>>rabino+(OP)
They might need to tweak a single word. Streisand readers won’t have a clue which.

Save the page now and compare a week later.

>>rabino+(OP)
Hmm. If it is an attempt at DDoS attacks, it's probably not very fruitful:

  >$ resolvectl query gyrovague.com

  gyrovague.com: 192.0.78.25                     -- link: eno1
                 192.0.78.24                     -- link: eno1

Viewing the first IP address on https://bgp.he.net/ip/192.0.78.25 shows AS2635 (https://bgp.he.net/AS2635) is announcing 192.0.78.0/24. AS2635 is owned by https://automattic.com aka wordpress.com. I assume that for a managed environment at their scale, this is just another Wednesday for them.

>>rabino+(OP)
Pretty sure that blog is hosted on Wordpress.com infrastructure so it's not like the blog owner would even notice unless it generates so much traffic that WP itself notices.

That said I don't think there's many non-malicious explanation for this, I would suggest writing to HN and see about blocking submissions from the domain hn@ycombinator.com

>>rabino+(OP)
Given it's set to generate random pages on the site, is there even any possible explanation for this that isn't sketchy?

>>dunder+PQ
It occurred to me while reading the article that I could also just have checked the TLS cert. The cert I was given presents "Common Name tls.automattic.com". However, maybe someone will discover bgp.he.net via this :-)

>>sbdama+bS
It's not random, setting the query string to a new value on every fetch is a cache busting technique - it's trying to prevent the browser from caching the page, presumably to increase bandwidth usage.

>>rabino+(OP)
I just tried in my browser (Firefox on Ubuntu) and got the same result. Deeply curious.

>>rabino+(OP)
Remember when Archive.is/today used to send Cloudflare DNS users into an endless captcha loop because the creator had some kind of philosophical disagreement with Cloudflare? Not the first time they’ve done something petty like this.

>>rabino+(OP)
There's really no interpretation of this which isn't malicious, although, not to defend this behaviour whatsoever, I'm not entirely surprised by it. The only real value of archive.is is its paywall bypassing abilities and, presumably, large swaths of residential proxies that allow it to archive sites that archive.org can't. Only somebody with some degree of lawlessness would operate such a project.

>>dunder+eS
> maybe someone will discover bgp.he.net via this

I did, thank you!

>>dunder+PQ
It is using the ?s= parameter which causes WordPress to initiate a search for a random string. This can result in high CPU usage, which I believe is one of the DoS vectors that works on hosted WordPress.

>>dunder+PQ
I believe they're probably trying to get the blog suspended (automatically?) hence the cache busting; chewing through higher than normal resources all of a sudden might do the trick even if it doesn't actually take it offline.

>>rabino+(OP)
Worth blocking the URL for users of that Archive site then, avoid extra burden?

>>rabino+(OP)
Well that is a very silly way to punish the author of an article you don’t want people to know about.

>>intern+AV
It's not just for paywall bypassing. Sometimes there are archive.today snapshots that aren't in the Wayback Machine (though I think your overall point about lawlessness still stands).

For example, there was some NASA debris that hit a guy's house in Florida and it was in the news. [1] Some news sites linked to a Twitter post he made with the images but he later deleted the post. [2]

The Wayback Machine has a ton of snapshots of the Twitter post but none of them render for me. [3]

But archive.today's snapshot works great. [4]

[1] https://www.bbc.com/news/articles/c9www02e49zo

[2] https://xcancel.com/Alejandro0tero/status/176872903149342722...

[3] https://web.archive.org/web/20240715000000*/https://twitter....

[4] https://archive.md/obuWr

>>rabino+(OP)
>>45922875

“Behind the complaints: Our investigation into the suspicious pressure on Archive.today”

>>eli+IX
"It’s a testament to their persistence that they’re managed to keep this up for over 10 years, and I for one will be buying Denis/Masha/whoever a well deserved cup of coffee."

https://gyrovague.com/2023/08/05/archive-today-on-the-trail-...

And one where the author's cool with whoever is running archive.today.

>>rabino+(OP)
While many people here on HN seems to be pro archive.today, please remember that it's a website managed by pro-Kremlin people, who, among other things selectively choose which content to erase, and track visitors and archivers in a few sneaky ways (look at the HTTP / DNS requests when you visit / archive pages).

One has to wonder why all this tracking from administrator(s) that want to stay anonymous?

You can't trust anything hosted on archive.today because you can't trust that the content hasn't been altered in some way in the pursuit of their agenda.

>>intern+AV
Not excusing this malicious behavior, but I have to say, the mentioned blog post is a major dick move, too. Got quite the impression of a passive aggressive undertone, and there is clearly bittersweet irony in collecting and "archiving" an archiver's personal information from long ago traces. Maybe it's all some feud between two dicks, some backstory untold. Maybe the blog author wanted some information gone from archive.today, but was denied.

>>rabino+(OP)
And that's how advertising works, folks. If someone wants a website dead, I want to know more about it.

>>catlif+BV
Add https://bgp.tools to the list

>>medium+TS
It's trying to prevent the server from caching the search. Thousands of different searches will cause high CPU load and the WordPress might decide to suspend the blog.

>>Brybry+MX
Archive.today has a different approach to the baseline archive technology (executing javascript at archival time and saving the DOM instead of saving and replaying server responses verbatim). Additionally, Archive.today employs a number of site specific mitigations which aren't visible to the end user. In some cases, for instance, they use accounts, but then retroactively modify the DOM to mask this mitigation. [0] While the exact strategy they use for Twitter isn't known to me, they are doing something by their own admission. [1]

[0] https://blog.archive.today/post/708008224368001024/why-isnt-... compounded with personal observation.

[1] https://blog.archive.today/post/708565142782246912/pretty-pl...

>>rabino+(OP)
OP frames this like they just stumbled across the blog post but they created an account matching the name discussed within it three months ago?

I’m confused.

>>jijiji+S31
Perhaps, and yet I've referenced this article numerous times over the years. The most important property of an archive is that it saves an authentic copy of the source material—that is to say, the archive must be trusted. If archive.today is indeed a legitimate archival source first and foremost as it purports to be, the user has a reasonable interest in investigating the people behind it so that they can come to an informed conclusion about if they can trust the archive or not.

>>rabino+(OP)
What my pattern-matching eyes immediately spotted is that the hn username that posted this is rabinovich. The linked article speaks about Masha Rabinovich. Maybe a coincidence.

> in a 2012 F-Secure forum post, a “masharabinovich” complains about “my website http://archive.is/” being blacklisted. They pop up on Wikipedia as well getting told off for adding too many links to archive.is, including a mention that they’re using the Czech ISP fiber.cz

>>aendru+w91
Sometimes HN admins revive quality posts that didn't get much traction when they were first posted. When this happens, the timestamps are updated to make the post look new.

I can't say for sure whether this is what happened here, but it is a possible explanation.

>>rabino+(OP)
Gyrovague here, author of the targeted blog post:

https://gyrovague.com/2023/08/05/archive-today-on-the-trail-...

In the past week or so, I have received a GDPR takedown attempt of the archive.today blog post (which my hosting provider rightly rejected), a politely worded request to take it down (which was sadly eaten by my spam filter), and now this (thanks to the HN reader who tipped me off).

Given that the proverbial cat has been out of the bag for 2.5 years at this point, I'm genuinely puzzled as to what they're hoping to achieve, but this does not seem like a very good way of going about it.

>>jijiji+S31
Blog post author here. Nope, I was just curious, since it's quite remarkable how huge archive.today is, how widely it's used, and how little we know about it. I do acknowledge the irony of an archiver being upset by an archive of their own work though :)

All that said, the post does not actually dox anyone (as far as I can tell, every name mentioned is an alias or red herring), and the "investigation" was basically punching things into my favorite search engine and seeing what came up. If a nation state level threat actor or even one of the copyright cabals wanted to find the maintainer, they have much better ways of going about it.

>>dunder+eS
good ol' hurricane electric

>>gyrova+3f1
What did the politely worded request say, was it from the creator?

>>notmys+Ig1
I will not be sharing any discussions publicly until/unless we come to an agreement, but yes, at least it appeared to be.

>>rabino+(OP)
This feels like the start of treasure hunt like game. Between username of rabinovich (as others have pointed out) and the prior submission by rabinovich of an archive.today like tool 3 months ago - https://ghostarchive.org/. When you click into the search query examples for ghostarchive such as this one https://ghostarchive.org/search?term=https://docs.google.com. Many of the documents are very weird indeed.

>>crazys+X11
> And one where the author's cool with whoever is running archive.today.

I don't think it really matters how "cool" you are with someone while actively trying to doxx them.

>>rabino+(OP)
DDosing but still archiving:

https://archive.is/https://gyrovague.com/2023/08/05/archive-...

>>rafram+uV
That's still a thing. Happens to me as we speak.

>>gyrova+3f1
Great article, is the attack affecting you in any way?

Do you know when it began?

And what do you think of the account reporting this being named rabinovich, and having being created months ago?

>>rabino+(OP)
>>46628734 makes some good points, it shouldn't have been downvoted do death

>>AndroT+si1
For me it just doesn't resolve at all on Cloudflare dns. So annoying.

>>bakugo+rh1
Revealing publicly available information (actually publicly available, in the sense of "any person can easily look this up", not "publicly available" in a sense of "publicly available in leaked databases", which actual doxxers use as an excuse for their actions) isn't doxxing.

>>rafram+uV
It wasn't a philosophical disagreement, they needed some geo info from the DNS server to route requests so they could prevent spam and Cloudflare wasn't providing it citing privacy reasons. The admin decided to block Cloudflare rather than deal with the spam.

>>master+Qb1
Wild idea: Could be a symbolic dead man switch.

Reports of FBI going hard after archive.today around the time the HN account was setup and they post an archive.today competitor. Pings on the investigative article then a post to HN saying “3 days ago” which could indicate when FBI succeeded.

The only comment by the poster on this article is a sharp clarification of what doxxing is and isn’t.

Perhaps this is just an unusual way of slowly stepping out from behind the curtain on your own quirky terms after a fantastically long tenure.

>>master+Qb1
> They pop up on Wikipedia as well getting told off for adding too many links to archive.is

Funnily enough, they removed that from their talk page right around the time this thread got posted, their first edit in almost 6 years: https://en.wikipedia.org/wiki/Special:Contributions/Masharab...

That's a lot of coincidences...

>>gyrova+3f1
Sockpuppet/troll unless you link the HN thread in the blog. rabinovich OP while the article talks about "Masha Rabinovich." I suspect it's all a ruse for the FBI.

>>333c+4c1
This post did in fact go through the second-chance pool: https://news.ycombinator.com/pool

(For more details on posts getting “rescued”, see Dan’s comment here: >>11662380 )

>>gyrova+Xf1
Assuming you are who you say you are, thanks for the feedback.

> All that said, the post does not actually dox anyone (as far as I can tell, every name mentioned is an alias or red herring)

Well, you clearly do have struck a nerve. And the article at least comes off as the attempt to dox someone. Curiosity is one thing, publishing these findings (where the original sources may fade in time) is another. It's quite evident the person behind archive.today does not want the attention. Just saying, your post doesn't exactly say respect privacy. Would you not have published, if you were actually confident to have found the guy? I got the impression, you would have published regardless.

> the "investigation" was basically punching things into my favorite search engine and seeing what came up.

I think that's what doxxing is, for the most part. You did the work, so everyone else doesn't have to. Nation state threat actors and "the copyright cabal" also got other stuff to do, technical feasibility isn't really a valid argument. Nation state actors could also hack, extort, or kill someone. Ethically, that's of no consequence regarding your own actions against someone.

Not saying you are the worst person ever, but I can totally see why you attracted someone's anger.

>>intern+K91
There are different scenarios and different needs. Trust-wise, the enemy of your enemy may be your friend. Dodging legal liability can be an asset too, if you are dealing with evidence against the government, or powerful people within your jurisdiction. Wikileaks fills a similar role. And archive.org certainly isn't trustworthy with respect to US political influence. They are trying to rewrite history, they will purge the archives, too.

For the average case, you shouldn't fully trust any one service IMO.

BTW, there is a neat browser add-on, which lets you search across various archives: https://github.com/dessant/web-archives

>>fhub+8h1
> This feels like the start of treasure hunt like game. Between username of rabinovich (as others have pointed out) and the prior submission by rabinovich of an archive.today like tool 3 months ago - https://ghostarchive.org/. When you click into the search query examples for ghostarchive such as this one https://ghostarchive.org/search?term=https://docs.google.com. Many of the documents are very weird indeed.

This is what someone trying to start a treasure hunt like game would say....

Mom! Am I an NPC? Mom! Am I real???

>>rabino+Zj1
ಠ_ಠ

>>rabino+Zj1
Doxxing has never been restricted to just leaked databases. I'd argue that any publishing of personal information in a context in which the individual clearly doesn't want to be identified counts.

The owner of the site is not identified anywhere on the site itself. And I think we can both agree that it's the sort of site whose owner would prefer to remain as anonymous as possible. The blog post digs up information about the owner from whois records, which do count as easily accessible public information, but then links to Kiwifarms of all places, and goes on to talk about identifying writing patterns and doing "detective work" involving cross-referencing profile pictures of accounts on various websites that were obviously not intentionally linked together by their owner. This is a textbook doxxing attempt.

>>g-b-r+Yi1
Did you save it?

>>Brybry+MX
.

   {
   echo resolve web.archive.org:443:207.241.237.3
   echo url=https://web.archive.org/web/20240404223104if_/https://twitter.com/Alejandro0tero/status/1768729031493427225
   echo user-agent=\"\"
   echo header accept:
   } \
   |curl -qK/dev/stdin|tr \< '\n'|sed -n '/^meta/s/^/</;/./{/og:url/,/og:image/p;}'

>>eli+IX
I never would have read the article had archive.today not gone into a CAPTCHA loop on me and then I see in developer tools it's pinging this other site. Talk about Streisand effect.

>>stavro+ln1
Had nothing to do with spam, the argument by archive.today that they needed EDNS client subnet info made no sense, they aren't anycasting with edge servers in every ISP PoP.

>>arcfou+fu2
They use EDNS for regional compliance, not for bandwidth optimization.

>>rabino+(OP)
Irony:

The author of the personal blog post claimed he works for Google, who has arguably the world's most complete web archive and uses it for commercial purposes

This archive used to be publicly accessible, at least in part, at webcache.googleusercontent.com^1

The blog post compares the size of archive.today with archive.org (about 1:40, according to the author)

But it does not include a comparison to cache.googleusercontent.com

1. Bing, another Google competitor, also offered part of their own archive at cc.bingj.com during that time

>>Barbin+mX
How would you determine who is a user of the archive site?

>>rabino+Zj1
No, it is.

>>venteg+Bx2
What specific part of regional compliance actually needs this, and why does no other website seem to need it?

>>venteg+jK1
It's accessible again now

>>blorg+jt2
I think Streisand effect is the goal. Look at the username of TFA poster and the name of the person the article author suspects.

>>opengr+7t1
> Sockpuppet/troll unless you link the HN thread in the blog.

I've had email correspondence with gyrovague where they've shared this exact sentiment.

>>russia+q21
Hm, a pro-Kremlin website, banned on Russian state firewall while actively used by Myrotvorets and many gov.ua sites....

>>joseph+ge4
e.g. currently most media snapshots contain wartime propaganda forbidden at least somewhere.

RT content verboten in Germany, DW content verboten in Russia, not to mention another dozen of hot spots.

"Other websites" are completely inaccessible in certain regions. The Archive has stuff from all of them, so there’s basically no place on Earth where it could work without tricks like the EDNS one.

>>venteg+Hk5
That makes zero sense. You're aware that they get the client's actual IP upon connection?

You're saying they have groups of servers with every possible permutation of censorship that they direct clients to through DNS? Absurd.

>>arcfou+JG5
They always direct clients to a server abroad. The task is exactly opposite to what CDNs do

>>venteg+Hk5
> The Archive has stuff from all of them, so there’s basically no place on Earth where it could work without tricks like the EDNS one.

Isn't that true of archive.org as well? Why doesn't it need EDNS then?

>>joseph+dD7
Actually, I'm not entirely sure on how archive.org achieves its resiliency.

It's a rather interesting question for archive.org, if one were to interview them, that is.

Unlike archive.today, they don't appear to have any issues with e.g. child pornography content, despite certainly hosting a hundred times more material.

They have some strong magic which makes the cheap tricks needless.

>>intern+AV
What's the alternative? At least they don't comply with takedown requests, which can't be said about archive.org who remove everything even semi-controversial.