Wikipedia editors have voted to remove and blacklist all links to the web archiving service Archive.today — also known by domains such as archive.is and archive.ph — after allegations that the service included embedded JavaScript that hijacked visitors’ browsers to conduct distributed denial-of-service (DDoS) attacks against an external blog and that the archive operator altered archived content, prompting Wikipedia to reverse earlier acceptance of nearly 700,000 archive links and deem the service unreliable and unsafe for its readers.
Sources
https://techcrunch.com/2026/02/21/wikipedia-blacklists-archive-today-after-alleged-ddos-attack/
https://www.techradar.com/pro/security/wikipedia-blacklists-archive-today-after-alleged-ddos-attack
https://www.heise.de/en/news/Hundreds-of-thousands-of-links-Wikipedia-bans-Archive-today-after-cyberattack-11185344.html
Key Takeaways
• Wikipedia’s English-language community has officially blacklisted Archive.today and is actively removing the roughly 695,000 links to it across hundreds of thousands of articles due to alleged malicious behavior and concerns over user safety.
• The decision was driven by claims that Archive.today deployed JavaScript that caused users’ browsers to participate in a DDoS attack against a blogger’s site without consent, a violation of Wikipedia’s principles against directing readers to sites that misuse user resources.
• Additional allegations include that the archive operator manipulated archived content, undermining the reliability of preserved pages and prompting editors to replace Archive.today links with original sources or alternative archival services.
In-Depth
In a notable escalation of online publishing standards and community self-governance, the English-language Wikipedia has taken the extraordinary step of blacklisting all links to Archive.today — a widely used web archiving platform — after allegations surfaced that the service engaged in harmful and deceptive practices. This action marks one of the most sweeping removals of an external resource in Wikipedia’s history, affecting nearly 700,000 links on a platform that prides itself on open and verifiable sourcing. The move reflects the community’s determination to protect readers from websites that compromise user devices or the integrity of archived content.
The controversy centers on claims that Archive.today, under its array of domains, injected JavaScript code into its pages, especially CAPTCHA screens, which caused visiting browsers to initiate repeated requests to a third-party blog owned by engineer and blogger Jani Patokallio. According to reports, this pattern of activity constituted an unconsented distributed denial-of-service (DDoS) campaign aimed at overwhelming the target site’s infrastructure. Wikipedia editors concluded that directing readers toward a service that could exploit their computers in this way violated fundamental norms about linking to trustworthy and safe resources.
Beyond the alleged DDoS exploitation, editors also cited evidence suggesting that the archive’s operators had manipulated archived snapshots, altering content in ways that compromised the reliability of the preserved material. Such activity, which runs counter to the archival mission of faithfully storing historical internet content, further eroded confidence in the site. Critics within the Wikipedia community had initially opposed blanket removal out of concern that Archive.today played a unique role in accessing paywalled or otherwise hard-to-capture pages. However, the consensus shifted as alternatives and replacements for most uses were identified, and the balance tipped toward prioritizing reader safety and data integrity.
The blacklisting effectively bans adding any new Archive.today links to Wikipedia and initiates a systematic removal of existing ones. Editors are now encouraged to replace old archive links with originals, when available, or with more established archival services like the Internet Archive’s Wayback Machine. The decision underscores a broader trend in online knowledge repositories toward stricter vetting of external sources and a heightened sensitivity to cyber safety risks — even when dealing with tools that have been long accepted by digital communities.