There are several other posts made recently on the archive.is blog as well, some of which appear to be quite nonsensical or are otherwise irrelevant to the discourse at hand. They all appear to be LLM-generated. It's all very confusing.
[deleted]
Interestingly, theres an account in that thread claiming to be from Gyrovague, but its not the same one thats in this thread, which has been confirmed to be legit as it is mentioned by name in this latest Gyrovague article.
I wonder, is the newer gyrovague-com account because they lost the login for the old one? or was the old one a different person? Hopefully they can clarify, because if there's an account pretending to be them that makes this story even more confusingly weird.
OP gyrovague-com here. Yes, I can confirm that I was also "gyrovague" on HN, but embarrassingly I've lost/typoed the password.
You can just email hn@ycombinator.com to get help. They can reset your password if there's someway for them to verify that you were the owner of the account.
hey pal u need to take action your adversary has deployed the big guns:
>And I will not write "an OSINT investigation" on your Nazi grandfather, will not vibecode a gyrovague.gay dating app, etc
I think no matter how you slice it though, it's unethical and reprehensible to coordinate (even a shoddy) DDoS leveraging your visitors as middlemen. This is effectively coordinating a botnet, and we shouldn't condone this behavior as a community.
It's definitely interesting to see this roll around since the only individuals that see the CAPCHA page mentioned, are users of Cloudflare's DNS services (knowingly or not).
P.S. Shout-out to dang for dropping the flags. I have a small suspicion that their may be some foul play, given the contents...
> the only individuals that see the CAPCHA page mentioned, are users of Cloudflare's DNS services
I don't think this is true. I run my own recursive DNS resolver, and get a CAPTCHA when visiting archive.today.
I use my ISP's default DNS servers and have consistently gotten the CAPTCHA page for weeks now. The CAPTCHA seems to be broken too, rendering archive.today entirely inaccessible.
Someone has suggested that CAPTCHA is broken for everyone in Finland.
Not surprising considering the service is operated by Russia.
Seems to be the case in Estonia as well.
I see the captcha all the time for the Tor onion website as well.
This likely means nothing, but the .is webmaster seems to have some sort of existing issue with Finland (where gyrovague is from), see https://news.ycombinator.com/item?id=37011955. I thought I would point it out.
Also, as someone interested in OPSEC and OSINT as a hobby, I find the measures taken by the .is webmaster, especially the dedication to setting up countless fake accounts for each persona, to be very intriguing. I spent about an hour looking into the Nora Puchreiner persona and all the accounts registered to it that I could find. It appears that "Tomas Poder" is another alter-ego used by the .is administrator. Nora also seems to have a sister: "Sara Puchreiner". Again, all very interesting and I can't seem to make a clear picture of the situation.
There are multiple reports of these archive.something sites redirecting users to Russian sites. Personally, I stopped using them after I saw one connection attempt to yandex dot ru
In UK, was redirected to russia today. Cannot recall which domain(s).
> Finland (where gyrovague is from)
They should probably review existing case around how Finnish courts treat the journalistic exception in the context of citizen's journalism (as he relied on that at least as one of the reasons): https://tuomioistuimet.fi/hovioikeudet/ita-suomenhovioikeus/...
Of course facts are different, but at least two Finnish court seem to require a lot more reasoning from the controller in the context of citizen journalism compared to traditional media when they want to invoke the journalistic exception. No clue which side this would fall into.
It's a puzzling situation:
- The DDoS was certainly unethical and unneeded
- Although the blog post only shows an extremely one-sided version of the story by skipping straight to the threats, there are reasons to think that diplomacy has also failed terribly
- The website owner has all eyes of the "thought police" on them, and given the current political situation in Russia, it's more than likely they reside somewhere where it has real power; realistically speaking, who wouldn't be losing it?
- The blog post is preserving information that could aid further investigations even if purged from the original sources, and reveals non-OSINT information in the follow ups
- At the same time, it's, to say the least, hypocritical of the archive.today owner to attempt forcefully taking the original post down, when archive.today itself is an OSINT tool
I don't think there's a way to fairly untangle this mess anymore.
Hence, I'd focus on the possible outcomes: do we want archive.today taken down over this? Who would lose and who would benefit the most from this takedown?
Gyrovague here. As linked in the blog entry, you can view both sides of the email correspondence here: https://pastes.io/correspond
As for outcomes, I'm very much a bit player/spectator in this drama, nobody's going to be "taking them down" over DDOSing an obscure nerd blog.
If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.
> As linked in the blog entry, you can view both sides of the email correspondence here: https://pastes.io/correspond
Thanks, I must have missed this.
> [...] nobody's going to be "taking them down" over DDOSing an obscure nerd blog.
> If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.
Yes, this is exactly what I fear. That we might be playing into the hands of the greater evil by escalating a small, personal conflict.
> Do we want archive.today taken down over this?
I don't think that's on the table. I would say use this as your incentive to support archive.org, who has proven much more accountable. Archive.Today is weaponizing their traffic, and reducing traffic is the best way to deal with it. Vote with your feet.
I don't think these two are exactly equivalent.
Internet Archive is a registered non-profit organization. It is more trustworthy and accountable, but it cannot realistically stand against government-imposed censorship. We've seen this unfold before with Twitter and Meta, partly with Telegram.
Archive.today may be similar on the surface, but if you take a closer look, it's actually an underground "evil twin" that has all the right tools to publish information the governments and the largest of companies want silenced.
Ideally, there would be no such information in the first place. However, the reality is that this classification has only been broadened to cover more content since the invention of the Internet, regardless of which political parties are in power. The fact that the owner of Archive.today is chased by the FBI even though the website already blocks archival of the kinds of content all of us would unanimously find disturbing speaks for itself.
archive.org supports DMCA. If you don't like some information in the Wayback Machine, you just have to send a form email and it will be removed from the Waybaeck machine.
archive.today/is/ph is adversarial. It archives things that don't want to be archived. That's why Trump's FBI is trying to unmask it.
Archive.today does not seem to have worked for people connecting from Finland since mid-January, it just gives an endless captcha loop. Is this related to whatever this drama is?
I would assume so. I can see from my browser history that i succesfully submitted captures to archive.today on 7th of January, but failed to do so starting from 12th of January. IIRC they contacted gyrovague around the 10th so seems unlikely to be a coincidence. Applies to VPNs as well. Tried first with a VPN located in Finland and it gets endless captcha loop, then with a Swedish VPN which let me through to the front page after solving one captcha.
I definitely used it from Finland last year. It was blocked some time in th past since the owner was mad at Finnish authorities, but at some point that was revoked.
Even the post you linked acknowledges this:
>he blocked the entire site in Finland, although later he lifted the block
My apologies, I clearly missed that. If I could edit my post, I'd change it to "It seems that the website has been blocked in Finland in the past, though the block was later lifted."
I’d give it a high probability, especially when the CAPTCHA loop is the bit of the site that causes the DDoS and the fact that the admin seems to consider all Finns nazis.
… seems like we the HN community should find a new site to mirror with.
There isn't one. As far as I know, no one really knows for sure how they bypass all these paywalls. (Most credible theory I heard: They actually just pay for the subscriptions.)
Many sites including Bloomberg have evolved such that even archive.today don’t have the full text of any articles. They’re doing no giveaways whatsoever.
Most paywalls just allow search engines to read their content just fine. Because they do want discoverability, they want their cake and eat it.
There's a few publications that don't even do that though and archive.is is very good at bypassing them so I do imagine they use logins for those, but for the masses of sites it's not currently necessary.
Then why hasn't anyone built a client-side browser addon that impersonates a suitable search engine?
You can't impersonate Google. Sites check the source IP and they don't overlap with Google Cloud.
Google isn't the only search engine in the world of course. It probably is pretty much the only one that matters in America but the world is not just America either.
You can for sites that can't afford the cost of keeping up-to-date with the Google IP list without which they can lose timely indexing. That is many.
The server that is providing the content exists already. That's a sunk cost.
"setup and execution".
What serious operator of a service isn't budgeting time to implement and operate critical maintenance functions?
Me for one. Adding an auto-updating IP address blocker to my personal blog site would probably cost more than setting up the whole site did in the first place.
We're talking about sites that make their living via subscriptions. They should have a great interest at blocking archive.is, which is, by the way, the only service that can reliably bypass many paywalls. Clearly whatever they're doing is not easily replicated.
What's your problem with that theory?
None
Has people's ability to read messages and formulate sensible replies been going down of late? I see this kind of meaningless replies more and more often these days.
Yes, there's a global intelligence crisis, due to tiktok instagram et al
Meaningless? Its a clear question.
You're accusing him of having a problem with it, which his comment does not imply.
I think there are multiple hurdles that make a new competitor very unlikely.
The first one is money. You need lots of it to run such an operation (servers, IPs, paying to bypass all these paywalls, etc.).
The second one is the legality, as no one wants to be hunted by the FBI, especially not for running a website that is also losing money.
Why is this flagged?
Given the content, I find this suspicious.
I didnt flag the article, but anecdotally, I was initially unable to load the article at all. It mentions how it ended up in an adblock list. The article makes it sound like this is a good thing, as it stops the DDOS, but it isn't preventing people from loading the page directly. That may be true for people using an adblocking extension, but my adblocking DNS seems to be blocking it based on that same list. I had to manually tweak my dns-based adblocker to allow the domain in order to read the article.
I looked at the flags and they seem to be legit flags from legit users. My guess is that they thought this was below-the-radar drama that wasn't on topic for HN. (I could make a "people who flagged X also flagged" list a la https://news.ycombinator.com/item?id=46771900 to support the point, but it's a time-consuming pain so I'd rather not!)
Edit: after looking at this more closely, I have a counterintuitive (to me at least) take: I think this is interesting enough to transcend the usual categories. That is, we'd normally downweight this kind of post off the frontpage - but in this case there are so many unusual variables that the usual rules don't apply.
I say this despite having zero clue what's going on here. We do have a nose for what the HN community might find interesting (we'd bloody well better after doing this job for so long), so let's override the flags and see what happens.
But without relitigating WWII please.
This is definitely interesting and HN-worthy. If nothing else, archive.today links are posted on tons of HN submissions, so it's topical.
I agree - it's clear that archive.is / archive.ph / archive.today / who-knows-what-else has been a lubricant in many HN threads, letting people read things they otherwise couldn't, and that increases the interest of the topic.
I suppose I should add that we prefer archive.org links when they're available, but often they aren't.
Edit: I suppose I should also re-add that we have no knowledge of or opinion about what's going on in the dispute at hand.
> we prefer archive.org links when they're available
Interesting. May we know why?
Archive.org is run by a registered nonprofit instead of what’s likely a sole maintainer, who while I personally appreciate, does seem to go a little unhinged sometimes (like the dispute with Cloudflare DNS).
I assume that answer is not official, since there's nothing more unhinged than archive.org facilitating the page's originator to make alterations after the snapshot.
This also makes it susceptible to government pressure. It's easy to get a page taken down from archive.org and it won't archive anything paywalled.
Government pressure is the least of the problem. Anyone gaining control of a domain can delete all archives of it.
Because the government pressures them to obey this
Perhaps because the admins of archive.org don't go around DDoSing random blogs I'd reckon.
Instead they execute source page JS and allow it to doctor the archive copy.
Maybe it would be better to check /g/ and /pol/ to find out where the flagging army comes from, because that might be more reliable than guessing what is a proxy and what is not? They initiated the doxxing campaign against the author of the article after all.
This dastardly 4chan users, twirling their butterfly knives while conspiring, in a public forum but without you providing any evidence of it, to flag HN posts. Right.
[flagged]
Stupid question, but CORS is designed explicitly to defend against this type of side-surf attack.
Adding a strict cors policy should fix this, or am I missing something?
"no-cors" means the request will not be preflighted, but also that JS will be denied access to the body. But the body doesn't matter here — the attack only requires the request be sent.
But more to the point, so long as the request meets the requirements of a "simple request", CORS won't preflight it. GETs qualify as a simple request so long as no non-CORS-safelisted headers are sent; since the sent headers are attacker-controlled, we can just assume that to be the case. In a non-preflighted request, the CORS "yes, let JS do this" are just on the response headers of the actual request itself.
Since GETs are idempotent, the browser assumes it safe to make the request. CORS could/would be used to deny JS access to the response.
Things are this way b/c there are, essentially, a myriad of other ways to make the same request. E.g.,
<img src="https://gyrovague.com/?s=…">
in the document would, for all intents and purposes, emit the same request, and browsers can't ban such requests, or at least, such a ban would be huge breaking change in browsers.
[dead]
Archive sites are very important for freedom due to many different entities out there attacking sites and getting them taken down.
Unfortunately Archive.today complies with these attack requests in some situations, but is still usually better than others.
>Unfortunately Archive.today complies with these attack requests in some situations, but is still usually better than others.
My tinfoil guess is archive.today is compromised by a state actor. Simply shutting it down would cause too much drama. Instead turn it into villain, and then take it down.
Why were you trying to dox the archive owner?
This is misrepresentative of the situation, and an unloaded version of the question being asked here is answered within the article itself.
How is it misrepresentative of the situation?
Is it only doxxing if the organisation is digital only? Should we have no right to know who controls a large media organisation?
Whether you have a right to know, according to your personal value system, is orthogonal to whether it's doxing.
Rights don’t emanate from one’s subjective personal beliefs. Sure, there are “natural rights” espoused by political philosophers, but in the real world, rights are enshrined in constitutions and codified in laws that we are all subject to.
Again, irrelevant to the question of whether it's doxing.
It's absolutely relevant. Some activities break the law; others don't. Why should we care about and assign a negative appellation like "doxxing" to lawful investigative activity?
Whether you care about somebody getting doxed is orthogonal to whether they've been doxed. Whether you care or not is entirely up to you, it has no relevance.
This kills the organisation
Regardless, archive.today does fine with some sites that blocks archive.org archiver somehow.
Thank you for keeping this up, whoever you are.
> somehow
robots.txt. It is that simple.
[deleted]
Interestingly, this website exists in badmojr-1Hosts-master-Pro-adblock list
That's explained in the article itself
Why does this say it's been posted 8 hours ago but on hn.algolia.com is archived 2 days ago, also I'm sure I already saw it yesterday.
This is a regular HN feature where admins resurrect old posts that did not get the attention they maybe deserved.
... and the resurrection falsly associates the timestamp of the admin's action with the originator's posting. Needs attention.
I'm pretty sure that's intentional because the timestamp used to calculate where the article shows up on the front page.
My greater faith in the integrity of the admins tells me they do not intend this false association. Its a misrep that can seriously mislead.
They intend it. It was explained by dang at some point
I will look out for that.
I reported a few times to the owner of archive.is/archive.today that he was hosting dox of a friend and he never cared. So, too fucking bad that he's the one getting doxxed now. A bit of karma.
Yep, I have heard of many such cases and I know someone affected personally. For someone who refuses to take down the personal information of others this is extremely hypocritical.
Temporarily see if you can put the blog behind a cloudflare or something using their DNS service.
Whatever is going on here, is so magnificently complicated: sockpuppeting, doxxing, ddosing, psyops, pirating, FBI, cyberpunk capitalists, Russian hackers and Finnish activists. Somehow it does feel like in the middle of information war.
When I read the original article it doesn't really feel like the Finnish guy is even an activist. He seems to be just a curious nerd who wrote one article about this topic (who's behind this big site that everyone uses) and about a whole load of completely unrelated and non-activist topics like why did Japan stop building subway lines. Then his blog gained some traction because of the reporting around the FBI threats.
The article is also really appreciative of archive.today. It doesn't feel like a hit piece at all.
I feel bad for the archive.is guy/girl.
It's clear the doxxing attempts are getting closer now to his/her real identity. On the other hand, they do something that's really useful to so many, and it will be sad if it's gone.
Isn't that the same hand twice?
> Well, I wish I had one, but at this stage I really don’t. The most charitable interpretation would be that the investigative heat is starting to get to the webmaster and they’re lashing out in misguided self-defense.
I don't think they're lashing out in self-defense. This is a harmless way for them to get attention, which is what they're desparate for because the FBI is after them at the behest of Bezos and other billionaires who control the paywalled media and don't like archive.today's role in making them accessible. The only thing that could possibly save them (though it almost certainly won't), is gathering as many eyeballs as possible from the people who like the service. HN having a super high concentration of those. Almost every paywalled post here has an archive.today link in the comments.
That's also why they posted about it on HN, explicitly under that name. To get HN eyeballs.
It's intentionally harmless because, as you confirmed, it's not costing you any money or resources.
[deleted]
[dead]
[flagged]
Please, let's not re-fight WWII on HN.
We know that the impact from that time is far from worked through, but to the extent it shows up here, commenters should make the effort not to fall back into war mode.
You're welcome on HN, and so are the users you disagree with—but you all (i.e. we all) need to stay within the site guidelines when discussing tough stuff. These include: "Comments should get more thoughtful and substantive, not less, as a topic gets more divisive." -
https://news.ycombinator.com/newsguidelines.html
p.s. This comment is not just for the user I'm replying to but everyone else who's expressing strong feelings below. It's amazing, and totally human, how alive these feelings are after 80+ years, but at the same time, 80+ years of distance should give us the ability to relate to each other a little bit better than our grandfathers and great-grandfathers were able to.
> Finland was one of Germany's most important allies in the attack on the Soviet Union, allowing German troops to be based in Finland before the attack and joining in the attack on the USSR almost immediately.
I wonder, why on earth would Finland have any hostility towards the USSR in 1941? It beggars belief!
OTOH, after trying to conquer Finland in 1939-1940 Russians definitely have no moral right to judge Finns.
OP here. I obviously registered to post my own blog entry.
Can you clear up the confusion as to whether or not the earlier user named 'gyrovague' is operated by you as well? (There was some suspicion on the earlier thread that it might not be you.)
No, Finland handed both jewish and non-jewish Soviet POWs to Germany. Hundreds of people sent from Finland to Germany died in the camps. Finland also deported multiple jewish refugees to Germany, these people were neither Soviets nor POWs.
Yes, sure, Finland had it's own complicated reasons for behaving the way it did. There's however no serious dispute about whether or not Finnish collaboration in the holocaust happened.
I couldn't care less if this person's grandfather was a Nazi, even if it turns out to be true. What are they supposed to do, go back in time and convince their grandfather to change their ways? It ridiculous using this as some kind of insult, and it disturbs me that people might take it as one.
Could it be that Germany was the only nation willing to help Finland fight the Soviets?
From Wikipedia
> Interim peace
> ...
> Defensive arrangements were attempted with Sweden and the United Kingdom, but the political and military situation in the context of the Second World War rendered these efforts fruitless. Finland then turned to Nazi Germany for military aid.
Their admin is a member of HN but I've never seen them reply to these threads. [edit] Perhaps they could share their perspective on what has been done thus far to mitigate the problem.
What would they possibly say? I don't think one should explicitly have to ask to not be doxed for performing a public service.
What gyrovague is doing here is obviously despicable.
I would imagine their technical perspective of what is happening and what attempts were made to mitigate it thus far. That is where the HN audience could chime in. If they have the resources I suspect they do then just about every option is on the table though assisting them may get people on some lists for assisting the Russian Federation.
It's also not clear to me who is attacking who here.
"Gyrovague", the author of the post we're commenting under has for reasons unknown engaged in targeted harassment of the owner of "archive.today".
Now the owner of archive.today is attempting a rather lazy DoS attack against gyrovague.com. A rather mild response to gyrovague attempting to bring the archive.today owner physical harm by spreading potentially identifying information about them.
There's really very little to be said about this whole thing besides that Gyrovague should try to be a less awful person in the future.
Like I said, I can't tell who is attacking who. Archive.is has more money, resources and ASN's than Akamai so surely they can mitigate anything anyone can throw at them. A little forum trying to respond in kind can't really be much of a threat. Archive could just tell their controlling nodes to ignore any requests to mirror the forum which means there is a lot more to this than any of us are seeing. That is why I would like to see the admin of Archive respond for both sides of the story.
> Archive.is has more money, resources and ASN's than Akamai so surely they can mitigate anything anyone can throw at them.
This statement makes me think you're misunderstanding the person above you.
They're saying this blog author, gyrovague, is doxing¹ Archive.is. I am wondering if you are misreading that as DoSing. To "dox" is to reveal the identity of, typically for purposes of harassment. To "DoS" is to spam with requests. Archive.is is not being spammed with requests, nor do I see anyone here suggesting they are except here: "resources and ASN's … mitigate anything anyone can throw at them" … that seems to indicate you're (mis)reading it as "DoS"?
(I.e., gyrovague is doxing the Archive.today owner¹. Archive.today is, in return, DoSing gyrovague.)
(¹I'm not trying to comment on whether that term is being appropriately applied here, or not.)
I don't think there's any dispute on what the story is. The blog post here contains the facts, and a rather clumsy attempt by Gyrovague to justify his bid to dox the operator of archive.today.
> Archive.is has more money, resources and ASN's than Akamai
I assume this is a joke, but Archive.is is a shoestring operation funded through donations.
Hey guys - you both obviously know a ton more about this than I do, but this is the point at which the thread went off the rails. I get that you disagree with each other and that's fine, but please stay within the site guidelines while doing so: https://news.ycombinator.com/newsguidelines.html.
I assume this is a joke, but Archive.is is a shoestring operation funded through donations.
I am certain they would like people to think that. They have more IPv4 addresses under more ASN's than Akamai control which anyone who has tried to block them would know. Their controlling ASN's are in the Russian Federation which they make no attempt to hide at least for now and why I must assume they are fine with people discussing it. The GDP of the Russian Federation is somewhere north of 2 trillion dollars. Their nodes both in Russia and spread all around the world would not be permitted by Russia to mirror random sites without authorization to do so. One in or from Russia would not defy Russian leadership for very long.
Yes, it's apparently hosted behind some fastflux setup. That's neither new nor special, nor is it particularly expensive. Such setups are offered on various forums starting from a few hundred dollars a month.
> Their nodes both in Russia and spread all around the world would not be permitted by Russia to mirror random sites without authorization to do so.
This is simply not true. You can absolutely run a website like this in Russia without any authorization. Who would you even ask? The whole idea is bizarre.
You can take what I said out of context. Apparently OSINT are on it, not my problem.
> Their admin is a member of HN
Citation needed.
They have helped fix several issues on archive.is when HN members have called them out. Their posts are indexed in the search tool.
Under what username?
gyrovague-com: posted this thread, claims to own the blog
gyrovague: claimed to own the blog in the last thread
rabinovich: posted last thread linking to gyrovague.com, identifying the owner as... well... "Masha Rabinovich"
I believe these accounts are all connected.
OP here. As the blog publicly states, this account is Gyrovague, and so is HN "gyrovague".
I have nothing to do with "rabinovich" but I also have no way of proving a negative.
From now on you rabies will sign off here and the blog with PGP or you're bullshitting.
You could specify that you wrote it on the last line of the post, so it clears up any basic speculation.
previously https://news.ycombinator.com/item?id=46624740
See also https://archive-is.tumblr.com/post/806832066465497088/ladies...
also Archive.today: on the trail of mysterious guerrilla archivists of the Internet - https://news.ycombinator.com/item?id=37009598 August 2023
There are several other posts made recently on the archive.is blog as well, some of which appear to be quite nonsensical or are otherwise irrelevant to the discourse at hand. They all appear to be LLM-generated. It's all very confusing.
Interestingly, theres an account in that thread claiming to be from Gyrovague, but its not the same one thats in this thread, which has been confirmed to be legit as it is mentioned by name in this latest Gyrovague article.
I wonder, is the newer gyrovague-com account because they lost the login for the old one? or was the old one a different person? Hopefully they can clarify, because if there's an account pretending to be them that makes this story even more confusingly weird.
OP gyrovague-com here. Yes, I can confirm that I was also "gyrovague" on HN, but embarrassingly I've lost/typoed the password.
You can just email hn@ycombinator.com to get help. They can reset your password if there's someway for them to verify that you were the owner of the account.
hey pal u need to take action your adversary has deployed the big guns:
>And I will not write "an OSINT investigation" on your Nazi grandfather, will not vibecode a gyrovague.gay dating app, etc
this guy means business lol
Password managers are great for that.
there is also `japatokal`:
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
It is very possible that `gyrovague` is not `japatokal` but an impersonator.
Macroexpanded: Ask HN: Weird archive.today behavior? - https://news.ycombinator.com/item?id=46624740 - Jan 2026 (69 comments)
I cannot make head or tail of this but it's more fascinating than the usual internecine bloodbath.
also previously from the owner of archive.is/today: https://archive-is.tumblr.com/tagged/patokallio
Is it somehow related to this comment? <https://news.ycombinator.com/item?id=46867686>
It is academically very interesting to think about this in light of their long-standing dispute with Cloudflare (https://community.cloudflare.com/t/archive-is-error-1001/182...) over EDNS, which could have privacy implications attached.
I think no matter how you slice it though, it's unethical and reprehensible to coordinate (even a shoddy) DDoS leveraging your visitors as middlemen. This is effectively coordinating a botnet, and we shouldn't condone this behavior as a community.
It's definitely interesting to see this roll around since the only individuals that see the CAPCHA page mentioned, are users of Cloudflare's DNS services (knowingly or not).
P.S. Shout-out to dang for dropping the flags. I have a small suspicion that their may be some foul play, given the contents...
> the only individuals that see the CAPCHA page mentioned, are users of Cloudflare's DNS services
I don't think this is true. I run my own recursive DNS resolver, and get a CAPTCHA when visiting archive.today.
I use my ISP's default DNS servers and have consistently gotten the CAPTCHA page for weeks now. The CAPTCHA seems to be broken too, rendering archive.today entirely inaccessible.
Someone has suggested that CAPTCHA is broken for everyone in Finland.
Not surprising considering the service is operated by Russia.
Seems to be the case in Estonia as well.
I see the captcha all the time for the Tor onion website as well.
This likely means nothing, but the .is webmaster seems to have some sort of existing issue with Finland (where gyrovague is from), see https://news.ycombinator.com/item?id=37011955. I thought I would point it out.
Also, as someone interested in OPSEC and OSINT as a hobby, I find the measures taken by the .is webmaster, especially the dedication to setting up countless fake accounts for each persona, to be very intriguing. I spent about an hour looking into the Nora Puchreiner persona and all the accounts registered to it that I could find. It appears that "Tomas Poder" is another alter-ego used by the .is administrator. Nora also seems to have a sister: "Sara Puchreiner". Again, all very interesting and I can't seem to make a clear picture of the situation.
There are multiple reports of these archive.something sites redirecting users to Russian sites. Personally, I stopped using them after I saw one connection attempt to yandex dot ru
In UK, was redirected to russia today. Cannot recall which domain(s).
> Finland (where gyrovague is from)
They should probably review existing case around how Finnish courts treat the journalistic exception in the context of citizen's journalism (as he relied on that at least as one of the reasons): https://tuomioistuimet.fi/hovioikeudet/ita-suomenhovioikeus/...
Of course facts are different, but at least two Finnish court seem to require a lot more reasoning from the controller in the context of citizen journalism compared to traditional media when they want to invoke the journalistic exception. No clue which side this would fall into.
It's a puzzling situation:
- The DDoS was certainly unethical and unneeded
- Although the blog post only shows an extremely one-sided version of the story by skipping straight to the threats, there are reasons to think that diplomacy has also failed terribly
- The website owner has all eyes of the "thought police" on them, and given the current political situation in Russia, it's more than likely they reside somewhere where it has real power; realistically speaking, who wouldn't be losing it?
- The blog post is preserving information that could aid further investigations even if purged from the original sources, and reveals non-OSINT information in the follow ups
- At the same time, it's, to say the least, hypocritical of the archive.today owner to attempt forcefully taking the original post down, when archive.today itself is an OSINT tool
I don't think there's a way to fairly untangle this mess anymore.
Hence, I'd focus on the possible outcomes: do we want archive.today taken down over this? Who would lose and who would benefit the most from this takedown?
Gyrovague here. As linked in the blog entry, you can view both sides of the email correspondence here: https://pastes.io/correspond
As for outcomes, I'm very much a bit player/spectator in this drama, nobody's going to be "taking them down" over DDOSing an obscure nerd blog.
If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.
> As linked in the blog entry, you can view both sides of the email correspondence here: https://pastes.io/correspond
Thanks, I must have missed this.
> [...] nobody's going to be "taking them down" over DDOSing an obscure nerd blog.
> If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.
Yes, this is exactly what I fear. That we might be playing into the hands of the greater evil by escalating a small, personal conflict.
> Do we want archive.today taken down over this?
I don't think that's on the table. I would say use this as your incentive to support archive.org, who has proven much more accountable. Archive.Today is weaponizing their traffic, and reducing traffic is the best way to deal with it. Vote with your feet.
I don't think these two are exactly equivalent.
Internet Archive is a registered non-profit organization. It is more trustworthy and accountable, but it cannot realistically stand against government-imposed censorship. We've seen this unfold before with Twitter and Meta, partly with Telegram.
Archive.today may be similar on the surface, but if you take a closer look, it's actually an underground "evil twin" that has all the right tools to publish information the governments and the largest of companies want silenced.
Ideally, there would be no such information in the first place. However, the reality is that this classification has only been broadened to cover more content since the invention of the Internet, regardless of which political parties are in power. The fact that the owner of Archive.today is chased by the FBI even though the website already blocks archival of the kinds of content all of us would unanimously find disturbing speaks for itself.
Internet Archive's trustworthiness took a hit when they waded into fact checking - https://blog.archive.org/2020/10/30/fact-checks-and-context-... and wiping content they disapproved of - https://news.ycombinator.com/item?id=32743325
archive.org supports DMCA. If you don't like some information in the Wayback Machine, you just have to send a form email and it will be removed from the Waybaeck machine.
archive.today/is/ph is adversarial. It archives things that don't want to be archived. That's why Trump's FBI is trying to unmask it.
Archive.today does not seem to have worked for people connecting from Finland since mid-January, it just gives an endless captcha loop. Is this related to whatever this drama is?
I would assume so. I can see from my browser history that i succesfully submitted captures to archive.today on 7th of January, but failed to do so starting from 12th of January. IIRC they contacted gyrovague around the 10th so seems unlikely to be a coincidence. Applies to VPNs as well. Tried first with a VPN located in Finland and it gets endless captcha loop, then with a Swedish VPN which let me through to the front page after solving one captcha.
It seems that the website has been blocked in Finland since at least August of 2023, see https://news.ycombinator.com/item?id=37011955.
I definitely used it from Finland last year. It was blocked some time in th past since the owner was mad at Finnish authorities, but at some point that was revoked.
Even the post you linked acknowledges this:
>he blocked the entire site in Finland, although later he lifted the block
My apologies, I clearly missed that. If I could edit my post, I'd change it to "It seems that the website has been blocked in Finland in the past, though the block was later lifted."
I’d give it a high probability, especially when the CAPTCHA loop is the bit of the site that causes the DDoS and the fact that the admin seems to consider all Finns nazis.
… seems like we the HN community should find a new site to mirror with.
There isn't one. As far as I know, no one really knows for sure how they bypass all these paywalls. (Most credible theory I heard: They actually just pay for the subscriptions.)
Many sites including Bloomberg have evolved such that even archive.today don’t have the full text of any articles. They’re doing no giveaways whatsoever.
Ghostarchive does a decent job for the same sites in my experience: https://ghostarchive.org/
Update: hmm seems like they're involved in this whole thing too somehow, how strange:
https://news.ycombinator.com/item?id=46629646
Most paywalls just allow search engines to read their content just fine. Because they do want discoverability, they want their cake and eat it.
There's a few publications that don't even do that though and archive.is is very good at bypassing them so I do imagine they use logins for those, but for the masses of sites it's not currently necessary.
Then why hasn't anyone built a client-side browser addon that impersonates a suitable search engine?
You can't impersonate Google. Sites check the source IP and they don't overlap with Google Cloud.
Google isn't the only search engine in the world of course. It probably is pretty much the only one that matters in America but the world is not just America either.
You can for sites that can't afford the cost of keeping up-to-date with the Google IP list without which they can lose timely indexing. That is many.
What do you mean by “afford the cost”? The list is free of charge (https://support.google.com/a/answer/10026322?hl=en-GB) and maintenance can be fully automated.
I mean cost of server setup and execution.
The server that is providing the content exists already. That's a sunk cost.
"setup and execution".
What serious operator of a service isn't budgeting time to implement and operate critical maintenance functions?
Me for one. Adding an auto-updating IP address blocker to my personal blog site would probably cost more than setting up the whole site did in the first place.
We're talking about sites that make their living via subscriptions. They should have a great interest at blocking archive.is, which is, by the way, the only service that can reliably bypass many paywalls. Clearly whatever they're doing is not easily replicated.
What's your problem with that theory?
None
Has people's ability to read messages and formulate sensible replies been going down of late? I see this kind of meaningless replies more and more often these days.
Yes, there's a global intelligence crisis, due to tiktok instagram et al
Meaningless? Its a clear question.
You're accusing him of having a problem with it, which his comment does not imply.
I think there are multiple hurdles that make a new competitor very unlikely.
The first one is money. You need lots of it to run such an operation (servers, IPs, paying to bypass all these paywalls, etc.).
The second one is the legality, as no one wants to be hunted by the FBI, especially not for running a website that is also losing money.
Why is this flagged?
Given the content, I find this suspicious.
I didnt flag the article, but anecdotally, I was initially unable to load the article at all. It mentions how it ended up in an adblock list. The article makes it sound like this is a good thing, as it stops the DDOS, but it isn't preventing people from loading the page directly. That may be true for people using an adblocking extension, but my adblocking DNS seems to be blocking it based on that same list. I had to manually tweak my dns-based adblocker to allow the domain in order to read the article.
I looked at the flags and they seem to be legit flags from legit users. My guess is that they thought this was below-the-radar drama that wasn't on topic for HN. (I could make a "people who flagged X also flagged" list a la https://news.ycombinator.com/item?id=46771900 to support the point, but it's a time-consuming pain so I'd rather not!)
Edit: after looking at this more closely, I have a counterintuitive (to me at least) take: I think this is interesting enough to transcend the usual categories. That is, we'd normally downweight this kind of post off the frontpage - but in this case there are so many unusual variables that the usual rules don't apply.
I say this despite having zero clue what's going on here. We do have a nose for what the HN community might find interesting (we'd bloody well better after doing this job for so long), so let's override the flags and see what happens.
But without relitigating WWII please.
This is definitely interesting and HN-worthy. If nothing else, archive.today links are posted on tons of HN submissions, so it's topical.
I agree - it's clear that archive.is / archive.ph / archive.today / who-knows-what-else has been a lubricant in many HN threads, letting people read things they otherwise couldn't, and that increases the interest of the topic.
I suppose I should add that we prefer archive.org links when they're available, but often they aren't.
Edit: I suppose I should also re-add that we have no knowledge of or opinion about what's going on in the dispute at hand.
> we prefer archive.org links when they're available
Interesting. May we know why?
Archive.org is run by a registered nonprofit instead of what’s likely a sole maintainer, who while I personally appreciate, does seem to go a little unhinged sometimes (like the dispute with Cloudflare DNS).
I assume that answer is not official, since there's nothing more unhinged than archive.org facilitating the page's originator to make alterations after the snapshot.
This also makes it susceptible to government pressure. It's easy to get a page taken down from archive.org and it won't archive anything paywalled.
Government pressure is the least of the problem. Anyone gaining control of a domain can delete all archives of it.
Because the government pressures them to obey this
Perhaps because the admins of archive.org don't go around DDoSing random blogs I'd reckon.
Instead they execute source page JS and allow it to doctor the archive copy.
[flagged]
You can't attack another user like this here. Please see https://news.ycombinator.com/newsguidelines.html and stick to the rules.
How is it an attack if it's actually true?
Maybe it would be better to check /g/ and /pol/ to find out where the flagging army comes from, because that might be more reliable than guessing what is a proxy and what is not? They initiated the doxxing campaign against the author of the article after all.
This dastardly 4chan users, twirling their butterfly knives while conspiring, in a public forum but without you providing any evidence of it, to flag HN posts. Right.
[flagged]
Stupid question, but CORS is designed explicitly to defend against this type of side-surf attack. Adding a strict cors policy should fix this, or am I missing something?
Not here, though. The exact code:
"no-cors" means the request will not be preflighted, but also that JS will be denied access to the body. But the body doesn't matter here — the attack only requires the request be sent.But more to the point, so long as the request meets the requirements of a "simple request", CORS won't preflight it. GETs qualify as a simple request so long as no non-CORS-safelisted headers are sent; since the sent headers are attacker-controlled, we can just assume that to be the case. In a non-preflighted request, the CORS "yes, let JS do this" are just on the response headers of the actual request itself.
Since GETs are idempotent, the browser assumes it safe to make the request. CORS could/would be used to deny JS access to the response.
Things are this way b/c there are, essentially, a myriad of other ways to make the same request. E.g.,
in the document would, for all intents and purposes, emit the same request, and browsers can't ban such requests, or at least, such a ban would be huge breaking change in browsers.[dead]
Archive sites are very important for freedom due to many different entities out there attacking sites and getting them taken down.
Unfortunately Archive.today complies with these attack requests in some situations, but is still usually better than others.
>Unfortunately Archive.today complies with these attack requests in some situations, but is still usually better than others.
Use Onion version :D
Thanks so much for the tip.
Placing the link for others:
archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion
Fingers crossed that it works!
My tinfoil guess is archive.today is compromised by a state actor. Simply shutting it down would cause too much drama. Instead turn it into villain, and then take it down.
Why were you trying to dox the archive owner?
This is misrepresentative of the situation, and an unloaded version of the question being asked here is answered within the article itself.
How is it misrepresentative of the situation?
Is it only doxxing if the organisation is digital only? Should we have no right to know who controls a large media organisation?
Whether you have a right to know, according to your personal value system, is orthogonal to whether it's doxing.
Rights don’t emanate from one’s subjective personal beliefs. Sure, there are “natural rights” espoused by political philosophers, but in the real world, rights are enshrined in constitutions and codified in laws that we are all subject to.
Again, irrelevant to the question of whether it's doxing.
It's absolutely relevant. Some activities break the law; others don't. Why should we care about and assign a negative appellation like "doxxing" to lawful investigative activity?
Whether you care about somebody getting doxed is orthogonal to whether they've been doxed. Whether you care or not is entirely up to you, it has no relevance.
This kills the organisation
Regardless, archive.today does fine with some sites that blocks archive.org archiver somehow.
Thank you for keeping this up, whoever you are.
> somehow
robots.txt. It is that simple.
Interestingly, this website exists in badmojr-1Hosts-master-Pro-adblock list
That's explained in the article itself
Why does this say it's been posted 8 hours ago but on hn.algolia.com is archived 2 days ago, also I'm sure I already saw it yesterday.
This is a regular HN feature where admins resurrect old posts that did not get the attention they maybe deserved.
... and the resurrection falsly associates the timestamp of the admin's action with the originator's posting. Needs attention.
I'm pretty sure that's intentional because the timestamp used to calculate where the article shows up on the front page.
My greater faith in the integrity of the admins tells me they do not intend this false association. Its a misrep that can seriously mislead.
They intend it. It was explained by dang at some point
I will look out for that.
I reported a few times to the owner of archive.is/archive.today that he was hosting dox of a friend and he never cared. So, too fucking bad that he's the one getting doxxed now. A bit of karma.
Yep, I have heard of many such cases and I know someone affected personally. For someone who refuses to take down the personal information of others this is extremely hypocritical.
Temporarily see if you can put the blog behind a cloudflare or something using their DNS service.
Whatever is going on here, is so magnificently complicated: sockpuppeting, doxxing, ddosing, psyops, pirating, FBI, cyberpunk capitalists, Russian hackers and Finnish activists. Somehow it does feel like in the middle of information war.
When I read the original article it doesn't really feel like the Finnish guy is even an activist. He seems to be just a curious nerd who wrote one article about this topic (who's behind this big site that everyone uses) and about a whole load of completely unrelated and non-activist topics like why did Japan stop building subway lines. Then his blog gained some traction because of the reporting around the FBI threats.
The article is also really appreciative of archive.today. It doesn't feel like a hit piece at all.
I feel bad for the archive.is guy/girl.
It's clear the doxxing attempts are getting closer now to his/her real identity. On the other hand, they do something that's really useful to so many, and it will be sad if it's gone.
Isn't that the same hand twice?
> Well, I wish I had one, but at this stage I really don’t. The most charitable interpretation would be that the investigative heat is starting to get to the webmaster and they’re lashing out in misguided self-defense.
I don't think they're lashing out in self-defense. This is a harmless way for them to get attention, which is what they're desparate for because the FBI is after them at the behest of Bezos and other billionaires who control the paywalled media and don't like archive.today's role in making them accessible. The only thing that could possibly save them (though it almost certainly won't), is gathering as many eyeballs as possible from the people who like the service. HN having a super high concentration of those. Almost every paywalled post here has an archive.today link in the comments.
That's also why they posted about it on HN, explicitly under that name. To get HN eyeballs.
It's intentionally harmless because, as you confirmed, it's not costing you any money or resources.
[dead]
[flagged]
Please, let's not re-fight WWII on HN.
We know that the impact from that time is far from worked through, but to the extent it shows up here, commenters should make the effort not to fall back into war mode.
You're welcome on HN, and so are the users you disagree with—but you all (i.e. we all) need to stay within the site guidelines when discussing tough stuff. These include: "Comments should get more thoughtful and substantive, not less, as a topic gets more divisive." - https://news.ycombinator.com/newsguidelines.html
p.s. This comment is not just for the user I'm replying to but everyone else who's expressing strong feelings below. It's amazing, and totally human, how alive these feelings are after 80+ years, but at the same time, 80+ years of distance should give us the ability to relate to each other a little bit better than our grandfathers and great-grandfathers were able to.
> Finland was one of Germany's most important allies in the attack on the Soviet Union, allowing German troops to be based in Finland before the attack and joining in the attack on the USSR almost immediately.
I wonder, why on earth would Finland have any hostility towards the USSR in 1941? It beggars belief!
OTOH, after trying to conquer Finland in 1939-1940 Russians definitely have no moral right to judge Finns.
OP here. I obviously registered to post my own blog entry.
You might also want to read your own link:
https://en.wikipedia.org/wiki/Siege_of_Leningrad#Finnish_par...
> OP here
Can you clear up the confusion as to whether or not the earlier user named 'gyrovague' is operated by you as well? (There was some suspicion on the earlier thread that it might not be you.)
https://news.ycombinator.com/threads?id=gyrovague
https://news.ycombinator.com/item?id=46869388
Thank you!
Finland did send hundreds of people to be murdered in Nazi concentration camps.
No, it did not. Unless you count the Soviet POWs who were murdered in Stalin's gulags.
https://en.wikipedia.org/wiki/History_of_the_Jews_in_Finland...
Finland starved thousands to death in it's own camps. https://en.wikipedia.org/wiki/East_Karelian_concentration_ca...
No, Finland handed both jewish and non-jewish Soviet POWs to Germany. Hundreds of people sent from Finland to Germany died in the camps. Finland also deported multiple jewish refugees to Germany, these people were neither Soviets nor POWs.
https://journal.fi/haik/article/view/139103/86888
Yes, sure, Finland had it's own complicated reasons for behaving the way it did. There's however no serious dispute about whether or not Finnish collaboration in the holocaust happened.
I couldn't care less if this person's grandfather was a Nazi, even if it turns out to be true. What are they supposed to do, go back in time and convince their grandfather to change their ways? It ridiculous using this as some kind of insult, and it disturbs me that people might take it as one.
Could it be that Germany was the only nation willing to help Finland fight the Soviets?
From Wikipedia
> Interim peace > ... > Defensive arrangements were attempted with Sweden and the United Kingdom, but the political and military situation in the context of the Second World War rendered these efforts fruitless. Finland then turned to Nazi Germany for military aid.
https://en.wikipedia.org/wiki/Finland_in_World_War_II
[flagged]
[flagged]
Their admin is a member of HN but I've never seen them reply to these threads. [edit] Perhaps they could share their perspective on what has been done thus far to mitigate the problem.
What would they possibly say? I don't think one should explicitly have to ask to not be doxed for performing a public service.
What gyrovague is doing here is obviously despicable.
I would imagine their technical perspective of what is happening and what attempts were made to mitigate it thus far. That is where the HN audience could chime in. If they have the resources I suspect they do then just about every option is on the table though assisting them may get people on some lists for assisting the Russian Federation.
It's also not clear to me who is attacking who here.
"Gyrovague", the author of the post we're commenting under has for reasons unknown engaged in targeted harassment of the owner of "archive.today".
Now the owner of archive.today is attempting a rather lazy DoS attack against gyrovague.com. A rather mild response to gyrovague attempting to bring the archive.today owner physical harm by spreading potentially identifying information about them.
There's really very little to be said about this whole thing besides that Gyrovague should try to be a less awful person in the future.
Like I said, I can't tell who is attacking who. Archive.is has more money, resources and ASN's than Akamai so surely they can mitigate anything anyone can throw at them. A little forum trying to respond in kind can't really be much of a threat. Archive could just tell their controlling nodes to ignore any requests to mirror the forum which means there is a lot more to this than any of us are seeing. That is why I would like to see the admin of Archive respond for both sides of the story.
> Archive.is has more money, resources and ASN's than Akamai so surely they can mitigate anything anyone can throw at them.
This statement makes me think you're misunderstanding the person above you.
They're saying this blog author, gyrovague, is doxing¹ Archive.is. I am wondering if you are misreading that as DoSing. To "dox" is to reveal the identity of, typically for purposes of harassment. To "DoS" is to spam with requests. Archive.is is not being spammed with requests, nor do I see anyone here suggesting they are except here: "resources and ASN's … mitigate anything anyone can throw at them" … that seems to indicate you're (mis)reading it as "DoS"?
(I.e., gyrovague is doxing the Archive.today owner¹. Archive.today is, in return, DoSing gyrovague.)
(¹I'm not trying to comment on whether that term is being appropriately applied here, or not.)
I don't think there's any dispute on what the story is. The blog post here contains the facts, and a rather clumsy attempt by Gyrovague to justify his bid to dox the operator of archive.today.
> Archive.is has more money, resources and ASN's than Akamai
I assume this is a joke, but Archive.is is a shoestring operation funded through donations.
Hey guys - you both obviously know a ton more about this than I do, but this is the point at which the thread went off the rails. I get that you disagree with each other and that's fine, but please stay within the site guidelines while doing so: https://news.ycombinator.com/newsguidelines.html.
I assume this is a joke, but Archive.is is a shoestring operation funded through donations.
I am certain they would like people to think that. They have more IPv4 addresses under more ASN's than Akamai control which anyone who has tried to block them would know. Their controlling ASN's are in the Russian Federation which they make no attempt to hide at least for now and why I must assume they are fine with people discussing it. The GDP of the Russian Federation is somewhere north of 2 trillion dollars. Their nodes both in Russia and spread all around the world would not be permitted by Russia to mirror random sites without authorization to do so. One in or from Russia would not defy Russian leadership for very long.
Yes, it's apparently hosted behind some fastflux setup. That's neither new nor special, nor is it particularly expensive. Such setups are offered on various forums starting from a few hundred dollars a month.
> Their nodes both in Russia and spread all around the world would not be permitted by Russia to mirror random sites without authorization to do so.
This is simply not true. You can absolutely run a website like this in Russia without any authorization. Who would you even ask? The whole idea is bizarre.
You can take what I said out of context. Apparently OSINT are on it, not my problem.
> Their admin is a member of HN
Citation needed.
They have helped fix several issues on archive.is when HN members have called them out. Their posts are indexed in the search tool.
Under what username?
gyrovague-com: posted this thread, claims to own the blog
gyrovague: claimed to own the blog in the last thread
rabinovich: posted last thread linking to gyrovague.com, identifying the owner as... well... "Masha Rabinovich"
I believe these accounts are all connected.
OP here. As the blog publicly states, this account is Gyrovague, and so is HN "gyrovague".
I have nothing to do with "rabinovich" but I also have no way of proving a negative.
From now on you rabies will sign off here and the blog with PGP or you're bullshitting.
You could specify that you wrote it on the last line of the post, so it clears up any basic speculation.
<https://gyrovague.com/2026/02/01/archive-today-is-directing-...>
I do believe the opposite, although I feel that rabinovich is somehow tied to other personas.
This thing is blurry, shady and I hope it will draw some more OSINT eyes on it. I am now curious.