Okay so here’s the timeline of absolute chaos:

• 2023: Blogger Jani Patokallio (runs Gyrovague.com) publishes a post investigating who actually runs Archive.today. Doesn’t find a definitive answer, but connects some dots about aliases.
• 2025: The FBI gets curious about Archive.today’s operator too. Issues a subpoena to domain registrar Tucows. Suddenly Patokallio’s old blog post starts getting cited by media outlets.
• January 8, 2026: A mysterious “Nora Puchreiner” files a GDPR complaint against Patokallio’s blog, calling it “defamatory.” WordPress (Automattic) investigates and sides with the blogger.
• January 11, 2026: Archive.today starts DDoSing Patokallio’s blog. Through its own CAPTCHA page. With its own users’ browsers.

I mean. The AUDACITY.

This is where it gets absolutely cooked.

Archive.today embedded a hidden script in their CAPTCHA page — you know, the thing you solve every time you visit the site. While you’re sitting there clicking on traffic lights like a good little human, the script was silently firing off requests to Patokallio’s blog every 300 milliseconds.

Every single visitor to Archive.today became an unwitting soldier in a DDoS army. Without consent. Without knowledge. YOUR computer was attacking someone else’s website while you were just trying to read an archived news article.

The blogger’s response? Kind of legendary: “I have a flat fee plan, meaning this has cost me exactly zero dollars.”

But the principle? Horrifying. The DDoS code was still running as of February 19, 2026.

But wait, because we’re not even at the worst part yet.

While Wikipedia editors were debating whether the DDoS was bad enough to ban the site (spoiler: yes), they stumbled onto something even more damning: Archive.today was editing archived snapshots.

The operator had been inserting Patokallio’s name into archived pages — pages that are supposed to be exact, untouched copies of the original. The entire point of a web archive is that it’s a trustworthy record of what a page looked like. And they were just… editing them. Out of spite.

Oh and the threats? Archive.today’s operator reportedly threatened to:

• Connect Patokallio’s name to AI-generated porn
• “Vibe code” a gay dating app using the blogger’s name
• Dig up the supposed “Nazi past” of the blogger’s family

This isn’t a tech company behaving badly. This is middle school with server access.

The request for comment ran from February 7 to February 20, 2026. The result was brutal and decisive:

“There is consensus to immediately deprecate archive.today, and, as soon as practicable, add it to the spam blacklist and remove all links to it. There is a strong consensus that Wikipedia should not direct its readers towards a website that hijacks users’ computers to run a DDoS attack. Additionally, evidence has been presented that archive.today’s operators have altered the content of archived pages, rendering it unreliable.”

The ban applies to all Wikimedia projects — not just English Wikipedia, but every language edition, Wikimedia Commons, Wikidata, everything.

Patokallio told Ars Technica: “I’m glad the Wikipedia community has come to a clear consensus, and I hope this inspires the Wikimedia Foundation to look into creating its own archival service.”

Replacement options include the Internet Archive’s Wayback Machine, Ghostarchive, and Megalodon.

Here’s the thing people aren’t talking about enough: Archive.today was genuinely useful. It captured pages that the Wayback Machine missed. It was faster. It bypassed paywalls that Archive.org wouldn’t touch because Archive.org actually respects robots.txt and takedown requests.

But that’s exactly the problem. Archive.today operated in a legal gray zone, run by an anonymous person, with zero accountability. And now we know that same person was:

1. Weaponizing visitors’ browsers for personal vendettas
2. Tampering with the archives themselves
3. Making unhinged threats against critics

If you can’t trust that an archive is an accurate snapshot, the archive is worthless. That’s the whole deal. And Archive.today just set fire to the whole deal because someone wrote a blog post about them.

Stop depending on sketchy third-party services to save important web pages for you. Use ArchiveBox (self-hosted, open source) or SingleFile (browser extension) to save pages locally. You control the data, you control the integrity.

Example: A freelance OSINT researcher in Poland set up ArchiveBox on a $5/month VPS after Archive.today went down for maintenance in 2025. Now sells verified web captures to law firms for €200-400 per case because courts trust self-hosted archives with hash verification over random third-party sites.

Timeline: One weekend to set up ArchiveBox. Start archiving pages relevant to your work immediately.

Archive.today’s biggest use case was bypassing paywalls. There’s now a gap in the market. Build a browser extension that finds cached/archived versions of articles across multiple legitimate sources — Google Cache, Wayback Machine, Ghostarchive, and library access portals. Aggregate, don’t scrape.

Example: A dev duo in Brazil built “ReadAnywhere” after a similar archive site went offline in their region. The extension checks 6 different archive sources and library access programs. Hit 12,000 weekly active users in 3 months, monetized through a premium tier with alerts for saved articles at $2.99/month.

Timeline: MVP extension in a weekend if you know JS. Publish to Chrome Web Store and iterate based on feedback.

695,000 links need replacing across 400,000 pages. Wikipedia editors are volunteers. They’re going to need help. Build a bot or tool that automatically finds Archive.today links on Wikipedia, checks if the original source is still live, and suggests Wayback Machine replacements. Contribute to the effort and build your open-source reputation.

Example: A computer science student in Kenya built a similar link-checking bot during a previous Wikipedia cleanup effort in 2024. The bot handled 15,000 link replacements in a week. Got noticed by the Wikimedia Foundation, landed a paid contract for ongoing link maintenance work worth $3,500 over 6 months.

Timeline: Python + Wikipedia’s API. The replacement rules are already documented by Wikipedia editors. Start contributing now while the effort is fresh.

The market for a trustworthy, transparent web archiving service just opened wide. The key differentiator: verifiable integrity. Use content hashing (SHA-256), public logs, and timestamping (like certificate transparency logs) so users can prove an archive hasn’t been tampered with. Open source everything.

Example: A small team in Estonia launched a similar verified archiving service after concerns about Archive.today in the EU. They focused on GDPR-compliant archiving for journalism. Three news organizations signed on at €500/month each within the first quarter, bringing in €18,000/year recurring.

Timeline: Build on top of existing tools like Webrecorder/Browsertrix. The hard part isn’t the tech — it’s building trust. Start with a niche (legal, journalism, research) and expand.

Archive.today proved that any website can secretly weaponize your browser. Build an extension that monitors outgoing network requests from web pages and alerts users when a site is making suspicious requests to third-party domains. Think of it as an ad blocker, but for hidden DDoS scripts.

Example: A security researcher in Romania built “NetGuard Lite” after the Archive.today incident went viral. It flags pages making more than 10 requests per second to external domains. Got picked up by a cybersecurity newsletter, hit 8,000 installs in the first month, and parlayed it into a consulting gig with a European hosting company worth €15,000.

Timeline: WebExtension APIs give you access to outgoing requests. Core logic is straightforward — the UX and false-positive tuning are the real challenges.