DDoS hit blog that tried to uncover Archive.today founder’s identity in 2023. […] A Tumblr blog post apparently written by the Archive.today founder seems to generally confirm the emails’ veracity, but says the original version threatened to create “a patokallio.gay dating app,” not “a gyrovague.gay dating app.”
https://www.heise.de/en/news/Archive-today-Operator-uses-users-for-DDoS-attack-11171455.html:
By having Archive.today unknowingly let users access the Finnish blogger’s URL, their IP addresses are transmitted to him. This could be a point of attack for prosecuting copyright infringements.
As a longtime editor who makes heavy use of archive.today (it’s often much more effective than the Wayback Machine), I’m deeply conflicted about this, and this is disgusting behavior on the part of archive.today; regardless of what a piece of shit the blog owner is, I hope they see prison time for abusing their trust to perpetrate this DDoS.
Right now, the Wikipedia RfC seems pretty split. This is a complicated issue, so I’m going to need to read and think more before I chime in. Just wild.
I don’t really see it as a complicated issue. Archive[.]today is now an unreliable source that uses its user traffic to engage in malicious activities. By using it, Wikipedia will become unreliable by proxy.
The best course of action is to distance yourself from it as quickly as possible.
I don’t really see it as a complicated issue.
That makes sense from (what I think is) an “outsider’s” perspective. From an “insider’s” perspective*, here’s the problem:
- Wikipedia has a strict verifiability policy.
- This policy states that “Each fact or claim in an article must [correspond to reliable sources]”.
- This policy is the bedrock of Wikipedia. The project is fundamentally unsustainable without it, and we’re still undoing damage from decades ago when the policy either didn’t exist or was too loosely enforced.
- I’m making a third bullet point because I cannot emphasize enough how much “just ignore it lol” cannot work and has never worked.
- Hundreds of thousands of articles have citations sourced to archive.today.
- This is despite the fact that the Internet Archive is prioritized whenever possible. We even have a prolific Internet Archive bot that (when possible) automatically recovers citations.
- The Interrnet Archive complies with blanket takedown requests of a domain very easily. Even if we ignore the ones going forward because now both resources are unreliable, archive.today would have untold millions of webpages archived which the IA does not – many of which are used on Wikipedia.
- Archive.today will archive material that the Internet Archive will simply fail to archive because, on a technical level, it’s just better at capturing a static snap of an article (which is what we want). It’s especially true for paywalled articles, which the Wayback Machine is often stymied by.
- This would also make the Internet Archive the only remaining avenue for archiving URLs, meaning Wikipedia effectively collapses if something happens to the IA (granted that’d already be catastrophic with archive.today, much moreso than archive.today’s hypothetical removal).
- Archiving URLs isn’t just some incidental thing.
- Citations are the backbone of Wikipedia. Casual readers might find them comforting to have. Researchers will rely on them. But editors cannot operate without them. We might actually use them more than readers do, because they help us a) check what’s already there, b) better understand the subject ourselves, and c) expand out the article.
- Link rot is so much more pervasive than I think people fully grasp. When I’m writing an article, if possible, I archive every single source I use at both the Wayback Machine and archive.today, because relying on the link staying up is objectively a mistake (and relying on just one is negligent).
- The security that archives offer generally just incalculably reduces the workload and mental load for editors.
If you’ve ever tried to add a citation on Wikipedia to a sentence that says “citation needed”, you’ve rubbed up against Brandolini’s law. A corollary is that it’s much, much harder to cite an uncited statement than it is to create one. If you remove archive.today, you flood Wikipedia with hundreds of thousands of these. It’s dampened a bit by the fact that the citation metadata is still there and that some URLs will still be live, but I cannot emphasize – as an editor of nearly 10 years, with over 25,000 contributions, and who’s authored two featured articles – that you’d introduce a workload that could never be done, whose repurcussions would be felt for decades at a time when Wikipedia is already on shaky footing.
Even if you somehow poofed away all that work, there are bound to be tens of thousands of statements in articles you have to get rid of because they simply cannot be reasonably sourced anywhere else. For many, many statements, this is not incidental information independent from the rest of the article; many of these removals would require you to fundamentally restructure the surrounding prose or even the entire article.
It’s hard for me to explain that you just have to “trust me bro” that those people voting “Option C” take what archive.today did very seriously and recognize that either option is going to mean major, irreparable damage to the project. Wikipedia is a lot different from the editing side than it is on the reading one; sometimes it’s liberating, sometimes it’s horrifying, and in this case it’s “I could use a hug”.
* “Outsider” and “insider” used to denote experience editing; most anyone can do anything on Wikipedia from the get-go.
“As quickly as possible” pulls a lot of weight in my statement. Just like when the EU is trying to cut our dependence with US payment providers, Wikipedia can’t do it overnight. The best time to plant a tree was 10 years ago, the next best time is right now.
Cutting ties with archive[.]today takes a long time, but the longer the decision to cut it takes, the longer to the ties are actually cut. It’s all about “make haste slowly”, ie. do a lot of planning on how to actually cut the ties with minimal impact so you can do it when forced to (for example if FBI were to take the servers one day) or when you decide that the independence from archive[.]today is more valuable than the remaining impact of cutting dependence. This could take half a year, a year, or more.
But indecision will at some point put you in a worse position: You are funneling your traffic to a malicious website that actively participates in DDoS attacks by using users’ traffic (including those coming from Wikipedia) to carry out the attack. Indecision can open you up to serious litigation and reputational damage by proximity. Given that archive[.]today crossed the line to malicious activity by misusing their traffic, what’s to stop them from malicious activity by misusing their content? IMO even if you think the integrity of your content and its sources are too valuable (and trust me, I think it’s very valuable) you need to consider this as a warning sign and realise that nothing’s stopping archive[.]today from losing the editorial integrity that you rely on.
So my suggestion, brainstorm ideas that would make you independent: Make agreements with IA to improve retention, roll your own archiver, make a deal with news orgs to show their articles as citations (this last one I actually like most the more I think about it. A good negotiator can call it advertising for the news org and you’ll at the same time not infringe on copyright like archive[.]today is). If you wait until point of no return, the choice has already been made for you whether you like it or not. And worst part is that you’d scramble to find a solution instead of the best solution.
So my suggestion, brainstorm ideas that would make you independent:
Editors have been doing this for years.
Make agreements with IA to improve retention,
The IA already lives on a razor’s edge in terms of copyright and is doing everything it thinks it can to push that. Many websites leave the IA be because having free, independent archives can benefit them, but it doesn’t take a lot for a copyright holder to say: “Hey, you’re hosting my IP verbatim, I sent you a takedown request, you didn’t comply, and I’m taking you to court.”
You can’t just “make agreements” for the IA to violate copyright law (more than it arguably already is). They’re already doing the best they can, and pushing them to do more would endanger Wikipedia even worse. It’s not an exaggeration to say that the IA dying would be a project-wide apocalypse.
roll your own archiver,
I’d bet it could be done if the IA went down, triggering a project-wide crisis, but among other things, I’m sure the Wikimedia Foundation doesn’t want to paint a target on its backs. We’re very cautious when it comes to copyrighted material hosted on Wikimedia projects, and this would be dropping a fork into a blender for us.
make a deal with news orgs to show their articles as citations (this last one I actually like most the more I think about it. A good negotiator can call it advertising for the news org and you’ll at the same time not infringe on copyright like archive[.]today is).
I don’t think I understand one. The Wikimedia project gets to host verbatim third-party news articles? This is creative but completely unrealistic; you’d be asking news organizations to place their work under a copyleft license for citing on Wikipedia (that’s what we host except for minimal, explicitly labeled fair use material that has robust justification). It’d be a technical nightmare any way you slice it, and logistically it’d be a clusterfuck.
Even if you magically overcame those problems, Wikipedia exists to be neutral and independent, and this “wink wink nudge nudge ;)” quasi-advertising deal would look corrupt as fuck – us showing preferential treatment for certain sources not based on their quality but on their willingness to do us favors.
If you wait until point of no return, the choice has already been made for you whether you like it or not. And worst part is that you’d scramble to find a solution instead of the best solution.
Here’s the thing: we know. This RfC is full of highly experienced editors deciding if Wikipedia is going to amputate. Option A means immediate, catastrophic, irreversible, mostly unfixable damage to Wikipedia. That is something that needs to be thought through, and your suggestions – which are appreciated for showing you’re giving it real thought – reflect that people who don’t regularly edit can’t really, viscerally understand how completely screwed Wikipedia is by this.
The Wikimedia project gets to host verbatim third-party news articles? This is creative but completely unrealistic
It would be just like the extant https://en.wikipedia.org/wiki/Wikipedia:The_Wikipedia_Library.
In the worst case we could just run Megalodon on all the archive.today URLs
I think you have a very severe misunderstanding of the Wikipedia Library, which I have access to and frequently use. The WPL allows active editors in good standing to access paywalled sources.
- You must have an account which is 6+ months old, has made 500 edits, has 10+ edits in the last month, and is not blocked. (an extreme minority of editors, let alone readers.)
- You must first apply to gain access.
- For publications with limited subscriptions, you must individually apply on top of your WPL access.
- Critically: the WPL does not host any of these publications. You are taken to them via a portal and given an access token.
I can’t emphasize enough how absurd this comparison is. “Solar farms exist; building a Dyson sphere would be basically the same thing. Let’s get to work.” And the thing is: I wish you were right.
Edit: That said, if you ever need copyleft material, we do maintain Wikimedia Commons for media generally and Wikisource which is a transcribed digital library of free sources. Much narrower in scope than this, but I highly recommend them!
I am an active editor lol. I’m saying that the proposal is to establish something similar to TWL for media URLs. It would serve the same purpose for editors as a major complaint in the discussion was over addition of Archive.today links to bypass paywalls. Obviously developing this deal would take a lot of work but it is workable.
You must first apply to gain access.
That’s not true. Anyone who meets the stats you mentioned may access TWL.
the WML does not host any of these publications
Indeed, that’s what makes it legally sound and prevents us from needing to relicense. We don’t need to license the content to copyleft for the thing to work.
- Wikipedia has a strict verifiability policy.
Is it really an “unreliable source”, though? The owner of the site is acting maliciously with regards to this DDOS, of course, but that doesn’t necessarily mean he’s going to act maliciously about the contents of archive.today itself.
One could make the case that the owner of archive.today was already flagrantly flouting copyright law, and therefore a criminal, and therefore “unreliable” right from the get-go. Let’s not leap to conclusions here.
Using visiting clients for attacking makes the site malicious, and it’s because the owner decided it should be, not because it was hacked or got served “spicy” ads or something.
Since this jarhead has no qualm in weaponizing his site, dragging every visitor into this, and threatening the owner of a small blog with creating a whole category of AI porn just for a blog post from 2 years ago: what if he decides he could use visiting clients for other uses, like crypto mining? If my wiki had 700k links pointing there, i’d think hard about my choices, and would want to reduce my dependency on such a source.
Sure, I’m not saying this isn’t “malicious.”
I’m questioning why this particular instance of lawbreaking makes his site an “unreliable source”, whereas all the copyright violation he’s been up to all along didn’t? And now you’re bringing in speculative instances of future lawbreaking that also seem unrelated, what does crypto mining have to do with the reliability of the sources archived there?
My point here is that people are jumping from “he did something bad that I don’t like!” to “therefore everything he does is bad and wrong!” Without a clear logical connection between those things. Sure, the DDOS thing is a good reason to try to avoid sending traffic to his site. But that has nothing to do with the reliability of the information stored there.
To be fair, your argument has been made by others on the RfC too, comparing the situation with Wikipedia linking to Anna’s Archive.
Truth is, when being honest, Wikipedia should never have started linking there. It probably started out of noble intentions: making sure sources stay available for everyone.
Now a new factor has come into play - that the site is being weaponized. The admin there has surely the ability to modify whatever he wants, create fake articles, change the wording of others and so on, and has now proven - without a single doubt - that he is not trustworthy.
This means that the reliability of all hosted information has to be questioned as well. And here we are.
Wikipedia should have never linked there? There are legitimate reasons it has been used over archive.org presented in this very thread and multiple link archivers is definitely a good thing so I disagree that it should never have been linked to.
For the second point you can make the opposite claim using the same evidence: the admin has almost certainly had the ability to edit pages that have been archived to their site but does not appear to have done so, making them trustworthy. The fact that they are using it as a botnet does not mean that the information is incorrect and certainly not without a single doubt.
First: It’s pirated content. I do not have an issue with playing fast and loose with copyright, but Wikipedia shouldn’t have started linking there, because pirated content of this volume has the side effect of involving authorities pretty fast. Wikipedia has enemies, they are rich and ressourceful, and this is an attack surface they shouldn’t have.
Second: People do not tend to trust others who behave erratically, and when trust is eroded it’s not so easy to fix it again. In reality it’s this way: nobody knows if the content there has been modified, and trust was the only thing holding all this together.
Haven’t seen anything to indicate that Masha Rabinovich / Denis Petrov / [whoever runs the site] is a jarhead. Where’s that coming from?
In a later email, “Nora Puchreiner” wrote, “I do not care on your blog and its content. I just need the links from Heise and other media to be 404.” One message threatened to investigate “your Nazi grandfather” and “vibecode a gyrovague.gay dating app.” Another threatened to create a public association between Patokallio’s name and AI porn.
A Tumblr blog post apparently written by the Archive.today founder seems to generally confirm the emails’ veracity, but says the original version threatened to create “a patokallio.gay dating app,” not “a gyrovague.gay dating app.” The Tumblr blog has several other recent posts criticizing Patokallio and accusing him of hiding his real name. However, the Gyrovague blog shows Patokallio’s name in a sidebar and discloses that he works for Google in Sydney, Australia, while stating that the blog posts contain only his personal views.
Still not sure I follow but I’ll look again.
“[…] having such a noble and rare name, which in retaliation could be used for the name of a scam project or become a byword for a new category of AI porn…” is a citation of an email from the .today admin to the blogger.
for a 2 year old blog post.
This guy has serious issues, and it’s not only the FBI.
They have shown they are willing to participate in malicious activity by misusing their users’ traffic, what’s stopping them from carrying out malicious activity by misusing their content?
Even if that seems farfetched, by stepping from copyright infringement to cybercrime activities they painted a much larger target on their backs making it much less certain that they’d still be around next year.
As I said, they already shown they were willing to participate in illegal copyright violation right from the site’s inception. Why is one of those things a red line and the other isn’t? They’re both evidence that the site’s controller is willing to flagrantly break laws for their own purposes.
Nothing was ever “stopping them from carrying out malicious activity by misusing their content.” Not from day one.
I would go for something like A - B - A:
- hide the links so the ddos gets migitated, and start replacing the links where possible
- when the malicious code is gone, reinstate the links, deprecate .today, dont stop replacing the links
- when the links in the most commonly requested articles are gone, hide the rest while it waits for replacement.
but i’m no wikipedian, just someone who likes reading talk pages lol
I think the future of wikipedia looks a bit bleak if they drop archive.today now. They need a decent archiver to function. Internet archive is good but its a single group hosted in the US, plus any site with a paywall isn’t surviving on the internet archive very well.
They’ve needed good alternative for awhile and the need is just growing. I wish public libraries could fill the gap but its probably not realistic. We’ve had legal deposit requirements for non-print media in various jurisdictions for awhile but i’m doubtful how effective it is, nor is it convenient to access or use for wikipedia.
To be fair Wayback Machine is not the only option, there are at least 3 other Internet archival services besides archive.today:
- Ghostarchive
- Megalodon
- Etched (warning: cryptobros)
Unfortunately their scrapers are nearly not as developed as Wayback Machine’s and archive.today’s are (Ghostarchive and Megalodon can’t bypass Anubis/Cloudflare check, for example). Ghostarchive is neat when it works because of very high-fidelity captures (even more high-fidelity than archive.today’s captures are), but only something like ~75% of everything I’ve ever archived there works. Oh, and it can also archive short (<10 min) YouTube videos with low/average bitrate.
Megalodon is pretty much useless for Wikipedia because it doesn’t work with, like, half of all online news websites.
I haven’t archived anything on Etched yet, but their premise of “archiving a web page forever on bitcoin” doesn’t seem attractive so I probably won’t use it.
Very True, I have had some good use out of ghostarchive. When it works. There’s also self-hosted options like archivebox. And Several paid solutions like perma.cc. Kiwix/Zim too although that’s focused on wiki’s themselves & offline storage/access so not as useful for sources. But yes I’ve found none get consistantly good archives as much as archive.org or archive.today.
I have not heard of etched, but I do tend to avoid a lot of the crypto stuff.
Its also concerning if any of the archives suddenly going down & the data isn’t backed up. I know the storage requirements alone makes good backups unlikely, but with archive.today looking so volitile I wonder if one’s going to be needed.
Edit: added links & spelling
We need an open-source internet archive site that isn’t based in the USA and isn’t run by someone who’ll jeopardize the whole enterprise to attack someone’s blog. Archive.today is a great thing to exist on the Internet and I hope it continues, but we need one that we know isn’t going to host malware or vanish on us.
That said, I don’t appreciate the blogger’s urge to doxx whoever runs the archive. It’s exactly the kind of site where the admins would need security and anonymity so the US Government or another power doesn’t shut them down. If you doxx the owner you could kill the site.
Regarding the USA point, from the article, there are many indications that the site was founded by someone from Russia:
But in October 2025, the FBI sent a subpoena to domain registrar Tucows seeking “subscriber information on [the] customer behind archive.today” in connection with “a federal criminal investigation being conducted by the FBI.” We wrote about the subpoena, and our story included a link to Patokallio’s 2023 blog post in a sentence that said, “There are several indications that the [Archive.today] founder is from Russia.”
This is the link to the 2023 blog post: https://gyrovague.com/2023/08/05/archive-today-on-the-trail-of-the-mysterious-guerrilla-archivist-of-the-internet/
Honestly this situation is wild. The whole article is a hundred percent worth a read. It’s just… So bizarre. Good luck to you wiki contributers navigating this situation.
This is only tangentially related to the matter at hand, but there seems to be some attack on YouTube with fully LLM-generated channels and videos “covering” this situation: https://ghostarchive.org/archive/dlQhs.
Interesting…
what the fuck
I’m so confused
is archive.today dead now?
So archive.today owners got doxxed and they DDoSed the Doxxer as retaliation? Is that what happened?
No, the original blogpost did not dox the .today owner, it just unearthed some other alias and the general idea that the owner might sit in russia.
2 years pass.
Now Tucows (the domain registrar for .today) got a demand from the FBI for all data they have on .today, which caused news pieces where the blog post was linked.
The .today owner wanted the blog post not reachable from those news articles, and sent an email to the blog owner with the request to “take the blog post down for a few months” so that the news articles wouldn’t link there anymore. Sadly, that mail went into the spam folder and the blogger didn’t see it.
Because there was no reaction to his mail, the owner of .today put code into his captcha page, DDoS-ing the blog. The blogger and the .today-owner later did mail with each other, but the .today-owner seems to be a pretty unreasonable and rude person.
Wikipedia is now split: on the one side, .today is the actual best archive site, because it doesn’t care about copyright, censorship and employs advanced scraping techniques, which can bypass a lot of paywalls (which the internet archive does not do). This makes it great for citing sources. On the other side it’s not very trustworthy to insert code in your captcha page that makes your computer part of a DDoS attack.
So now there are 3 options for wikipedia.
- a) remove all archive.today links: this would be very,very disruptive since around 700k links on wikipedia would go dead
- b) phase out archive.today, so that no new links are getting added in the future - that implies looking for an alternative, which could even be the wikimedia foundation itself
- c) do nothing
Hope it helps with the confusion!
It would be pretty incredible if the Wikimedia Foundation started a project to archive the web
I think that’d go pretty far beyond Wikimedia’s mandate, but having something whose purpose was specifically archiving just the sources for their articles would be pretty awesome.
It supports the goal of free knowledge, so I think it wouldn’t veer far off its mission
You’re misinterpreting what Wikimedia’s “free knowledge” mandate is about. They have a hard-line requirement that the knowlege they distribute is legally free, for example - it has to be under an open license. archive.today is quite the opposite of that. They don’t just archive any old knowledge willy-nilly, they’ve got standards. And so forth.
Simply running an archive.today clone would not fit. The “source documents only” archive would already be stretching the edges rather far. There’s already Wikisource, for example, and it’s got the “open licenses only” restriction.
Archived pages wouldn’t necessarily be the knowledge they distribute, just ways to verify the knowledge they distribute is correct. Content from The Wikipedia Library (which provides access to academia) isn’t relicensed at all, for example. Such a service would be a project but not a sister project like Wikisource is,
Wikimedia is an American organisation. In an America where legality is thrown out the window regularly, where foundational laws (e.g. murder, the constitution, etc) clearly no longer matter for the ruling party and vast swathes of people that follow them, what is legally free now?
I understand your point, I just think this is something to ponder. Is the free knowledge part more, or less, important than the legal part of their goal? Does the legal part truly matter any more?
To archive the human-made parts of the web at least, which is going to become both increasingly difficult and increasingly important as AI slop sends the signal-to-noise spiralling asymptotically towards zero. I might actually stop mercilessly blocking their donation drives if they attempt that, to be honest.
We had some discussion about this when the developer published the blog post originally: https://lemmy.dbzer0.com/post/63367640
Edit: I was actually thinking of this thread https://sh.itjust.works/post/54542523
This is pretty wild indeed.
As an editor, I tried to not use archive.today and so far I’ve succeeded.
I’m tempted to chip in, so far I was an observer.
Removed by mod
