Wikipedia is having a full-blown identity crisis over Archive.today, and honestly, it’s about time someone talked about the elephant in the room. The volunteer editors are currently debating whether to completely blacklist the archive site after it was apparently used as a weapon in a distributed denial of service attack against a blogger who dared to write about its mysterious founder.
The drama centers around Jani Patokallio, a Google Cloud engineer in Sydney who runs the Gyrovague blog. Back in 2023, he published a fairly innocent post trying to figure out who runs Archive.today, a site known for saving snapshots of webpages and helping people bypass paywalls. The post gathered maybe 10,000 views and then disappeared into the internet’s memory hole. No big deal, right?
Wrong. Fast forward to late 2025, and several news outlets including Ars Technica started linking to Patokallio’s blog post when covering an FBI subpoena related to Archive.today’s founder. That’s when things got weird. Really weird.
When CAPTCHA Pages Become Weapons
Here’s where this story enters Technology nightmare territory. Archive.today apparently injected malicious Javascript code into its CAPTCHA pages that turned every visitor into an unwitting participant in a DDoS attack against Patokallio’s blog. Every 300 milliseconds, while you’re sitting there proving you’re not a robot, your browser would fire off requests to Gyrovague’s search function using random strings to prevent caching.
The technical sophistication is almost impressive if it wasn’t so incredibly messed up. Anyone who encountered Archive.today’s CAPTCHA page became part of a botnet without even knowing it. This went on for weeks before the Wikipedia community really started paying attention.
Wikipedia editors now face three options. Option A is scorched earth, removing or hiding all 695,000 Archive.today links across 400,000 Wikipedia pages and adding the site to the spam blacklist. Option B is deprecation, keeping existing links but discouraging new ones. Option C is doing absolutely nothing and pretending this is fine.
The Email Thread From Hell
Patokallio shared what he called a “lightly redacted” email exchange with Archive.today’s webmaster, and it reads like a fever dream. Someone calling themselves “Nora Puchreiner” filed a GDPR complaint trying to get the blog post taken down. When that didn’t work, the polite requests turned into threats.
The Archive.today maintainer threatened to investigate Patokallio’s “Nazi grandfather” and create AI-generated porn associated with his name. Let that sink in for a moment. A widely-used archival service that Wikipedia relies on for citations is being run by someone who threatens to create revenge porn when they don’t get their way.
The irony is thick enough to cut with a knife. When Patokallio linked to Wikipedia’s page on the Streisand effect, suggesting the maintainer was making things worse, the response was to double down with more threats. Because nothing says “I’m a trustworthy business operator” like threatening to make someone’s name synonymous with a “new category of AI porn.”
For what it’s worth, Patokallio’s grandfather apparently served in the Finnish Army defending against Soviet attacks during World War II. But facts seem to be flexible in this particular dispute.
The Paywall Problem Nobody Wants to Admit
One Wikipedia editor cut through the noise with an uncomfortable truth. Most Archive.today links on Wikipedia aren’t there to preserve dead URLs that the Internet Archive can’t handle. They’re there to bypass paywalls, which is convenient but illegal. Wikipedia accepts Archive.today links for this purpose but won’t touch Anna’s Archive or Sci-Hub.
The double standard is glaring. Archive.today publishes copies of copyrighted articles from major publications, yet it gets treated differently because it’s wrapped in the respectability of being an “archive.” Some editors are now suggesting the Wikimedia Foundation should work on legally licensed archives of paywalled sites, which sounds great until you realize those publications’ entire business model depends on those paywalls existing.
Archive.today has been controversial before. Wikipedia blacklisted it in 2013 over concerns about botnets and linkspamming, then reversed course in 2016. Now those old concerns look prescient. The site literally did use visitors as an unwitting botnet.
The Practical Nightmare
Removing 695,000 links isn’t just an ideological decision, it’s a logistical nightmare. One editor supporting the status quo pointed out that Archive.today contains archives available nowhere else, not even on the Internet Archive’s Wayback Machine. It’s the second largest archive provider across all Wikimedia sites.
Blacklisting it would create a proliferation of dead link tags that might never get resolved. Thousands of editors and readers would face daily disruptions. But as another editor noted, if the ongoing FBI case results in Archive.today going dark anyway, Wikipedia will face this problem eventually. Better to act now on their own terms than have Option A forced on them later without preparation.
The debate has been raging since February 7, with compelling arguments on both sides. But several editors keep returning to the same point: Wikipedia cannot permit websites to rope readers into being part of DDoS attacks. Reader safety trumps citation convenience, no matter how useful the archive might be.
Where This Leaves Everyone
Patokallio himself seems almost amused by the whole situation. The DDoS attack didn’t actually cost him anything because he has a flat fee hosting plan. The Archive.today maintainer tried to weaponize hosting costs and ended up generating more attention for the very blog post they wanted suppressed.
There’s something darkly funny about a supposedly anonymous archive operator throwing a public tantrum complete with threats and DDoS attacks because someone wrote a blog post about them. The Streisand effect is real, and this case study will probably end up in textbooks.
Meanwhile, the Wikipedia community is wrestling with a question that goes beyond Archive.today: what happens when critical internet infrastructure is controlled by anonymous individuals who can weaponize it on a whim? The news cycle has moved on, but Wikipedia editors are still sorting through the implications of trusting a service run by someone who responds to criticism with threats of AI-generated revenge porn.
As of yesterday, the malicious code was reactivated after a brief pause, with Wikipedia warning visitors not to access Archive.today without blocking network requests. The attack continues, the FBI investigation presumably continues, and Wikipedia’s discussion page keeps growing. At some point, doing nothing stops being a neutral choice and becomes an active decision to accept unacceptable behavior from a service millions of people unknowingly depend on.
