183 comments

[ 0.23 ms ] story [ 236 ms ] thread
What is the use-case? Why should I have a PDF that looks scanned?
In the situations where you are supposed to manually sign and scan a printed out pdf, this way instead you can paste your signature with transparency onto it, reform as pdf and then make it looked scanned.
I believe because some organizations require "wet" signatures on documents, and ask to be emailed scans of those signatures.

This would assumedly let you use an image of your signature rather than printing and signing.

I really hope this isn’t real. I thought this was just a fun project.
Existence proof: I have personally encountered it. QED.
We just bought a home, and the bank required wet signatures on a few of the (then scanned) documents. This app would have saved me time.
But if the bank requires a wet signature and you try to pass off a non-wet signature as a wet signature, isn't that fraud?
Likely, but it probably ends up being "harmless fraud" and even if prosecuted the judge would be like "what?".

If the bank really cared, they would ask for the PDF and have you mail the wet signed documents in.

Likely the requirement for a wet signature is left over from earlier times (think fax machines) OR they are trying to ensure that the person actually signing is the person signed (in other words, YOU did the signature, not you asking your wife/broker/whoever to apply it for you).

This really happens, especially at big companies. The lack of logic in requiring a literal wet signature but then scanning and emailing the resulting document gets lost in the "but the policy says...". It's mostly been with compliance and security groups in my experience.
This is unfortunately entirely real.

A lot of companies in the EU are still refusing to accept eIDAS PDF signatures (which are actually verifiable, and required by EU and national law to be accepted for all purposes previously requiring a "wet" signature).

It is very real, unfortunately. I handles contract often and have clients who demands for wet signature, even during the pandemic. Majority of that coming from public sector.
Oh yes, this happens. A lot.
The crazy thing is everyone is carrying around devices that would provide much better proof than a "wet signature".

It is trivial to take a timestamped and geo stamped video in this day and age of a person agreeing to a contract, and yet the standard is still "signatures".

Meanwhile people are posting video clips of themselves and their locations all day on WhatsApp/instagram/tiktok/youtube/facebook.

For fun of the implementation, I imagine.

But you could use it to get one over people who insist on receiving (scanned) 'originals' or 'wet-ink signature's, by combining it with something like handwritten.js [0]..!

[0] - https://alias-rahil.github.io/handwritten.js/

At some point in my education, it was pretty common that some teachers sent us scanned PDFs instead of the original PDFs _or_ even more hilarious, gave us the printed scans of the PDFs.

I assumed that this software is basically a tongue-in-cheek reference to that, I had no idea this can actually have a practical purpose.

Some colleges require students to scan pages and submit them for their homework rather than simply submitting document files
I've also had to do something similar to "forge" supporting documentation for medical claims. In order to claim FSA money, I had to provide detailed invoices. My hospital, however, was a big Kafka fan. They would only provide invoices that had a date and an amount, and those would take about 8 months to arrive. In order to get a detailed invoice, you had to call...but the catch is that detailed invoices were no longer available after 6 months. After every service, I'd have to immediately call for the detailed version, but if there were any after-the-fact adjustments due to insurance, I'd never be able to get a detailed statement.

To remedy this, I'd doctor previous invoices, and then print, scan, and fax to hide any editing artifacts. Keep in mind, this is all to get my own money that I'd contributed to the FSA. After that year, I just stopped using the FSA because it was such a pain.

Wow what a pain in the ass.

The last FSA I had was the exact opposite. They put my FSA on a Visa card, then I went to the optometrist and forgot to use it and paid on my own credit card. A week later, I got a check in the mail from my FSA with a note basically saying "Hey, you could have used your FSA for that, so here's an automatic reimbursement."

EDIT: It may have been an HSA, not an FSA. I don't remember.

Oh, that's the best part. I did have the Visa, but for whatever reason they hospital never coded things properly, so I had to fall back to the manual reimbursement.
How did the FSA operator (or whatever they are called) know about the transaction, and so quickly?
Since it's on a card issued by the FSA provider (I also don't know the correct word), they see the transactions in real time. Data that accompanies the transaction lets them know that it's reimbursable medical care.
To comply with dumb signature requirements. I needed this a couple of times. Usually it goes like this. You fill out a PDF form electronically, and add the signature via Adobe. Then you email it.

A lot of the times the recipient will complain that the signature was not handwritten. They want you to print it, sign it and scan it again. So you do this trick to make it look like you followed this process.

This website is not the first one that tries to achieve this. But I would not trust uploading anything to a random Web server though.

I usually do it via command line. You can use ImageMagick (i.e via the 'convert' command) to achieve the same result. It's very handy.

was interested in how its handling the PDFs - looks like it uses magica (a wasm compiled imagemagick) to do the processing: https://github.com/cancerberoSgx/magica
Use PDF.js and magica to do the rendering and processing. You could see the credits in GitHub repo page.
the one feature it needs is the ability to add punched holes down one side, or optionally other binding techniques like spiral binding.
When I scan documents with my phone camera, it introduces some skew as well. Or it doesn't detect the edges accurately, cropping or padding the sides.
Cool idea, could you add some before/after samples?
If you click 'START SCANNING' and then click Preview, there is a sample document already.
just click on Start scanning to see example
There's an example PDF after clicking "START SCANNING" button. Maybe add more real-world examples.
Fun! It might be an idea to include an option for some form of over/underexposure or bleed.
(comment deleted)
Fun project. Thanks for sharing. Got a good laugh at this. Maybe add a “creased corner” feature and residual staple holes.
Would a residual ass print show up on scanned images? Asking for a friend.
Inserting fax headers and footers should be an option.
Very nice. On thing I would like to see a rotation range for multi page PDFs. A 10 page document won't all be identical rotation. One might be -0.2 and the next 0.3.
Good idea! A random distribution on rotation seems a more user-friendly way instead of setting 10 rotation values.
Obviously you need to randomly fold an edge and wrinkle a page too. Goddamn paper feeders.
It could, if the 10 pages are fed through a automatic feeding scanner which gives the same skew to all scanned pages.
It has happened to me that my nice and clean PDF was rejected because my signature was digitally applied. I can definitely see a use case for this!
Needs a way to add a plausible looking signature and handwritten date. Then I would actually use this.
This is awesome. I’ve been using a gist[1] for years when dinosorgs need a wet signature

1. https://gist.github.com/andyrbell/25c8632e15d17c83a54602f6ac...

The site's logic is nearly identical to this gist: use ImageMagick to do the rotate, noise, etc.
How is a web page app better than a shell script you can run yourself? Of course, any old port in a storm – if you can’t run a shell script, this is better. But if you can run things yourself, you should. A shell script will stay on your file system and not disappear in a couple of years when the original author either gets bored with it or decides to make it proprietary.
Mmmh the preview doesn't work for me with Firefox on Android. Or maybe it just takes too long? Nice implementation though! Thanks!
Great idea and props for shipping.

There's something extremely wrong with your implementation as it just takes too much to render every page.

I've done plenty of work in the past with both canvas and pdf.js (which is what you're using) and it shouldn't be that slow, at all. Perhaps you have a rogue loop that's calling a very expensive function on each pixel of every page, maybe?

Who knows, but for sure performance on that could be near real-time.

I didn't manipulate the data in pixel level. Maybe because I render PDF in 2x which causes 4x more pixels?
That could be the case yes, still I feel it should be better, let me do a quick test as I have some spare time.
The rendering logic is in `src/utils/pdf/renderPage.ts` and has only 26 lines.
Here's a very naive blur implementation (which is your most expensive operation there),

https://codepen.io/almosnow/pen/abEXBZP?editors=0011

(at the end of the blur pass it prints the elapsed time to the console)

You're right, it does get kind of slow at 2x, but not that slow, on my laptop it takes around 1 sec/page, while on your site takes 20-30 secs/page. Also, my very naive code does not take into account "warming up" and some other code optimizations to make the blur much faster, you could easily get it down to 100ms/page, I'm sure!

Best luck!

Oh! You mean the scanning speed. I thought you was talking about the original PDF preview. For now, scanning is using emscriptened ImageMagick Wasm. Due to the translation from C++ to Wasm, the scanning speed is very slow. Maybe re-writing blur, rotate and noise algorithm will speed up the scanning.
Ah, wasm... The site managed to almost kill my machine until the tab committed OOM suicide, I guess this explains why.
yeah even playing with the preview and using the sliders it's super slow apart from that it's amazing! Do some work on the perf pls.
You are right about performance, but does it really matter?

It feels like this is the sort of tool one needs (very) infrequently, and those cases don’t seem like the sort of thing where seconds really matter. I think it’s plenty good enough.

I prefer to focus on how grateful I am that the author has made this and published it for free.

I believe it does matter.

When one first opens the site and nothing happens for 30 secs. you assume that the pdf you're looking at is the actual result (that happened to me, at least), then the other one pops up and you're like ... ooooh I get it!

Most users wouldn't be as patient and just leave.

I wrote a similar program using PDF.js that renders near real-time (https://parepdf.com). You should be able to queue it up without too much trouble. If you’re doing pixel level manipulation, you want to make sure you’re finishing within the browsers frame budget.
Reminds me of patio11 talking about the phenomenon of having bureaucracy only accept wet signatures so services like this would help automate that.

https://twitter.com/patio11/status/1249630998788108288

I just had to do this dumb dance with TD Ameritrade. I did a coin toss on print/scan v.s. learning to do this with ImageMagick. Since I had a bunch of other deadlines to hit I wasted paper so they would accept my electronic submission.

Personally, from a workflow standpoint I'd prefer a PDF Printer driver that would add the effect. I'm sure the website is better for Mobile.

I reckon you could sell this, a PDF printer driver that fakes the "scanned" look
My biggest concern with an online service is privacy (either bad actors or the web app getting hacked). I used an online mortgage service that was fully paperless with the exception of a single document. Just ran it through a few imagemagick commands to add rotation, noise, contrast, etc. My home printer wasn't working so it was either that or buy a whole new one.
> My biggest concern with an online service is privacy

In this case it's all run client-side. You're still trusting that the code you're served wasn't maliciously replaced, but if you want to be careful you could run it in an incognito tab and temporarily disable your internet connection.

How would you download the payload without an internet connection?

Let's presume it is malicious, and the mere act of downloading the WASM starts an injection.

Ah, I was ambiguous about that, but I mean these steps:

1. load the site in an incognito tab

2. disable internet

3. run the conversion and download the result

4. close the incognito tab

5. re-connect the internet

Are there browser extensions that simply disable all future requests from being sent from the immediate tab?
In Chrome dev tools you can set the network throttling to "Offline".

In Firefox this is not possible (per tab), but at least you can set the entire browser to offline mode by clicking "File -> Work Offline"

It's possible for an extension to intercept and block requests, but as Kevin mentions in your sibling comment, it's not enough because they could write data to local storage and then read it later when you're back online if you ever visited that domain again. An extension would have to cover a lot of bases to ensure that data couldn't leak, and I wouldn't trust one to cover them all.
In Chrome, open the Inspector, go to "Netork", then in the dropdown that says "No throttling" choose "offline".
While this may work for unsophisticated attacks, wouldn't it still be possible for a more sophisticated adversary to do something more like store the document in browser local storage, and then later with internet access to post the contents?

I haven't spent a huge amount of time in the browser security space, but I do think there is quite alot of surface area if you give the browser session sensitive data.

If you are using an incognito tab, anything in local storage, cookies, even caches should go away. I am not 100% up on the details but I believe modern browsers are pretty strict about isolating incognito state.

You're right though in general, that's why the incognito tab is important.

This is correct, but you need to close ALL incognito tabs for storage to get wiped, not just the tab you loaded the site in.
That depends on the browser, I believe.
(comment deleted)
I mean, I considered this implied within the suggestion of using incognito mode.

In any event, it's an unrealistic attack vector. No bad actor is going to target 0.1% of edge cases when you could get enough damaging information from people who do not go through this process and remain connected to the internet.

Just making it clear for anyone that doesn't know. It's caught me off guard before.
Did you try this? Does not work with FF 99 in a private tab on macOS 12, at least for me. It stays stuck at "Rendering finished, waiting for processing".
I still have to deal with bureaucracy that requires wet signatures. I've tried a few tools like this one, but no bueno. They could tell it was "digitally signed".
That got weird fast (caution NSFW). It looks like an interesting project, but then it quickly devolved into a PDF filled with drawings of penises. Quite unexpected, glad I wasn't viewing it with my students in the room lol.
wet ink exists for a reason.

Some things are far too sensitive to ever touch a computer.

You can see a demo image if you click "Start Scanning"
It would be great if some more sophisticated effects can be added like blur with a gradient intensity to simulate the page being not perfectly pressed to the glass, and per page randomization
once i spent a few months trying to fool a website and their "fraud assessment team" into giving me a login. i was being asked to "give notarized copy of your business license" and what not. i tried all these things and more, went to the extent of making rubber stamps online, pasting images in random sizes, place and then pseudo scanning them.

sadly i ended up being busy in other work and they dropped the application because i hadn't submitted some "important" docs. oh well

Funnily enough, the site is blocked by my college's security software: "Access to this web page has been restricted due to Federal/State Legislation and/or official xxx College policies."
If only they were that smart… they probably have the “block all sites with no reputation information” option turned on… which is functionally “all sites the vendor hasn’t indexed yet” and hits brand new sites.
The philosophy of technology behind this is fascinating. The need is the clearest case of non-functional requirements I have ever seen. When a process owner brazenly does not care about the outcome, but cares only about forcing people to go through their arbitrary steps, it is to stamp their seal of authority and control upon the other.

As Bill Hicks says "Hey, pretend like you're working!"

Everything else is post-facto rationalisation. In other words, they'll dream up anything as a way to explain why you have to conform to their process, variously invoking "standard practice", "regulation", "security", with total disregard for the truth. It is the process with which they identify vicariously, are attached to, and are obliged to defend. The process owns them.

As for the solution. Funny as it is, it's an example of tragic new realm of digital technology whose purpose is to fake human agency, and create desired appearance over any actual reality.

I'm not just talking about spambots, or automated essay mills for students to buy their way to a degree one cheat at a time. These are what Douglas Adams called "Electric Monks". They believe in make-work bullshit so that real people don't have to. This is the future of AI, the adversarial workplace, a technological arms race around make-work wage-slavery which creates no tangible economic value; avatars that stand in for people remote working so they can sunbathe in the garden... like that little pecking bird that Homer Simpson gets to run the nuclear plant by pecking on the Y key.

Whoever can afford the best Electric Monks wins the game, because they will be able to free their attention for real life.

edit: italics

Great commentary. I'd add shamelessly that whoever can _build_ the best electric monks dominates the game. The price of developing them will be miniscule.

Really hoping AI ushers us into the resource based economy where humans are freed from rudimentary labor.

We have a word for it within the domain of philosophy and literature: Kafkaesque.
> We have a word for it within the domain of philosophy and literature: Kafkaesque.

I was thinking of something a little different and even considered specifically excluding Kafka and indeed Weber (I've read a lot of Franz Kafka but am a Cliffs Notes imposter on Max Weber) from my comment.

In The Trial, or Before the Law, the anxiety lies in not knowing the mind of a, possibly ambivalent, judging other. In modernity, Weber's modernity, it is spelled out in intricate, mind numbing detail, in reams of forms that must be gymnastically navigated. One step further in the direction I am describing is the officers of Jaroslav Hasek's Good Soldier Svejk In this incarnation bureaucracy is not an all-powerful force to be feared, it is a stumbling, stuttering, inconsistent fool of a thing that can be easily tricked. It brings tedium not anxiety. I'll wager many hackers relate to that experience of encountering systems.

That is what I mean by the vision of AI versus AI. Two broken retarded robots sprawling about in the mud while humans gather around in a circle and laugh. But the last laugh is on us for building them and getting enchanted by the spectacle.

Fantastic comment. You gave me both something to think about and research!
I've actually never seen the phenomenon through this lens, but I like it!

I think the clearest indicator that this is going on is when you can circumvent the process arbitrarily. Two example memories spring to mind:

In a visa office: "fill out form X, you can get one from the table over there" / "There are none left" / "OK never mind give me your passport and I'll stamp it".

At my Big Tech employer: "please fill out this document template detailing the update and version history of your service, for an audit" / "really? This looks time consuming and I don't really understand the the reason why you need it" / "OK, never mind then"

(Actually, at Big Tech I have found that replying along the lines of "really though?" is a very good first response when confronted with Processes. Sometimes when reporting bugs the template asks you to e.g. gather traces with browser extensions or whatever. I always say "I will do that if you first confirm that it will actually be useful for this bug" and haven't yet received such a confirmation)

touché!

But there is something about the aesthetic of such things, it's why the IETF RFC's (example https://www.rfc-editor.org/rfc/rfc8200.html) are made to look like typewritten pages even decades after typewriters stopped being in common usage. I am surprised that they don't "go all the way" with that look and also apply some simulated coffee stains, dog-ears, and stapling artifacts.

ASCII is read everywhere. Perfect to read standards on any machine since 1970.
Typewriters have hard line breaks. This aesthetic makes RFCs harder to read than necessary on the majority of consumer devices sold since 2012.

Form should match the shape of the medium, not fight it.

The html version looks pretty good even on my iPhone. The words are small but legible. The text version is zoomed in, but wraps unnaturally, and is hard to read. The pdf is hard to read, too zoomed out.

I think they did a pretty good job making a document that can be navigated as people are accustomed to, while adapting to the medium. The aesthetic is not without function.

Not all RFCs have a HTML version available, sadly.
It's not just the looks. That way it is possible to reference something by line and column.
No man, it's a deliberate look which sacrifices readability for some kind of retro-aesthetic whether they admit it or not. It's easy enough to reference things by section numbers.

And really, if they cared about being able reference things to the n-th degree, the figures would have been captioned and have their own figure-number instead of just sort-of "in there" like a paragraph (https://www.rfc-editor.org/rfc/rfc8200.html#section-4.4).

A Tulane student got a bunch of funding because he developed a stand-in for folks for zoom meetings. Logs in, records, transcribes, the works. He developed it so he wouldn’t have to attend lectures during Covid. What you’re describing reminds me of this project.

It’s also called “Buelr,” which really captures the energy of what you’re talking about.

https://finance.yahoo.com/news/ferris-bueller-inspired-produ...

> It’s also called “Buelr,” which really captures the energy of what you’re talking about.

Brilliant. Thanks for that. Exactly the kind of thing I'm thinking of.

Hey man you were the one with that brilliant write up. I saved your comment to review again later. Incredibly insightful stuff. Already passed it to a few coworkers.
I can't wait for this to show up in court the first time.