Around January 11, 2026, archive.today (aka archive.is, archive.md, etc) started using its users as proxies to conduct a distributed denial of service (DDOS) attack against Gyrovague, my personal blog. All users encountering archive.today’s CAPTCHA page currently load and execute the following Javascript:
Posting this here since the dispute was started over a PII concern.
You must log in or # to comment.
It seems that in some cases (piefed) my post only appears as a bump on a previous post, without my additions, so here they are as a comment:
Around January 11, 2026, archive.today (aka archive.is, archive.md, etc) started using its users as proxies to conduct a distributed denial of service (DDOS) attack against Gyrovague, my personal blog. All users encountering archive.today’s CAPTCHA page currently load and execute the following Javascript: setInterval(function() { fetch(“https://gyrovague.com/?s” + Math.random().toString(36).substring(2, 3 + Math.random() * 8), { referrerPolicy: “no-referrer”,…
Far too many netizens still try to ignore this or even come up with reasons why gyrovague is the bad guy here.
Alternative archive pages:
archive.org
ghostarchive.org
archivebox.io (self-hosted)But how else to bypass a paywall?
I’ve read relevant articles and clicked old links - they all seem to be history. The only ones that still work just look for the article in various archives - the subject of this post always amongst them. The same applies to this article, but there’s still some good tips.
Here is the original article from 2023: https://gyrovague.com/2023/08/05/archive-today-on-the-trail-of-the-mysterious-guerrilla-archivist-of-the-internet/ and what Patakallio has to say about it today:
The post mentions three names/aliases linked to the site, but all of them had been dug up by previous sleuths and the blog post also concludes that they are all most likely aliases, so as far as “doxxing” goes, this wasn’t terribly effective.
Here is a relevant ArsTechnica article: https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-archive-today-after-site-executed-ddos-and-altered-web-captures/
Wikipedia editors discovered that the archive site altered snapshots of webpages to insert the name of the blogger who was targeted by the DDoS.
archive.today (.ph, .is, .md, .fo, .li, .vn) also loads a pixel and javascript from mail.ru. The script mentions lamoda.ru, kommersant.ru, dzen.ru, ad.mail.ru, vk.com, vkontakte.ru, ok.ru, odnoklasseniki.ru. I haven’t researched this further, but I think one can assume that your IP address will be spread across all relevant Russian websites. 10 years ago I would have said “so what? The Russians have social media too” but today you can safely assume that all this data is available to the government itself and is actively contributing to the hybrid war.
All in all, archive.today has always been in the “too good to be true” category. Call me suspicious.
And once again because it’s important:
The Wikipedia guidance points out that the Internet Archive and its website, Archive.org, are “uninvolved with and entirely separate from archive.today.”
But how else to bypass a paywall?
You could try looking to see if your local libraries give you access to those sources.
Besides that, I personally use Bypass Paywalls Clean the browser extension, but it also sometimes pulls the content from archive.today.
this is why i like to disable Javascript if its not necessary using noscript.
Me too, but then you can’t get over the captcha.
That way, archive.today used to work without js, but not anymore.
i think its recaptcha?
Link to a post a while back about archive.is (and other archive.* sites) sending data to Russia. Post discusses this article
The linked article is nothing more than incompetent, bad-faith fearmongering. It has already been debunked in this comment. Long story short: literally every request mentioned in this article is blocked by any ad blocker with default settings, which you should be using anyway.
The linked article is nothing more than incompetent
Fair enough, it wasn’t very good. But rn it seems like I (and also the writers of that article) was proven right to be leery of archive.xx
Any info that goes to any Russian website these days can be considered going straight to the government, and therefore harmful, fueling their hybrid war.
Without explicitely using a Russian or Russia-related website.
In your linked, older comment you repeatedly state that it’s only trackers and counters, but you should also mention that each time this happens a visitor’s IP (and most likely full browser profile) is stored somewhere along the article they clicked on. People do not necessarily know this.
Thanks very much for the link. Appreciate your research and explanation. Always grateful to learn from others. Have a PiHole and use uBlock. Thanks again.
Victim blaming may not be the answer you think it is.
literally
I’m a bit of a troglodyte, I had to look up what PII referred to.
Whoever is doing the responding and the petty bullshit with the captcha stuff isn’t doing themselves any favors by being a gland end unnecessarily. I’m not really curious as to who is behind the archive website so the blog authors need to unmask them is lost on me admittedly. I do use the paywall bypass site, but given the person’s responses I’ll try not to use it at all going forward, for however much that actually makes a difference.
There have been a bunch of posts and articles about this. I don’t know why it keeps getting reposted on lemmy tbh. Both sides are complete dicks. From what I understand, the “poor victim” was the initial asshole and both sides have kept escalating it.
Both sides are complete dicks. From what I understand, the “poor victim” was the initial asshole
No, the first article totally endorsed archive.today: https://web.archive.org/web/20231119194615/https://gyrovague.com/2023/08/05/archive-today-on-the-trail-of-the-mysterious-guerrilla-archivist-of-the-internet/
He ends it with announcing that he will buy them a coffee on buymeacoffee.
