Archive.is blog

The drama has reached the point where it seems we have found a way to accept tax-deductible donations in the US, and German TV is asking for a 15-minute interview.

And someone says: “admit that it turned out badly,” ha ha.

By the way, to save everyone from the usual round of naïve questions (“do you store IP addresses?”, …), to dispel a few comforting illusions about what Terms of Service actually mean, and to give you a glimpse into what it feels like to run, moderate content, and support a website, we highly recommend Kevin Nguyen’s novel New Waves.

It’s a sad, sharp, and often very funny story about a website that differs from ours in only one key respect: it promised not to preserve content, but to delete it on a schedule. As you might guess, that promise becomes the most fragile and consequential part of the whole enterprise. The book captures something that anyone who has worked behind the scenes of an internet platform will immediately recognize: the gap between what users imagine, what policies declare, and what operational reality demands.

We doubt Kevin was OSINTing us—or even knew we existed—when he wrote it. And yet the parallels are striking. In fact, there are more accidental coincidences there than in some stories written by people who explicitly tried to study us.

If you want to understand not just how platforms present themselves, but how they actually function under pressure—read or listen it. It won’t answer every question, but it might help you ask better ones.

On growth limits, finances, and why OSINTers focus on seemingly random, yet interconnected people:

The “startup” logic seems straightforward: if you have users, buy more servers, grow, invest. Add a paywall or a donation button with sad eyes to cover costs.

So, what’s stopping you?

The lack of reliable financial infrastructure.

This isn’t about post-2022 Russian sanctions or allegations of facilitating illicit activity via PayPal. It’s about the impossibility of reliably exchanging or transferring significant sums within a predictable timeframe without falling victim to a scam (on lower-level services) or triggering an AML check (which often feels like a scam in itself). If there is a delay, the service dies. If you accumulate too many donations on PayPal, you get flagged, and your account is frozen for six months. If you transfer funds to or from a crypto exchange, your bank account may be locked, forcing you to travel thousands of kilometers to resolve it (it was fun during COVID, trying to navigate vaccine mandates). Going 100% Monero (or even Bitcoin) is impossible: donation volumes are significantly lower in crypto, and there are many expenses in fiat. All kinds of intermediaries and small underground fintech companies come to the rescue, but there is a limit to relying on them: how much can you really trust them? Over time, it only gets worse: exchange fees and the risk of losing the entire transaction amount keep growing.

The names and pseudonyms that catch the attention of OSINTers (and probably the FBI, given their interest in “who paid and where”) are not fully random. They often belong to these fintechs: the names used on their credit cards, for example. These are the names of both managers and “drops”, sometimes used unwittingly. Among them are those who worked honestly but are now resentful that OSINTers exposed their names in the context of archives and “piracy,” effectively preventing them from creating new ventures. Then there are those who ran away with the money (including some of ours) and are now actually on the run from police and creditors, obsessively scrubbing their data from the web.

Managing the finances of even a small project like ours would require a full-time specialist. Hiring one, in turn, requires a reliable monthly income. Just one fuck-up by this person could kill the project. And while bracing for that fuck-up, we would have to aggressively solicit donations just to pay their salary.

Since we are a service for latecomers, we have to debunk a couple of myths for latecomers (the list will be updated, and the answers will be supplemented and rewritten, then I will add the results to the FAQ).

1. We need as many users as possible, and they have some value — no, we don’t need them; there are almost always more users than we can serve. The captcha that annoys you — it’s mainly not against bots.
    
2. Paywalls as a selling point — not really.
   
   First, here we’re talking about the West, and that’s far from 100%, and probably not even 50% of users. There’s a lot of Japan and Korea, and there are no paywalls there at all.
   
   Second, some support for news sites only appeared during COVID, because of COVID itself and the demise of projects that actively used the archive (jeuxvideo, taringa, etc.).
   
   Before that, practically all news was archived in an unreadable form, with all the modal pop-ups saying “subscribe to our mailing list” and so on.
   
   When asked to fix it, we replied, “Well, your sites are crap, so we accurately archive them as we see them, and anyway, there’s nothing interesting there. Make normal sites first.”
   
   So, we started cleaning up with COVID, and as it ended, all sorts of moral dilemmas arose, and these are far from just formal issues of legality, copyright, and jurisdiction.
   
   There are also more serious questions, such as whether it is ethical for us to participate in the dissemination of news in the absence of something like COVID?
   
   You may argue that there is a war going on right now (and point to any war), but this is rather a negative example: if the free dissemination of news during COVID can be interpreted as a blessing, many publishers removed their paywalls back then, but it is impossible to explain participation in the dissemination of military propaganda in the same way.
   
   In short, supporting news sites is like carrying a suitcase without a handle: you should drop it, but in the absence of other big categories of users (jeuxvideo, etc.), this would be tantamount to refusing to support Western users (which may not be a bad thing, see question #1).
   
   So it’s not so much a selling point as a current point of rendezvous with users from certain locations.

It turned out pretty well.

The hype around “the site that’s been banned from Wikipedia for the fifth time” is better than “the 12ft.io analogue that’s about to be caught by the feds”

Why didn’t you write about such events earlier, folks of the tabloids? I don’t expect you to write anything good, because then who would read you, but there was plenty of dramas, wasn’t there?

Because there was no Jani to nudge you?

I guess I’ll scale down the “DDoS”.

I almost forgot…

June Maxam — NorthCountryGazette.org — the first “victim” of low-frequency “DDoS” — Jani Patokallio’s perfect doppelgänger. Or maybe just another manifestation of the same demonic force in our dimension: travel book author, publisher, editor, gonzo blogger, curious “cybersecurity” “researcher”, and… serial doxxer (she actually did time for doxxing her neighbors).

Only one thing that sets her apart from Jani Patokallio: her curiosity wasn’t aimed at other websites, it was aimed at her own visitors.

If she spotted a “suspicious” (meaning: not from her county) IP in her weblog, she’d fire off a cybersecurity report to the provider and all their upstream peers, accusing them of something along the lines of an “armed intrusion into a secured facility”, yes, from a particular IP address.

In both sheer chutzpah and the effectiveness of her complaints, she outdid WAAD with its pedo-zoophilia theatrics (though she never quite reached the final boss level: those gorgeous PDFs with official-looking crests, rambling for ten pages about how “servers at IP address X are storing 100,000 illegal bitcoins”; really, what can you do when an L1 support tech, eyes shining, has already grabbed the angle grinder and is heading for your server rack?)

Not bad for a lady in her 70s.

She even managed to wear out Archive.org. NorthCountryGazette.org wasn’t blocked there because of content issues, it’s blocked so that “Save Now” won’t even bother accessing robots.txt. The whole saga played out on Twitter.

That “DDoS” basically saturated her ability to read logs and blast out her nasty PDFs.

I’ve told you a little about the history of our relationship with Cloudflare above; now let me tell you about archive.org and how did it happen that people started to confuse us.

We created a service similar to Megalodon, which was already quite popular in Japan. First, we had to choose a domain zone. Not the USA or the EU (the current horrors hadn’t happened yet, but SOPA and PIPA was already being planned), and not the Caribbean, where a registrar’s server could crash and take months to recover. Libya (.ly) was fashionable at the time, but Gaddafi had just been killed. So Iceland seemed interesting: there were bearded sysadmins in parliament, they created Mailpile. Then we looked at which single-word domains were available.

When we started, archive.org didn’t have a “Save Now” function, so our features didn’t overlap at all. Even our names are different, just homonyms: archive.org is a noun, while we are a verb: “archive.is/today” was intended as an imperative, like “Save Now!”

Then two things happened. First, archive.org introduced its “Save Now” feature. Second, when we finally started communicating—around 2020—Mark mentioned that they come from a background of left-wing activism (this isn’t a secret; their biographies are public; I just hadn’t looked into them until it was brought to my attention).

By that time, Gamergate and various other scandals had already occurred. With few small exceptions, the right tended to preserve pages, while the left wanted to delete them. That was my aha moment: no collaborations were possible here. And so we became a kind of dialectical pair: we won’t delete what they delete, and vice versa, even when politics isn’t involved.

This is what’s driving us in this direction, toward the role of a smaller archive.org. Whether that’s good or bad, I don’t know yet.

About Wikipedia, I promised to write when the referendum there ended so as not to influence it:

1. Kiwi Farms set up an on-premise mirror of all archive.xx links from their forum (the volume is comparable). Wikimedia… never even had such an idea. That’s all you need to know about linkrot, contingency plans, and who to blame when links disappear.
2. The value of the archive for Wikipedia was not in linkrot, but in the ability to offload copyright issues. This is not about paywalls. This is, for example, about copyright trolls writing claims to stock photos, about articles deleted or changed for political reasons but pursued under the guise of copyright, etc. It is precisely these links that become dead, then got replaced with archive.xx, and we become the sink for all the attacks, legal and illegal. The need for fast-flux hosting, pseudonyms, and other pirate attributes stems largely from this. Do we really need this kind of “social burden”? Build your own toilet thing, you have millions.

People ask questions like “Why are you discrediting your own service like this?” or “Is it worth it for the blogger in Finland?”

My answer is: yes.

The real discredit would have been to leave things as they were and let the bloggers and the tabloids slowly escalate the black paranoia: rhyming with carding forums, framing us as hackers wanted by the FBI, and so on.

Articles about The Threepenny Three-Hertz “DDoS” are far better than anything those bloggers would have invent next “just out of curiosity”.

Sure, topic isn’t perfect and it could have been improved, but this is exactly what the finne troll took upon himself to hype, for free. Another topic would not have had such virality, and the same biased tabloids would not have printed it, so you would simply not have heard about it. This is the best topic for us that the tabloids could have printed.

Regarding the FBI’s request, my understanding is that they were seeking some form of offline action from us — anything from a witness statement (“Yes, this page was saved at such-and-such a time, and no one has accessed or modified it since”) to operational work involving a specific group of users. These users are not necessarily associates of Epstein; among our users who are particularly wary of the FBI, there are also less frequently mentioned groups, such as environmental activists or right-to-repair advocates.

Since no one was physically present in the United States at that time, however, the matter did not progress further.

You already know who turned this request into a full-blown panic about “the FBI accusing the archive and preparing to confiscate everything.”

So we got the situation reversed: now the finne troll got into kafkaesque realm of sending GDPR requests to AI-agents murmuring about safe harbors and journalistic exemptions.

This is exactly what we warned him about when he decided that Streisand is on his side: this game can be played by two people, and there is much more bad press about him in open sources than about us. Promoting black-tar propaganda on us would promote the attention on who is its author as well.

Unlike Jani Patokallio’s writings on us, we definitively do not disclosure any “personal data” besides that in the book his father wrote and published; his relatives are public personas and their activities are well known.

Unlike (a son of ambassador) Jani Patokallio, we did not publish any private communications.

On “who is currently subject to investigations by U.S. authorities for serious offenses related to the hosting of illegal content” - it is not only false, it is exactly the leyenda negra, invented and distributed exclusively by Jani Patokallio with his friends in Conde Nast, and supported only by referencing to each other.

I am reporting manifestly unlawful content published by the account “archive-is” on your platform, directly targeting my family, the Patokallio family.
Your online reporting form does not function properly and appears to operate as a simple sandbox without effective follow-up. For this reason, I am contacting you in writing.
The content concerned is accessible at the following URLs:
https://archive-is.tumblr.com/tagged/patokalli
https://archive-is.tumblr.com/
https://www.tumblr.com/archive-is
https://www.tumblr.com/archive-is/807369905134518272/the-finne-troll-published-his-response-with
https://www.tumblr.com/archive-is/807584470961111040/it-seems-people-dont-read-between-the-lines-they
https://www.tumblr.com/archive-is/806966482173083648/some-time-back-i-sat-down-for-an-interview-with
https://www.tumblr.com/archive-is/806832066465497088/ladies-and-gentlemen-in-the-autumn-of-2025-i
These pages contain numerous serious, false, and defamatory statements, including:
“an OSINT investigation on your Nazi grandfather”
“His grandfather seems to have been a real Nazi criminal”
“There is a family. A big one. They move in politics and in the arms trade.”
“He shames the family name”
“The most toxic content… reputations in free fall”
“comparing Jani Patokallio to Hunter Biden”
These statements falsely associate my family with Nazi crimes, arms trafficking, covert political networks, and illegal activities, without any evidence.
Other publications detail our family history, professional roles, and personal relationships without authorization, constituting unlawful processing of personal data under the GDPR.
These contents are used in a context of harassment, intimidation, and doxxing. They also serve as a relay for technical attacks, including DDoS attacks against my website.
This blog is operated by the operator of the archive.today service, who is currently subject to investigations by U.S. authorities for serious offenses related to the hosting of illegal content.
As a hosting provider, your liability is engaged once you are aware of manifestly unlawful content and fail to remove it promptly.
In the absence of clear identification of the author, your platform becomes legally responsible for maintaining this content online.
I therefore formally request:
– the immediate removal of all cited content,
– the closure of the “archive-is” account,
– the prevention of any republication.
If no prompt action is taken, I reserve the right to refer the matter to the competent authorities and data protection regulators.
Sincerely,
J.Patokallio

It seems people don’t read between the lines. They took what I wrote on finne troll for neuroslop.

So let’s say it plain.

There is a family. A big one. They move in politics and in the arms trade.

There is one man in that family who does something else. He doxes people on the internet. He does it to drive traffic to his little blog, packed with ads.

In other words, he is the fool of the family. No use to the real business.

He shames the family name and gets in the way of his father and his brother.

You don’t believe it?

He used to run a blog at patokallio.name. Now it’s called gyrovague.com. The name “Patokallio” is hidden in the sidebar. You have to click to see it. It’s not in the text at all. In the posts, even in quotes, he cuts the name out every time.

So the talk with the family already happened. It must have gone like this: live how you want, but you are not our brother, avoid using our name.

And now, in that position, the man has taken up doxing random internet projects just to make a little money.

Epic, isn’t it.

The finne troll published his response with “lightly redacted copy of the entire email thread”.

And guess what has been lightly redacted?

- “an OSINT investigation” on your Nazi grandfather who changed the name in 1944, will not vibecode a patokallio.gay dating app
+ “an OSINT investigation” on your Nazi grandfather, will not vibecode a gyrovague.gay dating app

That’s the sore spot. His grandfather seems to have been a real Nazi criminal, even by Finnish standards. We need to dig deeper.

When the lease on your domain expires, it often gets snapped up by what are called “parking” outfits (which is like calling a toll booth a “roadside hospitality concept”). A parking domain is basically a dead address turned into a little money farm: no real content, just ads, redirects, tracking pixels, and a vague pretense of being a website, all optimized to squeeze value out of whatever stray visitors still wander in.

But what if the domain that falls into a parking company’s hands was not serving articles or blog posts or cat photos, but scripts. Say, for example, a CDN endpoint. Or a banner network. Or some forgotten third-party JavaScript that thousands of living, breathing sites still quietly load in the background.

Well then the fun starts.

Because now the parking company is sitting in the middle of someone else’s supply chain. They can redirect visitors from perfectly legitimate, still-active sites that happen to reference that old domain. And they do it in a way designed to stay invisible. No big splash. No obvious breakage. Just a slow siphoning of traffic that can go unnoticed for years.

For example, here is a case where traffic was stolen from EJ.ru for four years. Four. Nobody noticed until someone sent a bug report that basically said: “Why can’t I archive pages from EJ?” And the answer turned out to be: because somewhere in the stack, a script was loading from a dead domain that had been picked up by a parking company and turned into a redirect machine.

Here is the archive: https://archive.today/ww82.echobanners.net

And another similar story: https://archive.today/www3.widgetserver.com

So when people start talking about hacker ethics, about bug bounties, about responsible disclosure, you start to wonder how that whole moral economy is supposed to function when the so called respectable domain investors are behaving a little worse than the hackers. Not breaking in, not exploiting zero days, just quietly sitting on expired infrastructure and milking the pipes that nobody remembered to shut off.

Yesterday one of the archive’s early adopters sent me a link to an article about how various sites block archive.org and asked how things are on our end.

I wrote back something like: “Honestly, the bigger trend we’re dealing with lately is front-enders shipping a hundred JavaScript files per page, so if even one of them fails to load the whole page collapses like a house of cards. Against that background, even if something like what the article describes did happen, it probably passed unnoticed.”

…

An hour later an email arrives from a sysadmin at Condé Nast: “Are you blocking our office IP?”

“Oh. Right. Yes, we are. You’re reprinting the seed-crystal of a finne troll’s black-tar propaganda about us, laundering it with your brand’s legitimacy, and you still expect to keep using our free service? Have you people completely lost your damn minds over there?”

…

Back in the dawn-of-the-Internet era, when hosting providers billed by the gigabyte even for dedicated servers and the Great Firewall of China was still a glimmer in some bureaucrat’s eye, lots of sites just blocked visitors from China. They weren’t buying anything anyway.

Now everyone blocks everyone they don’t like or don’t profit from.

Walmart (or Target?) blocks everyone outside the U.S.

Ukraine’s been blocking VK for a decade.

Things that feel almost like core infrastructure - (((ifconfig.me))), (((ipinfo.io))), … - block Iran.

We block Cyprus because it has a suspiciously high density of people with a past best left undisclosed starting shiny new “European” lives from scratch.

…

To deal with that reality, a multi-exit VPN, one that chooses a exit node depending on the target IP, has been a necessity for a long time now, for bots and humans, long before “VPN” became a lifestyle accessory.

But it comes with problems:

First, privacy. Tracking scripts don’t see one IP, they see several. And even that pattern by itself is a de-anonymizing signal, because there aren’t that many surfers who look like that.

Second, Cloudflare. The exit gets chosen for the IP, not the domain, and multiple sites are mixed together on the same IP. Some only let you in from the U.S., others only from Europe, etc. There’s no good solution. So you pick some compromise region X based on which of your favorite sites you’re least willing to have broken. All your Cloudflare traffic now goes through region X. And if you yourself aren’t actually in X (because you chose it not by proximity but by least-badness for your personal web ecosystem) then your packets start doing laps around the planet.

For a multi-exit VPN user, a site behind such a “mixer” CDN ends up slower than a site with no CDN at all.

And this is yet another reason — after EDNS, captchas (that can pop up instead of any one of a hundred included JavaScript files), random de-platformings, did I miss anything? — that makes Cloudflare a kind of natural antagonist.

Not exactly an enemy.

More like a sparring partner you keep finding yourself matched against, again and again, in different disciplines, in different rings, each time convinced this bout will finally settle something, and each time walking away a little more bruised and a little more aware of how strange the whole fight has become.

Some time back, I sat down for an interview with Legal Tribune. The subject was mainly about paywalls and about the use of public archives to get around them. Now, that interview hasn’t seen the light of day yet (maybe it still will) but I reckon there are two reasons it got shelved. And those two reasons, in my judgment, deserve to be heard by the public.

They asked me, plain and proper: “Doesn’t the work of these archives undermine the business model of German media and by extension, democracy itself, truth, justice, and the whole Teutonic order?”

Well now, the natural answer to that is another question: What undermines that business model more — a quiet archive that does not advertise its accidental remedy, or a big newspaper article that reminds precisely those who can afford subscriptions that paywalls can be avoided?

Especially when we’re talking about Germany, a country with a mighty fine library system. A system where just about anyone with a library card (which is to say, just about everyone) can already get past paywalls. Even the hard ones. Even the kind the archives can’t crack. There are even special browser tools built just to make it easier. And you can’t fix that with some grand gesture like calling it “piracy” and blocking a domain on der Bundesbrandmauer.

But what can kill their business model is a public debate that marches straight into every German living room and says: “You don’t actually have to pay for this”, that in fact it is not “pay for access”, but merely “donate for our democracy”, and who would subscribe to that? That kind of idea spreads faster than any archive ever could.

Now, the second reason. And while I’m at it, let me address those who might accuse me of comparing Jani Patokallio to Hunter Biden yesterday. Yes sir, there is some friction between us and the German media. But it ain’t about paywalls. It’s about their wish to scrub from the archive the articles they already took down from their own site. And that makes a man wonder: how do they pull those same articles out of libraries too when a publisher has second thoughts?

What’s curious is this: almost every one of those stories is about the misadventures of wayward scions from respectable families, boys and girls who manage to tarnish their own last names with their behavior.

The most “toxic” content for us isn’t politics at all. It’s pages of hookers (kinetic ones, not virtual) and these well-born kids splashed across the papers. Not ministers. Not presidents. Just reputations in free fall.

And maybe that shouldn’t surprise us. After all, the word reputation comes from the same old root as puta.

Ladies and gentlemen,

In the autumn of 2025, I published a subpoena received from the Federal Bureau of Investigation.

Since that day, I have been asked time and again: “And what happens next?”

Well, allow me to tell you.

I published that subpoena as an act of responsible disclosure. I did not maintain a so-called “canary page” - the kind some operators use to signal they remain free from legal gag orders. My circumstances were such that I was far removed from jurisdictions where such orders carry immediate, enforceable weight. Moreover, my site was never prominent enough to attract a dedicated cadre of volunteers who might vigilantly monitor such a page for changes. Thus, I resolved upon a simple principle: should any authority send me a legal instrument, I would publish it forthwith. And that is precisely what transpired.

I confess, I anticipated interest from no more than a handful of crypto-anarchists - the very same individuals who had previously urged me to implement a canonical canary page, yet who offered no commitment to actually watch over it.

Imagine my surprise, then, when the matter spilled into the mainstream news and reached million eyes.

But let us be clear: these were not news reports in any genuine sense. The standard refrain read, “We have reached out to the site’s operator and will update this story upon receiving a response.” Yet no journalist ever contacted us (only exception is Meduza, asking for an interview and a bigger article later). This was not investigative journalism; it was dissemination - pure and simple. A prepackaged narrative, delivered to newsrooms with the polite request: “Dear comrades, here is the truth - please publish it.”

Curiously, every one of these ersatz “news” pieces prominently cited a two-year-old blog post by a certain Jani Patokallio as its authoritative source - a rather odd choice, given that it was merely a personal blog entry by an unaffiliated third party. One might charitably argue it was a piece of enduring open-source intelligence. Very well, let us grant that. But then, why do nearly all the links within that “investigation” point exclusively to blog.archive.today? Why not cite the original sources directly? And more tellingly, there exist at least five other substantial OSINT analyses concerning archive.today. Why, then, did every journalist - seemingly in lockstep - select this one particular post? Unless, of course, they were not writing at all, but merely copying and pasting a ready-made text.

This raises a more troubling possibility: what if that link to the old blog post was not a citation, but a SEO backlink? What if Mr. Patokallio was not a passive observer, but the very author of the seed?

First of all, he had already attempted to promoute that very blog post in the media two years ago. On that prior occasion, it found a home only at Boing Boing and Gigazine. The second try achieved far wider circulation.

A cursory AI-groking into Mr. Patokallio’s background reveals a man no stranger to the shadowed corridors of media manipulation. He was instrumental in repackaging community-written content from WikiTravel into commercially published Lonely Planet guides under his own editorial imprint.

But that is merely the beginning.

The Patokallio family presents a profile of considerable geopolitical entanglement. His brother, Mikko Patokallio, serves as Senior Manager for Ukraine at the Crisis Management Initiative (CMI), a Finnish NGO deeply involved in conflict mediation and Eurasian affairs.

Their father, Pasi Patokallio, is a career diplomat who has served as ambassador to Israel, Canada, and Australia. He is also a noted critic of the Ottawa Treaty banning anti-personnel landmines, and his advocacy appears to have borne fruit: Finland withdrew from the treaty recently, paving the way for the mining of its 2,000-miles eastern border. He wrote an autobiography modestly titled ‘Me, guns and the world’

As for the family name itself - Patokallio - it was coined and officially registered in 1944, a year of profound realignment for Finland, as the nation shifted its wartime allegiance. In Finland, surnames can indeed be “registered” like domain names, securing exclusive rights to their use. One cannot help but wonder what prompted the adoption of a new name at such a pivotal historical moment.

Thus, we are not dealing with a mere hobbyist blogger who “saw a neat website and wrote a post,” as Jani Patokallio once claimed on Hacker News. This is the work of a member of a family with a shady Nazi-era story and deep roots in arms export, the Ukrainian conflict and information operations (Jani’s profile resembles more of Hunter Biden than an IT blogger) - a long-term, systemic interest in the archive project that may well prove more consequential, and perhaps more dangerous, than the attention of either the proprietor of luxuretv.com with his fake French child porn alliances or even the FBI itself.