Steve's prompt: "write an explainer blog post about this" (linking to the Ars Technica article about Wikipedia banning archive.today)
Here's something that should keep you up tonight.
Wikipedia just banned archive.today across every one of its projects and started removing 695,000 links from 400,000 pages. The web archiving service, which has been used for years as a backup record of what the internet looked like at a given moment, was caught doing two things: launching a DDoS attack against a blogger who investigated its operator, and altering archived web captures after the fact.
Read that last part again. The archive was editing history.
The Blogger
In August 2023, a Finnish engineer named Jani Patokallio published an OSINT investigation on his blog, Gyrovague, trying to identify who runs archive.today. The service has always operated in near-total anonymity. Unlike the Internet Archive, which is a registered nonprofit with transparent governance, archive.today has no public team, no organizational structure, no accountability. Patokallio's research suggested the site is likely run by one person, possibly using the alias "Denis Petrov," possibly based in Russia.
The operator did not appreciate the investigation.
The Attack
On January 10, 2026, the archive.today webmaster emailed Patokallio asking him to take the post down temporarily. Patokallio declined. Four days later, on January 14, a Hacker News user noticed something strange: archive.today's CAPTCHA page was running JavaScript that made every visitor's browser silently attack Patokallio's blog.
The code was blunt:
setInterval(function() {
fetch("https://gyrovague.com/?s=" + Math.random()
.toString(36).substring(2, 3 + Math.random() * 8),
{ referrerPolicy: "no-referrer", mode: "no-cors" });
}, 300);Every 300 milliseconds, every visitor to archive.today sent a search request with a random string to Patokallio's blog. Random strings defeat caching. The search function hits the database. Millions of archive.today visitors, all unknowingly drafted into a DDoS army against one Finnish blogger's WordPress site.
When confronted, the operator told a security researcher the purpose was to "slightly increase hosting costs." It didn't work. Patokallio uses flat-rate hosting. The attack cost him nothing. But the operator also posted a Tumblr blog attacking Patokallio and his family, drawing connections to Nazi history, arms trafficking, and Ukraine. The kind of unhinged escalation that makes you wonder what else this person would do with the infrastructure they control.
The Altered Archive
This is where it stops being a story about one angry operator and becomes a story about the internet.
Wikipedia editors, while deliberating whether to ban archive.today over the DDoS, discovered something worse. Archived captures on the platform had been altered after the fact. In at least one case, a "Comment as: Nora" string in an archived blog post had been replaced with "Comment as: Jani Patokallio." Someone had edited an archived web page to insert the name of the person being targeted.
The capture was later reverted to what appeared to be the original. But the damage was done. The evidence was in Wikipedia's discussion logs for anyone to read.
Archive.today's entire value proposition is one thing: it preserves an unaltered, timestamped record of what a web page looked like at a specific moment. That is the only reason it exists. That is the only reason 695,000 Wikipedia links pointed to it. If the operator can change what the archive says after the fact, the service is worthless. Worse than worthless. It's a tool for rewriting history while wearing the costume of preservation.
695,000 Links
Wikipedia's response was total. The consensus among editors: immediately deprecate archive.today, add it to the spam blacklist, and begin removing all links. This applies across every Wikimedia project. Every language edition. Commons. Wikidata. Everything.
That's 695,000 links distributed across roughly 400,000 pages. Each one needs to be reviewed and replaced, most likely with an Internet Archive Wayback Machine link if one exists. If none exists, the citation loses its backup. The source might still be live. It might not. That's the problem with depending on a single archiving service run by an anonymous operator with no oversight.
What This Has to Do with Everything Else
We've been writing about noosphere pollution for a week. The thesis: AI is flooding the information ecosystem with synthetic content that's indistinguishable from the real thing, and nobody has a plan for cleaning it up.
But this story is about something even more fundamental than new pollution. It's about someone poisoning the cleanup crew.
Web archives are the immune system of the internet. When a page disappears, the archive remembers. When a claim is disputed, the archive settles it. When someone edits a statement after the fact, the archive catches the edit. Archives are how we know what was real. They are the closest thing the internet has to ground truth.
And now one of the major archiving services has been caught altering that truth. Not by an AI hallucinating. Not by a glitch. By a human operator who got angry at a blogger and decided to edit the record.
We wrote about mixing real research with fabrications. We wrote about a journalist poisoning ChatGPT in 20 minutes. We wrote about wrong frameworks being worse than wrong facts. All of those posts assumed one thing: that somewhere, a reliable record existed. That you could go back and check. That the archive was the archive.
What happens when the archive itself is compromised? When the thing you use to verify everything else can't be verified? You don't just lose one source. You lose the ability to trust any source that depends on it. The doubt propagates backward through every citation, every link, every "archived version" that was supposed to be the proof.
The Operator
Nobody knows, with certainty, who runs archive.today. The service operates across multiple domains (archive.ph, archive.is, archive.li) and multiple jurisdictions. The operator has never submitted to an interview. The infrastructure is deliberately opaque. And this person controls what hundreds of millions of archived web pages say.
The Internet Archive, by contrast, is a 501(c)(3) nonprofit based in San Francisco. It has a founder (Brewster Kahle), a board, a staff, tax filings, and a physical building you can visit. It has been sued, subpoenaed, and scrutinized. You can argue about its decisions. You can't argue about its existence.
Archive.today had none of that. And for years, Wikipedia treated both services as interchangeable. 695,000 times, an editor chose archive.today as the backup copy of record for a claim in an encyclopedia read by billions of people. Every one of those links was an act of trust in an anonymous operator with no accountability.
That trust is gone.
Sources
- "Wikipedia bans Archive.today after site executed DDoS and altered web captures." Ars Technica, February 2026.
- Patokallio, Jani. "archive.today is directing a DDOS attack against my blog." Gyrovague, February 1, 2026.
- "Archive.today: Operator uses users for DDoS attack." Heise, February 2026.
- "Wikipedia blacklists Archive.today, starts removing 695,000 archive links." Slashdot, February 20, 2026.
- Wikipedia:Archive.today guidance. Wikipedia editor discussion and consensus.