>>gyrova+(OP)
previously >>46624740

>>its-su+of
Macroexpanded: Ask HN: Weird archive.today behavior? - >>46624740 - Jan 2026 (69 comments)

I cannot make head or tail of this but it's more fascinating than the usual internecine bloodbath.

>>archag+Bj1
I looked at the flags and they seem to be legit flags from legit users. My guess is that they thought this was below-the-radar drama that wasn't on topic for HN. (I could make a "people who flagged X also flagged" list a la >>46771900 to support the point, but it's a time-consuming pain so I'd rather not!)

Edit: after looking at this more closely, I have a counterintuitive (to me at least) take: I think this is interesting enough to transcend the usual categories. That is, we'd normally downweight this kind of post off the frontpage - but in this case there are so many unusual variables that the usual rules don't apply.

I say this despite having zero clue what's going on here. We do have a nose for what the HN community might find interesting (we'd bloody well better after doing this job for so long), so let's override the flags and see what happens.

But without relitigating WWII please.

>>gyrova+(OP)
It is academically very interesting to think about this in light of their long-standing dispute with Cloudflare (https://community.cloudflare.com/t/archive-is-error-1001/182...) over EDNS, which could have privacy implications attached.

I think no matter how you slice it though, it's unethical and reprehensible to coordinate (even a shoddy) DDoS leveraging your visitors as middlemen. This is effectively coordinating a botnet, and we shouldn't condone this behavior as a community.

>>its-su+of
See also https://archive-is.tumblr.com/post/806832066465497088/ladies...

also Archive.today: on the trail of mysterious guerrilla archivists of the Internet - >>37009598 August 2023

>>snailm+A26
there is also `japatokal`:

https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

It is very possible that `gyrovague` is not `japatokal` but an impersonator.

>>gyrova+(OP)
This likely means nothing, but the .is webmaster seems to have some sort of existing issue with Finland (where gyrovague is from), see >>37011955 . I thought I would point it out.

Also, as someone interested in OPSEC and OSINT as a hobby, I find the measures taken by the .is webmaster, especially the dedication to setting up countless fake accounts for each persona, to be very intriguing. I spent about an hour looking into the Nora Puchreiner persona and all the accounts registered to it that I could find. It appears that "Tomas Poder" is another alter-ego used by the .is administrator. Nora also seems to have a sister: "Sara Puchreiner". Again, all very interesting and I can't seem to make a clear picture of the situation.

>>rsaare+Do6
It seems that the website has been blocked in Finland since at least August of 2023, see >>37011955 .

>>m132+wt6
Gyrovague here. As linked in the blog entry, you can view both sides of the email correspondence here: https://pastes.io/correspond

As for outcomes, I'm very much a bit player/spectator in this drama, nobody's going to be "taking them down" over DDOSing an obscure nerd blog.

If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.

>>gyrova+jG6
You could specify that you wrote it on the last line of the post, so it clears up any basic speculation.

<https://gyrovague.com/2026/02/01/archive-today-is-directing-...>

>>its-su+of
also previously from the owner of archive.is/today: https://archive-is.tumblr.com/tagged/patokallio

>>gyrova+1G6
> As linked in the blog entry, you can view both sides of the email correspondence here: https://pastes.io/correspond

Thanks, I must have missed this.

> [...] nobody's going to be "taking them down" over DDOSing an obscure nerd blog.

> If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.

Yes, this is exactly what I fear. That we might be playing into the hands of the greater evil by escalating a small, personal conflict.

>>operat+eO6
Is it somehow related to this comment? <>>46867686 >

>>chrisj+F77
What do you mean by “afford the cost”? The list is free of charge (https://support.google.com/a/answer/10026322?hl=en-GB) and maintenance can be fully automated.

>>mr_mit+Zk6
Ghostarchive does a decent job for the same sites in my experience: https://ghostarchive.org/

>>parabl+fr6
> Finland (where gyrovague is from)

They should probably review existing case around how Finnish courts treat the journalistic exception in the context of citizen's journalism (as he relied on that at least as one of the reasons): https://tuomioistuimet.fi/hovioikeudet/ita-suomenhovioikeus/...

Of course facts are different, but at least two Finnish court seem to require a lot more reasoning from the controller in the context of citizen journalism compared to traditional media when they want to invoke the journalistic exception. No clue which side this would fall into.

>>ebilge+8H7
Update: hmm seems like they're involved in this whole thing too somehow, how strange:

>>46629646

>>m132+wZ6
Internet Archive's trustworthiness took a hit when they waded into fact checking - https://blog.archive.org/2020/10/30/fact-checks-and-context-... and wiping content they disapproved of - >>32743325

>>pieter+eW7
Not here, though. The exact code:

  fetch("https://gyrovague.com/?s="+Math.random().toString(36).substring(2,3+Math.random()*8),{ referrerPolicy:"no-referrer",mode:"no-cors" });

"no-cors" means the request will not be preflighted, but also that JS will be denied access to the body. But the body doesn't matter here — the attack only requires the request be sent.

But more to the point, so long as the request meets the requirements of a "simple request", CORS won't preflight it. GETs qualify as a simple request so long as no non-CORS-safelisted headers are sent; since the sent headers are attacker-controlled, we can just assume that to be the case. In a non-preflighted request, the CORS "yes, let JS do this" are just on the response headers of the actual request itself.

Since GETs are idempotent, the browser assumes it safe to make the request. CORS could/would be used to deny JS access to the response.

Things are this way b/c there are, essentially, a myriad of other ways to make the same request. E.g.,

  <img src="https://gyrovague.com/?s=…">

in the document would, for all intents and purposes, emit the same request, and browsers can't ban such requests, or at least, such a ban would be huge breaking change in browsers.

>>mr_mit+yF8
They have. It's called bypass-paywalls-clean . It works pretty ok.

It just keeps getting banned from the addon catalogs because of complaints from media. The Firefox one was taken down by a french newspaper. So you have to sideload it, which is hard to do on Android.

Edit: it looks like even the github was taken down now: https://github.com/iamadamdev/bypass-paywalls-firefox

But yes it exists. And it works for most sites. It's just hard to get it now.

>>m132+6S6
it is not a small personal conflict, it is two years of non-stop escalation, gyrovague not only wrote the doxx, he is obsessively pushes it to the media:

2023: https://boingboing.net/2023/08/05/the-internets-other-archiv...

2024: https://gigazine.net/gsc_news/en/20240326-archive-today/

2025: the FBI story on many news sites

all these media articles are about gyrovague, archive doxx here is only fuel to promote gyrovague's blog

it must be stopped somehow