For the curious:

How does this work

The evilDownloadUrl function works by internally creating a fixed-output derivation which outputs one of two known PDF files, both with the same SHA1 hash. This fixed-output derivation is allowed to access the network, and outputs one PDF file to represent a single 1 bit, and the other PDF file to represent a single 0 bit. This effectively leaks one bit of information from the internet in a non-reproducible manner.

evilDownloadUrl combines many of these 1-bit-leaking fixed-output derivations in order to download the entire specified file from the internet.

[…]

Due to the way this hack works, evilDownloadUrl is extremely inefficient. It performs one request to the URL for every bit (!!) of the file it is trying to download. For instance, if you were trying to download a 10 byte file, evilDownloadUrl would make 80 requests to the URL, and download the file 80 times.

That is so genius and dumb at the same time

Though in all seriousness, might that be an argument to retire support for SHA1? Is there a potential attack this could be used for?