Good job on AdGuard's end for bringing this to the Internet's attention. I especially enjoyed the unearthed details about this "N"GO's short history.
I think the e-mail exchange should've been kept short, although it is good that the owner of archive.today was eventually notified (by them) about these links in good faith to remove them. Their reply should've been the following:
"Thank you for contacting us. If you have conclusive proof of illegal behavior, you should contact police and seek legal assistance. A website's administrator is expected to adequately react to illegal actions conducted by its users, such as removing media that's breaking a law.
We have visited the URLs provided by you (https://archive[.]today/ , ...) and found no evidence to corroborate your concerns. To avoid misunderstandings, we require you to send a certified mail to <Adguards company address> before further replies on this matter."
Remember guys, it should always be certified mail (bonus points for international). And yes, I mean literal index pages as provided in the first e-mail. Play by the legal understanding of words. Be creative and break the rules to the extent of not breaking them ;)
PS: If you want to see more of "funny replies" you should read Njalla's blog (<https://njal.la/blog/>) and TPB's infamous e-mail replies.
“You sent claims of CSAM hosted on someone else’s servers and we decided to download it.”
Hell no. I don’t want to see that and I don’t want it being ingested into systems I control. Of all the stuff here, “download some supposed CSAM to see if it’s real” is the absolute worst advice I can imagine.
Note that association's site is made from this free template [1] with minimal editing (can see it using diff). The web hosting account at name.com (prices starting from $5/year) was registered around Jan 12, 2025 [2]. The page also contains commented out section with a part of French mobile phone number and words "Emergency Standard" (the template contained fictional number here):
Quite possible that's just some bureaucrats kids running that site in exchange for EU grants. In fact in couple of countries that's precisely the case.
Probably not EU grant bureaucrat nepotistic corruption: all we have so far is A) FBI involvement B) el cheapo fake organization, claiming they are French, with a lowrent pressure campaign on behalf of commercial entities.
Smells like freedom fries to me (am American myself)
I don't know anything about Adguard, but good on the team for doing the extra digging instead of just going along with the claim. Even better that they're sharing what they've found with everyone else.
As a satisfied customer, I just recommended their adblockimg DNS on here a few days ago but am happy to do it again. If you really don't want to install anything, at least adblock at the DNS level. https://adguard-dns.io/en/welcome.html
> doing the extra digging instead of just going along with the claim.
That's the intention of intermediary liability laws - to make meritless censorship be the easy, no-risk way out. To deputize corporations to act as police under a guilty-until-proven-innocent framework.
The Ministry of Truth simply doesn't want unaccounted and uncontrolled snapshots of history. Too much hassle steering the narrative regarding any surfacing truth-now-meant-to-be-lies and vice versa into fake news territory, discrediting by association, cranking up troll farms.. Much easier to make this inconvenience disappear with the due cooperation from the controlled outlets of information.
Then they will come after our local storage, and making it prohibitively expensive is the least malign way they can come up with.
Archival sites could let you download cryptographically signed copies of the archived pages. If they get removed from the archival site, the authenticity of your local copies can still be attested.
Storage media and authenticity have zero overlap in the venn diagram. Authenticity is a cryptological feature of the internet, not a topological one.
The reason you believe that you're reading something on news.ycombinator.com right now is not the path by which the bytes were copied from one interface to the next before getting to you, but the certificate and signature that confirms you have a valid HTTPS connection.
If the archive.today contact is telling the truth, then this implies that WAAD had collected links containing CSAM and chose not to contact the person who could best get rid of the material. I think it implies either:
1. WAAD has developed a good way of detecting CSAM, but is ok with the CSAM staying available longer than it needs to, and remaining accessible to a wider audience than needed, in order to pursue their ulterior motive. In this case, they could be improving the world in some significant way, but are just choosing to do something else.
2. WAAD has intentionally had archive.today index CSAM material in order to pursue their ulterior motive.
Of course, option 2 is _much_ more damning than option 1, but I feel both are really bad, and naively I'd still expect option 1 to be illegal. If you know of a crime and intentionally hide it, that seem illegal.
A few weeks ago I noticed DNS4EU couldn’t resolve archive.is and assumed it was just a configuration mistake. I emailed them about it, and after a couple of days or weeks (not really sure) the domain started resolving again. Given AdGuard’s recent report about suspicious pressure on DNS providers to block Archive.today, I’m starting to wonder if DNS4EU’s temporary block was actually related to the same campaign
member of DNS4EU ops team here - This was not the case, we had reachability issues with the authoritative servers of archive.is and had to reach out to the team to allow our source IPs.
>The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users.
Someone asked the archive.is owner why he does this in the past. It's because of similar situations to this one where someone who wants to get archive.is taken down uploads illegal content, requests archive.is to save it, and immediately reports archive.is to their country's legal authorities. His solution to this is using the EDNS information to serve requests from the closest IP abroad, so any takedown procedure requires international cooperation and therefore enough bureaucratic overhead that he gets notified and has time to take the content down. https://news.ycombinator.com/item?id=36971650
I also find the "we don't want to leak a requester's IP" explanation for blocking EDNS to be suspect. The way DNS works is that you ask for the IP address for a domain name, you get the IP, and then you connect to it. With Cloudflare's DNS, the server doesn't know your IP when you do the DNS lookup, but that doesn't matter because you're connecting to the server anyway so they'll still get your IP. Even if you're worried about other people sniffing network traffic, the hostname you're visiting still gets revealed in plaintext during the SNI handshake. What Cloudflare blocking EDNS does do is make it much harder for competing CDNs to efficiently serve content using DNS based routing. They have to use Anycast instead, which has a higher barrier to entry.
Am I crazy or did those WAAD guys themselves just link the public to potentially illegal content?
As of writing, they have a public response hosted on their website, including screenshots of emails to/from Google with URLs that Google agreed to remove. WAAD censored out the URLs, except they didn't actually because whatever paintbrush tool they used didn't have the opacity maxed out.
I'm not looking up those URLs to find out.
edit: They also leaked the Adguard admin's email, which WAAD complained about being the victim of.
How can you even sue without any legal identity? This website and an organisation does not happen to have any.
Might as well be some shell company in the Carribeans with no legal standing in France. It's not even good enough for public prosecution, as the tip would then go through French services.
This law is completely backwards, and worse than a SLAPP. If you cannot respond to a report in any way, it should be null.
Some good ones:
- United States v. One Solid Gold Object in Form of a Rooster
- United States v. 11 1/4 Dozen Packages of Articles Labeled in Part Mrs. Moffat's Shoo-Fly Powders for Drunkenness
- South Dakota v. Fifteen Impounded Cats
> How can you even sue without any legal identity?
The images of the various messages on the adguard page are not lawsuits.
They are threatening messages that threaten to create legal issues, but until and unless they carry through on the threats, are simply "threats" to the extent we've been given any visibility into the messages contents.
In the U.S., “John Doe” is typically used when cannot (yet) identify the person to name as a defendant. Once the case is filed then the plaintiff can execute the necessary subpoenas to identify the defendant specifically.
Its interesting that being unable to find a legal route to dig up dirt on archive.is, they're going the route of CSAM allegations.
I first heard of this technique on a discussion on Lowendtalk from a hoster discussing how pressure campaigns were orchestrated.
The host used to host VMs for a customer that was not well liked but otherwise within the bounds of free speech in the US (I guess something on the order of KF/SaSu/SF), so a given user would upload CSAM on the forum, then report the same CSAM to the hoster. They used to use the same IP address for their entire operation. When the host and the customer compared notes, they'd find about these details.
Honestly at the time I thought the story was bunk, in the age of residential proxies and VPNs and whatnot, surely whoever did this wouldn't just upload said CSAM from their own IP, but one possible explanation would be that the forum probably just blocked datacenter IPs wholesale and the person orchestrating the campaign wasn't willing to risk the legal fallout of uploading CSAM out of some regular citizen's infected device.
In this case, I assume law enforcement just sets up a website with said CSAM, gets archive.is to crawl it, and then pressurize DNS providers about it.
They have plausible deniability, but the fact of the matter is: this also erases evidence of past crimes from public records. If bad things already happened then we should keep the evidence that they happened.
The root problem of CSAM is child trafficking and abuse in physical space. But for whatever reason enforcement efforts seem to be more focused on censoring and deleting the images rather than on curbing the actual act of child trafficking and rape. It's almost as if viewing (or this case, merely archiving) CSAM is considered a worse crime than the physical act of trafficking and sexually abusing children, which is apparently okay nowadays if you're rich or powerful enough.
> The root problem of CSAM is child trafficking and abuse in physical space. But for whatever reason enforcement efforts seem to be more focused on censoring and deleting the images rather than on curbing the actual act of child trafficking and rape.
Things get a bit uncomfortable for various high profile figures, political leaders and royalty if prosecutions start happening.
I'm quite certain there's lots of effort world-wide to stop child trafficking and rape. So I ask: Does it only seem that there's more focus on censorship? Or is there actually?
A middle ground solution is for the admins to block the page with a message like "this page is unavailable due to reports of illegal content. if you work for a law enforcement agency and are considering using this as evidence, please contact us" for the preservation aspect.
The meta conspiracy theory in all of this would be that this is an actual CSAM producer trying to take down evidence that could be used against them.
Mildly related incident where a Canadian child protection agency uploads csam onto a reverse image search engine and then reports the site for the temporarily stored images.
This Canadian group (Canadian Centre for Child Protection) is awful.
They simultaneously receive tax dollars while also being registered as a lobbyist, meaning Canadians are paying taxes to the government to lobby itself. Last year they lobbied in favor of Bill S-210 [0], which would bring Texas-style age verification of porn to Canada.
Their latest campaign is to introduce censorship to Tor, they’re quite proud of this campaign [1] where they’re going after Tor in the popular media and attacking the Tor non-profit’s funding structure. [2] Learning that they upload child abuse images to try to then report take down internet services doesn’t surprise me in the least.
When I accessed archive.ph (ordinary everyday content) during a visit to Italy last week, a legal notice loaded instead from Italy’s cyber authority saying they had blocked access domain-wide over CSAM. I suspected the same M.O. as parent comment describes was operative. I took a screenshot of the notice in case anyone’s interested. Edit: uploaded & available here
https://drive.google.com/file/d/1WdSlZK6q1EjdRWzWeKANbjOZV03...
The owner of the KiwiFarms goes into detail how the attack against his site works and where the residential IPs are from:
"The bot spammer
- Started his attack by simply DDoS attacking the forum.
- Uses thousands of real email addresses from real providers like gmail, outlook, and hotmail.
- Uses tens of thousands of VPN IPs.
- He also uses tens of thousands of IPs from "Residential Private Networks", which are "free" VPN services that actually sell your IP address to spammers so that their activity cannot be identified as coming from a commercial service provider.
- Is able to pass off all CAPTCHA providers to CAPTCHA solvers to bypass anti-bot challenges.
- Is completely lifeless and dedicated to this task. Publicly posted invites were found and used by him, and after a full month of no engagement he noticed registrations were open within hours."
I've spent enough time on telegram to see this happening more times to ban groups. Csam shit storm, content gets flagged, the group gets banned (or at least, unavailable for some time)
KF is almost certainly KiwiFarms, an infamous gossip forum where terminally online mentally ill people come together to make fun of other terminally online mentally ill people. With a large amount of doxxing and harassment accusations being thrown at it. I think harassment is against the site rules, but doxxing isn't. The site, being what it is, got itself some serious enemies. Including people with enough influence in IT space to nearly get the entire site pulled off the web.
SF is probably StormFront, an infamous neo-nazi website. Not an "anyone right of center is a nazi" kind of neo-nazi - actual self-proclaimed neo-nazis, complete with swastikas, Holocaust denial and calls for racial segregation. Even more hated and scrutinized than KiwiFarms, and under pressure by multiple governments and many more activist groups, over things like neo-nazi hate speech and ties with real life hate groups.
It would be a damn shame if archive.is fell under the same kind of scrutiny as those. I have an impression, completely unfounded, that the archive.is crew knew things were heading that way, and worked with that in mind for a long time now. But that doesn't guarantee they'll endure. Just gives them a fighting chance.
The current federal government in the USA actively encourages federal agents to use illegal and unethical methods, and promised them protection and immunity.
You could use something that is legal in one country, and illegal in another country, for example, an anime-style drawing of a young girl, or a textual description.
It’s the digital equivalent of a dirty cop planting a gun after shooting a suspect. Of course it happens. Three letter agencies probably do things like this all the time. Half of their legitimate work is probably illegal to begin with.
I don’t know why you are downvoted, this is absolutely what happened semi-frequently until Reddit was finally forced to crack down on it. The same thing happened on Twitter/X for a while where bots would mass reply to targeted users with gore and CSAM.
I doubt they’d have to. If the site truly doesn’t remove CSAM automatically I’ve no doubt plenty of it would end up there organically. You wouldn’t have to upload any anywhere, you’d only need to know some URLs to look for which presumably any major law enforcement agency would.
It's unlikely law enforcement would take the risk to handle CSAM just to make a case against a Russian pirate, jeopardizing their careers and freedom, when the copyright case is pretty strong already.
These are the doings of one of the myriad freelance "intelectual rights enforcement agents", which are paid on success and employed by some large media organization. Another possibility is that a single aggrieved individual who found themselves doxed or their criminal conviction archived etc. took action after failing to enforce their so called "right to be forgotten".
Unfortunately, archive.is operating model is uniquely vulnerable to such false flag attacks.
This is probably the realm of intelligence agencies, who have less accountability and many reasons to eliminate public archives (primarily perception management).
So they're pressuring a DNS resolver to block a specific website? That seems like an incredibly slippery slope.
What stops them from forcing Chrome to block the website, or LetsEncrypt to not issue any more certificates for the domain, or Microsoft and Apple to add them to their firewalls? Hell, can they go after the infrastructure software developers and say, force nginx to add a check and refuse to serve the domain?
Then what happens when a fake report is sent to an open source project without budget for lawyers?
Oh trust me, if they could enforce the block at the browser level they would. We're well past the start of the slippery slope here in France when it comes to surveillance and control.
I started with telling ISPs to block websites at the DNS level. The people started using 1.1.1.1, 8.8.8.8, 9.9.9.9 and so on. So now they pressure those third-party DNS providers to do the same. This is why 9.9.9.9 is now unavailable here: they stopped serving France because they did not want to comply.
They've almost realized where to put the pressure. Almost. Once these kinds of attackers realize the real chokepoint of the modern web: certificate authorities for HTTPS certs, we're doomed. Everyone centralizes in the handful of companies and those companies decide every ~90 days which websites are visitable. Because browsers now come pre-configured to not allow visiting HTTP websites and people don't do HTTP+HTTPS anymore. Just HTTP-only.
The DNS resolver attacks are but pin pricks compared to the coming centralized control via CAs.
We already did the slipping. Sony sued Quad9 to have them block The Pirate Bay. They only lost after a lengthy legal exchange.
There's also voluntary censorship, so without any real due process, in some countries. Mostly at ISP level, but all the other entities you mentioned could also implement it. They may be forced to, as a means of dodging liability. There's all kinds of nefarious schemes.
The wording and tone of the emails sent to Adguard reads just like phishing emails with a hint of political SMS spam. Glad to see the people behind there thinking critically and acting rationally despite such language.
I still can't wrap my head around why a DNS provider is required to block websites, especially one that is not associated with ISP or used as default on any device. Oversimplifying this, it's a glorified hash map, so whoever wants to take down the illegal content should just deal with the website owner?
I think a large part of it is the tech-illiteracy of world leaders.
I'd wager that a lot of the folks implementing these policies don't know the difference between a DNS server and a VPN. They think DNS=VPN, so all the hackers are using cloudflare to get around restrictions.
In general, most folks who use the internet don't know how it works and they don't want to know.
Let's say our dear politicans view most illicit contents as nails, and view DNS as a hammer. Unfortunately they are now aware that people can trivially get around the ISP restrictions by using another DNS provider, and have started to pressure third-party providers to apply the same blockings as the ISP ones. This is why a few "neutral" providers have outright blocked France because they refuse to block websites.
1. I am confused, did copyright holders not amused by archive.today etc, intentionally serve CSAM material when they detected a visitor was in fact archive.today scraping one of their pages? It seems they are on the hook for more than just "inaccurate reporting of CSAM materials".
2. Is it a legally allowed tactic for copyright-luvva's to intentionally seek out CSAM content online, and then submit those URL's to sites like archive.today? Which entity is at greater legal peril, the one that aids the distribution of CSAM materials by intentionally having a site like archive.today archive CSAM content, or archive.today unintentionally being tricked into archiving CSAM content?
3. Everyone has traumas, of one kind of another. Each deals or tries to deal with them in their own way. Suppose a victim of crimes (still unpunished) finds or is informed of the presence of evidence online, and suppose this victim (regardless of how representative) finds the preservation of this evidence more important than the humiliation associated with it, how (in)just are laws that blanket suppress CSAM material? To give a more vigorous example: imagine you were raped by some no-yet-fallen UK nobility, and you are made aware of the presence of this evidence on some royal FTP server (or whatever), and you succeed in having archive.today "notarize" this evidence (independently from legal channels, since theres a suspiciously low amount of nobility being convicted, in contrast to your personal experience). These rules for supressing CSAM can be wielded as a sword precisely against those who fell prey to perpetrators...
This just shows that LCEN, DMCA, etc are poorly crafted laws. They ineffectually stop the abuse they claim to end (like copyright infringement). But it does allow large organizations a cudgel to protect their own IP.
Hi there, you don't know me or were I'm calling from, but I want you to go next door and punch your neighbor in the face. Believe me when I say, he is hoarding child porn. What, you don't want to? You must not be against child porn!
It has been said that the main reason for the attack on Archive is because Israel needs to cover up their crimes. There is too much evidence in the open.
It's the equivalent of burning a library down because books have records of the truth.
Adguard deserves the highest praise for publicizing this attack on them.
The FBI investigation might be a coincidence. Unsurprisingly, archive.today is attacked with CSAM uploads+reports all the time, you can find occasional mentions of this in their blog from 3 and 9 years ago, and I bet there was a ton of this in between.
> They [archive.today] replied within a few hours. The response was straightforward: the illegal content would be removed (and we verified that it was), and they had never received any previous notifications about those URLs.
I think it's very telling that the WAAD people don't mention that last bit in their response[0] - unless archive.today rotates their DKIM records, the messages would be verifiably signed. This of course means you can't just make stuff up, which is likely what they did.
The internet will be destroyed as countries the world over seek to impose all of their silly and incompatible laws on it. The international network will fracture into multiple national networks with heavy filtering at the borders.
I've been making this prediction for years now. Words can hardly capture the sadness I feel when I see evidence of its slow realization.
I'm happy to have known the true internet. Truly one of the wonders of humanity.
I share your feelings - both the sadness about the path we seem to be going down and the wonder about what the Internet used to be.
I do believe, however, that the future does not "exist" in any real sense, but is constructed - every day, little by little, by each and every one of us. What the world will be like in the future is decided by us every day.
Put another way - this is a rhetorical question - can do we do anything about it? Maybe.
Realistically, how could it have worked otherwise?
The internet was just ignored for a long time because it was at first a) too small and then b) too beneficial with the current architecture to try to tame.
However we're in stage c) it's too big and too dangerous for countries so it needs to be placed back in the country box.
Kind of like the history of oil, which was at first a) about individuals (Rockefeller), then about b) companies (Standard Oil), and finally, about c) countries (most big oil companies are either fully state owned or so tied at the hip with the government that they're basically state owned).
It's complicated, but ultimately, utopia doesn't exist. Most people don't really want open borders (and those that do, haven't fully thought things through), and countries in our current configuration, are still a good thing in most places. So yeah, we were always bound to reach some sort of "national internet" stage.
Yes, I believe this too. The internet is heading the way of balkanization - politically divided subnetworks. Archival services are more important than ever, as well as software such as Tor, WireGuard, and v2ray.
> The internet will be destroyed as countries the world over seek to impose all of their silly and incompatible laws on it.
> I'm happy to have known the true internet. Truly one of the wonders of humanity.
I'm old enough to have been around for the whole thing. I used to kind of share this view, but I don't anymore.
I think it's impossible to reconcile this point of view with the obvious observation that huge aspects of life have gotten really dramatically worse thanks to the internet and its related and successor technologies.
It has made people more addicted, more anxious, more divided, or confused. It has created massive concentrations of wealth and power that have a very damaging effect on society, and it is drastically reducing the ability of people to make decisions about how they want to live and how they want their society to be structured.
It's also done a tremendous amount of positive good, too, don't worry. It's obvious to me, like it should be obvious to any rational person, that there are huge benefits too. And of course, to some extent, there's a bit of inevitability to some parts of this.
While certainly there are examples of silly laws in the world, it's worth noting that that's the exception, not the rule. In general, laws are things that society does on purpose with the intent of making the world match its values.
I think countries should in fact be governed by the consent of their own citizens and by the rule of law. I welcome changes that make that more likely.
I also like Archive.today, and I hate paywalls, they're annoying. This may not be the best place to post my counterpoint, but I think it's worth mentioning and it doesn't get repeated enough.
I was around in the 90s, and I'm very familiar with the techno-utopian approach of the first internet generation. It failed.
We're not doomed. More people are starting to realize the problem, and it's possible to solve if we put in some effort. A free Internet can be achieved, if we can push back against malicious laws for a little longer to buy a little more time. We need to especially defend the right to use VPNs and the ability to run servers at home.
We can create a decentralized VPN service that can't be blocked or sued by improving on SoftEther VPN, which is open-source software that can make VPN connections camouflaged as HTTPS, so it's invisible to DPI firewalls and can't be filtered.[0] It's already sort of decentralized, as it has a server discovery site called VPNGate that lists many volunteer-hosted instances.[1] But we can make this truly robust by doing a few more things. First, make a user-friendly mobile client. Second, figure out a way to broadcast and discover server lists in a decentralized manner, similar to BitTorrent, and build auto-discovery and broadcasting into the client. Third, make each client automatically host a temporary server and broadcast its IP so others may connect to it whenever it's in use. That should be enough to keep the Internet free in most countries because most forms of censorship would become impossible.
In the long term, we can take things even further and build a decentralized hosting provider, like AWS/Azure but your web services don't run on a physical server that has an IP address and physical location. Instead, the entire network of physical computers around the world together behaves like a single computer: an Internet-sized virtual machine. No node knows what the entire machine is up to, but every node may store things and run programs on it. The amount of compute/storage a node contributes equals the amount of compute/storage it's allowed to use. This would truly make the Internet open and free worldwide and draw out its full potential.
For the short-term goals, there's already concrete progress. The long-term goal needs more theory work but the missing ideas are probably buried in existing literature.
Don't despair boys and girls, remember there is always a deeper layer. All this AI slop? Well the powers wont even be suspicious of steganography until there are many terabytes per second of nonsense pictures moving in all directions
Cloudflare has always weirded me out. Back before everyone was using it, a lot of sites would be running just fine for years, then they'd suddenly be shut down for a few days due to DDoS attacks. Then they'd proudly announce they were on cloudflare when they came back. Funny thing was I noticed sites having more frequent downtime after using moving to cloudflare.
I don't see those cloudflare pages much these days, but something about it in those early days always gave me protection money vibes. Cloudflare seemed to come out of nowhere during a wave of DDoS attacks across the internet in the late 2000s and found their way into every site. They had some incredible timing.
I mean, DNS has always kinda been a layer of communication control in the sense that every website is a statement, and if you cut off the ability for a group of people to congregate around a nominative handle, you've basically societally black holed them in the great Interlocution.
It's wild how much stuff nowadays is people/bad actors just doing things and expecting nobody to call them out. Like, the whole patent troll "industry" is just abusing the law, hoping people don't stop them.
It's the lawyers. They ran out of actual lawsuits, so they're inventing them. They either find a wheelchair-bound person to sue you because your shop is in a historic building and you never bothered to spend tens of thousands on making it ADA compliant, or they sue you because your website doesn't pass ADA compliance[1] (hey, does HN pass ADA compliance? I have an idea...), or they find[2] a couple guys selling illegal truck parts and try to sue them for tens of millions.
I think because what predominates is the notion that if it makes money it is good. If it makes a lot of money, then it is very good.
If it claims moral superiority, that's fine and well, but if it doesn't make as much money then it doesn't deserve to live.
If you say anything to the contrary, you are "irrational", perhaps worse.
> a private company shouldn’t have to decide what counts as “illegal” content under threat of legal action.
Immediately reminded me of patio11's amazing write up[1] of debanking, featuring banks being deputized as law enforcement for financial crimes (which is completely non controversial), and even used as a convenient tool to regulate other industries that the white house didn't like (kinda controversial).
I strongly disagree that financial institutions being a de facto extension of law enforcement is "non-controversial".
It may be the way things are; it may be a pre-req of making financial crime tractable; but that does not detract from the fact that every financial institution is in essence, deputized law enforcement, and negate the chilling effect that comes as a consequence thereof on a business environment subject to it.
Fair enough. It was something that impressed me when I first read about it. You hear about disputes between Apple and the FBI over unlocking phones and meanwhile banks are like "and over here are whole floors of analysts tracking suspicious stuff." I definitely agree there are downsides and not everyone is happy about the floors of analysts, but I do think they are very far away from the Overton window.
If the US and UK block websites like archive.today, scihub, and libgen/anna's archive, then how do we think we win the information war against countries that don't give a bleep about copyright?
I used the site several times to archive some page or send it to someone who cannot access the site directly. I never archived anything illegal and never stumbled upon illegal things there. So I don't know why they want to arrest the owner.
Also the site is pretty advanced, it can handle complicated sites and even social networks.
> But because it can also be used to bypass paywalls
How? Does the site pay for subscription for every newspaper?
> Unfortunately, we couldn’t dig any deeper about who exactly is behind WAAD.
That's a red flag. Why would an NGO doing work for the public hide its founder(s) and information about itself? Using NGOs to suggest/promote/lobby certain decisions is a well known trick in authoritarian countries to pretend the idea is coming from "the people", not from the government. I hope nobody falls for such tricks today.
Furthermore, they seem to have no way to donate them money. That's even the redder flag.
Also France doesn't have a good reputation in relation to the observing rule of law. For example, they arrested Russian agent^w enterpreneur Durov, owner of Telegram, claiming they have lot of evidence against him involved in drug trafficking, fraud and money laundering [1], but a year later let him free (supposedly after he did what they wanted). France also bars popular unwanted candidates from elections. Both these cases strongly resemble what Russia does.
France possibly found a way to pressure Durov into cooperating. Preempting similar actions by Russia. Classic intelligence methods to get someone to come over to the other side.
Perhaps the DGSE also got to plug a cable in to the Telegram infrastructure, which would be huge plus for them and the west in general not in the least because of the war. You could say France has pwnd Durov.
If I'm not mistaken some significant arrest was made shortly after they captured Durov, in the case of this child exploitation stuff.
The Telegram dude is still pushing Ruzzian propaganda and is interfering in other countries elections for proRuzzian forces. So from the facts I can say Telegram and it's boss are a KGB asset, not sure what France managed to get from the guy or it was all a KGB propaganda operation to make idiots think Telegram is not controlled by KGB.
>> But because it can also be used to bypass paywalls
> How? Does the site pay for subscription for every newspaper?
Someone with a subscription logs into the site, then archives it. Archive.is uses the current user's session and can therefore see the paywalled content.
> Someone with a subscription logs into the site, then archives it.
That’s not the case. I don’t have a NYT subscription, I just Googled for an old obscure article from 1989 on pork bellies I thought would be unlikely for archive.today to have cached, and sure enough when I asked to retrieve that article, it didn’t have it and began the caching process. A few minutes later, it came up with the webpage, which if you visit on archive.is, you can see it was first cached just a few minutes ago.
My assumption has been that the NYT is letting them around the paywall, much like the unrelated Wayback Machine. How else could this be working? Only way I could think it could work is that either they have access to a NYT account and are caching using that — something I suspect the NYT would notice and shutdown — or there is a documented hole in the paywall they are exploiting (but not the Wayback Machine, since the caching process shows they are pulling direct from the NYT).
I believe news sites let crawlers access the full articles for a short period of time, so that they appear in search results. Archive.is crawls during that short window.
Do they have such an option? I don't see it on the site, and the browser extension seems to send only the URL [1] to the server. Can you provide more information?
Does it still leak your IP, e.g. if the page rendered by the site you're archiving includes it? You'd think they'd create a simple filter to redact that out.
I speculate, and the conspiracy theorist in me believes, something of a compromising nature has been archived and they want that data inaccessible, but at the same time, pointing out what they want hidden would shine a light on it.
It is even more interesting the US government is coming after archive.today at the same time, or maybe that is just a coincidence, and this is just a tech-savvy philanderer trying to hide something from his wife.
This seems to me to be the most likely explanation. Someone important and/or rich wants something memory-holed and the archive sites are amongst the last to contain the content, so someone else is creating a facade organization as an attempt to get it taken down in every way possible. And yes it's entirely possible that the archive sites have multiple "enemies".
Like a genocide? Or maybe various statements of politicians and events around and related to Ukraine, elections, Epstein, and any number of hot button topics, especially as the writing is on the wall that populations all around the West are starting to get extremely fed up?
I know for a fact that political classes of several European countries have started openly talking about destroying evidence if they lose power and America just declared Antifa a terrorist organization; that all seems to be a plausible motivation.
I doubt it’s one thing. People in powerful positions need the ability to control the narrative and gaslight the public on an ongoing basis by disappearing content. Being able to call them out on it breaks their system, so they’re trying to fix that.
If we're speculating, there is another reason to censor archiving site - if you recently committed well documented genocide and want the evidence erased. Given the systematic removal of such content from social media, it would not be surprising if this was related.
Something that I feel needs to be clarified, since I've noticed this being parroted around and it's technically incorrect:
It is incorrect to say the FBI has subpoenad the register for Archive.is. The FBI can not subpoena the register for .is domains, since there is only one and it is Icelandic. US subpoenas have no power outside the US.
So they are going after another of Archive.is domains, just not the Icelandic one.
> While the exact nature of the FBI investigation hasn’t been confirmed, it is speculated it can be related to copyright or CSAM (child sexual abuse material) dissemination issues. Altogether, the situation suggests growing pressure on whoever runs Archive.is, and on intermediaries that help make its service accessible.
Oh, so a chatbot wrote this article. Glad it tipped its hand early enough I didn't waste that much time.
If an opaque actor can fabricate legal-ish complaints and pressure DNS providers into blocking a site, the system is wide open for abuse. Smaller services without legal teams would just fold.
Curious if others are seeing this kind of “shadow regulation” pop up more frequently elsewhere — especially in email filtering, CDN layers, and AI content moderation.
I've been mulling over how to take ArchiveBox in this direction for years, but it's a really hard problem to tackle because of privacy. https://docs.sweeting.me/s/cookie-dilemma
Most content is going behind logins these days, and if you include the PII of the person doing the archiving in the archives then it's A. really easy for providers to block that account B. potentially dangerous to dox the person doing the archiving. The problem is removing PII from logged in sites is that it's not as simple as stripping some EXIF data, the html and JS is littered with secret tokens, usernames, user-specific notifications, etc. that would reveal the ID of the archivist and cant be removed without breaking page behavior on replay.
My latest progress is that it might be possible to anonymize logged in snapshots by using the intersection of two different logged-in snapshots, making them easier to share over a distributed system like Bittorrent or IPFS without doxxing the archivist.
I think about the opposite, people reading in the news that FBI is after archiving sites, will not want to launch their own site, except maybe the radical types.
ArchiveBox open source does not, but I have set it up for paying clients in the past using TLSNotary. This is actually a very hard problem and is not as simple as saving traffic hashes + original SSL certs (because HTTPS connections use a symmetric key after the initial handshake, the archivist can forge server responses and claim the server sent things that it did not).
There is only 1 reasonable approach that I know of as of today: https://tlsnotary.org/docs/intro, and it still involves trusting a third party with reputation (though it cleverly uses a zk algorithm so that the third party doesn't have to see the cleartext). Anyone claiming to provide "verifyable" web archives is likely lying or overstating it unless they are using TLSNotary or a similar approach. I've seen far to many companies make impossible claims about "signed" or "verified" web archives over the last decade, be very critial any time you see someone claiming that unless they talk explicitly about the "TLS Non-Repudiation Problem" and how they solve it: https://security.stackexchange.com/questions/103645/does-ssl...
The feeling that I have when seeing this investigation is that Waad is a covert ops by right holders like newspapers or the fbi, or some parties like that.
They upload themselves pages with the bad content for then complains about it.
Probably they know that no one will care to block or snitch on the website if it is just because it is used to "snapshot" newspaper posts, but CSAM is evil so that is the good excuse to badmouth a service like that.
Similar to what is used currently in Europe to undermine our rights or the cia operation to burn Julian Assange.
How is it an issue for Archive.today? They immediately removed the content upon being notified about it. That's the "standard" level of responsibility for any site that hosts user-uploaded content.
Super odd to pressure an ad-blocking DNS provider to use their service to 'block' archive.today. Adguard just provides block lists that allow users to easily block ad services.
If adguard starts blocking certain domains users actually want to access, users will simply switch off of adguard. No one uses adguard as a resolver by default, they switch to adguard to block ads. This seems like it'd be a pretty ineffective way of blocking sites users actually want to access.
Well, that was stellar work. It's a little sad that such threats could work with a smaller less resourced company. Still, adguard dns got on to my radar because of this.
After I read that emotive response I couldn't help but wondering if this wasn't part of a scheme to help someone cover up a crime. This is how I would have responded:
"Hi,
These do appear to be quite serious crimes. I've sent all the URLs, your email address, emails and responses to the relevant law agencies.
Archive.is doesn't work on all sites to bypass the paywall. Media companies that are truly concerned about this should modify their paywall configuration.
I've seen some theories or maybe more like guesses as to how the paywall bypass works - I don't think anyone (or at least no one posting places like here) seems to know.
One I saw suggested they've a set of subscriptions to the paywalled sites and some minimal custom work to hide the signed in account used - which seems plausible. That makes the defense most likely used to catch the account used and ban them - which would be a right pain.
web archives are so important.
perhaps now more than ever.
recently,
a company founder / ceo swore up and down
right here on this orange website
that they never said the word "forever"
on their pricing page
until someone brought proof using a web archive.
If the US government is behind this nonsense,
I am very displeased by it.
I wish there was a way we could stop
the FBI from doing this kind of tomfoolery.
Have you ever wanted to reread an old article/blog from a ling dead website? Needed to compare the old TOS with the latest TOS? Been looking for what was that video on your playlist about that got removed from youtube?
Things like that are fairly average. It can also be helpful for dispute resolutuon and holding public parties to account.
That's most likely the reason pressure is being put on them. Big media companies successfully shutdown 12ft.io, which was used to bypass paywalls, and forced the BPC (Bypass Paywalls Chrome) browser extension off the Mozilla Extension store, then Gitlab, then Github. Now the dev is hosting it on a Russian Github clone, presumably making it untouchable.
Since archive[.]today is using some very obscure hosting methods with multiple international mirrors, it makes it incredibly difficult for law enforcement to go after.
If they were any good at it, they'd have blocked the Internet Archive via robots.txt. For some inexplicable reason, IA responds to that by wiping out past, present, and future archivals of that site. They haven't taken that easy step, so I doubt they'd go the further, more involved step of focusing on this smaller actor.
100%. It's like Lenin said, you look for the person who will benefit… and, uh, uh, you know… You know, you'll uh, uh—well, you know what I'm trying to say…
It's a valid way to look for probable cause but it's important differ "you know" and "you assume" - I'm all for accountability but most conspiracy theories thrive exactly because of that sort of framing.
As to Lenin: The mouse died because it didn't understand why the cheese was free
Tangential but how does archive.today stack up against other archiving services? I've always found it faster and more reliable than the wayback machine and ghostarchive. The paywall bypass feature is also invaluable to be but I don't know if other services have that provision. I would be really sad if it went down.
Anti-child porn activists really are a unique new breed of fascist authoritarians. This is only the latest in a long line of outrageous and comical threatening letters where the recipient’s apparent reticence to comply with a takedown request is deemed to be, by the activists, active knowing involvement and participation, which is obviously outrageous but these dickheads bank on the fact that actual child porn elicits such strong community reactions.
See also: trying to strongarm Apple into running local scans on everybody’s devices and telling Apple not to listen to its customers.
I write a huge comment on why and how universal per-authorized CSAM scanning that could literally open an investigation with no human oversight was bad. Back during the apple fiasco. Had a near universal negative reaction from HN. I gave up hope for any sort of non authoritarian future at that point.
HN seems to lean authoritarian which is usual for the bourgeois class as they think they are exempt from being on the wall. After all if you have nothing to hide....
I wonder if ignoring the email and forcing a more official action would have been the better move here, in retrospect? Perhaps I am ignorant on the legal responsibilities of your services, just seems like something more formal than an email would have at least served more as "official notice"
Follows suit on my other comment about how every site with information be it legal or not is being actually pressured now to take down their info after "AI" (LLMs) mafia bosses used the info to train their AI already...
It's sickening to see people okay with the destruction of the "real" knowledge filled internet in favor of a dystopia.
They’re often of the shape here where you have to comply with arbitrary requests at great risk. Germany being the exception and being direct about it. Most other European countries try to do this thing where the government can access anything and then they selectively enforce on what they want.
We've banned this account for engaging in political battle and ignoring an earlier appeal to stop. Please stop registering new accounts to break the guidelines with. It becomes more obvious the more you do it. The number of comments containing the word "America" alone is a pattern that has no place here. And no it's nothing to do with the site or its moderators being American; the moderators aren't American and we do exactly the same thing if it is any other country. These and other comments are plainly in breach of the guidelines against flamewar-style commenting and political battle.
Good job on AdGuard's end for bringing this to the Internet's attention. I especially enjoyed the unearthed details about this "N"GO's short history.
I think the e-mail exchange should've been kept short, although it is good that the owner of archive.today was eventually notified (by them) about these links in good faith to remove them. Their reply should've been the following:
"Thank you for contacting us. If you have conclusive proof of illegal behavior, you should contact police and seek legal assistance. A website's administrator is expected to adequately react to illegal actions conducted by its users, such as removing media that's breaking a law.
We have visited the URLs provided by you (https://archive[.]today/ , ...) and found no evidence to corroborate your concerns. To avoid misunderstandings, we require you to send a certified mail to <Adguards company address> before further replies on this matter."
Remember guys, it should always be certified mail (bonus points for international). And yes, I mean literal index pages as provided in the first e-mail. Play by the legal understanding of words. Be creative and break the rules to the extent of not breaking them ;)
PS: If you want to see more of "funny replies" you should read Njalla's blog (<https://njal.la/blog/>) and TPB's infamous e-mail replies.
> We have visited the URLs provided by you
“You sent claims of CSAM hosted on someone else’s servers and we decided to download it.”
Hell no. I don’t want to see that and I don’t want it being ingested into systems I control. Of all the stuff here, “download some supposed CSAM to see if it’s real” is the absolute worst advice I can imagine.
The above post contains csam, Dang please delete it without reading. Thanks.
21 replies →
I can see what you are getting at. Is this meant to be real advice - i.e., are you an attorney, familiar with French law, etc.?
Note that association's site is made from this free template [1] with minimal editing (can see it using diff). The web hosting account at name.com (prices starting from $5/year) was registered around Jan 12, 2025 [2]. The page also contains commented out section with a part of French mobile phone number and words "Emergency Standard" (the template contained fictional number here):
[1] https://www.tooplate.com/view/2117-infinite-loop
[2] https://web.archive.org/web/20250112153727/https://webabused...
Publication manager: Jean DOMINIQUE
Author of response PDF to Adguard: someone named "bob"
Uses Microsoft and Office 365
RNA number W691110691.
Was declared on February 15, 2025, and published in the Journal Officiel on March 18, 2025
Headquartered at 131 rue de Créqui, 69006 Lyon 6 in the Auvergne-Rhône-Alpes region, specifically in the Rhône department.
Publication number: 20250011, announcement number 1688
>131 rue de Créqui, 69006 Lyon 6
Yeah, that's a postal box to host compagnies.
The article mentioned that this might be a mass registration address, and it seems that in France details of association founders are not published.
2 replies →
Quite possible that's just some bureaucrats kids running that site in exchange for EU grants. In fact in couple of countries that's precisely the case.
Well then, that would be a very interesting thing to watch when it happens!
From the article, the penalty for a false report:
> ...shall be punished by one year’s imprisonment and a fine of €15,000.
Side note, would anybody know how "easily" do political elites get off the hook in France?
26 replies →
Probably not EU grant bureaucrat nepotistic corruption: all we have so far is A) FBI involvement B) el cheapo fake organization, claiming they are French, with a lowrent pressure campaign on behalf of commercial entities.
Smells like freedom fries to me (am American myself)
I don't know anything about Adguard, but good on the team for doing the extra digging instead of just going along with the claim. Even better that they're sharing what they've found with everyone else.
Unfortunately they went along with it initially but at least they came to their senses in the end: https://github.com/AdguardTeam/AdguardFilters/issues/216586
Yeah, their CTO accepting and repeating the complaint at face value, in less than 10 words to justify the censorship, is not a good look
https://github.com/AdguardTeam/AdguardFilters/issues/216586#...
2 replies →
This is why it’s better to use AdGuard only for its DNS blocking capability and not for DNS resolving - use a real resolver like unbound https://en.wikipedia.org/wiki/Unbound_(DNS_server)
1 reply →
Thanks for the context - it changes the light of the parent article.
Their DNS is great. Removing websites without a good reason would quickly ruin everything for them.
Their pihole alternative is great too. Single go binary. Fantastic software.
3 replies →
I'm not well-versed in this: is AdGuard roughly equivalent to Pi-hole?
4 replies →
As a satisfied customer, I just recommended their adblockimg DNS on here a few days ago but am happy to do it again. If you really don't want to install anything, at least adblock at the DNS level. https://adguard-dns.io/en/welcome.html
How would they compare to NextDNS?
I use their app on Android and it blocks ads system wide
I would recommend it
1 reply →
Yes kudo. The pressure could simply be inferred as due to the arrogant trend one can observe, the editing of history.
> doing the extra digging instead of just going along with the claim.
That's the intention of intermediary liability laws - to make meritless censorship be the easy, no-risk way out. To deputize corporations to act as police under a guilty-until-proven-innocent framework.
yes, major respect to adguard.
The Ministry of Truth simply doesn't want unaccounted and uncontrolled snapshots of history. Too much hassle steering the narrative regarding any surfacing truth-now-meant-to-be-lies and vice versa into fake news territory, discrediting by association, cranking up troll farms.. Much easier to make this inconvenience disappear with the due cooperation from the controlled outlets of information.
Then they will come after our local storage, and making it prohibitively expensive is the least malign way they can come up with.
Wasn’t there a post today saying GPU, memory, and storage price all skyrocketed due to AI pressures?
Who cares about local storage? You could have just made up whatever you're claiming to have saved.
Archival sites could let you download cryptographically signed copies of the archived pages. If they get removed from the archival site, the authenticity of your local copies can still be attested.
Storage media and authenticity have zero overlap in the venn diagram. Authenticity is a cryptological feature of the internet, not a topological one.
The reason you believe that you're reading something on news.ycombinator.com right now is not the path by which the bytes were copied from one interface to the next before getting to you, but the certificate and signature that confirms you have a valid HTTPS connection.
True, it's next to useless as a proof of anything for wide audience...
But what does care about local storage in this brave new gaslit world is my own sanity, for one.
“Who controls the past controls the future. Who controls the present controls the past.” ― George Orwell, 1984
Had exactly the same thoughts. Thanks for saving me from posting this.
If the archive.today contact is telling the truth, then this implies that WAAD had collected links containing CSAM and chose not to contact the person who could best get rid of the material. I think it implies either:
1. WAAD has developed a good way of detecting CSAM, but is ok with the CSAM staying available longer than it needs to, and remaining accessible to a wider audience than needed, in order to pursue their ulterior motive. In this case, they could be improving the world in some significant way, but are just choosing to do something else.
2. WAAD has intentionally had archive.today index CSAM material in order to pursue their ulterior motive.
Of course, option 2 is _much_ more damning than option 1, but I feel both are really bad, and naively I'd still expect option 1 to be illegal. If you know of a crime and intentionally hide it, that seem illegal.
> If you know of a crime and intentionally hide it, that seem illegal.
Yet this is a standard way to become a wealthy lawyer.
A few weeks ago I noticed DNS4EU couldn’t resolve archive.is and assumed it was just a configuration mistake. I emailed them about it, and after a couple of days or weeks (not really sure) the domain started resolving again. Given AdGuard’s recent report about suspicious pressure on DNS providers to block Archive.today, I’m starting to wonder if DNS4EU’s temporary block was actually related to the same campaign
member of DNS4EU ops team here - This was not the case, we had reachability issues with the authoritative servers of archive.is and had to reach out to the team to allow our source IPs.
https://www.reddit.com/r/BuyFromEU/comments/1ohekv5/updatedn...
Thanks for clearing that up! :)
I love HN.
Archive.is have previously blocked cloudflare DNS because it was anonymizing requests. It could be either.
https://news.ycombinator.com/item?id=19828317
>The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users.
Someone asked the archive.is owner why he does this in the past. It's because of similar situations to this one where someone who wants to get archive.is taken down uploads illegal content, requests archive.is to save it, and immediately reports archive.is to their country's legal authorities. His solution to this is using the EDNS information to serve requests from the closest IP abroad, so any takedown procedure requires international cooperation and therefore enough bureaucratic overhead that he gets notified and has time to take the content down. https://news.ycombinator.com/item?id=36971650
I also find the "we don't want to leak a requester's IP" explanation for blocking EDNS to be suspect. The way DNS works is that you ask for the IP address for a domain name, you get the IP, and then you connect to it. With Cloudflare's DNS, the server doesn't know your IP when you do the DNS lookup, but that doesn't matter because you're connecting to the server anyway so they'll still get your IP. Even if you're worried about other people sniffing network traffic, the hostname you're visiting still gets revealed in plaintext during the SNI handshake. What Cloudflare blocking EDNS does do is make it much harder for competing CDNs to efficiently serve content using DNS based routing. They have to use Anycast instead, which has a higher barrier to entry.
3 replies →
Here's my speculation on the underlying reason archive.today blocks Cloudflare DNS: https://webapps.stackexchange.com/a/135229/229725
I speculate it's due to archive.today wanting granular (not overly broad) legal censorship compliance. Which is somewhat related to this post.
Am I crazy or did those WAAD guys themselves just link the public to potentially illegal content?
As of writing, they have a public response hosted on their website, including screenshots of emails to/from Google with URLs that Google agreed to remove. WAAD censored out the URLs, except they didn't actually because whatever paintbrush tool they used didn't have the opacity maxed out.
I'm not looking up those URLs to find out.
edit: They also leaked the Adguard admin's email, which WAAD complained about being the victim of.
God...
Here from their official "presse" announcement:
https://web.archive.org/web/20251116002625/https://webabused...
Looks like they replace the file on their website with a new, actually censored version.
WAAD seems to be reading along here. Wonder if your archive.org link now makes archive.org one of their targets.
1 reply →
> Am I crazy or did those WAAD guys themselves just link the public to potentially illegal content?
I mean, it's well known that governments possess and distribute more of the stuff than anyone else. Government or not, not a big surprise.
How can you even sue without any legal identity? This website and an organisation does not happen to have any. Might as well be some shell company in the Carribeans with no legal standing in France. It's not even good enough for public prosecution, as the tip would then go through French services.
This law is completely backwards, and worse than a SLAPP. If you cannot respond to a report in any way, it should be null.
If you can sue shark fins, why not a website? https://en.wikipedia.org/wiki/United_States_v._Approximately...
Amazing, here is a list of other similarly hilariously-titled “in rem jurisdiction” cases: https://en.wikipedia.org/wiki/In_rem_jurisdiction#Examples
Some good ones: - United States v. One Solid Gold Object in Form of a Rooster - United States v. 11 1/4 Dozen Packages of Articles Labeled in Part Mrs. Moffat's Shoo-Fly Powders for Drunkenness - South Dakota v. Fifteen Impounded Cats
5 replies →
French law is based on an entirely different legal system compared to US (and Anglosphere law):
https://en.wikipedia.org/wiki/List_of_national_legal_systems...
It might not be possible to do something like that in France (though I assume there are other mechanisms available in that case).
2 replies →
Holy crap, 30'000 sharks kills for a bloody soup. Insane and that wasn't even their only journey.
> How can you even sue without any legal identity?
The images of the various messages on the adguard page are not lawsuits.
They are threatening messages that threaten to create legal issues, but until and unless they carry through on the threats, are simply "threats" to the extent we've been given any visibility into the messages contents.
US courts let you sue objects under "in rem" jurisdiction.
In rem = the thing is the defendant. You're not suing a person, and you're asking the court to decide who owns or controls a specific property.
The quintessential case is United States v. $124,700
https://en.wikipedia.org/wiki/United_States_v._$124,700_in_U...
Interesting, so the US already has the tools to go after AI, self driving cars and robots.
I remember when publishers were suing individuals using nothing more than a list of IP addresses. Those crazy times seem to have come around again.
It's still being done
https://arstechnica.com/tech-policy/2025/02/isp-sued-by-reco...
Lawmakers are gonna have to figure that out soon (years hopefully) since it’s not unlikely that AGI will have the same issue.
In the U.S., “John Doe” is typically used when cannot (yet) identify the person to name as a defendant. Once the case is filed then the plaintiff can execute the necessary subpoenas to identify the defendant specifically.
See here: https://en.wikipedia.org/wiki/Doe_subpoena
1 reply →
The wording in that follow-up email is so emotive it reads more like a Tweet than formal contact from a federal organisation.
That in itself is quite shocking really.
Well, as the post indicates, it likely isn't from a government body.
Oh I see, I thought it was all FBI.
But the point stands I think, as I’d expect legal demands to be measured and to the point.
I thought they were suggesting it was a government body (an FBI operation)
5 replies →
Its interesting that being unable to find a legal route to dig up dirt on archive.is, they're going the route of CSAM allegations.
I first heard of this technique on a discussion on Lowendtalk from a hoster discussing how pressure campaigns were orchestrated.
The host used to host VMs for a customer that was not well liked but otherwise within the bounds of free speech in the US (I guess something on the order of KF/SaSu/SF), so a given user would upload CSAM on the forum, then report the same CSAM to the hoster. They used to use the same IP address for their entire operation. When the host and the customer compared notes, they'd find about these details.
Honestly at the time I thought the story was bunk, in the age of residential proxies and VPNs and whatnot, surely whoever did this wouldn't just upload said CSAM from their own IP, but one possible explanation would be that the forum probably just blocked datacenter IPs wholesale and the person orchestrating the campaign wasn't willing to risk the legal fallout of uploading CSAM out of some regular citizen's infected device.
In this case, I assume law enforcement just sets up a website with said CSAM, gets archive.is to crawl it, and then pressurize DNS providers about it.
They have plausible deniability, but the fact of the matter is: this also erases evidence of past crimes from public records. If bad things already happened then we should keep the evidence that they happened.
The root problem of CSAM is child trafficking and abuse in physical space. But for whatever reason enforcement efforts seem to be more focused on censoring and deleting the images rather than on curbing the actual act of child trafficking and rape. It's almost as if viewing (or this case, merely archiving) CSAM is considered a worse crime than the physical act of trafficking and sexually abusing children, which is apparently okay nowadays if you're rich or powerful enough.
> The root problem of CSAM is child trafficking and abuse in physical space. But for whatever reason enforcement efforts seem to be more focused on censoring and deleting the images rather than on curbing the actual act of child trafficking and rape.
Things get a bit uncomfortable for various high profile figures, political leaders and royalty if prosecutions start happening.
The people who make their living Caring A Lot would be out of a job without a constant fresh supply of things to be very concerned about.
I'm quite certain there's lots of effort world-wide to stop child trafficking and rape. So I ask: Does it only seem that there's more focus on censorship? Or is there actually?
A middle ground solution is for the admins to block the page with a message like "this page is unavailable due to reports of illegal content. if you work for a law enforcement agency and are considering using this as evidence, please contact us" for the preservation aspect.
The meta conspiracy theory in all of this would be that this is an actual CSAM producer trying to take down evidence that could be used against them.
2 replies →
Great point. I guess one is just a better anti-privacy boogeyman.
1 reply →
https://saucenao.blogspot.com/2021/04/recent-events.html
Mildly related incident where a Canadian child protection agency uploads csam onto a reverse image search engine and then reports the site for the temporarily stored images.
This Canadian group (Canadian Centre for Child Protection) is awful. They simultaneously receive tax dollars while also being registered as a lobbyist, meaning Canadians are paying taxes to the government to lobby itself. Last year they lobbied in favor of Bill S-210 [0], which would bring Texas-style age verification of porn to Canada. Their latest campaign is to introduce censorship to Tor, they’re quite proud of this campaign [1] where they’re going after Tor in the popular media and attacking the Tor non-profit’s funding structure. [2] Learning that they upload child abuse images to try to then report take down internet services doesn’t surprise me in the least.
[0] https://www.ourcommons.ca/Content/Committee/441/SECU/Brief/B... [1] https://protectchildren.ca/en/press-and-media/blog/2025/tor-... [2] https://www.theguardian.com/technology/2025/aug/25/tor-netwo...
They were not uploading files. They were crawling the site with URLs that in turn made the search engine retrieve the CSAM and display it.
Still shitty, but more obviously a technical mistake than a deliberate ploy.
1 reply →
When I accessed archive.ph (ordinary everyday content) during a visit to Italy last week, a legal notice loaded instead from Italy’s cyber authority saying they had blocked access domain-wide over CSAM. I suspected the same M.O. as parent comment describes was operative. I took a screenshot of the notice in case anyone’s interested. Edit: uploaded & available here https://drive.google.com/file/d/1WdSlZK6q1EjdRWzWeKANbjOZV03...
The owner of the KiwiFarms goes into detail how the attack against his site works and where the residential IPs are from:
"The bot spammer
- Started his attack by simply DDoS attacking the forum.
- Uses thousands of real email addresses from real providers like gmail, outlook, and hotmail.
- Uses tens of thousands of VPN IPs.
- He also uses tens of thousands of IPs from "Residential Private Networks", which are "free" VPN services that actually sell your IP address to spammers so that their activity cannot be identified as coming from a commercial service provider.
- Is able to pass off all CAPTCHA providers to CAPTCHA solvers to bypass anti-bot challenges.
- Is completely lifeless and dedicated to this task. Publicly posted invites were found and used by him, and after a full month of no engagement he noticed registrations were open within hours."
Source: https://kiwifarms.st/threads/the-gay-pedophile-at-the-gates....
this sort of stuff happened on reddit too but by a different moderator and his goons https://www.markdownpaste.com/document/bardfinn-method
1 reply →
I understand the value of providing evidence here, but I think KF links get your post auto-killed...
I've spent enough time on telegram to see this happening more times to ban groups. Csam shit storm, content gets flagged, the group gets banned (or at least, unavailable for some time)
> KF/SaSu/SF
SaSu: Sanctioned Suicide [1]
But I don't know what KF and SF are supposed to stand for.
[1] https://en.wikipedia.org/wiki/Sanctioned_Suicide
KF is almost certainly KiwiFarms, an infamous gossip forum where terminally online mentally ill people come together to make fun of other terminally online mentally ill people. With a large amount of doxxing and harassment accusations being thrown at it. I think harassment is against the site rules, but doxxing isn't. The site, being what it is, got itself some serious enemies. Including people with enough influence in IT space to nearly get the entire site pulled off the web.
SF is probably StormFront, an infamous neo-nazi website. Not an "anyone right of center is a nazi" kind of neo-nazi - actual self-proclaimed neo-nazis, complete with swastikas, Holocaust denial and calls for racial segregation. Even more hated and scrutinized than KiwiFarms, and under pressure by multiple governments and many more activist groups, over things like neo-nazi hate speech and ties with real life hate groups.
It would be a damn shame if archive.is fell under the same kind of scrutiny as those. I have an impression, completely unfounded, that the archive.is crew knew things were heading that way, and worked with that in mind for a long time now. But that doesn't guarantee they'll endure. Just gives them a fighting chance.
1 reply →
KF would be KiwiFarms
1 reply →
That would work but it is a very risky technique. For the mere mortal in your example this means possible jail time just to get some site closed down.
For law enforcement personnel, at the very least would mean an end of a career if caught (also possible jail time)
The current federal government in the USA actively encourages federal agents to use illegal and unethical methods, and promised them protection and immunity.
14 replies →
Law enforcement has already done such things and I've never heard of consequences for it.
You could use something that is legal in one country, and illegal in another country, for example, an anime-style drawing of a young girl, or a textual description.
You are naive about cops, at least in the US, and what they will or will not do and what consequence they may or may not face.
27 replies →
It’s the digital equivalent of a dirty cop planting a gun after shooting a suspect. Of course it happens. Three letter agencies probably do things like this all the time. Half of their legitimate work is probably illegal to begin with.
It's the same technique that people on Reddit use to take down subreddits that don't agree with the carefully curated "hive mind".
I don’t know why you are downvoted, this is absolutely what happened semi-frequently until Reddit was finally forced to crack down on it. The same thing happened on Twitter/X for a while where bots would mass reply to targeted users with gore and CSAM.
17 replies →
I doubt they’d have to. If the site truly doesn’t remove CSAM automatically I’ve no doubt plenty of it would end up there organically. You wouldn’t have to upload any anywhere, you’d only need to know some URLs to look for which presumably any major law enforcement agency would.
they removed it promptly.
remember: god kills a kitten every time you comment/assume something without reading it...
4 replies →
KF is being spammed with CSAM currently to the point where registrations are closed unless the admins are online to manually watch new user regs.
Seems to be the new tactic now.
KF being Kiwifarms the harassment site? Interesting, did it start happening after any particular event? Have the site admins posted about it publicly?
1 reply →
> gets archive.is to crawl it
Does archive.is actually do any crawling? I thought they only archived pages on request.
archiving on request is still crawling, even if active, not passive
> Its interesting that being unable to find a legal route to dig up dirt on archive.is, they're going the route of CSAM allegations.
This looks like someone in US (because FBI + CSAM) does not like them.
A lot of "sensitive" content is behind paywalls in the "free press" so someone, possibly FBI, wants to suppress this info.
KF/SaSu/SF ?
Check other comments, this was explained here https://news.ycombinator.com/item?id=45937453
[flagged]
wait...! do you mean the commenter or the people in law enforcement?
1 reply →
Cocaine is a hell of a drug
It's unlikely law enforcement would take the risk to handle CSAM just to make a case against a Russian pirate, jeopardizing their careers and freedom, when the copyright case is pretty strong already.
These are the doings of one of the myriad freelance "intelectual rights enforcement agents", which are paid on success and employed by some large media organization. Another possibility is that a single aggrieved individual who found themselves doxed or their criminal conviction archived etc. took action after failing to enforce their so called "right to be forgotten".
Unfortunately, archive.is operating model is uniquely vulnerable to such false flag attacks.
It’s grimly hilarious that anyone in 2025 believes the police wouldn’t do something because that thing is unethical and against their own standards.
> handle CSAM
They wouldn’t “handle” it, they’d have some third party do their dirty work.
4 replies →
The FBI has a large archive of CSAM used for content ID:
https://cybernews.com/editorial/war-on-child-exploitation/
Of course in a pinch it could also be used for other things like pretext.
This is probably the realm of intelligence agencies, who have less accountability and many reasons to eliminate public archives (primarily perception management).
So they're pressuring a DNS resolver to block a specific website? That seems like an incredibly slippery slope.
What stops them from forcing Chrome to block the website, or LetsEncrypt to not issue any more certificates for the domain, or Microsoft and Apple to add them to their firewalls? Hell, can they go after the infrastructure software developers and say, force nginx to add a check and refuse to serve the domain?
Then what happens when a fake report is sent to an open source project without budget for lawyers?
Oh trust me, if they could enforce the block at the browser level they would. We're well past the start of the slippery slope here in France when it comes to surveillance and control.
I started with telling ISPs to block websites at the DNS level. The people started using 1.1.1.1, 8.8.8.8, 9.9.9.9 and so on. So now they pressure those third-party DNS providers to do the same. This is why 9.9.9.9 is now unavailable here: they stopped serving France because they did not want to comply.
They've almost realized where to put the pressure. Almost. Once these kinds of attackers realize the real chokepoint of the modern web: certificate authorities for HTTPS certs, we're doomed. Everyone centralizes in the handful of companies and those companies decide every ~90 days which websites are visitable. Because browsers now come pre-configured to not allow visiting HTTP websites and people don't do HTTP+HTTPS anymore. Just HTTP-only.
The DNS resolver attacks are but pin pricks compared to the coming centralized control via CAs.
We already did the slipping. Sony sued Quad9 to have them block The Pirate Bay. They only lost after a lengthy legal exchange.
There's also voluntary censorship, so without any real due process, in some countries. Mostly at ISP level, but all the other entities you mentioned could also implement it. They may be forced to, as a means of dodging liability. There's all kinds of nefarious schemes.
> What stops them from forcing Chrome
Amount of money and influence Alphabet has?
The wording and tone of the emails sent to Adguard reads just like phishing emails with a hint of political SMS spam. Glad to see the people behind there thinking critically and acting rationally despite such language.
It was a little weird that they didnt suspect phishing from the get go.
I still can't wrap my head around why a DNS provider is required to block websites, especially one that is not associated with ISP or used as default on any device. Oversimplifying this, it's a glorified hash map, so whoever wants to take down the illegal content should just deal with the website owner?
I think a large part of it is the tech-illiteracy of world leaders.
I'd wager that a lot of the folks implementing these policies don't know the difference between a DNS server and a VPN. They think DNS=VPN, so all the hackers are using cloudflare to get around restrictions.
In general, most folks who use the internet don't know how it works and they don't want to know.
Let's say our dear politicans view most illicit contents as nails, and view DNS as a hammer. Unfortunately they are now aware that people can trivially get around the ISP restrictions by using another DNS provider, and have started to pressure third-party providers to apply the same blockings as the ISP ones. This is why a few "neutral" providers have outright blocked France because they refuse to block websites.
Presumably they have failed to do the latter and are just reaching at this point.
aren't we all just glorified atoms
1. I am confused, did copyright holders not amused by archive.today etc, intentionally serve CSAM material when they detected a visitor was in fact archive.today scraping one of their pages? It seems they are on the hook for more than just "inaccurate reporting of CSAM materials".
2. Is it a legally allowed tactic for copyright-luvva's to intentionally seek out CSAM content online, and then submit those URL's to sites like archive.today? Which entity is at greater legal peril, the one that aids the distribution of CSAM materials by intentionally having a site like archive.today archive CSAM content, or archive.today unintentionally being tricked into archiving CSAM content?
3. Everyone has traumas, of one kind of another. Each deals or tries to deal with them in their own way. Suppose a victim of crimes (still unpunished) finds or is informed of the presence of evidence online, and suppose this victim (regardless of how representative) finds the preservation of this evidence more important than the humiliation associated with it, how (in)just are laws that blanket suppress CSAM material? To give a more vigorous example: imagine you were raped by some no-yet-fallen UK nobility, and you are made aware of the presence of this evidence on some royal FTP server (or whatever), and you succeed in having archive.today "notarize" this evidence (independently from legal channels, since theres a suspiciously low amount of nobility being convicted, in contrast to your personal experience). These rules for supressing CSAM can be wielded as a sword precisely against those who fell prey to perpetrators...
This just shows that LCEN, DMCA, etc are poorly crafted laws. They ineffectually stop the abuse they claim to end (like copyright infringement). But it does allow large organizations a cudgel to protect their own IP.
I think they’re well crafted laws because I think that’s their intended purpose.
“The purpose of a system is what it does.”
5 replies →
...or their goal is simply not what they advertise.
Hi there, you don't know me or were I'm calling from, but I want you to go next door and punch your neighbor in the face. Believe me when I say, he is hoarding child porn. What, you don't want to? You must not be against child porn!
It has been said that the main reason for the attack on Archive is because Israel needs to cover up their crimes. There is too much evidence in the open.
It's the equivalent of burning a library down because books have records of the truth.
Adguard deserves the highest praise for publicizing this attack on them.
> has been said that the main reason for the attack on Archive is because Israel
Really? interesting couldn't find anything talking about that, mind sharing a link?
The FBI investigation might be a coincidence. Unsurprisingly, archive.today is attacked with CSAM uploads+reports all the time, you can find occasional mentions of this in their blog from 3 and 9 years ago, and I bet there was a ton of this in between.
> They [archive.today] replied within a few hours. The response was straightforward: the illegal content would be removed (and we verified that it was), and they had never received any previous notifications about those URLs.
I think it's very telling that the WAAD people don't mention that last bit in their response[0] - unless archive.today rotates their DKIM records, the messages would be verifiably signed. This of course means you can't just make stuff up, which is likely what they did.
[0] https://archive.ph/MCt4g
It looks like WAAD has posted a response to this situation:
https://webabusedefense.com/presse/Communiquer_presse_Aff-Ad... [pdf]
Scroll down in the PDF for an English translation.
"The fight against child sexual abuse material is not negotiable. It cannot be relativized. It cannot be turned against those who fight it."
This sort of moral certainty won't help anyone.
Exactly what a shell organization for the government would say to make themselves look silly so we all stop digging.
The amount of forces seemingly actively trying to kill the internet of old is disconcerting.
Chat control, DNS as arbiter of whats allowed, walled gardens etc.
The internet will be destroyed as countries the world over seek to impose all of their silly and incompatible laws on it. The international network will fracture into multiple national networks with heavy filtering at the borders.
I've been making this prediction for years now. Words can hardly capture the sadness I feel when I see evidence of its slow realization.
I'm happy to have known the true internet. Truly one of the wonders of humanity.
I share your feelings - both the sadness about the path we seem to be going down and the wonder about what the Internet used to be.
I do believe, however, that the future does not "exist" in any real sense, but is constructed - every day, little by little, by each and every one of us. What the world will be like in the future is decided by us every day.
Put another way - this is a rhetorical question - can do we do anything about it? Maybe.
32 replies →
Realistically, how could it have worked otherwise?
The internet was just ignored for a long time because it was at first a) too small and then b) too beneficial with the current architecture to try to tame.
However we're in stage c) it's too big and too dangerous for countries so it needs to be placed back in the country box.
Kind of like the history of oil, which was at first a) about individuals (Rockefeller), then about b) companies (Standard Oil), and finally, about c) countries (most big oil companies are either fully state owned or so tied at the hip with the government that they're basically state owned).
It's complicated, but ultimately, utopia doesn't exist. Most people don't really want open borders (and those that do, haven't fully thought things through), and countries in our current configuration, are still a good thing in most places. So yeah, we were always bound to reach some sort of "national internet" stage.
Yes, I believe this too. The internet is heading the way of balkanization - politically divided subnetworks. Archival services are more important than ever, as well as software such as Tor, WireGuard, and v2ray.
> The internet will be destroyed as countries the world over seek to impose all of their silly and incompatible laws on it.
> I'm happy to have known the true internet. Truly one of the wonders of humanity.
I'm old enough to have been around for the whole thing. I used to kind of share this view, but I don't anymore.
I think it's impossible to reconcile this point of view with the obvious observation that huge aspects of life have gotten really dramatically worse thanks to the internet and its related and successor technologies.
It has made people more addicted, more anxious, more divided, or confused. It has created massive concentrations of wealth and power that have a very damaging effect on society, and it is drastically reducing the ability of people to make decisions about how they want to live and how they want their society to be structured.
It's also done a tremendous amount of positive good, too, don't worry. It's obvious to me, like it should be obvious to any rational person, that there are huge benefits too. And of course, to some extent, there's a bit of inevitability to some parts of this.
While certainly there are examples of silly laws in the world, it's worth noting that that's the exception, not the rule. In general, laws are things that society does on purpose with the intent of making the world match its values.
I think countries should in fact be governed by the consent of their own citizens and by the rule of law. I welcome changes that make that more likely.
I also like Archive.today, and I hate paywalls, they're annoying. This may not be the best place to post my counterpoint, but I think it's worth mentioning and it doesn't get repeated enough.
I was around in the 90s, and I'm very familiar with the techno-utopian approach of the first internet generation. It failed.
8 replies →
Not the entire internet, these developments are just about the WWW.
4 replies →
We're not doomed. More people are starting to realize the problem, and it's possible to solve if we put in some effort. A free Internet can be achieved, if we can push back against malicious laws for a little longer to buy a little more time. We need to especially defend the right to use VPNs and the ability to run servers at home.
We can create a decentralized VPN service that can't be blocked or sued by improving on SoftEther VPN, which is open-source software that can make VPN connections camouflaged as HTTPS, so it's invisible to DPI firewalls and can't be filtered.[0] It's already sort of decentralized, as it has a server discovery site called VPNGate that lists many volunteer-hosted instances.[1] But we can make this truly robust by doing a few more things. First, make a user-friendly mobile client. Second, figure out a way to broadcast and discover server lists in a decentralized manner, similar to BitTorrent, and build auto-discovery and broadcasting into the client. Third, make each client automatically host a temporary server and broadcast its IP so others may connect to it whenever it's in use. That should be enough to keep the Internet free in most countries because most forms of censorship would become impossible.
[0] https://en.wikipedia.org/wiki/SoftEther_VPN
[1] https://www.vpngate.net/en/
In the long term, we can take things even further and build a decentralized hosting provider, like AWS/Azure but your web services don't run on a physical server that has an IP address and physical location. Instead, the entire network of physical computers around the world together behaves like a single computer: an Internet-sized virtual machine. No node knows what the entire machine is up to, but every node may store things and run programs on it. The amount of compute/storage a node contributes equals the amount of compute/storage it's allowed to use. This would truly make the Internet open and free worldwide and draw out its full potential.
For the short-term goals, there's already concrete progress. The long-term goal needs more theory work but the missing ideas are probably buried in existing literature.
Don't despair boys and girls, remember there is always a deeper layer. All this AI slop? Well the powers wont even be suspicious of steganography until there are many terabytes per second of nonsense pictures moving in all directions
Don’t forget cloudflare
Cloudflare has always weirded me out. Back before everyone was using it, a lot of sites would be running just fine for years, then they'd suddenly be shut down for a few days due to DDoS attacks. Then they'd proudly announce they were on cloudflare when they came back. Funny thing was I noticed sites having more frequent downtime after using moving to cloudflare.
I don't see those cloudflare pages much these days, but something about it in those early days always gave me protection money vibes. Cloudflare seemed to come out of nowhere during a wave of DDoS attacks across the internet in the late 2000s and found their way into every site. They had some incredible timing.
6 replies →
Yes. Alas my list was far from exhaustive :(
I mean, DNS has always kinda been a layer of communication control in the sense that every website is a statement, and if you cut off the ability for a group of people to congregate around a nominative handle, you've basically societally black holed them in the great Interlocution.
It's wild how much stuff nowadays is people/bad actors just doing things and expecting nobody to call them out. Like, the whole patent troll "industry" is just abusing the law, hoping people don't stop them.
Maybe folks should start calling eachother out?
It's the lawyers. They ran out of actual lawsuits, so they're inventing them. They either find a wheelchair-bound person to sue you because your shop is in a historic building and you never bothered to spend tens of thousands on making it ADA compliant, or they sue you because your website doesn't pass ADA compliance[1] (hey, does HN pass ADA compliance? I have an idea...), or they find[2] a couple guys selling illegal truck parts and try to sue them for tens of millions.
https://www.accessibility.works/blog/ada-lawsuit-trends-stat... [1]
https://www.uphe.org/priority-issues/diesel/ [2]
I think because what predominates is the notion that if it makes money it is good. If it makes a lot of money, then it is very good. If it claims moral superiority, that's fine and well, but if it doesn't make as much money then it doesn't deserve to live.
If you say anything to the contrary, you are "irrational", perhaps worse.
> a private company shouldn’t have to decide what counts as “illegal” content under threat of legal action.
Immediately reminded me of patio11's amazing write up[1] of debanking, featuring banks being deputized as law enforcement for financial crimes (which is completely non controversial), and even used as a convenient tool to regulate other industries that the white house didn't like (kinda controversial).
[1]: https://www.bitsaboutmoney.com/archive/debanking-and-debunki...
I strongly disagree that financial institutions being a de facto extension of law enforcement is "non-controversial".
It may be the way things are; it may be a pre-req of making financial crime tractable; but that does not detract from the fact that every financial institution is in essence, deputized law enforcement, and negate the chilling effect that comes as a consequence thereof on a business environment subject to it.
Fair enough. It was something that impressed me when I first read about it. You hear about disputes between Apple and the FBI over unlocking phones and meanwhile banks are like "and over here are whole floors of analysts tracking suspicious stuff." I definitely agree there are downsides and not everyone is happy about the floors of analysts, but I do think they are very far away from the Overton window.
Typically long-winded patio11 article that basically says: Banks are suspicious of crypto.
If the US and UK block websites like archive.today, scihub, and libgen/anna's archive, then how do we think we win the information war against countries that don't give a bleep about copyright?
What are you saying, that governments should consider long term success over immediate corporate wants? That sounds like commie talk!
https://archive.is/Nirff
[dead]
I used the site several times to archive some page or send it to someone who cannot access the site directly. I never archived anything illegal and never stumbled upon illegal things there. So I don't know why they want to arrest the owner.
Also the site is pretty advanced, it can handle complicated sites and even social networks.
> But because it can also be used to bypass paywalls
How? Does the site pay for subscription for every newspaper?
> Unfortunately, we couldn’t dig any deeper about who exactly is behind WAAD.
That's a red flag. Why would an NGO doing work for the public hide its founder(s) and information about itself? Using NGOs to suggest/promote/lobby certain decisions is a well known trick in authoritarian countries to pretend the idea is coming from "the people", not from the government. I hope nobody falls for such tricks today.
Furthermore, they seem to have no way to donate them money. That's even the redder flag.
Also France doesn't have a good reputation in relation to the observing rule of law. For example, they arrested Russian agent^w enterpreneur Durov, owner of Telegram, claiming they have lot of evidence against him involved in drug trafficking, fraud and money laundering [1], but a year later let him free (supposedly after he did what they wanted). France also bars popular unwanted candidates from elections. Both these cases strongly resemble what Russia does.
[1] https://en.wikipedia.org/wiki/Arrest_and_indictment_of_Pavel...
France possibly found a way to pressure Durov into cooperating. Preempting similar actions by Russia. Classic intelligence methods to get someone to come over to the other side.
Perhaps the DGSE also got to plug a cable in to the Telegram infrastructure, which would be huge plus for them and the west in general not in the least because of the war. You could say France has pwnd Durov.
If I'm not mistaken some significant arrest was made shortly after they captured Durov, in the case of this child exploitation stuff.
> France possibly found a way to pressure Durov
I assume the way is to just shake handcuffs before him, so it wasn't a long search. Durov is not a hero type.
>You could say France has pwnd Durov.
The Telegram dude is still pushing Ruzzian propaganda and is interfering in other countries elections for proRuzzian forces. So from the facts I can say Telegram and it's boss are a KGB asset, not sure what France managed to get from the guy or it was all a KGB propaganda operation to make idiots think Telegram is not controlled by KGB.
7 replies →
>> But because it can also be used to bypass paywalls
> How? Does the site pay for subscription for every newspaper?
Someone with a subscription logs into the site, then archives it. Archive.is uses the current user's session and can therefore see the paywalled content.
> Someone with a subscription logs into the site, then archives it.
That’s not the case. I don’t have a NYT subscription, I just Googled for an old obscure article from 1989 on pork bellies I thought would be unlikely for archive.today to have cached, and sure enough when I asked to retrieve that article, it didn’t have it and began the caching process. A few minutes later, it came up with the webpage, which if you visit on archive.is, you can see it was first cached just a few minutes ago.
https://www.nytimes.com/1989/11/01/business/futures-options-...
My assumption has been that the NYT is letting them around the paywall, much like the unrelated Wayback Machine. How else could this be working? Only way I could think it could work is that either they have access to a NYT account and are caching using that — something I suspect the NYT would notice and shutdown — or there is a documented hole in the paywall they are exploiting (but not the Wayback Machine, since the caching process shows they are pulling direct from the NYT).
I believe news sites let crawlers access the full articles for a short period of time, so that they appear in search results. Archive.is crawls during that short window.
Do they have such an option? I don't see it on the site, and the browser extension seems to send only the URL [1] to the server. Can you provide more information?
[1] https://github.com/JNavas2/Archive-Page/blob/main/Firefox/ba...
Does it still leak your IP, e.g. if the page rendered by the site you're archiving includes it? You'd think they'd create a simple filter to redact that out.
1 reply →
Subpoena from the FBI to Tucows to disclose identity of archive.today(is) operator: https://pdflink.to/1e0e0ecd/
Were they able to discover their identity?
Finally someone does some digging
I speculate, and the conspiracy theorist in me believes, something of a compromising nature has been archived and they want that data inaccessible, but at the same time, pointing out what they want hidden would shine a light on it.
It is even more interesting the US government is coming after archive.today at the same time, or maybe that is just a coincidence, and this is just a tech-savvy philanderer trying to hide something from his wife.
This seems to me to be the most likely explanation. Someone important and/or rich wants something memory-holed and the archive sites are amongst the last to contain the content, so someone else is creating a facade organization as an attempt to get it taken down in every way possible. And yes it's entirely possible that the archive sites have multiple "enemies".
That doesn't seem totally implausible.
Like a genocide? Or maybe various statements of politicians and events around and related to Ukraine, elections, Epstein, and any number of hot button topics, especially as the writing is on the wall that populations all around the West are starting to get extremely fed up?
I know for a fact that political classes of several European countries have started openly talking about destroying evidence if they lose power and America just declared Antifa a terrorist organization; that all seems to be a plausible motivation.
I doubt it’s one thing. People in powerful positions need the ability to control the narrative and gaslight the public on an ongoing basis by disappearing content. Being able to call them out on it breaks their system, so they’re trying to fix that.
If we're speculating, there is another reason to censor archiving site - if you recently committed well documented genocide and want the evidence erased. Given the systematic removal of such content from social media, it would not be surprising if this was related.
Something that I feel needs to be clarified, since I've noticed this being parroted around and it's technically incorrect:
It is incorrect to say the FBI has subpoenad the register for Archive.is. The FBI can not subpoena the register for .is domains, since there is only one and it is Icelandic. US subpoenas have no power outside the US.
So they are going after another of Archive.is domains, just not the Icelandic one.
> While the exact nature of the FBI investigation hasn’t been confirmed, it is speculated it can be related to copyright or CSAM (child sexual abuse material) dissemination issues. Altogether, the situation suggests growing pressure on whoever runs Archive.is, and on intermediaries that help make its service accessible.
Oh, so a chatbot wrote this article. Glad it tipped its hand early enough I didn't waste that much time.
If an opaque actor can fabricate legal-ish complaints and pressure DNS providers into blocking a site, the system is wide open for abuse. Smaller services without legal teams would just fold.
Curious if others are seeing this kind of “shadow regulation” pop up more frequently elsewhere — especially in email filtering, CDN layers, and AI content moderation.
Friendly reminder that archive box exists to let you self host your own archive service.
https://github.com/ArchiveBox/ArchiveBox
I dream of a day where archivebox becomes a fleet of homelabs all over the world making it drastically harder to block them all.
I've been mulling over how to take ArchiveBox in this direction for years, but it's a really hard problem to tackle because of privacy. https://docs.sweeting.me/s/cookie-dilemma
Most content is going behind logins these days, and if you include the PII of the person doing the archiving in the archives then it's A. really easy for providers to block that account B. potentially dangerous to dox the person doing the archiving. The problem is removing PII from logged in sites is that it's not as simple as stripping some EXIF data, the html and JS is littered with secret tokens, usernames, user-specific notifications, etc. that would reveal the ID of the archivist and cant be removed without breaking page behavior on replay.
My latest progress is that it might be possible to anonymize logged in snapshots by using the intersection of two different logged-in snapshots, making them easier to share over a distributed system like Bittorrent or IPFS without doxxing the archivist.
More here: https://github.com/pirate/html-private-set-intersection
I think about the opposite, people reading in the news that FBI is after archiving sites, will not want to launch their own site, except maybe the radical types.
1960s: FBI/CIA invents the term "conspiracy theorist"
2020s: FBI/CIA invents the term "radical archivist"
Out of curiosity, does ArchiveBox integrate some way of verifying the contents of the archived page(s) are legitimate and unmodified?
ArchiveBox open source does not, but I have set it up for paying clients in the past using TLSNotary. This is actually a very hard problem and is not as simple as saving traffic hashes + original SSL certs (because HTTPS connections use a symmetric key after the initial handshake, the archivist can forge server responses and claim the server sent things that it did not).
There is only 1 reasonable approach that I know of as of today: https://tlsnotary.org/docs/intro, and it still involves trusting a third party with reputation (though it cleverly uses a zk algorithm so that the third party doesn't have to see the cleartext). Anyone claiming to provide "verifyable" web archives is likely lying or overstating it unless they are using TLSNotary or a similar approach. I've seen far to many companies make impossible claims about "signed" or "verified" web archives over the last decade, be very critial any time you see someone claiming that unless they talk explicitly about the "TLS Non-Repudiation Problem" and how they solve it: https://security.stackexchange.com/questions/103645/does-ssl...
2 replies →
The feeling that I have when seeing this investigation is that Waad is a covert ops by right holders like newspapers or the fbi, or some parties like that.
They upload themselves pages with the bad content for then complains about it. Probably they know that no one will care to block or snitch on the website if it is just because it is used to "snapshot" newspaper posts, but CSAM is evil so that is the good excuse to badmouth a service like that.
Similar to what is used currently in Europe to undermine our rights or the cia operation to burn Julian Assange.
> The illegal content was promptly removed from Archive.today after we notified them.
Everything else aside, this is a big issue for archive.today and makes it very difficult to defend its continued existence. Crap.
How is it an issue for Archive.today? They immediately removed the content upon being notified about it. That's the "standard" level of responsibility for any site that hosts user-uploaded content.
Unless GP is suggesting the act of removal is what is worrying.
Super odd to pressure an ad-blocking DNS provider to use their service to 'block' archive.today. Adguard just provides block lists that allow users to easily block ad services.
If adguard starts blocking certain domains users actually want to access, users will simply switch off of adguard. No one uses adguard as a resolver by default, they switch to adguard to block ads. This seems like it'd be a pretty ineffective way of blocking sites users actually want to access.
Well, that was stellar work. It's a little sad that such threats could work with a smaller less resourced company. Still, adguard dns got on to my radar because of this.
After I read that emotive response I couldn't help but wondering if this wasn't part of a scheme to help someone cover up a crime. This is how I would have responded:
"Hi,
These do appear to be quite serious crimes. I've sent all the URLs, your email address, emails and responses to the relevant law agencies.
Regards, AdGuard"
Archive.is doesn't work on all sites to bypass the paywall. Media companies that are truly concerned about this should modify their paywall configuration.
I've seen some theories or maybe more like guesses as to how the paywall bypass works - I don't think anyone (or at least no one posting places like here) seems to know.
One I saw suggested they've a set of subscriptions to the paywalled sites and some minimal custom work to hide the signed in account used - which seems plausible. That makes the defense most likely used to catch the account used and ban them - which would be a right pain.
They probably just set user agent (and reverse DNS name) to Google or some other company that can bypass the firewall.
2 replies →
For example, similar to mondediplo.com
I wonder if this is why NextDNS block the archive.today domains?
While the NextDNS company is registered in Delaware, the founders are French nationals, so may feel more exposed to such threats.
fwiw, you can use rewrites for these domains in the nextdns settings, or manage it in your local dns client, and get around this pretty easily.
The accuser sure seems to value their own anonymity while trying to pierce someone else's.
Kudos to adguard dns for [planing to] filing a counter-claim against potential abuse of power.
Seems like there's an actual child/teenager running that "company"
À simple way to debunk this fake French pretending non-profit complainer is to check it's present in the Répertoire national des associations (RNA)
They are in the RNA: https://www.journal-officiel.gouv.fr/pages/associations-deta...
I would have liked the 'suspicious pressure' when Parler was shutdown by colluding tech companies and the US government.
I bet its mirrors of their own honeypot websites they submitted themself to remove records of websites they rather have memory-holed.
web archives are so important. perhaps now more than ever.
recently, a company founder / ceo swore up and down right here on this orange website that they never said the word "forever" on their pricing page until someone brought proof using a web archive.
If the US government is behind this nonsense, I am very displeased by it. I wish there was a way we could stop the FBI from doing this kind of tomfoolery.
Different question, but what are realistic use cases of archive.today that could be interesting for average person?
Have you ever wanted to reread an old article/blog from a ling dead website? Needed to compare the old TOS with the latest TOS? Been looking for what was that video on your playlist about that got removed from youtube? Things like that are fairly average. It can also be helpful for dispute resolutuon and holding public parties to account.
News agencies edit the history all the time.
Wouldn’t the people making the complaint also be subject to prosecution for accessing illegal materials?
archive.is is frequently used to bypass paywalls, I wonder if this is motivated by that somehow
That's most likely the reason pressure is being put on them. Big media companies successfully shutdown 12ft.io, which was used to bypass paywalls, and forced the BPC (Bypass Paywalls Chrome) browser extension off the Mozilla Extension store, then Gitlab, then Github. Now the dev is hosting it on a Russian Github clone, presumably making it untouchable.
Since archive[.]today is using some very obscure hosting methods with multiple international mirrors, it makes it incredibly difficult for law enforcement to go after.
What obscure methods are they using?
4 replies →
[flagged]
If they were any good at it, they'd have blocked the Internet Archive via robots.txt. For some inexplicable reason, IA responds to that by wiping out past, present, and future archivals of that site. They haven't taken that easy step, so I doubt they'd go the further, more involved step of focusing on this smaller actor.
2 replies →
100%. It's like Lenin said, you look for the person who will benefit… and, uh, uh, you know… You know, you'll uh, uh—well, you know what I'm trying to say…
I’m not sure what you’re referencing, but the principal goes back way back to the Romans: Cui bono? [0]
0: https://en.wikipedia.org/wiki/Cui_bono%3F
1 reply →
It's a valid way to look for probable cause but it's important differ "you know" and "you assume" - I'm all for accountability but most conspiracy theories thrive exactly because of that sort of framing.
As to Lenin: The mouse died because it didn't understand why the cheese was free
Tangential but how does archive.today stack up against other archiving services? I've always found it faster and more reliable than the wayback machine and ghostarchive. The paywall bypass feature is also invaluable to be but I don't know if other services have that provision. I would be really sad if it went down.
Anti-child porn activists really are a unique new breed of fascist authoritarians. This is only the latest in a long line of outrageous and comical threatening letters where the recipient’s apparent reticence to comply with a takedown request is deemed to be, by the activists, active knowing involvement and participation, which is obviously outrageous but these dickheads bank on the fact that actual child porn elicits such strong community reactions.
See also: trying to strongarm Apple into running local scans on everybody’s devices and telling Apple not to listen to its customers.
I write a huge comment on why and how universal per-authorized CSAM scanning that could literally open an investigation with no human oversight was bad. Back during the apple fiasco. Had a near universal negative reaction from HN. I gave up hope for any sort of non authoritarian future at that point.
HN seems to lean authoritarian which is usual for the bourgeois class as they think they are exempt from being on the wall. After all if you have nothing to hide....
I wonder if ignoring the email and forcing a more official action would have been the better move here, in retrospect? Perhaps I am ignorant on the legal responsibilities of your services, just seems like something more formal than an email would have at least served more as "official notice"
Follows suit on my other comment about how every site with information be it legal or not is being actually pressured now to take down their info after "AI" (LLMs) mafia bosses used the info to train their AI already...
It's sickening to see people okay with the destruction of the "real" knowledge filled internet in favor of a dystopia.
Kudos
Another day, another attempt at destroying the archives.. Welp
One more reason for browsers to save all pages one visits.
lol, "American Law Firm"
[flagged]
[dead]
[flagged]
They actually don't, oddly enough.
They’re often of the shape here where you have to comply with arbitrary requests at great risk. Germany being the exception and being direct about it. Most other European countries try to do this thing where the government can access anything and then they selectively enforce on what they want.
[flagged]
We've banned this account for engaging in political battle and ignoring an earlier appeal to stop. Please stop registering new accounts to break the guidelines with. It becomes more obvious the more you do it. The number of comments containing the word "America" alone is a pattern that has no place here. And no it's nothing to do with the site or its moderators being American; the moderators aren't American and we do exactly the same thing if it is any other country. These and other comments are plainly in breach of the guidelines against flamewar-style commenting and political battle.
https://news.ycombinator.com/item?id=45603743
[dead]
[flagged]
You don't need to apologise for something you didn't do just because it happened in your country.
[Germany's ears perk up]
3 replies →