There are several other posts made recently on the archive.is blog as well, some of which appear to be quite nonsensical or are otherwise irrelevant to the discourse at hand. They all appear to be LLM-generated. It's all very confusing.
Interestingly, theres an account in that thread claiming to be from Gyrovague, but its not the same one thats in this thread, which has been confirmed to be legit as it is mentioned by name in this latest Gyrovague article.
I wonder, is the newer gyrovague-com account because they lost the login for the old one? or was the old one a different person? Hopefully they can clarify, because if there's an account pretending to be them that makes this story even more confusingly weird.
You can just email hn@ycombinator.com to get help. They can reset your password if there's someway for them to verify that you were the owner of the account.
I think no matter how you slice it though, it's unethical and reprehensible to coordinate (even a shoddy) DDoS leveraging your visitors as middlemen. This is effectively coordinating a botnet, and we shouldn't condone this behavior as a community.
It's definitely interesting to see this roll around since the only individuals that see the CAPCHA page mentioned, are users of Cloudflare's DNS services (knowingly or not).
P.S. Shout-out to dang for dropping the flags. I have a small suspicion that their may be some foul play, given the contents...
I use my ISP's default DNS servers and have consistently gotten the CAPTCHA page for weeks now. The CAPTCHA seems to be broken too, rendering archive.today entirely inaccessible.
This likely means nothing, but the .is webmaster seems to have some sort of existing issue with Finland (where gyrovague is from), see https://news.ycombinator.com/item?id=37011955. I thought I would point it out.
Also, as someone interested in OPSEC and OSINT as a hobby, I find the measures taken by the .is webmaster, especially the dedication to setting up countless fake accounts for each persona, to be very intriguing. I spent about an hour looking into the Nora Puchreiner persona and all the accounts registered to it that I could find. It appears that "Tomas Poder" is another alter-ego used by the .is administrator. Nora also seems to have a sister: "Sara Puchreiner". Again, all very interesting and I can't seem to make a clear picture of the situation.
> I find the measures taken by the .is webmaster, especially the dedication to setting up countless fake accounts for each persona, to be very intriguing.
This seems like a smart thing to do if you had exposed your real name somewhere and wanted to cover it up.
There are multiple reports of these archive.something sites redirecting users to Russian sites. Personally, I stopped using them after I saw one connection attempt to yandex dot ru
They should probably review existing case around how Finnish courts treat the journalistic exception in the context of citizen's journalism (as he relied on that at least as one of the reasons): https://tuomioistuimet.fi/hovioikeudet/ita-suomenhovioikeus/...
Of course facts are different, but at least two Finnish court seem to require a lot more reasoning from the controller in the context of citizen journalism compared to traditional media when they want to invoke the journalistic exception. No clue which side this would fall into.
- Although the blog post only shows an extremely one-sided version of the story by skipping straight to the threats, there are reasons to think that diplomacy has also failed terribly
- The website owner has all eyes of the "thought police" on them, and given the current political situation in Russia, it's more than likely they reside somewhere where it has real power; realistically speaking, who wouldn't be losing it?
- The blog post is preserving information that could aid further investigations even if purged from the original sources, and reveals non-OSINT information in the follow ups
- At the same time, it's, to say the least, hypocritical of the archive.today owner to attempt forcefully taking the original post down, when archive.today itself is an OSINT tool
I don't think there's a way to fairly untangle this mess anymore.
Hence, I'd focus on the possible outcomes: do we want archive.today taken down over this? Who would lose and who would benefit the most from this takedown?
Gyrovague here. As linked in the blog entry, you can view both sides of the email correspondence here: https://pastes.io/correspond
As for outcomes, I'm very much a bit player/spectator in this drama, nobody's going to be "taking them down" over DDOSing an obscure nerd blog.
If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.
> As linked in the blog entry, you can view both sides of the email correspondence here: https://pastes.io/correspond
Thanks, I must have missed this.
> [...] nobody's going to be "taking them down" over DDOSing an obscure nerd blog.
> If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.
Yes, this is exactly what I fear. That we might be playing into the hands of the greater evil by escalating a small, personal conflict.
I don't think that's on the table. I would say use this as your incentive to support archive.org, who has proven much more accountable. Archive.Today is weaponizing their traffic, and reducing traffic is the best way to deal with it. Vote with your feet.
Internet Archive is a registered non-profit organization. It is more trustworthy and accountable, but it cannot realistically stand against government-imposed censorship. We've seen this unfold before with Twitter and Meta, partly with Telegram.
Archive.today may be similar on the surface, but if you take a closer look, it's actually an underground "evil twin" that has all the right tools to publish information the governments and the largest of companies want silenced.
Ideally, there would be no such information in the first place. However, the reality is that this classification has only been broadened to cover more content since the invention of the Internet, regardless of which political parties are in power. The fact that the owner of Archive.today is chased by the FBI even though the website already blocks archival of the kinds of content all of us would unanimously find disturbing speaks for itself.
If you don't like Archive.org use something else, there's plenty of ways to archive something. I think the idea that the world's most powerful organizations are trying and failing to pursue this makes "Should we shut it down?" all the more ludicrous a question.
archive.org supports DMCA. If you don't like some information in the Wayback Machine, you just have to send a form email and it will be removed from the Waybaeck machine.
archive.today/is/ph is adversarial. It archives things that don't want to be archived. That's why Trump's FBI is trying to unmask it.
Archive.today does not seem to have worked for people connecting from Finland since mid-January, it just gives an endless captcha loop. Is this related to whatever this drama is?
I would assume so. I can see from my browser history that i succesfully submitted captures to archive.today on 7th of January, but failed to do so starting from 12th of January. IIRC they contacted gyrovague around the 10th so seems unlikely to be a coincidence. Applies to VPNs as well. Tried first with a VPN located in Finland and it gets endless captcha loop, then with a Swedish VPN which let me through to the front page after solving one captcha.
I definitely used it from Finland last year. It was blocked some time in th past since the owner was mad at Finnish authorities, but at some point that was revoked.
Even the post you linked acknowledges this:
>he blocked the entire site in Finland, although later he lifted the block
My apologies, I clearly missed that. If I could edit my post, I'd change it to "It seems that the website has been blocked in Finland in the past, though the block was later lifted."
I’d give it a high probability, especially when the CAPTCHA loop is the bit of the site that causes the DDoS and the fact that the admin seems to consider all Finns nazis.
There isn't one. As far as I know, no one really knows for sure how they bypass all these paywalls. (Most credible theory I heard: They actually just pay for the subscriptions.)
Many sites including Bloomberg have evolved such that even archive.today don’t have the full text of any articles. They’re doing no giveaways whatsoever.
Most paywalls just allow search engines to read their content just fine. Because they do want discoverability, they want their cake and eat it.
There's a few publications that don't even do that though and archive.is is very good at bypassing them so I do imagine they use logins for those, but for the masses of sites it's not currently necessary.
Google isn't the only search engine in the world of course. It probably is pretty much the only one that matters in America but the world is not just America either.
Me for one. Adding an auto-updating IP address blocker to my personal blog site would probably cost more than setting up the whole site did in the first place.
Have you actually priced it, or are you just guessing?
Are you doing regular patching? Automated restarts? Watching for security breaches? Or just praying it stays up forever?
Otherwise, respectfully, I would not classify you as a "serious operator." Your site could live or die, and it would be all the same to you. Or, you've handed it to a third party for management and they don't offer much in the way of resilience or stability.
We're talking about sites that make their living via subscriptions. They should have a great interest at blocking archive.is, which is, by the way, the only service that can reliably bypass many paywalls. Clearly whatever they're doing is not easily replicated.
> We're talking about sites that make their living via subscriptions.
Sorry, but I wasn't. I thought that was clear from "can't afford the cost of keeping up-to-date with the Google IP list".
> They should have a great interest at blocking archive.is
Agreed, and many should have a budget to suit. So I conclude archive.is has put a lot of effort and cost into its defence. And all for free to us, the users.
They have. It's called bypass-paywalls-clean . It works pretty ok.
It just keeps getting banned from the addon catalogs because of complaints from media. The Firefox one was taken down by a french newspaper. So you have to sideload it, which is hard to do on Android.
Has people's ability to read messages and formulate sensible replies been going down of late? I see this kind of meaningless replies more and more often these days.
I didnt flag the article, but anecdotally, I was initially unable to load the article at all. It mentions how it ended up in an adblock list. The article makes it sound like this is a good thing, as it stops the DDOS, but it isn't preventing people from loading the page directly. That may be true for people using an adblocking extension, but my adblocking DNS seems to be blocking it based on that same list. I had to manually tweak my dns-based adblocker to allow the domain in order to read the article.
I looked at the flags and they seem to be legit flags from legit users. My guess is that they thought this was below-the-radar drama that wasn't on topic for HN. (I could make a "people who flagged X also flagged" list a la https://news.ycombinator.com/item?id=46771900 to support the point, but it's a time-consuming pain so I'd rather not!)
Edit: after looking at this more closely, I have a counterintuitive (to me at least) take: I think this is interesting enough to transcend the usual categories. That is, we'd normally downweight this kind of post off the frontpage - but in this case there are so many unusual variables that the usual rules don't apply.
I say this despite having zero clue what's going on here. We do have a nose for what the HN community might find interesting (we'd bloody well better after doing this job for so long), so let's override the flags and see what happens.
I agree - it's clear that archive.is / archive.ph / archive.today / who-knows-what-else has been a lubricant in many HN threads, letting people read things they otherwise couldn't, and that increases the interest of the topic.
I suppose I should add that we prefer archive.org links when they're available, but often they aren't.
Edit: I suppose I should also re-add that we have no knowledge of or opinion about what's going on in the dispute at hand.
Archive.org is run by a registered nonprofit instead of what’s likely a sole maintainer, who while I personally appreciate, does seem to go a little unhinged sometimes (like the dispute with Cloudflare DNS).
I assume that answer is not official, since there's nothing more unhinged than archive.org facilitating the page's originator to make alterations after the snapshot.
If you don't understand how a democracy with actual police reports work, maybe just shut up? Maybe just check the police reports? Maybe build a platform where no morons auto delete everything that's against their extremist belief? And maybe also don't believe everything that kids type online in their devtools?
Just some hints, kid.
@dang are you effing serious? Why are you tolerating users like this guy but then strike me for pointing out that there's a doxxing campaign going on against the author, which the author literally mentions in the linked article?
I'm really disappointed by the moderation double standards here.
My tinfoil guess is archive.today is compromised by a state actor. Simply shutting it down would cause too much drama. Instead turn it into villain, and then take it down.
Stupid question, but CORS is designed explicitly to defend against this type of side-surf attack.
Adding a strict cors policy should fix this, or am I missing something?
"no-cors" means the request will not be preflighted, but also that JS will be denied access to the body. But the body doesn't matter here — the attack only requires the request be sent.
But more to the point, so long as the request meets the requirements of a "simple request", CORS won't preflight it. GETs qualify as a simple request so long as no non-CORS-safelisted headers are sent; since the sent headers are attacker-controlled, we can just assume that to be the case. In a non-preflighted request, the CORS "yes, let JS do this" are just on the response headers of the actual request itself.
Since GETs are idempotent, the browser assumes it safe to make the request. CORS could/would be used to deny JS access to the response.
Things are this way b/c there are, essentially, a myriad of other ways to make the same request. E.g.,
<img src="https://gyrovague.com/?s=…">
in the document would, for all intents and purposes, emit the same request, and browsers can't ban such requests, or at least, such a ban would be huge breaking change in browsers.
Whatever is going on here, is so magnificently complicated: sockpuppeting, doxxing, ddosing, psyops, pirating, FBI, cyberpunk capitalists, Russian hackers and Finnish activists. Somehow it does feel like in the middle of information war.
When I read the original article it doesn't really feel like the Finnish guy is even an activist. He seems to be just a curious nerd who wrote one article about this topic (who's behind this big site that everyone uses) and about a whole load of completely unrelated and non-activist topics like why did Japan stop building subway lines. Then his blog gained some traction because of the reporting around the FBI threats.
The article is also really appreciative of archive.today. It doesn't feel like a hit piece at all.
I reported a few times to the owner of archive.is/archive.today that he was hosting dox of a friend and he never cared. So, too fucking bad that he's the one getting doxxed now. A bit of karma.
Yep, I have heard of many such cases and I know someone affected personally. For someone who refuses to take down the personal information of others this is extremely hypocritical.
We don't know that none of the names are real. And even if they aren't, the article is still showcasing his failed attempt at doxing the owner of archive.today and providing a starting point for anyone else wanting to try.
> they were all already posted publicly previously
Doxing very often consists of nothing more than collecting data from a bunch of public sources
> Doxing very often consists of nothing more than collecting data from a bunch of public sources
I simply don't agree that this looks like doxing. No addresses or even any private information were reported. It's just a Google using WhoIs data and, in one case, the person said, in a public forum, that archive.is is "my website." Why would they have said that if they were worried about people finding out who it belongs to?
If they'd have stumbled upon an address to a private residence and reported that, sure, that would look like doxing. I just don't see it here.
Rights don’t emanate from one’s subjective personal beliefs. Sure, there are “natural rights” espoused by political philosophers, but in the real world, rights are enshrined in constitutions and codified in laws that we are all subject to.
It's absolutely relevant. Some activities break the law; others don't. Why should we care about and assign a negative appellation like "doxxing" to lawful investigative activity?
Whether you care about somebody getting doxed is orthogonal to whether they've been doxed. Whether you care or not is entirely up to you, it has no relevance.
> Well, I wish I had one, but at this stage I really don’t. The most charitable interpretation would be that the investigative heat is starting to get to the webmaster and they’re lashing out in misguided self-defense.
I don't think they're lashing out in self-defense. This is a harmless way for them to get attention, which is what they're desparate for because the FBI is after them at the behest of Bezos and other billionaires who control the paywalled media and don't like archive.today's role in making them accessible. The only thing that could possibly save them (though it almost certainly won't), is gathering as many eyeballs as possible from the people who like the service. HN having a super high concentration of those. Almost every paywalled post here has an archive.today link in the comments.
That's also why they posted about it on HN, explicitly under that name. To get HN eyeballs.
It's intentionally harmless because, as you confirmed, it's not costing you any money or resources.
We know that the impact from that time is far from worked through, but to the extent it shows up here, commenters should make the effort not to fall back into war mode.
You're welcome on HN, and so are the users you disagree with—but you all (i.e. we all) need to stay within the site guidelines when discussing tough stuff. These include: "Comments should get more thoughtful and substantive, not less, as a topic gets more divisive." -
https://news.ycombinator.com/newsguidelines.html
p.s. This comment is not just for the user I'm replying to but everyone else who's expressing strong feelings below. It's amazing, and totally human, how alive these feelings are after 80+ years, but at the same time, 80+ years of distance should give us the ability to relate to each other a little bit better than our grandfathers and great-grandfathers were able to.
> Finland was one of Germany's most important allies in the attack on the Soviet Union, allowing German troops to be based in Finland before the attack and joining in the attack on the USSR almost immediately.
I wonder, why on earth would Finland have any hostility towards the USSR in 1941? It beggars belief!
Can you clear up the confusion as to whether or not the earlier user named 'gyrovague' is operated by you as well? (There was some suspicion on the earlier thread that it might not be you.)
No, Finland handed both jewish and non-jewish Soviet POWs to Germany. Hundreds of people sent from Finland to Germany died in the camps. Finland also deported multiple jewish refugees to Germany, these people were neither Soviets nor POWs.
Yes, sure, Finland had it's own complicated reasons for behaving the way it did. There's however no serious dispute about whether or not Finnish collaboration in the holocaust happened.
I couldn't care less if this person's grandfather was a Nazi, even if it turns out to be true. What are they supposed to do, go back in time and convince their grandfather to change their ways? It ridiculous using this as some kind of insult, and it disturbs me that people might take it as one.
Could it be that Germany was the only nation willing to help Finland fight the Soviets?
From Wikipedia
> Interim peace
> ...
> Defensive arrangements were attempted with Sweden and the United Kingdom, but the political and military situation in the context of the Second World War rendered these efforts fruitless. Finland then turned to Nazi Germany for military aid.
Their admin is a member of HN but I've never seen them reply to these threads. [edit] Perhaps they could share their perspective on what has been done thus far to mitigate the problem.
I would imagine their technical perspective of what is happening and what attempts were made to mitigate it thus far. That is where the HN audience could chime in. If they have the resources I suspect they do then just about every option is on the table though assisting them may get people on some lists for assisting the Russian Federation.
It's also not clear to me who is attacking who here.
"Gyrovague", the author of the post we're commenting under has for reasons unknown engaged in targeted harassment of the owner of "archive.today".
Now the owner of archive.today is attempting a rather lazy DoS attack against gyrovague.com. A rather mild response to gyrovague attempting to bring the archive.today owner physical harm by spreading potentially identifying information about them.
There's really very little to be said about this whole thing besides that Gyrovague should try to be a less awful person in the future.
Like I said, I can't tell who is attacking who. Archive.is has more money, resources and ASN's than Akamai so surely they can mitigate anything anyone can throw at them. A little forum trying to respond in kind can't really be much of a threat. Archive could just tell their controlling nodes to ignore any requests to mirror the forum which means there is a lot more to this than any of us are seeing. That is why I would like to see the admin of Archive respond for both sides of the story.
> Archive.is has more money, resources and ASN's than Akamai so surely they can mitigate anything anyone can throw at them.
This statement makes me think you're misunderstanding the person above you.
They're saying this blog author, gyrovague, is doxing¹ Archive.is. I am wondering if you are misreading that as DoSing. To "dox" is to reveal the identity of, typically for purposes of harassment. To "DoS" is to spam with requests. Archive.is is not being spammed with requests, nor do I see anyone here suggesting they are except here: "resources and ASN's … mitigate anything anyone can throw at them" … that seems to indicate you're (mis)reading it as "DoS"?
(I.e., gyrovague is doxing the Archive.today owner¹. Archive.today is, in return, DoSing gyrovague.)
(¹I'm not trying to comment on whether that term is being appropriately applied here, or not.)
I don't think there's any dispute on what the story is. The blog post here contains the facts, and a rather clumsy attempt by Gyrovague to justify his bid to dox the operator of archive.today.
> Archive.is has more money, resources and ASN's than Akamai
I assume this is a joke, but Archive.is is a shoestring operation funded through donations.
Hey guys - you both obviously know a ton more about this than I do, but this is the point at which the thread went off the rails. I get that you disagree with each other and that's fine, but please stay within the site guidelines while doing so: https://news.ycombinator.com/newsguidelines.html.
I assume this is a joke, but Archive.is is a shoestring operation funded through donations.
I am certain they would like people to think that. They have more IPv4 addresses under more ASN's than Akamai control which anyone who has tried to block them would know. Their controlling ASN's are in the Russian Federation which they make no attempt to hide at least for now and why I must assume they are fine with people discussing it. The GDP of the Russian Federation is somewhere north of 2 trillion dollars. Their nodes both in Russia and spread all around the world would not be permitted by Russia to mirror random sites without authorization to do so. One in or from Russia would not defy Russian leadership for very long.
Yes, it's apparently hosted behind some fastflux setup. That's neither new nor special, nor is it particularly expensive. Such setups are offered on various forums starting from a few hundred dollars a month.
> Their nodes both in Russia and spread all around the world would not be permitted by Russia to mirror random sites without authorization to do so.
This is simply not true. You can absolutely run a website like this in Russia without any authorization. Who would you even ask? The whole idea is bizarre.
It's clear the doxxing attempts are getting closer now to his/her real identity. On the other hand, they do something that's really useful to so many, and it will be sad if it's gone.
also Archive.today: on the trail of mysterious guerrilla archivists of the Internet - https://news.ycombinator.com/item?id=37009598 August 2023
I wonder, is the newer gyrovague-com account because they lost the login for the old one? or was the old one a different person? Hopefully they can clarify, because if there's an account pretending to be them that makes this story even more confusingly weird.
>And I will not write "an OSINT investigation" on your Nazi grandfather, will not vibecode a gyrovague.gay dating app, etc
this guy means business lol
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
It is very possible that `gyrovague` is not `japatokal` but an impersonator.
I cannot make head or tail of this but it's more fascinating than the usual internecine bloodbath.
I think no matter how you slice it though, it's unethical and reprehensible to coordinate (even a shoddy) DDoS leveraging your visitors as middlemen. This is effectively coordinating a botnet, and we shouldn't condone this behavior as a community.
P.S. Shout-out to dang for dropping the flags. I have a small suspicion that their may be some foul play, given the contents...
I don't think this is true. I run my own recursive DNS resolver, and get a CAPTCHA when visiting archive.today.
Also, as someone interested in OPSEC and OSINT as a hobby, I find the measures taken by the .is webmaster, especially the dedication to setting up countless fake accounts for each persona, to be very intriguing. I spent about an hour looking into the Nora Puchreiner persona and all the accounts registered to it that I could find. It appears that "Tomas Poder" is another alter-ego used by the .is administrator. Nora also seems to have a sister: "Sara Puchreiner". Again, all very interesting and I can't seem to make a clear picture of the situation.
This seems like a smart thing to do if you had exposed your real name somewhere and wanted to cover it up.
They should probably review existing case around how Finnish courts treat the journalistic exception in the context of citizen's journalism (as he relied on that at least as one of the reasons): https://tuomioistuimet.fi/hovioikeudet/ita-suomenhovioikeus/...
Of course facts are different, but at least two Finnish court seem to require a lot more reasoning from the controller in the context of citizen journalism compared to traditional media when they want to invoke the journalistic exception. No clue which side this would fall into.
- The DDoS was certainly unethical and unneeded
- Although the blog post only shows an extremely one-sided version of the story by skipping straight to the threats, there are reasons to think that diplomacy has also failed terribly
- The website owner has all eyes of the "thought police" on them, and given the current political situation in Russia, it's more than likely they reside somewhere where it has real power; realistically speaking, who wouldn't be losing it?
- The blog post is preserving information that could aid further investigations even if purged from the original sources, and reveals non-OSINT information in the follow ups
- At the same time, it's, to say the least, hypocritical of the archive.today owner to attempt forcefully taking the original post down, when archive.today itself is an OSINT tool
I don't think there's a way to fairly untangle this mess anymore.
Hence, I'd focus on the possible outcomes: do we want archive.today taken down over this? Who would lose and who would benefit the most from this takedown?
As for outcomes, I'm very much a bit player/spectator in this drama, nobody's going to be "taking them down" over DDOSing an obscure nerd blog.
If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.
Thanks, I must have missed this.
> [...] nobody's going to be "taking them down" over DDOSing an obscure nerd blog.
> If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.
Yes, this is exactly what I fear. That we might be playing into the hands of the greater evil by escalating a small, personal conflict.
I don't think that's on the table. I would say use this as your incentive to support archive.org, who has proven much more accountable. Archive.Today is weaponizing their traffic, and reducing traffic is the best way to deal with it. Vote with your feet.
Internet Archive is a registered non-profit organization. It is more trustworthy and accountable, but it cannot realistically stand against government-imposed censorship. We've seen this unfold before with Twitter and Meta, partly with Telegram.
Archive.today may be similar on the surface, but if you take a closer look, it's actually an underground "evil twin" that has all the right tools to publish information the governments and the largest of companies want silenced.
Ideally, there would be no such information in the first place. However, the reality is that this classification has only been broadened to cover more content since the invention of the Internet, regardless of which political parties are in power. The fact that the owner of Archive.today is chased by the FBI even though the website already blocks archival of the kinds of content all of us would unanimously find disturbing speaks for itself.
But in fact:
1. HN uses a free service that someone else pays for.
2. HN abuses its paywall bypass function, which is not its main function, is not advertised (unlike 12ft).
3. HN creates legal problems for the archive by highlighting and framing the archive as a paywall-circumvention tool first.
4. HN promotes doxing.
Who would be more motivated in reducing traffic here?
Source:
archive.today/is/ph is adversarial. It archives things that don't want to be archived. That's why Trump's FBI is trying to unmask it.
Even the post you linked acknowledges this:
>he blocked the entire site in Finland, although later he lifted the block
https://news.ycombinator.com/item?id=46629646
There's a few publications that don't even do that though and archive.is is very good at bypassing them so I do imagine they use logins for those, but for the masses of sites it's not currently necessary.
Are you doing regular patching? Automated restarts? Watching for security breaches? Or just praying it stays up forever?
Otherwise, respectfully, I would not classify you as a "serious operator." Your site could live or die, and it would be all the same to you. Or, you've handed it to a third party for management and they don't offer much in the way of resilience or stability.
Sorry, but I wasn't. I thought that was clear from "can't afford the cost of keeping up-to-date with the Google IP list".
> They should have a great interest at blocking archive.is
Agreed, and many should have a budget to suit. So I conclude archive.is has put a lot of effort and cost into its defence. And all for free to us, the users.
It just keeps getting banned from the addon catalogs because of complaints from media. The Firefox one was taken down by a french newspaper. So you have to sideload it, which is hard to do on Android.
Edit: it looks like even the github was taken down now: https://github.com/iamadamdev/bypass-paywalls-firefox
But yes it exists. And it works for most sites. It's just hard to get it now.
The first one is money. You need lots of it to run such an operation (servers, IPs, paying to bypass all these paywalls, etc.).
The second one is the legality, as no one wants to be hunted by the FBI, especially not for running a website that is also losing money.
Given the content, I find this suspicious.
Edit: after looking at this more closely, I have a counterintuitive (to me at least) take: I think this is interesting enough to transcend the usual categories. That is, we'd normally downweight this kind of post off the frontpage - but in this case there are so many unusual variables that the usual rules don't apply.
I say this despite having zero clue what's going on here. We do have a nose for what the HN community might find interesting (we'd bloody well better after doing this job for so long), so let's override the flags and see what happens.
But without relitigating WWII please.
I suppose I should add that we prefer archive.org links when they're available, but often they aren't.
Edit: I suppose I should also re-add that we have no knowledge of or opinion about what's going on in the dispute at hand.
Interesting. May we know why?
Just some hints, kid.
@dang are you effing serious? Why are you tolerating users like this guy but then strike me for pointing out that there's a doxxing campaign going on against the author, which the author literally mentions in the linked article?
I'm really disappointed by the moderation double standards here.
[1] https://archive-is.tumblr.com/post/806832066465497088/ladies...
[2] https://archive-is.tumblr.com/post/807369905134518272/the-fi...
[3] https://archive-is.tumblr.com/tagged/patokallio
Unfortunately Archive.today complies with these attack requests in some situations, but is still usually better than others.
Use Onion version :D
Placing the link for others:
archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion
Fingers crossed that it works!
But more to the point, so long as the request meets the requirements of a "simple request", CORS won't preflight it. GETs qualify as a simple request so long as no non-CORS-safelisted headers are sent; since the sent headers are attacker-controlled, we can just assume that to be the case. In a non-preflighted request, the CORS "yes, let JS do this" are just on the response headers of the actual request itself.
Since GETs are idempotent, the browser assumes it safe to make the request. CORS could/would be used to deny JS access to the response.
Things are this way b/c there are, essentially, a myriad of other ways to make the same request. E.g.,
in the document would, for all intents and purposes, emit the same request, and browsers can't ban such requests, or at least, such a ban would be huge breaking change in browsers.Thank you for keeping this up, whoever you are.
robots.txt. It is that simple.
The article is also really appreciative of archive.today. It doesn't feel like a hit piece at all.
> they were all already posted publicly previously
Doxing very often consists of nothing more than collecting data from a bunch of public sources
I simply don't agree that this looks like doxing. No addresses or even any private information were reported. It's just a Google using WhoIs data and, in one case, the person said, in a public forum, that archive.is is "my website." Why would they have said that if they were worried about people finding out who it belongs to?
If they'd have stumbled upon an address to a private residence and reported that, sure, that would look like doxing. I just don't see it here.
I don't think they're lashing out in self-defense. This is a harmless way for them to get attention, which is what they're desparate for because the FBI is after them at the behest of Bezos and other billionaires who control the paywalled media and don't like archive.today's role in making them accessible. The only thing that could possibly save them (though it almost certainly won't), is gathering as many eyeballs as possible from the people who like the service. HN having a super high concentration of those. Almost every paywalled post here has an archive.today link in the comments.
That's also why they posted about it on HN, explicitly under that name. To get HN eyeballs.
It's intentionally harmless because, as you confirmed, it's not costing you any money or resources.
We know that the impact from that time is far from worked through, but to the extent it shows up here, commenters should make the effort not to fall back into war mode.
You're welcome on HN, and so are the users you disagree with—but you all (i.e. we all) need to stay within the site guidelines when discussing tough stuff. These include: "Comments should get more thoughtful and substantive, not less, as a topic gets more divisive." - https://news.ycombinator.com/newsguidelines.html
p.s. This comment is not just for the user I'm replying to but everyone else who's expressing strong feelings below. It's amazing, and totally human, how alive these feelings are after 80+ years, but at the same time, 80+ years of distance should give us the ability to relate to each other a little bit better than our grandfathers and great-grandfathers were able to.
I wonder, why on earth would Finland have any hostility towards the USSR in 1941? It beggars belief!
You might also want to read your own link:
https://en.wikipedia.org/wiki/Siege_of_Leningrad#Finnish_par...
Can you clear up the confusion as to whether or not the earlier user named 'gyrovague' is operated by you as well? (There was some suspicion on the earlier thread that it might not be you.)
https://news.ycombinator.com/threads?id=gyrovague
https://en.wikipedia.org/wiki/History_of_the_Jews_in_Finland...
https://journal.fi/haik/article/view/139103/86888
Yes, sure, Finland had it's own complicated reasons for behaving the way it did. There's however no serious dispute about whether or not Finnish collaboration in the holocaust happened.
From Wikipedia
> Interim peace > ... > Defensive arrangements were attempted with Sweden and the United Kingdom, but the political and military situation in the context of the Second World War rendered these efforts fruitless. Finland then turned to Nazi Germany for military aid.
https://en.wikipedia.org/wiki/Finland_in_World_War_II
What gyrovague is doing here is obviously despicable.
It's also not clear to me who is attacking who here.
Now the owner of archive.today is attempting a rather lazy DoS attack against gyrovague.com. A rather mild response to gyrovague attempting to bring the archive.today owner physical harm by spreading potentially identifying information about them.
There's really very little to be said about this whole thing besides that Gyrovague should try to be a less awful person in the future.
This statement makes me think you're misunderstanding the person above you.
They're saying this blog author, gyrovague, is doxing¹ Archive.is. I am wondering if you are misreading that as DoSing. To "dox" is to reveal the identity of, typically for purposes of harassment. To "DoS" is to spam with requests. Archive.is is not being spammed with requests, nor do I see anyone here suggesting they are except here: "resources and ASN's … mitigate anything anyone can throw at them" … that seems to indicate you're (mis)reading it as "DoS"?
(I.e., gyrovague is doxing the Archive.today owner¹. Archive.today is, in return, DoSing gyrovague.)
(¹I'm not trying to comment on whether that term is being appropriately applied here, or not.)
> Archive.is has more money, resources and ASN's than Akamai
I assume this is a joke, but Archive.is is a shoestring operation funded through donations.
I am certain they would like people to think that. They have more IPv4 addresses under more ASN's than Akamai control which anyone who has tried to block them would know. Their controlling ASN's are in the Russian Federation which they make no attempt to hide at least for now and why I must assume they are fine with people discussing it. The GDP of the Russian Federation is somewhere north of 2 trillion dollars. Their nodes both in Russia and spread all around the world would not be permitted by Russia to mirror random sites without authorization to do so. One in or from Russia would not defy Russian leadership for very long.
> Their nodes both in Russia and spread all around the world would not be permitted by Russia to mirror random sites without authorization to do so.
This is simply not true. You can absolutely run a website like this in Russia without any authorization. Who would you even ask? The whole idea is bizarre.
Citation needed.
It's clear the doxxing attempts are getting closer now to his/her real identity. On the other hand, they do something that's really useful to so many, and it will be sad if it's gone.
gyrovague: claimed to own the blog in the last thread
rabinovich: posted last thread linking to gyrovague.com, identifying the owner as... well... "Masha Rabinovich"
I believe these accounts are all connected.
I have nothing to do with "rabinovich" but I also have no way of proving a negative.
<https://gyrovague.com/2026/02/01/archive-today-is-directing-...>
This thing is blurry, shady and I hope it will draw some more OSINT eyes on it. I am now curious.