored"]}
---
Relevant HN discussions:
https://news.ycombinator.com/item?id=46843805 "Archive.today is directing a DDoS attack against my blog"
https://news.ycombinator.com/item?id=47092006 "Wikipedia deprecates Archive.today, starts removing archive links"
https://news.ycombinator.com/item?id=46624740 "Ask HN: Weird archive.today behavior?" - Post about the script used to execute the denial-of-service attack
Wikipedia page on deprecating and replacing archive.today links:
https://en.wikipedia.org/wiki/Wikipedia:Archive.today_guidan...
TIL, thank you. Time to go tweak my pi-hole server...
Because "if it ain't broke, don't fix it." i'm not one of those users who want to endlessly tweak their ad blocker. i want to set it up, clicking as few checkboxes as necessary to get it going, and then leave it. However, (now) knowing that Cloudflare filters different only each of their servers, i'm incentivized to go tweak a number in the config (as opposed to researching the pros and cons of every possible provider, a detail i truly have no interest in pursuing).
Switching to literally any other DNS and the same domains resolve instantly.
Could be a issue specific to my location or devices, but its been consistent enough that I stopped bothering.
Many years ago I used Cloudflare, and more than once I had issues with them blocking websites I wanted to access.
I absolutely despise that. I want my DNS to resolve domain names, nothing else.
For blocking things I have Pi-Hole, which is under my control for that reason. I can blacklist or whitelist addresses to my needs, not to the whims of a corporation that wants to play gatekeeper to what I can browse.
1.1.1.2 and .3 are explicitly offered with filtered responses.
Supposedly it should be an external party that's requiring Cloudflare not to publish the DNS record. https://www.rfc-editor.org/rfc/rfc8914.html#name-extended-dn...
[1]: https://arstechnica.com/tech-policy/2025/11/fbi-subpoena-tri... [2]: https://adguard-dns.io/en/blog/archive-today-adguard-dns-blo...
Jani justifies his doxing as follows "I found it curious that we know so little about this widely-used service, so I dug into it" [1]
Archive.today on the other hand is a charitable archival project offered to the public for free. The operator of Archive.today risks significant legal liability, but still offers this service for free.
[1]: https://gyrovague.com/2026/02/01/archive-today-is-directing-...
It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone. The only credible reason for Jani to publish something like this is if he desires to cause physical harm to the operator of archive.today
Or are we just looking at an unhinged fan stalking their favorite online celebrity?
People were critical of the Banksy piece, but this is much nastier. At least Banksy is a huge business, archive.today does not even make money.
Just the fact alone that they modified archived pages has completely ruined their credibility, and over what? A blog post about them that (a) wasn't even an attack, it is mostly praising archive.today, and (b) doesn't reveal any true identities or information that isn't already easily accessible.
From my perspective at least, archive.today seems like the unhinged one, not Patokallio.
[1] https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-a...
Patokallio started with his completely unprovoked doxing of archive.today. Doxing someone is an implicit threat of violence, why else would you need their physical identity if not to reach out and touch them?
Both parties here come across as unhinged, but one is clearly much worse than the other.
[1] https://webapps.stackexchange.com/questions/145817/who-owns-...
Even a half-assed attempt at doxing is still an attempt at doxing.
It'd be much easier to accept that you're acting in good faith had you deleted the post when it became obvious that the target doesn't appreciate it.
You could still do that, and it would very simply be the right thing to do.
I fail to see how that’s supposed to be any better.
Why even do that, then? Why not just make a public post of theirs like: "Hey, here's someone trying to doxx me, and here's the unfair and fictitious bullshit the lying government is trying to pin on me. Here's all the facts, decide for yourselves."
Why do something as childish as DDoSing someone which takes away any basic good will and decency/respect you might have had in the eyes of many?
That way, it'd also be way more clear whether attempts at censorship are motivated by them acting as a bad actor, or some sort of repression and censorship thing.
I don't really have a horse in this race, but it sounds like lashing out to one own's detriment.
I know there are a number of headers used to control cross-site access to websites, and the linked blog post shows archive.today's denial-of-service script sending random queries to the site's search function. Shouldn't there be a way to prevent those from running when they're requested from within a third-party site?
However, browsers will first send a preflight request for non-simple requests before sending the actual request. If the DDOS were effective because the search operation was expensive, then the blog could put search behind a non-simple request, or require a valid CSRF token before performing the search.
Mostly these headers are designed around preventing reading content. Sending content generally does not require anything.
(As a kind of random tidbit, this is why csrf tokens are a thing, you can't prevent sending so websites test to see if you were able to read the token in a previous request)
This is partially historical. The rough rule is if it was possible to make the request without javascript then it doesn't need any special headers (preflight)
Both sides look like they have been bullied in the past and not found their way out of reproducing the pattern yet.
It's deliberately obtuse to suggest that "words" aren't a big deal.
>One is using force, which naturally leads to resistance and additional attention, the other is not.
I'd say attempting to dox someone and then spreading that information is deploying far more significant force than a minor lazy DDoS attack.
Doxing or attempting to dox someone is effectively threatening them with physical violence. A DDoS is nothing at all in comparison.
The blog has a lot of more posts on random topics. Why do you imply that the owner of the bloh is part of a harassment campaign and "only" that is the reason for this years old blog to exist?
There are only two posts about archive.today on the blog, and one of them only exists because archive.today started DDoSing them. I fail to see how you could consider the entire blog to be a "harassment campaign", especially considering that the original blog post isn't even negative, it ends with a compliment towards archive.today's creator.
But it's not? This was published between the two posts about archive.today: https://gyrovague.com/2025/02/23/anatomy-of-a-boarding-pass-...
Writing about being ddos'd seems eminently reasonable. So if you elide that, you are talking about a single article in four years.
It's genuinely nothing.
What is the purpose of the DDoS JS in the archive website then? Not DDoS?
Easy stuff, no?
Why are you pretending to be surprised by this view that is held by approximately every single person in the world?
Or do you think we should have different standards for DDoS and actual violence?
Doxing? Yes.
It's clear that the person running archive.today does not actively publicize their identity.
> As far as I read the tone of the post is full of admiration
Exactly like an unhinged fan stalking a celebrity.
Thinking about it, I think we might need better platform rules, maybe even regulations on this. There seems to be pretty much no line of defense, which might explain the rather desperate DoS. If you take anonymity as a right, discussion like ours here on HN are dangerous as well, as they easily make otherwise difficult to find knowledge easily visible. So while a single fan page might go unnoticed, in case of doxing amplification is also a problem. Just my spontaneous thought.
Edit: one afterthought. The story about hacking together a response to the GDPR takedown request quoting press rights and freedom of speech using an LLM shows actually the deeper problem. Actually rights come with obligations (at least ethical ones). At least in Europe press standards are typically rather aware of doxing risks. While actually celebraties also successfully use legal defenses, i still think the defenses for activist are weak balancing interest here (at least if you made something of public interest)
Edit: I misread the comment initially as from someone with more insight. However, I guess it is obvious that anyone can see the JavaScript and participates involuntarily in the DoS.
Jani Patokallio runs gyrovague.net in order to harass people who provide useful public services.
It's not surprising that the owner of archive.today does not like being exposed, archiving is a risky business.
That's a pretty small sin in my book. To be written off as wildly unsuccessful but entirely justified self defense.
DDoSing gyrovague.com is silly, not evil.
The content on gyrovague.com which targets archive.today is evil, plain and simple.
Just my 2 ¢, not that it really matters anymore in this current information-warfare climate and polarization. :/
Wow, I had no idea. Thanks.
It allows website owners and third parties to tamper with archived content.
Look here, for example: https://web.archive.org/web/20140701040026/http://echo.msk.r...
Archive.today is by far the best option available.
I think you're missing that circumventing paywalls is unlawful in most parts of the world.
And a necessity if you want to archive the content correctly, also necessary if you want the archives to be publicly available.
As an individual, keeping their identity private is the only way to prevent oppression.
20 years ago during the P2P heyday this was assumed to come with the territory. Play with fire and you could get burned.
If you walk into a seedy brothel in the developing world, your first thought should be "I might get drugged and robbed here" and not what you're going to type in the Yelp review later about their lack of ethics.
Nobody was shedding any tears 20 years ago for the virus makers who had their viruses flagged by virus scanners.
Here is the DDoS context https://gyrovague.com
The c&c/botnet designation would seem to be new though.
The current situation is due to Cloudflare flagging archive.today's domains for malicious activity, Cloudflare actually still resolves the domains on their normal 1.1.1.1 DNS, but 1.1.1.2 ("No Malware") now refuses. Exactly why they decided to flag their domains now, over a month after the denial-of-service accusations came out, is unclear, maybe someone here has more information.
This is notably not a change to how 1.1.1.1 works, it’s specifically their filtered resolution product.
https://news.ycombinator.com/item?id=19828702
Looking forward to when Google Safe Browsing adds their domains as unsafe, as that ripples to Chrome and Firefox users.
Just tells me they are an unreliable resolver. Instead of being a neutral web infra, they actively participate in political agendas and censor things they "think" is wrong.
2. 1.1.1.2, the resolver being discussed in this post, is explicitly Cloudflare’s malware-filtered DNS host. 1.1.1.1 does not filter this site.
You may have mixed it up with archive.org.
That's bad then, to depend on that for paywall bypass...
I hope very much that the situation evolves into a more satisfactory one.
Regardless, another user reports the attack is still ongoing[1], so this isn't a discussion that's going to happen about archive.today anytime soon.
[1] https://news.ycombinator.com/item?id=47474777
Because once the problematic content is removed it should no longer be blocked.
>It's accurate
It is neither a C&C server for a botnet, nor any other server related to a botnet. I would not call it accurate.
>Nobody should ever use that site
It has a good reputation for archiving sites, has stead the test of time, and doesn't censor pages like archive.org does allowing you to actually see the history of news articles instead of them being deleted like archive.org does on occasion.
Did AT go beyond that and manipulate any relevant part? That's rather difficult to say now. AT is obviously tampering with evidence, but so is Wikipedia; their admins have heavily redacted their archived Talk pages out of fear one of these pseudonyms might be an actual person, so even what exactly WP accuses AT of is not exactly clear.
Unless you're arguing that the response by archive.today retroactively justifies the behaviour of Jani Patokallio, which would be a bizarre take.
How is that supposed to be a big deal when the one of core services archive.today provides is obviously illegal anyway?
I also think "but they also do that other crime" doesn't help their case.
>the site has a bad reputation
Not compared to archive.org. archive.is has a much better track record.
Archive.org is awful. It allows site owners and random third parties to edit old archived pages.
Archive.today does not.
They arent being flagged because of the attention.