this post was submitted on 11 Feb 2026
206 points (98.6% liked)

Technology

81026 readers
5979 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
206
Archive.today CAPTCHA page executes DDoS; Wikipedia considers banning site (arstechnica.com)
submitted 1 day ago* (last edited 1 day ago) by Aatube@thriv.social to c/technology@lemmy.world
41 comments fedilink hide all child comments
 

DDoS hit blog that tried to uncover Archive.today founder's identity in 2023. [...] A Tumblr blog post apparently written by the Archive.today founder seems to generally confirm the emails’ veracity, but says the original version threatened to create “a patokallio.gay dating app,” not “a gyrovague.gay dating app.”

https://www.heise.de/en/news/Archive-today-Operator-uses-users-for-DDoS-attack-11171455.html:

By having Archive.today unknowingly let users access the Finnish blogger's URL, their IP addresses are transmitted to him. This could be a point of attack for prosecuting copyright infringements.

you are viewing a single comment's thread
view the rest of the comments
[–] VonReposti@feddit.dk 52 points 1 day ago (2 children)

I don't really see it as a complicated issue. Archive[.]today is now an unreliable source that uses its user traffic to engage in malicious activities. By using it, Wikipedia will become unreliable by proxy.

The best course of action is to distance yourself from it as quickly as possible.

[–] TheTechnician27@lemmy.world 44 points 1 day ago* (last edited 1 day ago) (1 children)

I don’t really see it as a complicated issue.

That makes sense from (what I think is) an "outsider's" perspective. From an "insider's" perspective*, here's the problem:

  • Wikipedia has a strict verifiability policy.
    • This policy states that "Each fact or claim in an article must [correspond to reliable sources]".
    • This policy is the bedrock of Wikipedia. The project is fundamentally unsustainable without it, and we're still undoing damage from decades ago when the policy either didn't exist or was too loosely enforced.
    • I'm making a third bullet point because I cannot emphasize enough how much "just ignore it lol" cannot work and has never worked.
  • Hundreds of thousands of articles have citations sourced to archive.today.
    • This is despite the fact that the Internet Archive is prioritized whenever possible. We even have a prolific Internet Archive bot that (when possible) automatically recovers citations.
    • The Interrnet Archive complies with blanket takedown requests of a domain very easily. Even if we ignore the ones going forward because now both resources are unreliable, archive.today would have untold millions of webpages archived which the IA does not – many of which are used on Wikipedia.
    • Archive.today will archive material that the Internet Archive will simply fail to archive because, on a technical level, it's just better at capturing a static snap of an article (which is what we want). It's especially true for paywalled articles, which the Wayback Machine is often stymied by.
  • This would also make the Internet Archive the only remaining avenue for archiving URLs, meaning Wikipedia effectively collapses if something happens to the IA (granted that'd already be catastrophic with archive.today, much moreso than archive.today's hypothetical removal).
  • Archiving URLs isn't just some incidental thing.
    • Citations are the backbone of Wikipedia. Casual readers might find them comforting to have. Researchers will rely on them. But editors cannot operate without them. We might actually use them more than readers do, because they help us a) check what's already there, b) better understand the subject ourselves, and c) expand out the article.
    • Link rot is so much more pervasive than I think people fully grasp. When I'm writing an article, if possible, I archive every single source I use at both the Wayback Machine and archive.today, because relying on the link staying up is objectively a mistake (and relying on just one is negligent).
    • The security archives offer generally just incalculably reduces the workload and mental load for editors.

If you've ever tried to add a citation on Wikipedia to a sentence that says "citation needed", you've rubbed up against Brandolini's law. A corollary is that it's much, much harder to cite an uncited statement than it is to create one. If you remove archive.today, you flood Wikipedia with hundreds of thousands of these. It's dampened a bit by the fact that the citation metadata is still there and that some URLs will still be live, but I cannot emphasize – as an editor of nearly 10 years, with over 25,000 contributions, and who's authored two featured articles – that you'd introduce a workload that could never be done, whose repurcussions would be felt for decades at a time when Wikipedia is already on shaky footing.

Even if you somehow poofed away all that work, there are bound to be tens of thousands of statements in articles you have to get rid of because they simply cannot be reasonably sourced anywhere else. For many, many statements, this is not incidental information independent from the rest of the article; many of these removals would require you to fundamentally restructure the surrounding prose or even the entire article.

It's hard for me to explain that you just have to "trust me bro" that those people voting "Option C" take what archive.today did very seriously and recognize that either option is going to mean major, irreparable damage to the project. Wikipedia is a lot different from the editing side than it is on the reading one; sometimes it's liberating, sometimes it's horrifying, and this case it's "I could use a hug".

* "Outsider" and "insider" used to denote experience editing; most anyone can do anything on Wikipedia from the get-go.

[–] VonReposti@feddit.dk 2 points 1 day ago (1 children)

"As quickly as possible" pulls a lot of weight in my statement. Just like when the EU is trying to cut our dependence with US payment providers, Wikipedia can't do it overnight. The best time to plant a tree was 10 years ago, the next best time is right now.

Cutting ties with archive[.]today takes a long time, but the longer the decision to cut it takes, the longer to the ties are actually cut. It's all about "make haste slowly", ie. do a lot of planning on how to actually cut the ties with minimal impact so you can do it when forced to (for example if FBI were to take the servers one day) or when you decide that the independence from archive[.]today is more valuable than the remaining impact of cutting dependence. This could take half a year, a year, or more.

But indecision will at some point put you in a worse position: You are funneling your traffic to a malicious website that actively participates in DDoS attacks by using users' traffic (including those coming from Wikipedia) to carry out the attack. Indecision can open you up to serious litigation and reputational damage by proximity. Given that archive[.]today crossed the line to malicious activity by misusing their traffic, what's to stop them from malicious activity by misusing their content? IMO even if you think the integrity of your content and its sources are too valuable (and trust me, I think it's very valuable) you need to consider this as a warning sign and realise that nothing's stopping archive[.]today from losing the editorial integrity that you rely on.

So my suggestion, brainstorm ideas that would make you independent: Make agreements with IA to improve retention, roll your own archiver, make a deal with news orgs to show their articles as citations (this last one I actually like most the more I think about it. A good negotiator can call it advertising for the news org and you'll at the same time not infringe on copyright like archive[.]today is). If you wait until point of no return, the choice has already been made for you whether you like it or not. And worst part is that you'd scramble to find a solution instead of the best solution.

[–] TheTechnician27@lemmy.world 4 points 1 day ago* (last edited 1 day ago) (1 children)

So my suggestion, brainstorm ideas that would make you independent:

Editors have been doing this for years.

Make agreements with IA to improve retention,

The IA already lives on a razor's edge in terms of copyright and is doing everything it thinks it can to push that. Many websites leave the IA be because having free, independent archives can benefit them, but it doesn't take a lot for a copyright holder to say: "Hey, you're hosting my IP verbatim, I sent you a takedown request, you didn't comply, and I'm taking you to court."

You can't just "make agreements" for the IA to violate copyright law (more than it arguably already is). They're already doing the best they can, and pushing them to do more would endanger Wikipedia even worse. It's not an exaggeration to say that the IA dying would be a project-wide apocalypse.

roll your own archiver,

I'd bet it could be done if the IA went down, triggering a project-wide crisis, but among other things, I'm sure the Wikimedia Foundation doesn't want to paint a target on its backs. We're very cautious when it comes to copyrighted material hosted on Wikimedia projects, and this would be dropping a fork into a blender for us.

make a deal with news orgs to show their articles as citations (this last one I actually like most the more I think about it. A good negotiator can call it advertising for the news org and you'll at the same time not infringe on copyright like archive[.]today is).

I don't think I understand one. The Wikimedia project gets to host verbatim third-party news articles? This is creative but completely unrealistic; you'd be asking news organizations to place their work under a copyleft license for citing on Wikipedia (that's what we host except for minimal, explicitly labeled fair use material that has robust justification). It'd be a technical nightmare any way you slice it, and logistically it'd be a clusterfuck.

Even if you magically overcame those problems, Wikipedia exists to be neutral and independent, and this "wink wink nudge nudge ;)" quasi-advertising deal would look corrupt as fuck – us showing preferential treatment for certain sources not based on their quality but on their willingness to do us favors.

If you wait until point of no return, the choice has already been made for you whether you like it or not. And worst part is that you'd scramble to find a solution instead of the best solution.

Here's the thing: we know. This RfC is full of highly experienced editors deciding if Wikipedia is going to amputate. Option A means immediate, catastrophic, irreversible, mostly unfixable damage to Wikipedia. That is something that needs to be thought through, and your suggestions – which are appreciated for showing you're giving it real thought – reflect that people who don't regularly edit can't really, viscerally understand how completely screwed Wikipedia is by this.

[–] Aatube@thriv.social 1 points 23 hours ago (1 children)

The Wikimedia project gets to host verbatim third-party news articles? This is creative but completely unrealistic

It would be just like the extant https://en.wikipedia.org/wiki/Wikipedia:The_Wikipedia_Library.

In the worst case we could just run Megalodon on all the archive.today URLs

[–] TheTechnician27@lemmy.world 1 points 18 hours ago* (last edited 15 hours ago) (1 children)

I think you have a very severe misunderstanding of the Wikipedia Library, which I have access to and frequently use. The WPL allows active editors in good standing to access paywalled sources.

  • You must have an account which is 6+ months old, has made 500 edits, has 10+ edits in the last month, and is not blocked. (an extreme minority of editors, let alone readers.)
  • You must first apply to gain access.
  • For publications with limited subscriptions, you must individually apply on top of your WPL access.
  • Critically: the WPL does not host any of these publications. You are taken to them via a portal and given an access token.

I can't emphasize enough how absurd this comparison is. "Solar farms exist; building a Dyson sphere would be basically the same thing. Let's get to work." And the thing is: I wish you were right.

Edit: That said, if you ever need copyleft material, we do maintain Wikimedia Commons for media generally and Wikisource which is a transcribed digital library of free sources. Much narrower in scope than this, but I highly recommend them!

[–] Aatube@thriv.social 1 points 16 hours ago* (last edited 16 hours ago) (1 children)

I am an active editor lol. I'm saying that the proposal is to establish something similar to TWL for media URLs. It would serve the same purpose for editors as a major complaint in the discussion was over addition of Archive.today links to bypass paywalls. Obviously developing this deal would take a lot of work but it is workable.

You must first apply to gain access.

That's not true. Anyone who meets the stats you mentioned may access TWL.

the WML does not host any of these publications

Indeed, that's what makes it legally sound and prevents us from needing to relicense. We don't need to license the content to copyleft for the thing to work.

[–] TheTechnician27@lemmy.world 1 points 16 hours ago* (last edited 16 hours ago)

That's not true.

Okay, then you'll need to explain the annual emails I've gotten saying "Your application to the Wikipedia Library has been approved" after I apparently tripped and fell and filled out a manual form applying to the library every year.

It doesn't seem selective once you meet the four aforementioned criteria, but you do need to manually apply.

The idea you're talking about, meanwhile, is nonsensical and doesn't address basically anything about the massive structural problems blacklisting archive.today imposes. I wholly support expanding out the Wikipedia Library, but even this pie-in-the-sky version of it falls too far short of what archive.today provides – and that's just going forward in an ideal world where you can snap your fingers and make this fantasyland WML happen as soon as archive.today is blacklisted.

The "backcatalogue", so to speak, is what's going to be the most catastrophic part of this by far. I spent years where my main focus was just on bringing dead sources back to life; I don't know the full extent of how bad this is, but I know for damn sure what you've suggested (which won't ever happen) undoes barely a fraction of the damage.

[–] FaceDeer@fedia.io 3 points 1 day ago (2 children)

Is it really an "unreliable source", though? The owner of the site is acting maliciously with regards to this DDOS, of course, but that doesn't necessarily mean he's going to act maliciously about the contents of archive.today itself.

One could make the case that the owner of archive.today was already flagrantly flouting copyright law, and therefore a criminal, and therefore "unreliable" right from the get-go. Let's not leap to conclusions here.

[–] Wildmimic@anarchist.nexus 2 points 1 day ago (2 children)

Using visiting clients for attacking makes the site malicious, and it's because the owner decided it should be, not because it was hacked or got served "spicy" ads or something.

Since this jarhead has no qualm in weaponizing his site, dragging every visitor into this, and threatening the owner of a small blog with creating a whole category of AI porn just for a blog post from 2 years ago: what if he decides he could use visiting clients for other uses, like crypto mining? If my wiki had 700k links pointing there, i'd think hard about my choices, and would want to reduce my dependency on such a source.

[–] FaceDeer@fedia.io 3 points 1 day ago (1 children)

Sure, I'm not saying this isn't "malicious."

I'm questioning why this particular instance of lawbreaking makes his site an "unreliable source", whereas all the copyright violation he's been up to all along didn't? And now you're bringing in speculative instances of future lawbreaking that also seem unrelated, what does crypto mining have to do with the reliability of the sources archived there?

My point here is that people are jumping from "he did something bad that I don't like!" to "therefore everything he does is bad and wrong!" Without a clear logical connection between those things. Sure, the DDOS thing is a good reason to try to avoid sending traffic to his site. But that has nothing to do with the reliability of the information stored there.

[–] Wildmimic@anarchist.nexus 4 points 1 day ago (1 children)

To be fair, your argument has been made by others on the RfC too, comparing the situation with Wikipedia linking to Anna's Archive.

Truth is, when being honest, Wikipedia should never have started linking there. It probably started out of noble intentions: making sure sources stay available for everyone.

Now a new factor has come into play - that the site is being weaponized. The admin there has surely the ability to modify whatever he wants, create fake articles, change the wording of others and so on, and has now proven - without a single doubt - that he is not trustworthy.

This means that the reliability of all hosted information has to be questioned as well. And here we are.

[–] milk@discuss.tchncs.de 1 points 18 hours ago (1 children)

Wikipedia should have never linked there? There are legitimate reasons it has been used over archive.org presented in this very thread and multiple link archivers is definitely a good thing so I disagree that it should never have been linked to.

For the second point you can make the opposite claim using the same evidence: the admin has almost certainly had the ability to edit pages that have been archived to their site but does not appear to have done so, making them trustworthy. The fact that they are using it as a botnet does not mean that the information is incorrect and certainly not without a single doubt.

[–] Wildmimic@anarchist.nexus 1 points 15 hours ago* (last edited 15 hours ago)

First: It's pirated content. I do not have an issue with playing fast and loose with copyright, but Wikipedia shouldn't have started linking there, because pirated content of this volume has the side effect of involving authorities pretty fast. Wikipedia has enemies, they are rich and ressourceful, and this is an attack surface they shouldn't have.

Second: People do not tend to trust others who behave erratically, and when trust is eroded it's not so easy to fix it again. In reality it's this way: nobody knows if the content there has been modified, and trust was the only thing holding all this together.

[–] betterdeadthanreddit@lemmy.world 1 points 1 day ago (1 children)

Haven't seen anything to indicate that Masha Rabinovich / Denis Petrov / [whoever runs the site] is a jarhead. Where's that coming from?

[–] Wildmimic@anarchist.nexus 1 points 1 day ago* (last edited 1 day ago) (1 children)

In a later email, “Nora Puchreiner” wrote, “I do not care on your blog and its content. I just need the links from Heise and other media to be 404.” One message threatened to investigate “your Nazi grandfather” and “vibecode a gyrovague.gay dating app.” Another threatened to create a public association between Patokallio’s name and AI porn.

A Tumblr blog post apparently written by the Archive.today founder seems to generally confirm the emails’ veracity, but says the original version threatened to create “a patokallio.gay dating app,” not “a gyrovague.gay dating app.” The Tumblr blog has several other recent posts criticizing Patokallio and accusing him of hiding his real name. However, the Gyrovague blog shows Patokallio’s name in a sidebar and discloses that he works for Google in Sydney, Australia, while stating that the blog posts contain only his personal views.

[–] betterdeadthanreddit@lemmy.world 1 points 1 day ago (1 children)

Still not sure I follow but I'll look again.

[–] Wildmimic@anarchist.nexus 0 points 1 day ago (2 children)

"[...] having such a noble and rare name, which in retaliation could be used for the name of a scam project or become a byword for a new category of AI porn…" is a citation of an email from the .today admin to the blogger.

for a 2 year old blog post.

This guy has serious issues, and it's not only the FBI.

[–] Aatube@thriv.social 1 points 22 hours ago (1 children)
[–] Wildmimic@anarchist.nexus 2 points 22 hours ago* (last edited 22 hours ago) (1 children)

Oh. TIL.

My brain had it filed under "an aggressive, close-minded person". I probably read it somewhere in a context with the marines and conflated the expression with the image that the marines sometimes get attributed with - "eating crayons", being hyperaggressive and stuff like that.

[–] trk@aussie.zone 1 points 16 hours ago

My brain had it filed under "an aggressive, close-minded person".

Meets the definition perfectly

[–] betterdeadthanreddit@lemmy.world 1 points 1 day ago

Okay, where does "jarhead" come in from that? I'm missing something here.

[–] VonReposti@feddit.dk 2 points 1 day ago

They have shown they are willing to participate in malicious activity by misusing their users' traffic, what's stopping them from carrying out malicious activity by misusing their content?

Even if that seems farfetched, by stepping from copyright infringement to cybercrime activities they painted a much larger target on their backs making it much less certain that they'd still be around next year.