| ▲ | stuffoverflow 11 hours ago |
| Archive.today's attack on https://gyrovague.com is still on-going btw. It started just over two months ago. Some IPs get through normally but for example finnish residential IPs get stuck on endless captchas. The JS snippet that starts spamming gyrovague appears after solving the first captcha. |
|
| ▲ | winkelmann 10 hours ago | parent | next [-] |
| I'm not a web developer, but I've picked up some bits of knowledge here and there, mostly from troubleshooting issues I encounter while using websites. I know there are a number of headers used to control cross-site access to websites, and the linked blog post shows archive.today's denial-of-service script sending random queries to the site's search function. Shouldn't there be a way to prevent those from running when they're requested from within a third-party site? |
| |
| ▲ | sheept 9 hours ago | parent | next [-] | | You can't completely prevent the browser from sending the request—after all, it needs to figure out whether to block the website from reading the response. However, browsers will first send a preflight request for non-simple requests before sending the actual request. If the DDOS were effective because the search operation was expensive, then the blog could put search behind a non-simple request, or require a valid CSRF token before performing the search. | |
| ▲ | bawolff 9 hours ago | parent | prev | next [-] | | > I know there are a number of headers used to control cross-site access to websites Mostly these headers are designed around preventing reading content. Sending content generally does not require anything. (As a kind of random tidbit, this is why csrf tokens are a thing, you can't prevent sending so websites test to see if you were able to read the token in a previous request) This is partially historical. The rough rule is if it was possible to make the request without javascript then it doesn't need any special headers (preflight) | |
| ▲ | 10 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | JasonADrury 10 hours ago | parent | prev [-] | | [flagged] | | |
| ▲ | 47282847 9 hours ago | parent | next [-] | | One side publishes words, the other DDoSes. One side could just ignore the other and go about their business, the other cannot. One is using force, which naturally leads to resistance and additional attention, the other is not. Both sides look like they have been bullied in the past and not found their way out of reproducing the pattern yet. | | |
| ▲ | JasonADrury 9 hours ago | parent | next [-] | | SF, DS, KF all only publish words. Presidents use words to direct planes to drop bombs on schools full of little girls. It's deliberately obtuse to suggest that "words" aren't a big deal. >One is using force, which naturally leads to resistance and additional attention, the other is not. I'd say attempting to dox someone and then spreading that information is deploying far more significant force than a minor lazy DDoS attack. Doxing or attempting to dox someone is effectively threatening them with physical violence. A DDoS is nothing at all in comparison. | |
| ▲ | croes 9 hours ago | parent | prev [-] | | Words can have bad consequences.
We‘ll see what will happen to Banksy after Reuters published words. |
| |
| ▲ | throwingcookies 10 hours ago | parent | prev | next [-] | | > The blog is still online and only exists as a part of a harassment campaign targeting archive.today The blog has a lot of more posts on random topics. Why do you imply that the owner of the bloh is part of a harassment campaign and "only" that is the reason for this years old blog to exist? | | |
| ▲ | JasonADrury 10 hours ago | parent [-] | | Because all the content in the past 4+ years is about archive.today? | | |
| ▲ | Mogzol 10 hours ago | parent | next [-] | | Not true: https://gyrovague.com/2025/02/23/anatomy-of-a-boarding-pass-... There are only two posts about archive.today on the blog, and one of them only exists because archive.today started DDoSing them. I fail to see how you could consider the entire blog to be a "harassment campaign", especially considering that the original blog post isn't even negative, it ends with a compliment towards archive.today's creator. | |
| ▲ | winkelmann 10 hours ago | parent | prev | next [-] | | > all the content in the past 4+ years is about archive.today But it's not? This was published between the two posts about archive.today: https://gyrovague.com/2025/02/23/anatomy-of-a-boarding-pass-... | | |
| ▲ | JasonADrury 10 hours ago | parent [-] | | Okay, there's one filler post I missed. I'm sure it took a lot of time to write the 16739382nd post explaining what the various things on a boarding pass mean. | | |
| ▲ | ahhhhnoooo 9 hours ago | parent [-] | | They have posted twice in four years. Once doing some digging into who runs archive today, and a second time to respond to a ddos attack. Writing about being ddos'd seems eminently reasonable. So if you elide that, you are talking about a single article in four years. It's genuinely nothing. | | |
| ▲ | JasonADrury 8 hours ago | parent | next [-] | | The purpose of a thing is what it does. | | |
| ▲ | throwingcookies 8 hours ago | parent [-] | | > The purpose of a thing is what it does. What is the purpose of the DDoS JS in the archive website then? Not DDoS? | | |
| ▲ | JasonADrury 8 hours ago | parent [-] | | I'm sure it's DDoS, just like the purpose of gyrovague.com is to attack archive.today Easy stuff, no? | | |
| ▲ | ahhhhnoooo 2 hours ago | parent [-] | | Attack? Did we read the same one article? One article is clearly defensive. The other is a piece of investigative journalism about who and how the site is run. Neither of those is an attack. | | |
|
|
| |
| ▲ | 9 hours ago | parent | prev [-] | | [deleted] |
|
|
| |
| ▲ | jrflowers 9 hours ago | parent | prev | next [-] | | This is a weird way of saying that you wish gyrovague updated more frequently. You could just say “Big fan of his writing, I’d love it if he posted more” if your only complaint is that there aren’t enough recent blog posts on that website | |
| ▲ | 9 hours ago | parent | prev [-] | | [deleted] |
|
| |
| ▲ | longislandguido 9 hours ago | parent | prev | next [-] | | You think DDoS (which is illegal btw) is okay as long as you don't like the target? | | |
| ▲ | JasonADrury 9 hours ago | parent | next [-] | | I, like almost all people, firmly believe that dropping bombs on people is okay as long as I find the target sufficiently despicable. Why are you pretending to be surprised by this view that is held by approximately every single person in the world? Or do you think we should have different standards for DDoS and actual violence? | |
| ▲ | DaSHacka 7 hours ago | parent | prev | next [-] | | Considering the site itself is an illegal archive of websites, I think its obvious most of us don't treat what's 'legal' as a guide to whats 'moral'. | |
| ▲ | RobotToaster 9 hours ago | parent | prev [-] | | Harassment an doxing are both illegal. | | |
| ▲ | hrimfaxi 5 hours ago | parent [-] | | Doxxing is illegal? I am against it but if it's republishing public info I don't think it can be illegal in the US unless there is an intent element. | | |
| ▲ | RobotToaster 12 minutes ago | parent [-] | | The blog author is in Finland, so it's covered by the Article 8 right to privacy of the ECHR. The exact implementation is country dependent, I don't know how it works in Finland but in the UK we just extended the common law tort of "Breach of confidence" to it. |
|
|
| |
| ▲ | riedel 9 hours ago | parent | prev [-] | | While I would it also better to a bit redact names and details mentioned in the original article in hindsight, I hardly find real defamation. I guess you want to provide random unproven evidence if someone is target of various foreign law enforcement and commercial sites.
In the article they even call for donations to archive.today . As far as I read the tone of the post is full of admiration. Funny thing is that IMHO the rather childish JavaScript attack gives credibility to the post after all.
In all this I somehow hope that we see a legal solution to all this major global copyright crisis that has been reinforced by LLM training. (If you want conspiracy theory: that I guess would be easy monetization for archive these days selling their snapshots) | | |
| ▲ | JasonADrury 8 hours ago | parent [-] | | Defamation? No. Doxing? Yes. It's clear that the person running archive.today does not actively publicize their identity. > As far as I read the tone of the post is full of admiration Exactly like an unhinged fan stalking a celebrity. | | |
| ▲ | riedel 6 hours ago | parent [-] | | Totally agreed. Thanks for raising awareness. Thinking about it, I think we might need better platform rules, maybe even regulations on this. There seems to be pretty much no line of defense, which might explain the rather desperate DoS. If you take anonymity as a right, discussion like ours here on HN are dangerous as well, as they easily make otherwise difficult to find knowledge easily visible. So while a single fan page might go unnoticed, in case of doxing amplification is also a problem. Just my spontaneous thought. Edit: one afterthought. The story about hacking together a response to the GDPR takedown request quoting press rights and freedom of speech using an LLM shows actually the deeper problem. Actually rights come with obligations (at least ethical ones). At least in Europe press standards are typically rather aware of doxing risks. While actually celebraties also successfully use legal defenses, i still think the defenses for activist are weak balancing interest here (at least if you made something of public interest) |
|
|
|
|
|
| ▲ | throwingcookies 10 hours ago | parent | prev | next [-] |
| Why is archive today attacking that website? |
| |
| ▲ | nailer 10 hours ago | parent [-] | | The linked blog contains a story about who funds archive today and they presumably don’t like being exposed. | | |
| ▲ | JasonADrury 9 hours ago | parent | next [-] | | The crucial context here is that archive.today provides a useful public service for free. Jani Patokallio runs gyrovague.net in order to harass people who provide useful public services. It's not surprising that the owner of archive.today does not like being exposed, archiving is a risky business. | | |
| ▲ | drum55 8 hours ago | parent | next [-] | | Should providing a public service absolve all sins? | | |
| ▲ | JasonADrury 8 hours ago | parent | next [-] | | So far, the only sin archive.today has been accused of is retaliating against a guy attempting to dox them. That's a pretty small sin in my book. To be written off as wildly unsuccessful but entirely justified self defense. DDoSing gyrovague.com is silly, not evil. The content on gyrovague.com which targets archive.today is evil, plain and simple. | | |
| ▲ | ellen364 5 hours ago | parent | next [-] | | The person who runs archive.today decided to involve me, and every other visitor, in their dispute. They decided to use us to hurt someone else. That's a pretty big sin in my book. | |
| ▲ | Permik 6 hours ago | parent | prev | next [-] | | archive.today has a documented history of altering the archived content, as such they immediately lose the veil of protection of a service of "public good" in my books. Just my 2 ¢, not that it really matters anymore in this current information-warfare climate and polarization. :/ | | |
| ▲ | baal80spam 5 hours ago | parent [-] | | > archive.today has a documented history of altering the archived content Wow, I had no idea. Thanks. | | |
| |
| ▲ | miken123 8 hours ago | parent | prev [-] | | > So far, the only sin archive.today has been accused of is retaliating against a guy attempting to dox them. I think you're missing that circumventing paywalls is unlawful in most parts of the world. | | |
| ▲ | animuchan 7 hours ago | parent | next [-] | | Respectfully, it's not, in most parts of the world. | |
| ▲ | choo-t 7 hours ago | parent | prev | next [-] | | > I think you're missing that circumventing paywalls is unlawful in most parts of the world. And a necessity if you want to archive the content correctly, also necessary if you want the archives to be publicly available. | |
| ▲ | Hamuko 7 hours ago | parent | prev [-] | | Not really sure if circumventing paywalls is that unlawful across the world, but basically copying and pasting an entire web page is just clear and simple copyright violation. |
|
| |
| ▲ | vachina 8 hours ago | parent | prev | next [-] | | I know it's petty. But don't act surprised when you find your garbage strewn all over your lawn next morning after you flipped off your neighbor the fourth time. | |
| ▲ | kuschkufan 8 hours ago | parent | prev [-] | | Look at "i-pay-for-all-online-articles-always" over here. |
| |
| ▲ | nailer 4 hours ago | parent | prev [-] | | Archive today being free doesn’t excuse them using their audience to DDoS someone they don’t like or excuse them from modifying archive content. Also documenting who funds a service is in the public interest. | | |
| ▲ | JasonADrury 3 hours ago | parent [-] | | >Also documenting who funds a service is in the public interest. Not really, no. It's not unlikely to result in the service ceasing to exist. |
|
| |
| ▲ | steveharing1 7 hours ago | parent | prev | next [-] | | You mean just to keep their secrets hidden they hurt others? | | |
| ▲ | choo-t 7 hours ago | parent [-] | | Like most companies or state ? As an individual, keeping their identity private is the only way to prevent oppression. |
| |
| ▲ | throwingcookies 10 hours ago | parent | prev | next [-] | | Thanks. I am so confused by this social drama, I feel like I am getting too old for this. | | |
| ▲ | ryandrake 9 hours ago | parent [-] | | It’s truly weird and unhinged the extent to which two rando Internet People are willing to grief each other. | | |
| |
| ▲ | VERIRoot 10 hours ago | parent | prev [-] | | well that exposing is hurting more than 2 for sure |
|
|
|
| ▲ | riedel 6 hours ago | parent | prev [-] |
| While you article is insightful. Can the blog author please redact the actual names and nicks from your orginal blog post (including the exact places where to find the information). As this was discussed below. While I think you had good intentions, but it might be good to also reflect on the rights of that person not be identified. Edit: I misread the comment initially as from someone with more insight. However, I guess it is obvious that anyone can see the JavaScript and participates involuntarily in the DoS. |
