Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
rgj 6 hours ago

But apparently there was actual CSAM there, since the article mentioned that archive.is removed it within a few hours. So the claim was real. Why did they make up such a story around it?

e2le 3 hours ago | parent | next [-]

>They replied within a few hours. The response was straightforward: the illegal content would be removed (and we verified that it was), and they had never received any previous notifications about those URLs.

They never notified archive.today of the illegal material, instead they chose to demand blocking actions of archive.today from a DNS provider. I would be interested to know whether any other DNS service providers have received similar such demands.

I would assume (like any normal individual), that you would notify the service first (archive.today) and if they've proven to be a non-responder to CSAM material then escalate to legal action.

If archive.today is honest about never receiving a prior notification, then the way in which they've decided to go about removing the illegal material is very suspicious.

asmor 2 hours ago | parent [-]

One might even go so far to insinuate that they were the party responsible for the CSAM being there to begin with. Wouldn't be the first time someone weaponized such content. I remember at least one case were a steamer was "digitally" swatted using a Dropbox upload link.

SSLy 2 hours ago | parent [-]

The fake abuse reports coming to IP addresses hosting TOR relays (not exits) might be same group trying to pollute the commons.

ricardobeat 5 hours ago | parent | prev | next [-]

Since archive.is doesn’t scan the internet and only archives content on demand, those might as well have been planted exactly for this purpose - which would put another crime onto the accuser.

meowface 3 hours ago | parent [-]

A false flag ploy is a massive accusation that requires strong evidence. I agree this organization seems suspicious but I wouldn't hint at accusing them of intentionally uploading child sexual abuse material somewhere and archiving it with archive.is without a smoking gun.

I don't know why they first went to the host and not the entity itself but positive evidence is important. A false flag report wouldn't shock me (I've seen it happen many times) but I'll withhold judgment until further investigation.

brookst 3 hours ago | parent [-]

It’s a reasonable possibility to consider given the evidence of bad faith, the factually incorrect claims, the apparent impersonation of a lawyer, and the apparent history of targeting using similar claims but “different” claimants.

vintermann 4 hours ago | parent | prev | next [-]

Uploading illegal material of some sort to a site with user-contributed content, and then immediately reporting it, is a common abuse tactic.

amiga386 4 hours ago | parent | prev | next [-]

False flag attacks are a thing that wannabe censors do.

They post CSAM to some service/site, then immediately report it to every possible contact of the site's hosting provider, DNS provider, DDoS protection provider, etc. But not the site itself.

Before they do that, they spend weeks probing the site's moderation response, to work out the best time to evade detection on the site itself.

Then they do it again, and again, and again. They fight against the site's attempt to block them.

Their intent is to _deliberately_ get the site into trouble, and ultimately get the site's hosting, DNS, peering, etc. to abandon it.

The same sort of shitstains also persistently DDoS the site.

Why do they do it? Usually minor and petty internet squabbles, the instigator hates the site and wants to destroy the site, and uses these underhand tactics to do it.

They have no legal way to get what they want -- destroy someone else's site for their own pleasure -- so they use illegal ways. https://protectthestack.org/

bee_rider 3 hours ago | parent [-]

I don’t understand this attack, are these reports anonymous or something?

In order to pull off this attack the attacker would have to have a collection of CSAM to upload. What if the site being attacked logged the uploader’s IP and went above-and-beyond complying with authorities and provided the source of the upload.

Well, I guess some people doing this sort of thing would try to hide their identity while doing the upload. Honestly, in that case… it might be reasonable for sites to not accept uploads via things like TOR, right? (Or however else these people hide their tracks).

codedokode 3 hours ago | parent | next [-]

I assume people who do this also do other illegal things and know how to anonymize themselves.

amiga386 3 hours ago | parent | prev [-]

People who have money to rent DDoS services from criminals also have money to rent VPNs that use US residential IP addresses (usually from home computers infected with malware under the control of criminals)

betaby 5 hours ago | parent | prev [-]

Because they went to the unrelated DNS provider and not the archive itself.