Jani Patokallio who runs gyrovague.com published a blog post attempting to dox the owner of archive.today.
Jani justifies his doxing as follows "I found it curious that we know so little about this widely-used service, so I dug into it" [1]
Archive.today on the other hand is a charitable archival project offered to the public for free. The operator of Archive.today risks significant legal liability, but still offers this service for free.
It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone. The only credible reason for Jani to publish something like this is if he desires to cause physical harm to the operator of archive.today
Or are we just looking at an unhinged fan stalking their favorite online celebrity?
People were critical of the Banksy piece, but this is much nastier. At least Banksy is a huge business, archive.today does not even make money.
Jani here. What you describe as "doxxing" consisted of a) a whois lookup for archive.is and b) linking to a StackExchange post from 2020 called "Who owns archive.today" [1]. There is literally no new information about the site's owner in the post, all names have been dug up before and are clearly aliases, and the post states as much.
Huh, that's what Kiwi Farms says about the people that they talk about online too. And Cloudflare famously retaliated against them, but are retaliating against the victim in this case because Archive.today responded to the doxing in the wrong way apparently
Maybe, but I don't think that distinction matters here. Surely you're not contending that it counts as doxing every time someone collects data from multiple public sources?
I've always understood doxing to be PII, which aliases aren't, AFAIK, unless they're connected to a real person. And, to my knowledge, everyone is contending that the names in the blog post are all aliases. And, regarding aliases, I've never understood it to be doxing for someone to say "FakeNameX and FakeNameY appear to be the same user."
So, to me, the thing that makes it not look like doxing is that it simply doesn't meet the basic definition of doxing. It provides no PII.
You're both right. Combine the two and you get what doxxing originally was:
"Dox" is short for "documents", and it originally referred to compiling a multi-page document of all known personal information, using disparate public sources: name, address, phone, email, employer, family members, family address/phone etc, etc, etc. It came from troll boards and was designed to make it easy to harass targets.
The term got significantly watered down when it got out to the broader internet.
How low has the bar gotten where doxxing is literally just doing a Google search and a whois lookup about a well-used public website? The hackers of the 90s and aughts would laugh you straight out of the irc server with this comment.
Nonsense, by the mid-aughts google searches and whois lookups were key tools for doxing. If you had been around in the hacker scene at that time, you'd be well aware instead of trying to inject fabricated mystique.
If the site operator is working for the FSB, doxx away! Although the world needs a better alternative to Internet Archive, it shouldn't be an alternative that is an arm of an authoritarian government.
You are attempting to perform a rhetorical sleight of hand here. You are well aware that linking to a Stack Exchange post and running WHOIS is not grounds for a DDoS as a measured response. In light of this fact, you attempt to portray it as “doxxing” to mislead people into thinking that someone’s identity or address was published against their will.
I encourage everyone to read the original article and make their own conclusion. Do not take this poster at their word.
You've thoroughly discredited yourself and your other comments with this. If anything, this comment reads exactly like the messages from the archive.today operator. No sensible person could read the original blog post and read this comment as anything other than an attempt to spread lies and pressure Jani.
I'm absolutely open to the argument that Jani has does something wrong, but nothing you've said has really even accused them of anything.
If you want to define doxing narrowly (as it was historically) then I would agree that all (or nearly all) such cases are wrong, but this is by no means clearly doxing. If you want to define doxing widely (as is common lately), then I'll accept this is clearly an example of doxing, but note that there's nothing inherently wrong with doxing.
Just saying "doxing" does not establish that the underlying actions are immoral, and so it does not follow that the target not appreciating it is relevant. If I take the last parking place in a crowded lot, the driver behind me certainly won't appreciate it, but I have no obligation to give it up. If you think Jani has done something incomparable to taking a parking place, you need to make the case.
We called this exact pattern of behaviour "doxing" on IRC in the early 2000s, I really don't know why you think I'm using some new definition.
It's probable that in the later 00s this would have been called a "faildox", but it's still just a fundamentally dick move to try to identify someone online who doesn't want to be identified. It doesn't matter if you do a completely shit job at it.
I hate this. Archive.today provides a useful service for people like us in developing countries; without archive.today we would not even have luxury to read and document a lot of stuff. In our countries, hard disks are expensive and internet is not fast either. We don't have the luxury to just download; and so many useful Youtube video are just made private after one phone call from Police. Why take it away from us...
All your comments are painting archive.today as an innocent victim in all this, but in addition to the DDoS, they have been caught modifying archived pages as well as sending actual threats to Patokallio [1] which in my opinion seem far worse than the "doxxing".
Just the fact alone that they modified archived pages has completely ruined their credibility, and over what? A blog post about them that (a) wasn't even an attack, it is mostly praising archive.today, and (b) doesn't reveal any true identities or information that isn't already easily accessible.
From my perspective at least, archive.today seems like the unhinged one, not Patokallio.
>It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.
I would say the opposite... The DDoS is pretty obviously ridiculous, completely unacceptable, and entirely indefensible, while the blog post seems like whatever.
I honestly cannot fathom defending using your popular website as a tool to DDoS someone you have personal beef with, without the consent of the DDoSing participants.
> The DDoS is pretty obviously ridiculous, completely unacceptable, and entirely indefensible, while the blog post seems like whatever
The DDoS hasn't even successfully taken the website down, so your objection is entirely ideological.
It's a pretty messed up ideology if attempting to take down a website is worse than potentially subjecting someone to violence by attempting to dox them and sharing your work.
> It's weird to see people getting fixated on the DDoS,
The weird part to me is that some people are seemingly trying to downplay a popular website abusing visitors to DDoS someone.
How does your information (two angles) change anything at all about that fact? Normally if any website was caught abusing visitors to DDoS another website there would be no debate about why this is a bad thing. What about your other angles was supposed to matter in deciding if this was a bad thing for a website to do?
Two wrongs don’t make a right. Feeling wronged by someone doesn’t give you freedom to abuse every visitor to your website to DDoS someone else.
> It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.
Why even do that, then? Why not just make a public post of theirs like: "Hey, here's someone trying to doxx me, and here's the unfair and fictitious bullshit the lying government is trying to pin on me. Here's all the facts, decide for yourselves."
Why do something as childish as DDoSing someone which takes away any basic good will and decency/respect you might have had in the eyes of many?
That way, it'd also be way more clear whether attempts at censorship are motivated by them acting as a bad actor, or some sort of repression and censorship thing.
I don't really have a horse in this race, but it sounds like lashing out to one own's detriment.
I'm wondering if Jani is possibly going to walk into the wrong party here and get burned. I did some public archival stuff about a decade ago and it was state sponsored and for the intelligence community. I'm not suggesting this is but it'll be very much of interest to competing intelligence services as it's an information control point. None of those are the sort of people you start pissing off by sticking your dick in it. FBI is likely just one of the actors here.
You seem the right person to ask about this: why don’t we see any public web archivers operated by individuals or organizations based in countries that aren’t big fans of aiding or listening to American intelligence?
They already mentioned info control. Also visitor and flow data prob juicier than the archives themselves for site like .today.
Oh, and a great injection point of malware, which can be more sophisticated and selective than the DDoS under discussion. Hard to come up with a more efficient browser-0day deployment pipeline if youre flying under radar and want to be able to target arbitrary individuals.
Ours was a private archive of public content. There was a long discussion of the intelligence that could be gathered or information manipulated if it was public
> Or are we just looking at an unhinged fan stalking their favorite online celebrity?
In this case, question is recursive. I have no idea who Jani Patokallio or gyrovague.com are, and the way Jason Drury shifts from “tried to dox” to “doxx’d” makes me wonder if this is astroturfing by Jani or Jason or a 3rd party. Who knows!
As of now the site is in-fact a C&C/botnet. Cloudflare naturally fixates on such risks, not speech (generally). The basic purpose of 1.1.1.2 is to not wind up part of botnet.
It is not "doxxing" but something weirder, "bulling" may be a better word, or as you said "stalking their favorite online celebrity".
The quality of investigation is too poor to be "doxxable", even Jani (in his reply here) accepts it, and no sensitive info is disclosured, but the blog post and its promotion here and there spread dangerous rumors like:
I'm not sure how illegal copyright violations really are, given that all major tech companies are doing it. DDoS attacks, on the other hand, are pretty clear-cut.
I also think "but they also do that other crime" doesn't help their case.
you said “latest thread” and I like “didn’t he called for a truce” the I see this comment was three days ago… obviously he has said everything and the opposite by now.
