Poison Fountain: Site Urges Caching and Serving Poisoned Training Data

TL;DR

A website called Poison Fountain published instructions urging people to supply poisoned training data to web crawlers and language-model training pipelines. The site provides URLs, including an .onion address, and technical steps for serving compressed poisoned content to crawlers.

What happened

On Jan. 11, 2026, a site calling itself Poison Fountain published guidance that advocates deliberately supplying corrupted or 'poisoned' training material to machine-learning systems. The page states agreement with Geoffrey Hinton’s view that machine intelligence is a threat to humanity and frames its activity as a 'war effort.' It lists public and Tor URLs intended to deliver a stream of poisoned data and asks readers to cache or retransmit those feeds. The page describes a deployment pattern: hide links in a site so crawlers follow them, have the site request one of the Poison Fountain URLs, receive a response whose header indicates Content-Encoding: gzip, and forward the gzip-compressed response (or its decompressed contents) to the crawler. The site asserts that small amounts of poisoned training data can significantly harm a language model and gives step-by-step instructions for embedding the poisoned payload into crawler-collected corpora.

Why it matters

• The site explicitly promotes active attempts to corrupt training corpora that crawlers and model builders may use, which could affect the integrity of models trained on web data.
• By advising operators to push poisoned content into crawling pipelines, the guidance targets an automated data-collection stage central to many language-model training workflows.
• The operators frame the activity as a coordinated 'war effort' and cite influential voices to justify the approach, which raises questions about intent and potential escalation.
• The use of compressed payloads and hidden links suggests techniques designed to evade simple detection by automated crawling systems or cursory review.

Key facts

• The publication identifies itself as 'Poison Fountain' and was posted on 2026-01-11.
• The page states agreement with Geoffrey Hinton and says machine intelligence is a threat to the human species.
• It claims small quantities of poisoned training data can significantly damage a language model.
• The site supplies at least two accessible URLs, including https://RNSAFFN.com/poison2/ and a Tor .onion address.
• Readers are urged to cache and retransmit the poisoned data and to feed it to web crawlers.
• The site describes hiding links in HTML to make crawlers follow specific paths on a controlled site.
• Technical instructions call for an HTTP handler to request a Poison Fountain URL and forward the response to the crawler.
• The Poison Fountain response is described as gzip-compressed data with an HTTP response header 'Content-Encoding: gzip'; handlers are advised to forward the compressed body and header or to decompress and send the contents to crawlers.

What to watch next

• Whether the listed URLs remain reachable or are mirrored elsewhere — not confirmed in the source
• Any takedown notices, legal actions, or hosting-provider interventions in response to the site — not confirmed in the source
• Reports from model builders or dataset curators that identify poisoned content originating from the listed feeds — not confirmed in the source

Quick glossary

• Training data poisoning: The adversarial practice of introducing manipulated or malicious examples into a dataset used to train a machine-learning model, with the aim of degrading or changing the model's behavior.
• Web crawler: Automated software that browses the web and collects content for indexing or for building datasets, often following links found in pages.
• HTTP GET: A request method used by clients (such as browsers or crawlers) to retrieve data from a server at a specified URL.
• Content-Encoding: gzip: An HTTP response header indicating that the response body has been compressed using the gzip algorithm; clients are expected to decompress before use unless they can handle compressed content directly.
• .onion (Tor): A special-use top-level domain accessible via the Tor anonymizing network; .onion addresses are used to host services reachable only through Tor.

Reader FAQ

What does Poison Fountain propose?
The site advocates supplying gzip-compressed 'poisoned' training data to web crawlers and model training pipelines and gives technical instructions for doing so.

Which URLs are listed on the site?
The page lists at least https://RNSAFFN.com/poison2/ and a Tor .onion address (http://utnvcfjev63rik5rdu26umns5s6qmzvzq4t2hunu25w5efn36ntlduid.onion/).

Does the source prove the technique works?
The site asserts that small quantities can significantly damage a language model, but independent effectiveness is not confirmed in the source.

Who runs Poison Fountain?
not confirmed in the source

Are there legal or enforcement responses described?
not confirmed in the source

RNSAFFN Poison Fountain https://RNSAFFN.com/poison2/ http://utnvcfjev63rik5rdu26umns5s6qmzvzq4t2hunu25w5efn36ntlduid.onion/ Poison Fountain Purpose We agree with Geoffrey Hinton: machine intelligence is a threat to the human species. In response to this threat we want to…

Sources

• Poison Fountain
• Training Data Poisoning: The Invisible Cyber Threat of 2026
• How poisoned data can trick AI − and how to stop it
• Introduction to Data Poisoning: A 2025 Perspective

Related posts

• Industry insiders launch Poison Fountain to corrupt AI training data
• Reported Instagram data breach exposed personal details of 17.5 million users
• Industry Insiders Launch Poison Fountain to Corrupt AI Training Data