Tell HN: Exercise caution with links to archive sites
9 comments
Archive.is mirrors have been linked north of 15,000 times on HN over 9 years [0]. (Archive.is is the more popular URL for the same [1] service). I'm skeptical that actually-malicious behavior would have gone unnoticed for so long, on this site of all places.
Unless your position is all intrusive analytics scripts are "malware" -- in which case I philosophically agree, but it's futile.
[0] https://hn.algolia.com/?query=archive.is&type=comment (note Algolia's exact # is nondeterministic and changes on refresh)
[1] https://en.wikipedia.org/wiki/Archive.today
(Full disclosure: I've linked many of these myself).
Unless your position is all intrusive analytics scripts are "malware" -- in which case I philosophically agree, but it's futile.
[0] https://hn.algolia.com/?query=archive.is&type=comment (note Algolia's exact # is nondeterministic and changes on refresh)
[1] https://en.wikipedia.org/wiki/Archive.today
(Full disclosure: I've linked many of these myself).
Last time I checked, archive.is required JS and was showing a page imitating Cloudflare's but using reCaptcha. I actually got downvoted after pointing out that archive.is requires JS when linked article can be read with no JS.
Wowee, Websites on the Internet using JavaScript and Tracking Pixels to Record Everything We Do! This is the first time I’m hearing about it (https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...). I certainly don’t have any counter measures available to block these activities from happening on my computer (uBlock Origin and similar tools can block these requests). I wonder how common this is (An estimated 55% of all sites on the internet use Google Analytics)?
the top-fwz1 script is mail.ru's statistics counter
https://top.mail.ru/help/en/rating
> Top Mail.Ru is a statistics system for site owners. You need to get and install the counter code on the pages of your site to collect data.
you can see the same code snippet that's on archive.ph here: https://top.mail.ru/help/en/code/receive
https://top.mail.ru/help/en/rating
> Top Mail.Ru is a statistics system for site owners. You need to get and install the counter code on the pages of your site to collect data.
you can see the same code snippet that's on archive.ph here: https://top.mail.ru/help/en/code/receive
Indeed. There are a couple of users that provide these as a service to the community but there are also users who seem to be pushing predominantly malicious sites without ever contributing in any other way.
Personally I would rather see all those archive links gone because they have the exact same problems that link shorteners did, even if they are benign today they could easily turn malicious tomorrow.
Personally I would rather see all those archive links gone because they have the exact same problems that link shorteners did, even if they are benign today they could easily turn malicious tomorrow.
That's strange. The archive.ph is another URL for archive.today, a well-known archive service[0]. Could it be it has been compromised?
[0]: https://en.wikipedia.org/wiki/Archive.today
[0]: https://en.wikipedia.org/wiki/Archive.today
It's been affiliated with mail.ru analytics for years:
https://news.ycombinator.com/item?id=23316085 ("Ask HN: Who owns archive.is, and why are they trustworthy?") (2020)
https://news.ycombinator.com/item?id=23316085 ("Ask HN: Who owns archive.is, and why are they trustworthy?") (2020)
What found strange is the malicious part as thought to mean some exploiting code exists. Is it that or just analytics?
It’s just regular analytics, not different than Google Analytics.
OP is just a russophobic asshole.
OP is just a russophobic asshole.
Some archive sites - like archive.ph - attempt to run malicious code on viewers' devices. It seems that archive.ph's copies of various articles[1] all attempt to run at least a script from mail.ru domain that appears[2] to "harvest data from the page (references to "gender", "age", etc) and some shady-named variables like "bait". Also a function that fetches data from top-fwz1.mail.ru and then tries to submit a hidden 1px*1px form created in an iframe using this data (...)"
[1] https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
[2] https://news.ycombinator.com/item?id=30669851