Sounds like there's pretty clear evidence present on the RightSignature site, but they really need to provide a way to verify a document without the site being up and intact. That certification page is basically worthless otherwise.
this is a lazy, clumsy editing attempt, done through a document registration service which exists to prevent exactly this and yet, you have to be an experienced nerd (eg https://en.wikipedia.org/wiki/Matthew_Garrett has a doctorate and decades of software development experience) who will jump through a bunch of hoops to even begin to build a case beyond he-said-she-said. And he still doesn't have a settlement or criminal conviction in hand, so he's not even half done... Or look at the extensive forensics in the Craig Wright case just to establish simple things like that they were edited or backdated to a legally acceptable level.
Meanwhile, the original PDF edit in question took maybe 5 minutes with entry-level PDF tools.
Please refer this to California's High Technology Theft Apprehension and Prosecution Program [1] and the FBI's Internet Crime Complaint Center [2]. San Francisco's Financial Crimes Unit [3] may also take interest. (Given RightSignature is owned by Citrix [4], I'd also consider flagging this to their GC [5].)
The facts of the case are also so plainly in your favour that you should be able to get a lawyer on contingency to go after the agency and potentially also landlord for damages.
Wouldn't a sha256 collision be impractical? Like wouldn't it be more compute than the couple grand a security deposit would be? SHAttered was in 2017 with SHA-1 and took 110 years of GPU equivalent compute.
It feels like just a mistake or an error with RightSignature? Like they uploaded the wrong doc, clicked the wrong button, and were confused on their side because the version they meant to send was at the top of the page?
Something similar happened to me recently. I was in Portugal for a year and a guy from the agency gave me fake electricity and water bills (he modified the bill PDFs). I found it out by using the pdf metadata too, but didn't go any further tha n that. We were able to make him pay back our money, but we didn't sue him.
I also found out that metadata can be overwritten. What is the best possible way to save yourself from these kinds of problems I wonder?
That's why important stuff is done in three copies -- one to each party and the third to a notary. Here the document signing service acts as such third party and it's the rare case where they have to show up and say which copy is legit.
It's also very rare -- I worked in a similar company for years and only heard of one case of disputed signing and none of disputed contents.
I would not count on a judge to read through technical mumbo-jumbo even if it's completely obvious to you how hashes work, it's probably not for them, so the company has to put a statement.
This is exactly why RightSignature is an expensive SaaS contract and not just something you can self host for cheap: providing somebody credible to testify which document was actually signed.
im wondering if printing to PDF basically just makes a PDF that is a screenshot of the original, and removes any sort of existing meta data or formatting
18 comments
[ 2.4 ms ] story [ 37.6 ms ] threadthis is a lazy, clumsy editing attempt, done through a document registration service which exists to prevent exactly this and yet, you have to be an experienced nerd (eg https://en.wikipedia.org/wiki/Matthew_Garrett has a doctorate and decades of software development experience) who will jump through a bunch of hoops to even begin to build a case beyond he-said-she-said. And he still doesn't have a settlement or criminal conviction in hand, so he's not even half done... Or look at the extensive forensics in the Craig Wright case just to establish simple things like that they were edited or backdated to a legally acceptable level.
Meanwhile, the original PDF edit in question took maybe 5 minutes with entry-level PDF tools.
Xournal++
https://web.archive.org/web/20250926012745/https://mjg59.dre...
The facts of the case are also so plainly in your favour that you should be able to get a lawyer on contingency to go after the agency and potentially also landlord for damages.
[1] https://oag.ca.gov/ecrime/httap
[2] https://www.ic3.gov
[3] https://www.sanfranciscopolice.org/stay-safe/crime-preventio...
[4] https://www.zdnet.com/article/citrix-acquires-rightsignature...
[5] https://www.bu.edu/alumni/profile/antonio-g-gomes-esq tony.gomes@citrix.com
It feels like just a mistake or an error with RightSignature? Like they uploaded the wrong doc, clicked the wrong button, and were confused on their side because the version they meant to send was at the top of the page?
Yes it's very convoluted, as everything with PDFs, but it's there.
Option A: Return the deposit themselves immediately (since they claim to be mere intermediaries, surely they can recoup from their client)
Option B: Provide full landlord details AND actively facilitate the return by compelling their client to comply with the law
The pdf-forgery and the back and forth with the agency is huge shaming fun, but the deposit is the goal.
I also found out that metadata can be overwritten. What is the best possible way to save yourself from these kinds of problems I wonder?
It's also very rare -- I worked in a similar company for years and only heard of one case of disputed signing and none of disputed contents.
I would not count on a judge to read through technical mumbo-jumbo even if it's completely obvious to you how hashes work, it's probably not for them, so the company has to put a statement.