Get the top HN stories in your inbox every day.
winkelmann
simonw
Thanks for that, I didn't know about that API - which it turns out has open CORS headers so you can call it from JavaScript.
I now have my dream DNS lookup web tool! https://tools.simonwillison.net/dns#d=news.ycombinator.com&t...
ignoramous
https://dohjs.org/ is pretty nifty.
Also: https://dnscheck.tools/
rollulus
I think there are two angles to look at this. Yes, there’s the attack on the weblog. But there’s also pressure on archive.today, e.g. an FBI investigation [1] and some entity using fictitious CSAM allegations [2].
[1]: https://arstechnica.com/tech-policy/2025/11/fbi-subpoena-tri...
[2]: https://adguard-dns.io/en/blog/archive-today-adguard-dns-blo...
JasonADrury
Jani Patokallio who runs gyrovague.com published a blog post attempting to dox the owner of archive.today.
Jani justifies his doxing as follows "I found it curious that we know so little about this widely-used service, so I dug into it" [1]
Archive.today on the other hand is a charitable archival project offered to the public for free. The operator of Archive.today risks significant legal liability, but still offers this service for free.
[1]: https://gyrovague.com/2026/02/01/archive-today-is-directing-...
It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone. The only credible reason for Jani to publish something like this is if he desires to cause physical harm to the operator of archive.today
Or are we just looking at an unhinged fan stalking their favorite online celebrity?
People were critical of the Banksy piece, but this is much nastier. At least Banksy is a huge business, archive.today does not even make money.
gyrovague-com
Jani here. What you describe as "doxxing" consisted of a) a whois lookup for archive.is and b) linking to a StackExchange post from 2020 called "Who owns archive.today" [1]. There is literally no new information about the site's owner in the post, all names have been dug up before and are clearly aliases, and the post states as much.
[1] https://webapps.stackexchange.com/questions/145817/who-owns-...
freehorse
Is the argument that it is "failed doxxing", or that you did not try/intend to dox?
Minor49er
Huh, that's what Kiwi Farms says about the people that they talk about online too. And Cloudflare famously retaliated against them, but are retaliating against the victim in this case because Archive.today responded to the doxing in the wrong way apparently
croes
Isn’t doxxing most of the time just collecting data from multiple public sources and connect them?
thomassmith65
If the site operator is working for the FSB, doxx away! Although the world needs a better alternative to Internet Archive, it shouldn't be an alternative that is an arm of an authoritarian government.
JasonADrury
I don't see how this description changes the fundamental nature of your actions.
Even a half-assed attempt at doxing is still an attempt at doxing.
It'd be much easier to accept that you're acting in good faith had you deleted the post when it became obvious that the target doesn't appreciate it.
You could still do that, and it would very simply be the right thing to do.
iamshs
I hate this. Archive.today provides a useful service for people like us in developing countries; without archive.today we would not even have luxury to read and document a lot of stuff. In our countries, hard disks are expensive and internet is not fast either. We don't have the luxury to just download; and so many useful Youtube video are just made private after one phone call from Police. Why take it away from us...
tomalbrc
[flagged]
walletdrainer
[flagged]
Mogzol
All your comments are painting archive.today as an innocent victim in all this, but in addition to the DDoS, they have been caught modifying archived pages as well as sending actual threats to Patokallio [1] which in my opinion seem far worse than the "doxxing".
Just the fact alone that they modified archived pages has completely ruined their credibility, and over what? A blog post about them that (a) wasn't even an attack, it is mostly praising archive.today, and (b) doesn't reveal any true identities or information that isn't already easily accessible.
From my perspective at least, archive.today seems like the unhinged one, not Patokallio.
[1] https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-a...
wl
Which pages have they been caught modifying? And where's the evidence? I've seen this accusation multiple times but never with concrete details.
walletdrainer
[flagged]
dddgghhbbfblk
>It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.
I would say the opposite... The DDoS is pretty obviously ridiculous, completely unacceptable, and entirely indefensible, while the blog post seems like whatever.
I honestly cannot fathom defending using your popular website as a tool to DDoS someone you have personal beef with, without the consent of the DDoSing participants.
JasonADrury
> The DDoS is pretty obviously ridiculous, completely unacceptable, and entirely indefensible, while the blog post seems like whatever
The DDoS hasn't even successfully taken the website down, so your objection is entirely ideological.
It's a pretty messed up ideology if attempting to take down a website is worse than potentially subjecting someone to violence by attempting to dox them and sharing your work.
smohare
[dead]
Aurornis
> It's weird to see people getting fixated on the DDoS,
The weird part to me is that some people are seemingly trying to downplay a popular website abusing visitors to DDoS someone.
How does your information (two angles) change anything at all about that fact? Normally if any website was caught abusing visitors to DDoS another website there would be no debate about why this is a bad thing. What about your other angles was supposed to matter in deciding if this was a bad thing for a website to do?
Two wrongs don’t make a right. Feeling wronged by someone doesn’t give you freedom to abuse every visitor to your website to DDoS someone else.
JasonADrury
>The weird part to me is that some people are seemingly trying to downplay a popular website abusing visitors to DDoS someone.
What's the true, practical impact being downplayed here?
KronisLV
> It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.
Why even do that, then? Why not just make a public post of theirs like: "Hey, here's someone trying to doxx me, and here's the unfair and fictitious bullshit the lying government is trying to pin on me. Here's all the facts, decide for yourselves."
Why do something as childish as DDoSing someone which takes away any basic good will and decency/respect you might have had in the eyes of many?
That way, it'd also be way more clear whether attempts at censorship are motivated by them acting as a bad actor, or some sort of repression and censorship thing.
I don't really have a horse in this race, but it sounds like lashing out to one own's detriment.
dgxyz
I'm wondering if Jani is possibly going to walk into the wrong party here and get burned. I did some public archival stuff about a decade ago and it was state sponsored and for the intelligence community. I'm not suggesting this is but it'll be very much of interest to competing intelligence services as it's an information control point. None of those are the sort of people you start pissing off by sticking your dick in it. FBI is likely just one of the actors here.
derefr
You seem the right person to ask about this: why don’t we see any public web archivers operated by individuals or organizations based in countries that aren’t big fans of aiding or listening to American intelligence?
echoangle
Why would stuff for the intelligence community be made public? Wouldn’t it make more sense for them to keep it private?
refulgentis
> Or are we just looking at an unhinged fan stalking their favorite online celebrity?
In this case, question is recursive. I have no idea who Jani Patokallio or gyrovague.com are, and the way Jason Drury shifts from “tried to dox” to “doxx’d” makes me wonder if this is astroturfing by Jani or Jason or a 3rd party. Who knows!
JasonADrury
>the way Jason Drury shifts from “tried to dox” to “doxx’d”
I double-checked all my comments, that never happened.
pasquinelli
it's weird to see the term "doxx" be abused until it doesn't mean anything.
Hamuko
So the two angles are that archive.today is doing something illegal and also being investigated by American law enforcement?
expedition32
I suppose an argument can be made that archive infringes copyright.
Hell I use it to circumvent paywalls.
windexh8er
So, if that's the case we can get all frontier provider sites marked as such as well?
f-serif
A bit context if you are confused why Public DNS server blocking websites. 1.1.1.2 is Malware blocking DNS server similar to AdBlock DNS server. It is not 1.1.1.1 and 1.0.0.1
Here is the DDoS context https://gyrovague.com
apaprocki
And for parents: 1.1.1.3 blocks adult content :)
TacticalCoder
Yeah I only ever use 1.1.1.3. Of note is that 1.1.1.3 is like 1.1.1.2 but with know adult sites also blocked, in addition to malware.
swrobel
For some reason I thought 1.1.1.1/1.0.0.1 already wouldn’t resolve archive.[today|is|ph] anyway
stuffoverflow
Archive.today's attack on https://gyrovague.com is still on-going btw. It started just over two months ago. Some IPs get through normally but for example finnish residential IPs get stuck on endless captchas. The JS snippet that starts spamming gyrovague appears after solving the first captcha.
winkelmann
I'm not a web developer, but I've picked up some bits of knowledge here and there, mostly from troubleshooting issues I encounter while using websites.
I know there are a number of headers used to control cross-site access to websites, and the linked blog post shows archive.today's denial-of-service script sending random queries to the site's search function. Shouldn't there be a way to prevent those from running when they're requested from within a third-party site?
sheept
You can't completely prevent the browser from sending the request—after all, it needs to figure out whether to block the website from reading the response.
However, browsers will first send a preflight request for non-simple requests before sending the actual request. If the DDOS were effective because the search operation was expensive, then the blog could put search behind a non-simple request, or require a valid CSRF token before performing the search.
bawolff
> I know there are a number of headers used to control cross-site access to websites
Mostly these headers are designed around preventing reading content. Sending content generally does not require anything.
(As a kind of random tidbit, this is why csrf tokens are a thing, you can't prevent sending so websites test to see if you were able to read the token in a previous request)
This is partially historical. The rough rule is if it was possible to make the request without javascript then it doesn't need any special headers (preflight)
undefined
JasonADrury
[flagged]
47282847
One side publishes words, the other DDoSes. One side could just ignore the other and go about their business, the other cannot. One is using force, which naturally leads to resistance and additional attention, the other is not.
Both sides look like they have been bullied in the past and not found their way out of reproducing the pattern yet.
throwingcookies
> The blog is still online and only exists as a part of a harassment campaign targeting archive.today
The blog has a lot of more posts on random topics. Why do you imply that the owner of the bloh is part of a harassment campaign and "only" that is the reason for this years old blog to exist?
longislandguido
You think DDoS (which is illegal btw) is okay as long as you don't like the target?
riedel
While I would it also better to a bit redact names and details mentioned in the original article in hindsight, I hardly find real defamation. I guess you want to provide random unproven evidence if someone is target of various foreign law enforcement and commercial sites. In the article they even call for donations to archive.today . As far as I read the tone of the post is full of admiration. Funny thing is that IMHO the rather childish JavaScript attack gives credibility to the post after all. In all this I somehow hope that we see a legal solution to all this major global copyright crisis that has been reinforced by LLM training. (If you want conspiracy theory: that I guess would be easy monetization for archive these days selling their snapshots)
dawnerd
I get the endless captcha with a Southern California ip. Something emus either very broken or malicious.
throwingcookies
Why is archive today attacking that website?
nailer
The linked blog contains a story about who funds archive today and they presumably don’t like being exposed.
throwingcookies
Thanks. I am so confused by this social drama, I feel like I am getting too old for this.
steveharing1
You mean just to keep their secrets hidden they hurt others?
VERIRoot
well that exposing is hurting more than 2 for sure
JasonADrury
[flagged]
zahlman
To be clear, if I have JavaScript blocked for archive.today (which is my default with NoScript; and really there is no site functionality that really needs JS on the user's end), then I don't participate in the DDOS, right?
Anonyneko
I've been getting the endless captcha on my Finnish residential IPs, but I've also been getting that (or outright timeouts) when using VPNs, so I cannot use the site altogether. I wish there were alternatives.
riedel
While you article is insightful. Can the blog author please redact the actual names and nicks from your orginal blog post (including the exact places where to find the information). As this was discussed below. While I think you had good intentions, but it might be good to also reflect on the rights of that person not be identified.
Edit: I misread the comment initially as from someone with more insight. However, I guess it is obvious that anyone can see the JavaScript and participates involuntarily in the DoS.
1vuio0pswjnm7
Some time ago, probably at least a year, likely more, I read a blog post by someone working for Google in Europe who loved using Archive.today and out of curiosity tried to determine who was running it. In the end he gave up, offered to buy the operator a beer or something like that, but if I recall correctly he went to even greater lengths in his research than the blogger discussed in this thread
I wish I could find it
sillysaurusx
https://gyrovague.com/2023/08/05/archive-today-on-the-trail-...
Sparked a controversial subthread elsewhere here. I don’t think this counts as doxxing, but some people apparently see it that way. It was an entertaining read though.
PeterStuer
Otoh, without archive.today a substantial % of HN posts would be unreadable for nearly all of the audience.
henearkr
I doubt it.
You may have mixed it up with archive.org.
JasonADrury
I suggest you double-check that. Archive.today/archive.is is the one which bypasses paywalls and makes unreadable content readable, not archive.org
baobabKoodaa
Archive.is links have not worked for me for over a year. Infinite captcha loop.
henearkr
Ah! You may well be right. Thanks.
That's bad then, to depend on that for paywall bypass...
I hope very much that the situation evolves into a more satisfactory one.
DanielHall
[dead]
kmfrk
What a crazy timeline this has been.
(1) May 04 2019: "Tell HN: Archive.is inaccessible via Cloudflare DNS (1.1.1.1)" [https://news.ycombinator.com/item?id=19828317]
eastdakota on May 4, 2019 on: Tell HN: Archive.is inaccessible via Cloudflare DNS...
[Via https://news.ycombinator.com/item?id=19828702]
We don’t block archive.is or any other domain via 1.1.1.1. Doing so, we believe, would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals, which was part of the motivation for the privacy and security policies of 1.1.1.1.
EDNS IP subsets can be used to better geolocate responses for services that use DNS-based load balancing. However, 1.1.1.1 is delivered across Cloudflare’s entire network that today spans 180 cities. We publish the geolocation information of the IPs that we query from. That allows any network with less density than we have to properly return DNS-targeted results. For a relatively small operator like archive.is, there would be no loss in geo load balancing fidelity relying on the location of the Cloudflare PoP in lieu of EDNS IP subnets.
We are working with the small number of networks with a higher network/ISP density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up with an EDNS IP Subnet alternative that gets them the information they need for geolocation targeting without risking user privacy and security. Those conversations have been productive and are ongoing. If archive.is has suggestions along these lines, we’d be happy to consider them.
zamadatix
The 1.1.1.1 referred to in the above is Cloudflare's main resolver, 1.1.1.2 & 1.1.1.3 are for those intentionally looking for malware and content blocking.
razingeden
Cloudflare dns has gone back and forth on whether it wants to resolve them since 2019. It’s taken that away and restored it again (intentionally? mistake?) at least four times.
The c&c/botnet designation would seem to be new though.
winkelmann
As far as I am aware, all previous issues with archive.today and Cloudflare were on account of archive.today taking measures to stop Cloudflare's DNS from correctly resolving their domains, not the other way around.
The current situation is due to Cloudflare flagging archive.today's domains for malicious activity, Cloudflare actually still resolves the domains on their normal 1.1.1.1 DNS, but 1.1.1.2 ("No Malware") now refuses. Exactly why they decided to flag their domains now, over a month after the denial-of-service accusations came out, is unclear, maybe someone here has more information.
Hamuko
Sounds a bit like when "Finland geoblocked archive.today". In all actuality, there was no geoblocking of the site in Finland by any authorities or ISPs, but rather it was the website owner blocking all Finnish IPs after some undisclosed dispute with Finnish border agents. When something bad happens, people seem a bit too willing to give archive.today the benefit of the doubt.
kmeisthax
For context, archive.today is angry that Cloudflare won't pass through EDNS - which includes things like your IP address, which archive.today explicitly wants for DNS-based geographical routing. The obvious problem with this is that it would deanonymize all 1.1.1.1 users, at least down to their ISP and probably down to the individual subscriber.
undefined
akerl_
Have they? The thing I remember previously was archive.is, and it wasn’t a block, archive.is was serving intentionally wrong responses to queries from cloudflare’s resolvers.
This is notably not a change to how 1.1.1.1 works, it’s specifically their filtered resolution product.
razingeden
Thank you. And all. It’s too late to edit my comment but the ones in this vein checked out and I stand corrected
altairprime
Intentionally, I believe? archive.today iirc has explicitly blocking Cloudflare from resolving them at various times over the years due to Cloudflare DNS withholding requesting-user PII (ip address) in DNS lookups.
Looking forward to when Google Safe Browsing adds their domains as unsafe, as that ripples to Chrome and Firefox users.
vachina
> Cloudflare dns has gone back and forth.
Just tells me they are an unreliable resolver. Instead of being a neutral web infra, they actively participate in political agendas and censor things they "think" is wrong.
akerl_
1. As noted in prior comments, Cloudflare wasn’t blocking this site previously. The site operator chose to make their site unresolvable by Cloudflare.
2. 1.1.1.2, the resolver being discussed in this post, is explicitly Cloudflare’s malware-filtered DNS host. 1.1.1.1 does not filter this site.
breppp
While I fully support this instance, I wonder what else Cloudflare has set to "Censored", apart for the obvious CSAM
Kwpolska
1.1.1.2 is their malware-blocking DNS, and 1.1.1.3 is their parental-controls DNS. If you want an unfiltered DNS, use 1.1.1.1 - which resolves archive.today just fine, although archive.today itself refuses to work on Cloudlfare DNS.
sgbeal
> 1.1.1.2 is their malware-blocking DNS, and 1.1.1.3 is their parental-controls DNS. ...
TIL, thank you. Time to go tweak my pi-hole server...
arvid-lind
I'm just curious, given all the other options that respect your privacy and don't put data collection at the center of their business model, why do you use Cloudflare on your pi-hole?
TZubiri
Today we are one of the lucky 10k
surgical_fire
I have no idea why anyone would use Cloudflare DNS, much less trust their more filtered versions.
saaaaaam
I use cloudflare DNS because it’s faster. But should I worry, having read your comment? What is the downside to using it? What would you recommend instead?
8cvor6j844qw_d6
Same thoughts. Cloudflare DNS is noticeably slow to resolve on some of my devices.
Switching to literally any other DNS and the same domains resolve instantly.
Could be a issue specific to my location or devices, but its been consistent enough that I stopped bothering.
ranger_danger
I have no idea why anyone would drink water from a faucet, much less trust their more filtered versions.
Hamuko
The "censored" part of archive.today seems unrelated to the filtering itself. 1.1.1.3 flags Pornhub.com as "EDE(17): Filtered" but archive.today is "EDE(16): Censored".
Supposedly it should be an external party that's requiring Cloudflare not to publish the DNS record. https://www.rfc-editor.org/rfc/rfc8914.html#name-extended-dn...
bunbun69
Good. What archive.today is doing is illegal
GTP
I reported the miscalssification, you can do it as well from the linked page.
Edit: reading some comments here seems that I was too fast, and that the story is much more complicated. Having just the Cloudflare page as a context, I assumed the news were a miscalssification. Could someone share more context on what is going on here?
ck2
quad9 dnscrypt for the win
https://quad9.net/service/service-addresses-and-features/
Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled
IPv4
9.9.9.11
149.112.112.11
IPv6
2620:fe::11
2620:fe::fe:11
HTTPS
https://dns11.quad9.net/dns-query
TLS
tls://dns11.quad9.netGet the top HN stories in your inbox every day.
"archive.today is currently categorized as: * CIPA Filter * Reference * Command and Control & Botnet * DNS Tunneling"
Ditto for their other domains like archive.is and archive.ph
Example DoH request:
$ curl -s "https://1.1.1.2/dns-query?name=archive.is&type=A" -H "accept: application/dns-json"
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"archive.is","type":1}],"Answer":[{"name":"archive.is","type":1,"TTL":60,"data":"0.0.0.0"}],"Comment":["EDE(16): Censored"]}
---
Relevant HN discussions:
https://news.ycombinator.com/item?id=46843805 "Archive.today is directing a DDoS attack against my blog"
https://news.ycombinator.com/item?id=47092006 "Wikipedia deprecates Archive.today, starts removing archive links"
https://news.ycombinator.com/item?id=46624740 "Ask HN: Weird archive.today behavior?" - Post about the script used to execute the denial-of-service attack
Wikipedia page on deprecating and replacing archive.today links:
https://en.wikipedia.org/wiki/Wikipedia:Archive.today_guidan...