In the situations where you are supposed to manually sign and scan a printed out pdf, this way instead you can paste your signature with transparency onto it, reform as pdf and then make it looked scanned.
Likely, but it probably ends up being "harmless fraud" and even if prosecuted the judge would be like "what?".
If the bank really cared, they would ask for the PDF and have you mail the wet signed documents in.
Likely the requirement for a wet signature is left over from earlier times (think fax machines) OR they are trying to ensure that the person actually signing is the person signed (in other words, YOU did the signature, not you asking your wife/broker/whoever to apply it for you).
This really happens, especially at big companies. The lack of logic in requiring a literal wet signature but then scanning and emailing the resulting document gets lost in the "but the policy says...". It's mostly been with compliance and security groups in my experience.
A lot of companies in the EU are still refusing to accept eIDAS PDF signatures (which are actually verifiable, and required by EU and national law to be accepted for all purposes previously requiring a "wet" signature).
It is very real, unfortunately. I handles contract often and have clients who demands for wet signature, even during the pandemic. Majority of that coming from public sector.
The crazy thing is everyone is carrying around devices that would provide much better proof than a "wet signature".
It is trivial to take a timestamped and geo stamped video in this day and age of a person agreeing to a contract, and yet the standard is still "signatures".
Meanwhile people are posting video clips of themselves and their locations all day on WhatsApp/instagram/tiktok/youtube/facebook.
But you could use it to get one over people who insist on receiving (scanned) 'originals' or 'wet-ink signature's, by combining it with something like handwritten.js [0]..!
At some point in my education, it was pretty common that some teachers sent us scanned PDFs instead of the original PDFs _or_ even more hilarious, gave us the printed scans of the PDFs.
I assumed that this software is basically a tongue-in-cheek reference to that, I had no idea this can actually have a practical purpose.
I've also had to do something similar to "forge" supporting documentation for medical claims. In order to claim FSA money, I had to provide detailed invoices. My hospital, however, was a big Kafka fan. They would only provide invoices that had a date and an amount, and those would take about 8 months to arrive. In order to get a detailed invoice, you had to call...but the catch is that detailed invoices were no longer available after 6 months. After every service, I'd have to immediately call for the detailed version, but if there were any after-the-fact adjustments due to insurance, I'd never be able to get a detailed statement.
To remedy this, I'd doctor previous invoices, and then print, scan, and fax to hide any editing artifacts. Keep in mind, this is all to get my own money that I'd contributed to the FSA. After that year, I just stopped using the FSA because it was such a pain.
The last FSA I had was the exact opposite. They put my FSA on a Visa card, then I went to the optometrist and forgot to use it and paid on my own credit card. A week later, I got a check in the mail from my FSA with a note basically saying "Hey, you could have used your FSA for that, so here's an automatic reimbursement."
EDIT: It may have been an HSA, not an FSA. I don't remember.
Oh, that's the best part. I did have the Visa, but for whatever reason they hospital never coded things properly, so I had to fall back to the manual reimbursement.
Since it's on a card issued by the FSA provider (I also don't know the correct word), they see the transactions in real time. Data that accompanies the transaction lets them know that it's reimbursable medical care.
To comply with dumb signature requirements. I needed this a couple of times. Usually it goes like this. You fill out a PDF form electronically, and add the signature via Adobe. Then you email it.
A lot of the times the recipient will complain that the signature was not handwritten. They want you to print it, sign it and scan it again. So you do this trick to make it look like you followed this process.
This website is not the first one that tries to achieve this. But I would not trust uploading anything to a random Web server though.
I usually do it via command line. You can use ImageMagick (i.e via the 'convert' command) to achieve the same result. It's very handy.
was interested in how its handling the PDFs - looks like it uses magica (a wasm compiled imagemagick) to do the processing:
https://github.com/cancerberoSgx/magica
Very nice. On thing I would like to see a rotation range for multi page PDFs. A 10 page document won't all be identical rotation. One might be -0.2 and the next 0.3.
This is a fun project. If there was an option to have a Xerox effect, this could be fun for zinemakers too. I found a discussion where people were figuring out how to recreate GIMP's "Photocopy" effect in ImageMagick:
How is a web page app better than a shell script you can run yourself? Of course, any old port in a storm – if you can’t run a shell script, this is better. But if you can run things yourself, you should. A shell script will stay on your file system and not disappear in a couple of years when the original author either gets bored with it or decides to make it proprietary.
There's something extremely wrong with your implementation as it just takes too much to render every page.
I've done plenty of work in the past with both canvas and pdf.js (which is what you're using) and it shouldn't be that slow, at all. Perhaps you have a rogue loop that's calling a very expensive function on each pixel of every page, maybe?
Who knows, but for sure performance on that could be near real-time.
(at the end of the blur pass it prints the elapsed time to the console)
You're right, it does get kind of slow at 2x, but not that slow, on my laptop it takes around 1 sec/page, while on your site takes 20-30 secs/page. Also, my very naive code does not take into account "warming up" and some other code optimizations to make the blur much faster, you could easily get it down to 100ms/page, I'm sure!
Oh! You mean the scanning speed. I thought you was talking about the original PDF preview. For now, scanning is using emscriptened ImageMagick Wasm. Due to the translation from C++ to Wasm, the scanning speed is very slow. Maybe re-writing blur, rotate and noise algorithm will speed up the scanning.
You are right about performance, but does it really matter?
It feels like this is the sort of tool one needs (very) infrequently, and those cases don’t seem like the sort of thing where seconds really matter. I think it’s plenty good enough.
I prefer to focus on how grateful I am that the author has made this and published it for free.
When one first opens the site and nothing happens for 30 secs. you assume that the pdf you're looking at is the actual result (that happened to me, at least), then the other one pops up and you're like ... ooooh I get it!
I wrote a similar program using PDF.js that renders near real-time (https://parepdf.com). You should be able to queue it up without too much trouble. If you’re doing pixel level manipulation, you want to make sure you’re finishing within the browsers frame budget.
I just had to do this dumb dance with TD Ameritrade. I did a coin toss on print/scan v.s. learning to do this with ImageMagick. Since I had a bunch of other deadlines to hit I wasted paper so they would accept my electronic submission.
Personally, from a workflow standpoint I'd prefer a PDF Printer driver that would add the effect. I'm sure the website is better for Mobile.
My biggest concern with an online service is privacy (either bad actors or the web app getting hacked). I used an online mortgage service that was fully paperless with the exception of a single document. Just ran it through a few imagemagick commands to add rotation, noise, contrast, etc. My home printer wasn't working so it was either that or buy a whole new one.
> My biggest concern with an online service is privacy
In this case it's all run client-side. You're still trusting that the code you're served wasn't maliciously replaced, but if you want to be careful you could run it in an incognito tab and temporarily disable your internet connection.
It's possible for an extension to intercept and block requests, but as Kevin mentions in your sibling comment, it's not enough because they could write data to local storage and then read it later when you're back online if you ever visited that domain again. An extension would have to cover a lot of bases to ensure that data couldn't leak, and I wouldn't trust one to cover them all.
While this may work for unsophisticated attacks, wouldn't it still be possible for a more sophisticated adversary to do something more like store the document in browser local storage, and then later with internet access to post the contents?
I haven't spent a huge amount of time in the browser security space, but I do think there is quite alot of surface area if you give the browser session sensitive data.
If you are using an incognito tab, anything in local storage, cookies, even caches should go away. I am not 100% up on the details but I believe modern browsers are pretty strict about isolating incognito state.
You're right though in general, that's why the incognito tab is important.
I mean, I considered this implied within the suggestion of using incognito mode.
In any event, it's an unrealistic attack vector. No bad actor is going to target 0.1% of edge cases when you could get enough damaging information from people who do not go through this process and remain connected to the internet.
Did you try this? Does not work with FF 99 in a private tab on macOS 12, at least for me. It stays stuck at "Rendering finished, waiting for processing".
I still have to deal with bureaucracy that requires wet signatures. I've tried a few tools like this one, but no bueno. They could tell it was "digitally signed".
That got weird fast (caution NSFW). It looks like an interesting project, but then it quickly devolved into a PDF filled with drawings of penises. Quite unexpected, glad I wasn't viewing it with my students in the room lol.
It would be great if some more sophisticated effects can be added like blur with a gradient intensity to simulate the page being not perfectly pressed to the glass, and per page randomization
once i spent a few months trying to fool a website and their "fraud assessment team" into giving me a login. i was being asked to "give notarized copy of your business license" and what not. i tried all these things and more, went to the extent of making rubber stamps online, pasting images in random sizes, place and then pseudo scanning them.
sadly i ended up being busy in other work and they dropped the application because i hadn't submitted some "important" docs. oh well
Funnily enough, the site is blocked by my college's security software: "Access to this web page has been restricted due to Federal/State Legislation and/or official xxx College policies."
If only they were that smart… they probably have the “block all sites with no reputation information” option turned on… which is functionally “all sites the vendor hasn’t indexed yet” and hits brand new sites.
The philosophy of technology behind this is fascinating. The need is
the clearest case of non-functional requirements I have ever
seen. When a process owner brazenly does not care about the outcome,
but cares only about forcing people to go through their arbitrary
steps, it is to stamp their seal of authority and control upon the
other.
As Bill Hicks says "Hey, pretend like you're working!"
Everything else is post-facto rationalisation. In other words, they'll
dream up anything as a way to explain why you have to conform to
their process, variously invoking "standard practice", "regulation",
"security", with total disregard for the truth. It is the process
with which they identify vicariously, are attached to, and are obliged
to defend. The process owns them.
As for the solution. Funny as it is, it's an example of tragic new
realm of digital technology whose purpose is to fake human agency, and
create desired appearance over any actual reality.
I'm not just talking about spambots, or automated essay mills for
students to buy their way to a degree one cheat at a time. These are
what Douglas Adams called "Electric Monks". They believe in make-work
bullshit so that real people don't have to. This is the future of AI,
the adversarial workplace, a technological arms race around make-work
wage-slavery which creates no tangible economic value; avatars that
stand in for people remote working so they can sunbathe in the
garden... like that little pecking bird that Homer Simpson gets to run
the nuclear plant by pecking on the Y key.
Whoever can afford the best Electric Monks wins the game, because they
will be able to free their attention for real life.
Great commentary. I'd add shamelessly that whoever can _build_ the best electric monks dominates the game. The price of developing them will be miniscule.
Really hoping AI ushers us into the resource based economy where humans are freed from rudimentary labor.
> We have a word for it within the domain of philosophy and
literature: Kafkaesque.
I was thinking of something a little different and even considered
specifically excluding Kafka and indeed Weber (I've read a lot of
Franz Kafka but am a Cliffs Notes imposter on Max Weber) from my
comment.
In The Trial, or Before the Law, the anxiety lies in not knowing the
mind of a, possibly ambivalent, judging other. In modernity, Weber's
modernity, it is spelled out in intricate, mind numbing detail, in
reams of forms that must be gymnastically navigated. One step further
in the direction I am describing is the officers of Jaroslav Hasek's
Good Soldier Svejk In this incarnation bureaucracy is not an
all-powerful force to be feared, it is a stumbling, stuttering,
inconsistent fool of a thing that can be easily tricked. It brings
tedium not anxiety. I'll wager many hackers relate to that experience
of encountering systems.
That is what I mean by the vision of AI versus AI. Two broken retarded
robots sprawling about in the mud while humans gather around in a
circle and laugh. But the last laugh is on us for building them and
getting enchanted by the spectacle.
I've actually never seen the phenomenon through this lens, but I like it!
I think the clearest indicator that this is going on is when you can circumvent the process arbitrarily. Two example memories spring to mind:
In a visa office: "fill out form X, you can get one from the table over there" / "There are none left" / "OK never mind give me your passport and I'll stamp it".
At my Big Tech employer: "please fill out this document template detailing the update and version history of your service, for an audit" / "really? This looks time consuming and I don't really understand the the reason why you need it" / "OK, never mind then"
(Actually, at Big Tech I have found that replying along the lines of "really though?" is a very good first response when confronted with Processes. Sometimes when reporting bugs the template asks you to e.g. gather traces with browser extensions or whatever. I always say "I will do that if you first confirm that it will actually be useful for this bug" and haven't yet received such a confirmation)
But there is something about the aesthetic of such things, it's why the IETF RFC's (example https://www.rfc-editor.org/rfc/rfc8200.html) are made to look like typewritten pages even decades after typewriters stopped being in common usage. I am surprised that they don't "go all the way" with that look and also apply some simulated coffee stains, dog-ears, and stapling artifacts.
The html version looks pretty good even on my iPhone. The words are small but legible. The text version is zoomed in, but wraps unnaturally, and is hard to read. The pdf is hard to read, too zoomed out.
I think they did a pretty good job making a document that can be navigated as people are accustomed to, while adapting to the medium. The aesthetic is not without function.
No man, it's a deliberate look which sacrifices readability for some kind of retro-aesthetic whether they admit it or not. It's easy enough to reference things by section numbers.
And really, if they cared about being able reference things to the n-th degree, the figures would have been captioned and have their own figure-number instead of just sort-of "in there" like a paragraph (https://www.rfc-editor.org/rfc/rfc8200.html#section-4.4).
A Tulane student got a bunch of funding because he developed a stand-in for folks for zoom meetings. Logs in, records, transcribes, the works. He developed it so he wouldn’t have to attend lectures during Covid. What you’re describing reminds me of this project.
It’s also called “Buelr,” which really captures the energy of what you’re talking about.
Hey man you were the one with that brilliant write up. I saved your comment to review again later. Incredibly insightful stuff. Already passed it to a few coworkers.
183 comments
[ 0.23 ms ] story [ 236 ms ] threadThis would assumedly let you use an image of your signature rather than printing and signing.
If the bank really cared, they would ask for the PDF and have you mail the wet signed documents in.
Likely the requirement for a wet signature is left over from earlier times (think fax machines) OR they are trying to ensure that the person actually signing is the person signed (in other words, YOU did the signature, not you asking your wife/broker/whoever to apply it for you).
A lot of companies in the EU are still refusing to accept eIDAS PDF signatures (which are actually verifiable, and required by EU and national law to be accepted for all purposes previously requiring a "wet" signature).
It is trivial to take a timestamped and geo stamped video in this day and age of a person agreeing to a contract, and yet the standard is still "signatures".
Meanwhile people are posting video clips of themselves and their locations all day on WhatsApp/instagram/tiktok/youtube/facebook.
But you could use it to get one over people who insist on receiving (scanned) 'originals' or 'wet-ink signature's, by combining it with something like handwritten.js [0]..!
[0] - https://alias-rahil.github.io/handwritten.js/
I assumed that this software is basically a tongue-in-cheek reference to that, I had no idea this can actually have a practical purpose.
To remedy this, I'd doctor previous invoices, and then print, scan, and fax to hide any editing artifacts. Keep in mind, this is all to get my own money that I'd contributed to the FSA. After that year, I just stopped using the FSA because it was such a pain.
The last FSA I had was the exact opposite. They put my FSA on a Visa card, then I went to the optometrist and forgot to use it and paid on my own credit card. A week later, I got a check in the mail from my FSA with a note basically saying "Hey, you could have used your FSA for that, so here's an automatic reimbursement."
EDIT: It may have been an HSA, not an FSA. I don't remember.
A lot of the times the recipient will complain that the signature was not handwritten. They want you to print it, sign it and scan it again. So you do this trick to make it look like you followed this process.
This website is not the first one that tries to achieve this. But I would not trust uploading anything to a random Web server though.
I usually do it via command line. You can use ImageMagick (i.e via the 'convert' command) to achieve the same result. It's very handy.
https://legacy.imagemagick.org/discourse-server/viewtopic.ph...
1. https://gist.github.com/andyrbell/25c8632e15d17c83a54602f6ac...
There's something extremely wrong with your implementation as it just takes too much to render every page.
I've done plenty of work in the past with both canvas and pdf.js (which is what you're using) and it shouldn't be that slow, at all. Perhaps you have a rogue loop that's calling a very expensive function on each pixel of every page, maybe?
Who knows, but for sure performance on that could be near real-time.
https://codepen.io/almosnow/pen/abEXBZP?editors=0011
(at the end of the blur pass it prints the elapsed time to the console)
You're right, it does get kind of slow at 2x, but not that slow, on my laptop it takes around 1 sec/page, while on your site takes 20-30 secs/page. Also, my very naive code does not take into account "warming up" and some other code optimizations to make the blur much faster, you could easily get it down to 100ms/page, I'm sure!
Best luck!
It feels like this is the sort of tool one needs (very) infrequently, and those cases don’t seem like the sort of thing where seconds really matter. I think it’s plenty good enough.
I prefer to focus on how grateful I am that the author has made this and published it for free.
When one first opens the site and nothing happens for 30 secs. you assume that the pdf you're looking at is the actual result (that happened to me, at least), then the other one pops up and you're like ... ooooh I get it!
Most users wouldn't be as patient and just leave.
https://github.com/rwv/lookscanned.io/blob/main/public/examp...
https://twitter.com/patio11/status/1249630998788108288
Personally, from a workflow standpoint I'd prefer a PDF Printer driver that would add the effect. I'm sure the website is better for Mobile.
In this case it's all run client-side. You're still trusting that the code you're served wasn't maliciously replaced, but if you want to be careful you could run it in an incognito tab and temporarily disable your internet connection.
Let's presume it is malicious, and the mere act of downloading the WASM starts an injection.
1. load the site in an incognito tab
2. disable internet
3. run the conversion and download the result
4. close the incognito tab
5. re-connect the internet
In Firefox this is not possible (per tab), but at least you can set the entire browser to offline mode by clicking "File -> Work Offline"
I haven't spent a huge amount of time in the browser security space, but I do think there is quite alot of surface area if you give the browser session sensitive data.
You're right though in general, that's why the incognito tab is important.
In any event, it's an unrealistic attack vector. No bad actor is going to target 0.1% of edge cases when you could get enough damaging information from people who do not go through this process and remain connected to the internet.
Some things are far too sensitive to ever touch a computer.
sadly i ended up being busy in other work and they dropped the application because i hadn't submitted some "important" docs. oh well
As Bill Hicks says "Hey, pretend like you're working!"
Everything else is post-facto rationalisation. In other words, they'll dream up anything as a way to explain why you have to conform to their process, variously invoking "standard practice", "regulation", "security", with total disregard for the truth. It is the process with which they identify vicariously, are attached to, and are obliged to defend. The process owns them.
As for the solution. Funny as it is, it's an example of tragic new realm of digital technology whose purpose is to fake human agency, and create desired appearance over any actual reality.
I'm not just talking about spambots, or automated essay mills for students to buy their way to a degree one cheat at a time. These are what Douglas Adams called "Electric Monks". They believe in make-work bullshit so that real people don't have to. This is the future of AI, the adversarial workplace, a technological arms race around make-work wage-slavery which creates no tangible economic value; avatars that stand in for people remote working so they can sunbathe in the garden... like that little pecking bird that Homer Simpson gets to run the nuclear plant by pecking on the Y key.
Whoever can afford the best Electric Monks wins the game, because they will be able to free their attention for real life.
edit: italics
Really hoping AI ushers us into the resource based economy where humans are freed from rudimentary labor.
I was thinking of something a little different and even considered specifically excluding Kafka and indeed Weber (I've read a lot of Franz Kafka but am a Cliffs Notes imposter on Max Weber) from my comment.
In The Trial, or Before the Law, the anxiety lies in not knowing the mind of a, possibly ambivalent, judging other. In modernity, Weber's modernity, it is spelled out in intricate, mind numbing detail, in reams of forms that must be gymnastically navigated. One step further in the direction I am describing is the officers of Jaroslav Hasek's Good Soldier Svejk In this incarnation bureaucracy is not an all-powerful force to be feared, it is a stumbling, stuttering, inconsistent fool of a thing that can be easily tricked. It brings tedium not anxiety. I'll wager many hackers relate to that experience of encountering systems.
That is what I mean by the vision of AI versus AI. Two broken retarded robots sprawling about in the mud while humans gather around in a circle and laugh. But the last laugh is on us for building them and getting enchanted by the spectacle.
I think the clearest indicator that this is going on is when you can circumvent the process arbitrarily. Two example memories spring to mind:
In a visa office: "fill out form X, you can get one from the table over there" / "There are none left" / "OK never mind give me your passport and I'll stamp it".
At my Big Tech employer: "please fill out this document template detailing the update and version history of your service, for an audit" / "really? This looks time consuming and I don't really understand the the reason why you need it" / "OK, never mind then"
(Actually, at Big Tech I have found that replying along the lines of "really though?" is a very good first response when confronted with Processes. Sometimes when reporting bugs the template asks you to e.g. gather traces with browser extensions or whatever. I always say "I will do that if you first confirm that it will actually be useful for this bug" and haven't yet received such a confirmation)
But there is something about the aesthetic of such things, it's why the IETF RFC's (example https://www.rfc-editor.org/rfc/rfc8200.html) are made to look like typewritten pages even decades after typewriters stopped being in common usage. I am surprised that they don't "go all the way" with that look and also apply some simulated coffee stains, dog-ears, and stapling artifacts.
Form should match the shape of the medium, not fight it.
I think they did a pretty good job making a document that can be navigated as people are accustomed to, while adapting to the medium. The aesthetic is not without function.
And really, if they cared about being able reference things to the n-th degree, the figures would have been captioned and have their own figure-number instead of just sort-of "in there" like a paragraph (https://www.rfc-editor.org/rfc/rfc8200.html#section-4.4).
It’s also called “Buelr,” which really captures the energy of what you’re talking about.
https://finance.yahoo.com/news/ferris-bueller-inspired-produ...
Brilliant. Thanks for that. Exactly the kind of thing I'm thinking of.