Hacker News new | past | comments | ask | show | jobs | submit login
FalsiScan: Make it look like a PDF has been hand signed and scanned (gitlab.com/edouardklein)
939 points by tercio on Jan 21, 2022 | hide | past | favorite | 390 comments



I had another version of this at the DMV. They needed to see bills that offered proof of my residence (ie power/water/etc). Turns out they wanted them to be mailed to you, which wasn't going to work because I do paperless billing for everything. So I printed them out and tri-folded them as if it had been in an envelope.

People in front of me in line got turned away for using printed bills, but mine worked just fine.


Yes, they also do this for ID's, and for voter ID's. It's specifically created to prevent people whom don't have only 1 permanent address,with paper billing, being able to live their daily lives. I had to go to a local county courthouse 4 times to get a "realid" and to renew a driver's license. I had to call all sorts of people to get printed statements sent to me. It's incredibly ridiculous, I would call it completely contrary to the ethos of the United States, even. That as a citizen with all these forms of ID I still cannot readily operate as a citizen in my own country.


It's also designed to make sure that poorer people who don't have stable, permanent housing have a tough time


I think the mechanism is indirect. After 9/11, Congress wanted to make it difficult to falsify IDs. The optimization was to maximize the probability that an ID is real and correct if an ID is presented to board a plane. Unfortunately there’s was no constraint that the process shouldn’t prevent people from getting IDs or make it easy. Poor people don’t have enough of a voice for Congress to care.

Poor people are excluded via apathy not malice


I also know directly from people running state DMV offices (and also coincidentally or not, in the official GOP power structure) that there was a serious effort for drivers licenses from all states to be more standardized and validated by the process that became RealID.

This was around 1995-7, so 9/11 had zero infuence on the origin of this idea, although it likely helped provide justification for it.

That said, I find it mildly interesting that it took at least two decades to even begin to roll out from serious discussions in the corridors of power to actual changes affecting the drivers and voters.


I wonder if it took two decades because it was an unfunded rider to an Iraq war emergency spending bill added with next to no discussion in Congress. Yes, I'm annoyed, but I imagine the lack of enthusiasm many others shared at the time contributed to the dilatory implementation.


I'm pretty sure terrorists have access to both printers and the gimp. Requiring a mailed bill seems like it would only hinder people who are honest. I highly doubt terrorists are opposed to lying.


If you replace what GP wrote with:

> Congress wanted to pretend in front of the voters and the public that they were making it difficult ...

Then it makes sense


Apathy is the same as malice when done by politicians who are supposed to represent everyone, not just the 1% in their district/city/state


Actually poor people are well represented. Witness the trillions of dollars of debt the US is in, the countless duplicative entitlement programs subsidizing food, health care, housing, schooling, etc. Politicians don't get elected unless they give other people's money away to those who don't have it and the poor by definition do not have money to give away but they do vote. Sometimes like here a minor fraud prevention rule slips by like address corroboration but it quickly becomes obsolete because bureaucratic efficiency and modernism is not what government does best.


> Witness the trillions of dollars of debt the US is in,

Why do you assume that this debt went to the poor? There is quite a bit of evidence of welfare for the wealthy and large companies.

> the countless duplicative entitlement programs subsidizing food, health care, housing, schooling, etc.

Any figure for this? No mention of the stupidly large military spending or tax breaks?


You completely ignore multiple studies showing that in 80-95% of legislative actions, the action is the one favored by large corporations and NOT the action favored by people or poor people.

IOW, the US legislature is responsive to people and especially poor people only 5-20% of the time.


I wouldn't say it's intentionally designed to do this, but that it's a consequence. There's no good reason anyone would intentionally want to keep the poor poor, it's just bad design.


> There's no good reason anyone would intentionally want to keep the poor poor,

This seems naive to the point of being bizarre. Employers of lower skill and lower margin labor can get it cheaper if their prospective employees are more desperate and thus have less bargaining power. Low wages are the gift that keeps on giving because it keeps your prospective workers from saving enough to weather the risk of negotiating harder, quitting to look for better pay, etc.

If you look at places that have policies that seem to keep the poor down vs places less so, there's at least some clear correlation in terms of who the major employers with more influence in the state are -- those who rely more heavily on cheaper labor with lower profit margins, vs those who are much less exposed to that due to having higher profit margins or less of their costs come from commodity labor.

Just think about what the biggest businesses might be in say, Oklahoma versus New Jersey.

Another way to bring this point home, compare a middle class family in say, Mexico or India, to say, California or New York. Inequality is higher so the cost of basic labor is cheaper, which translates to people with the same middle class job in a place like Mexico or India being able to easily afford a lot more of the sorts of labor intensive services only wealthier people would have in much of the US, like a live in maid/cook, taking a long taxi trip to and from work 5 days a week, etc, stuff that a middle class person in the US would need to ration a lot more even if they do take some ubers here and there and eat out here and then.


There is, on the other hand, a strong incentive to keep poor people from getting ID. If you don't have ID you can still mostly do the peasant work that is required for those in power to stay in power but you can't remove them from power by voting because those in power are increasingly linking the ability to vote with the ability to get documentation which they are continuously working to make it more difficult for poor people to get.

Reap all the benefits of the slaves doing their work, avoid any of the downsides of having to actually listen to their needs.


Is this your true belief? Do you really 1: conceive of anyone without an ID as a "slave," and 2: believe that things like Real ID laws, which are broadly supported by 80% of citizens[0] are here just to keep the poor down?

This seems utterly inflammatory, and somewhat divorced from reality. I absolutely understand systems thinking, and specifically can see the argument for posiwid here, but even then... This sort of conspiracy thinking strikes me as profoundly not useful.

Before attributing laws requiring IDs to the evil evil overlords, first ask yourself why 80% of citizens approve of these laws? Is everybody just all working to keep a tiny group of people down? Might it instead be that complex systems have edge cases and people who are already on the margins of society hit these edge cases more? The reason I ask is because we can fix bugs, but obviously we can't fix a global conspiracy, so I'd really like to know which I'm dealing with. If it is a conspiracy this makes it seem like there's nothing I can do to solve the problem.

[0]: https://www.monmouth.edu/polling-institute/reports/monmouthp...


I concur that the GP was a bit dramatic in their use of the term "Slave," but they raised a valid point.

Voter suppression is a real thing in the United States. It's a strategy often used to hold and retain power by the minority (often richer, privileged) party

See https://www.aclu.org/news/civil-liberties/block-the-vote-vot...

> Suppression efforts range from the seemingly unobstructive, like strict voter ID laws and cuts to early voting, to mass purges of voter rolls and systemic disenfranchisement. These measures disproportionately impact people of color, students, the elderly, and people with disabilities. And long before election cycles even begin, legislators redraw district lines that determine the weight of your vote.

" The reason I ask is because we can fix bugs "..

These problems can be fixed, but they require effort by all citizens to vote and put pressure to make voting equitable.

Fortunately I live in New Zealand so our democracy is quite healthy, though it could always be better.


Purging voter lists is not suppression unless you view dead people or those who have moved out of the voting jurisdiction on the voting rolls as legitimate voters. No different than a company purging email or address lists of outdated names


> unless you view dead people or those who have moved out of the voting jurisdiction on the voting rolls as legitimate voters

Unless the purge is over-enthusiastic, with unrealistically high barriers to re-entry. It’s not a problem for someone who has all the documents and the time to jump through all the hoops (or someone to do it for them), and a sympathetic administration with an office close enough that you can go there without taking a day off. Assuming you have days off at all. It’s quite harder otherwise. The result is a disproportionally large fraction of “undesirables” (poor and living in specific areas) being disenfranchised.


But the fake IDs we had before Real IDs were also fine. Was there a lot of fraud with the fake IDs ? You had to give one address proof earlier, and now you need to give two. What's the advantage of that ? A lot of post 9/11 measures have questionable use (e.g., TSA). People approve all sorts of nonsense when they are not being rational.


Absolutely it's a sincere belief. "Slave" is hyperbole, but only just barely.

The link you posted indicates that 80% of people think it's reasonable to show ID at a polling station. I think you'd find that's a pretty common opinion on it's face because it's perfectly reasonable to show ID to do things like vote or get social security benefits or register property you own or all those government-y things.

The trouble comes when you hijack that perfectly reasonable expectation by then making ID preferentially difficult to get for certain classes of people. You don't need to trust that this is the case - it's apparent from the statistics. More than 10% of adult US citizens don't have ID. Why not? Because it takes time and money - you need to pay fees, you need to travel, you need underlying documents that can sometimes take hundreds of dollars of fees themselves to generate, etc. Politicians also can 'tune' what counts as ID to preselect the voters they want. TX for example, counts concealed carry cards as ID but does not count student IDs.

In fact, in 2014 the GAO itself found that strict photo ID laws reduce turnout by at least 2-3 percentage points on average with significantly higher proportions in economically depressed and racially diverse areas, and it's well documented that the people impacted by that lower turnout are overwhelmingly members of specific demographics that tend to vote for specific policies. That's a pretty big incentive to marginalize these people if you don't agree with those policies.

It's undeniable that for many of the most vulnerable and powerless members of society obtaining ID under the current regime is in direct conflict with simple survival, and is unlikely to be a priority. If we want to require ID for voting we should make the process of obtaining that ID require as little economic power as possible - a task that is easily within our grasp.


Please provide evidence of this? Lots of evidence in the form of entitlements to those of low income to the contrary.


How does this work? You don't just go to local city hall or similar office to get a free ID when you turn particular age (15 in my country)? What is required to get an ID?


What’s happening with voter suppression in the US today is contrary to that. Many people are petty and callous. It’s reality. They literally want everyone they don’t like to leave.


Yes they’ve been using the phrase “ensuring voter quality” to justify measures which essentially restrict access to voting for the poor.


I can’t help but see this as some sort of propaganda. Where’s the evidence this is a concerted effort against poor people?

You can’t do much in life without ID.


"You can’t do much in life without ID."

This is a common belief that, to me, displays a serious lack of knowledge of the breadth of human experience. It should not be hard to imagine how people who are some combination of very sick, old, lonely, disabled or poor can have their ID expire and then not get a new one for year after year. Yet people seem to constantly proclaim this as unthinkable or nonsensical, as if only their version of a lived life is believable.


Some countries make it work. The key is to make the mandatory IDs free and easy to obtain. It’s not that difficult. When I need to renew my ID here in <random European country> I need a 20 minutes appointment, any document can be printed there so there is no issue with pdf and no need to fake a mail. Nothing to pay as well.

For the driver’s licence it was even easier, I just had to upload a photo and a pdf bill as a proof of address on a government web server, and I had it in the mail 3 weeks later.

Voting is a fundamental right. If you are going to require IDs for it, it follows that IDs are a fundamental right, and making them arbitrarily difficult to obtain is capricious, discriminatory and should be considered unconstitutional in a sane democracy.


It's not just requiring ID, it's closing polling places, discarding mail-in ballots, and a whole host of techniques designed to "ensure the quality of voters". And these techniques disproportionately affect voters of color and the poor.

Also when I was a kid (20 years ago) no ID was required to vote. Actual voter fraud is incredibly, vanishingly rare. But the lie that it is common is used to drum up support for these regressive measures.

https://americanindependent.com/arizona-republican-john-kava...


Not to mention having biased election volunteers look at your ID and deem it fake or a "different signature." You can take them to court, but by then the election is over, so it doesn't matter. There's so many ways for the Republicans to corrupt the vote and they've had great success in doing so thus far, so why not go deeper down that path? Who is going to stop them? Democrats who even with a majority can't get a caucus going due to there always being conservative democrats who are pretty much republicans and loyal to republican causes.


I'm astonished that anyone would advocate for voting without some sort of Id. If you cant drink, drive or get a library card without an ID you shouldn't be able to vote. The Id laws that states do have on the books are incredibly liberal in what type of Id is acceptable to vote . Texas, a state lots of people are quick to assert has suppressive voter ID laws, doesn't even require a picture ID or original documents. In fact even a copy of a utility bill is acceptable: https://www.sos.state.tx.us/elections/forms/id/poster-8.5x14...


I'm not really advocating for it, but I am pointing out that for whatever reason this was apparently the way things were done in the USA for voting for a long time. So as astonishing as it may seem on the face of it, there is some historical precedent that it is actually a very normal idea.

But as I said, this is not just about IDs. There are a whole host of laws being introduced, typically by republicans, that do definitely have the effect of disenfranchising poor people and people of color, who tend to be the political opponents of the people introducing the laws.

Closing poll places for example. They will suggest closing down polling places in poor neighborhoods, using some extremely thin disguise over their motives. It seems obvious to any person who believes in one person, one vote, that the color of your skin or the amount of money in your bank account is no reason to degrade someone's ability to vote. But we see long lines at polling places, where some people have to stand in line for many hours to vote! An obvious failure of democracy.

And they strike voters off of voter roles, going after people with hispanic names for example, finding a "Rosalind Sanchez" and a "Rosa Sanchez" in some city and deciding, based on that information alone, that this is a "duplicate voter" and disqualifying one voter's vote from being counted.

There is a transparent effort to block people from voting, and voting with ID is used as a talking point to steer the conversation away from the more egregious side of their efforts.


It gets weird as an expat. I can’t get a realID because I don’t have an address in my “resident” state (the one I file a tax return in every year). When I visit and use my old drivers license people tell me it’s fake. So I go and come back with my passport. They’ve never seen one of those before, so they start to get cagey. I ask if my sharing my old military id that is expired might help them believe I am who I say I am and that I was born on X date. Sure, they say. But it’s expired so they don’t care. We return 20 minutes later with a friend who can buy the alcohol.

Voting is looking like it’s getting even more convoluted for the next election. In all, I feel less and less like my home country even wants me to come back eventually.


And yet, gun permits (photo-less) are valid voting ID, and university IDs (with photo) are not.


> There's no good reason anyone would intentionally want to keep the poor poor, it's just bad design.

We need people to feel pressured into doing shitty jobs, if the poor get less poor maybe they won't flip burgers for minimum wage.


Wouldn't it be cheaper to just push forward with the robot thing rather than some decades-long (Real ID started in 2005 or 6) super-complicated social engineering project? If the goal is find a way to ensure burgers are flipped and toilets cleaned, wouldn't the rational idea be to invest in robotics and involuntary birth control technology, not try to ride herd on a giant mob of poor people who might turn on their "masters'" at any point?

For that matter, if you are one of the masters of the Universe, why do you even need the poor people who only interact with other poor people? If you were optimizing the world and were actually evil, wouldn't the world look a whole lot different than the uncoordinated mess we have today?

Why do "we" need people to feel pressured to do anything when frankly it's just easier to rule without a giant underclass you have to constantly fear?

It actively feels like everybody is looking for someone to blame for the state of the world when really the world is just the result of a whole bunch of people with a whole bunch of different hopes, plans, and dreams, many of which you might possibly disagree with.


Humans are cheaper than robots. You can make one run on about a bowl of rice per day.


> Wouldn't it be cheaper to just push forward with the robot thing rather than some decades-long (Real ID started in 2005 or 6) super-complicated social engineering project?

It’s not super complicated, it’s just the natural consequence of an elite in power wanting to stay that way. You can see it as some kind of class behaviour. It has been going on since as far back as we can see, e.g. in Ancient Greek and Roman societies. People are being replaced by robots, as soon as it makes financial sense. This itself is really not new, and has caused issues since the start of the industrial revolution (see the various textile labourers strikes over the last 2 or 3 centuries).

> If you were optimizing the world and were actually evil, wouldn't the world look a whole lot different than the uncoordinated mess we have today?

It’s uncoordinated because it isn’t actually a large conspiracy by a couple of evil masters of the world. It’s a result of everyone in a position of power acting it their own self interest over time.

> Why do "we" need people to feel pressured to do anything when frankly it's just easier to rule without a giant underclass you have to constantly fear?

Mechanisation has been a more and more realistic strategy, but this is very recent. You still need people to make stuff. Also, “the underclass” is not going to disappear on its own.

> It actively feels like everybody is looking for someone to blame for the state of the world when really the world is just the result of a whole bunch of people with a whole bunch of different hopes, plans, and dreams, many of which you might possibly disagree with.

Exactly. That, and the fact that some people’s hopes and dreams depend on them exploiting other people.


I really appreciate this response and will come back to say more when I'm awake, but just want to acknowledge that you have interesting stuff to say and I want to hear more. Thank you.


Who is "We" and how do they coordinate this? Poverty traps are emergent phenomena, not a conspiracy (Usually. Occasionally governments intentionally wage "war" on a group of people, but this is not the typical case.).


> Poverty traps are emergent phenomena, not a conspiracy

Except that when everyone knows what a poverty trap is, how they form, how to spot them, and what to do about them, and none of that gets done, we start to fall on the opposite side of Hanlon’s razor. It’s not like that scholarship is new or controversial, so why is this still a problem?


Everyone knows what lightning is, when it forms, what to do about it (go inside), and why it's dangerous. Yet still, somehow, people get struck by lightning. It's not like this knowledge is new or controversial, so why is this still a problem?

Does this clarify things a bit? I'd like to find a better rhetorical method than just swapping out terms, but it really does highlight the point here. Can we conclude that government is trying to kill people just because some people still get struck by lightning? Alternatively, what would the government need to do to prevent anyone from ever getting struck? Now consider all the different ways people can end up poor, and project this infrastructure out to ensuring that that can never, ever happen. Should we have better methods to handle it when it does? Probably! Does the fact that poverty traps exist mean that people explicitly set them up? Probably not!


Many poverty traps exist because they can be a lucrative enterprise. People in poverty are generally the most vulnerable to begin with.

Curbing people's ability to leverage poverty traps for profit in a capitalist system would reduce how many people get stuck in them.

In general, government legislation can and does directly affect poverty rates as well as who is most likely to be affected.

People will argue about the effectiveness and intent of government actions to ameliorate/impose poverty. Claiming that it is outside of a government's influence is nonsense.


You need ID to get that job flipping burgers. Two forms of it for the I-9. Though not proof of residency perhaps.

Once you have the job you can use the paycheck as proof of residency.



People just don't believe me when I tell them how hard it is to get an ID.

I can tell its all very well intentioned, I can understand how and why all the rules came to exist, it still has the net result of making the poor, poorer.


I would say in certain - often southern R states - this is done on purpose to make it harder to vote.


Some people do not believe in "rising tides", if you believe it's a zero-sum game you will want to keep people poor to keep yourself wealthy.


You haven't looked at one of the major parties very closely, then. They've got a 50 year history of doing exactly what you claim there's no good reason to do.


> There's no good reason anyone would intentionally want to keep the poor poor

That's not what Karl Marx said

https://en.m.wikipedia.org/wiki/Reserve_army_of_labour


The reason the poor are discriminated against is to keep them poor. It’s pretty straightforward and often so reflexively implemented that it leaves room for someone to falsely claim it’s an unintended consequence.


You're misguided if you think there is any sort of design behind this.

This is just bureaucracy expanding and slowly taking over a working nation.

The unproductive members of society slowly winning over the productive ones and setting up rules to justify their comfortable existence.

The same happened in most countries and won't die until the government itself dies (because a government never makes itself smaller) and a new society replaces it.


The poor man pays twice.


I don't think the process of getting an ID is optimal but it is not an excuse for having lax ID requirement rules either, which is an argument I often hear.


and more directly, to keep them from voting.


The point is to authenticate residency, and while it’s not a great system, there also isn’t any better alternatives.


If all this was for is to ensure you live at an address then the local government can offer a number of solutions to that. If they want mail, they can simply mail you a unique qr code which you could then scan and complete the process entirely online. Or at a minimum bring physically to an office.

A utility bill doesn't require proof of residency to get. Neither does a credit card statement. Infact if I were creative I could say I live anywhere and provide false documents of that. It is the legitimate use of this system that is difficult, not illigitimate use.

The system is not designed to be secure or to ensure residency, that's not it's purpose. Its purpose is to create further government control to suppress citizens rights to operate freeley in their own country. Specifically, to target low income individuals. These people creating the policies are not the same people whom are affected by them.

If I am U.S. born I have a right to operate in certain capacities as a citizen. Voting, owning land, and working are all rights unalienable. The fact this is not currently true is proof of the federal fascism we live in.


If you go to my local library and tell them you want a library card, but you don't have any ID, they ask you to give them your address. They send you a postcard, and when you bring it in, they'll give you a library card. No QR code necessary.

The USPS could function quite successfully as an ID system and a bank, were they allowed.


In fact postal services in many countries do function as banks. When I was a primary school student in South Korea, we all made a savings account at the local post office and learned about how banks work and the importance of saving money.


And indeed the United States Postal Service itself operated a savings bank system from 1911 until 1967: https://en.wikipedia.org/wiki/United_States_Postal_Savings_S...


I've never understood this. There doesn't seem to be a natural synergy between delivering mail and storing money. Is it just because post offices are everywhere? Why not make court houses banks? At least they would have security. Or town halls?

It just feels kinda random.


Because in some countries it is/was rather common to receive payments (most often pension payments) in cash that where delivered by the postman. That's why it makes sense in a way.


Few reasons (US Centric)

1. Court Houses are not everywhere like Postal offices

2. Court houses are not part of the Executive Branch, where as a Service like the Postal Service or banking would need to be part of the Executive Branch, not Judicial. A Better counter would be DMV or some other government service.

3. Court Houses are not nearly as accessible and are much harder to get in and out of due to their nature. Not consumer friendly

4. Court Houses by the nature have alot of criminals going in and out of them all the time, probably a bad idea to put money services in the same place....

for the record I do not support the idea of USPS being a bank either.


Post offices have to be able to handle money orders paid for in cash, so I guess they already have the infrastructure to do a significant subset of bank-like things. At least with respect to document authentication and cash management.

https://faq.usps.com/s/article/Money-Orders-The-Basics


This is what California did for RealID when they made a mistake early on. Federal government didn’t recognize one of two forms of verification California used and California mailed a post card to those affected. Was able to just go online with the code and verify receipt of the card.


Most countries whose postal service offered banking stopped.

Know why?


Wikipedia had a pretty good summary of implementation in different countries[0]. It seems most implementations are stopped because of privatization efforts, but the blurbs don't give much context.

I can see people having different opinions of this trend. What is your take on it?

[0] https://en.m.wikipedia.org/wiki/Postal_savings_system


I agree with everything you're saying, but disagree with the reason.

The US federal government has to be too loose about keeping track of citizens specifically to avoid looking too fascist. One of your many American rights is to have no ID at all. Protecting that right for two dozen people makes everything extremely complicated for the rest of us.


The federal government is not too loose in tracking citizens, and you cannot effectively operate in the U.S. without I.D of some form. Birth certificates and tax ID's are necessary for everything from school to work. Infact those that forgo it originally struggle as adults heavily to get those documents later, if at all.


It’s probably true that you can’t operate properly without an ID, and yet the US government is specifically avoiding the one necessary prerequisite to having reliable and convenient IDs: a complete list of its citizens, with place of residence and a mandatory assigned unique identifier.

It fuck people coming and going. You can’t get an ID if you don’t have a place of residence, and yet you can’t just go about your business without an ID.


> One of your many American rights is to have no ID at all.

Ha, if only. Everyone from FB to the NSA is keeping tabs on individuals in all aspects of life. There is no hiding in the US


The point isn't to prevent a skilled attacker. The point is to prevent casual lying and low-skill fraud. Most people who lie/cheat/steal do so because it's easy or because they're dumb. Your QR code idea will cost more money to implement and won't block skilled attackers either, as it doesn't take a genius to figure out a way to get mail from a mailbox you don't own.

Utility bills are the DMV's equivalent of a cheap lock. A smart attacker can pick the lock, and a determined attacker can cut it off. But the majority of thieves are walking around looking for unlocked car doors instead.

Do you really think DMV asks for a copy of a utility bill because it's a good way to suppress your rights? I would think that there are plenty of more effective ways to do so, if that were actually their goal.


Do you think low skilled fraud doesn't have access to a printer? If it cannot be implemented properly, then it shouldn't be done at all. It doesn't matter what good intent it may have had, in effect it is a suppression of individual rights. This entire process would be grounds for a civil war in the 1800's. Yet today we think being a citizen isn't enough to have rights. You have to be apart of a socioeconomics nomic class of people to have those rights.

The DMV complies with whatever regulations are imposed on them. Those rules are created by legislators whom are entirely disconnected from their constituents and are paid for their votes.


Yes, there are absolutely people who do not have the equipment or ability to fake a document.

> If it cannot be implemented properly, then it shouldn't be done at all.

Perfectionist fallacy. I can't think of any civic requirements that are perfect. We always compromise on perfection because our civic processes also have to be reasonable.


Implimenting it reasonably is properly. I did not say perfect.


> it doesn't take a genius to figure out a way to get mail from a mailbox you don't own

iirc stealing other people’s mail by tampering with a mailbox is a ~~felony~~ federal crime. If they threw out the mail and you went through their trash it might be different. I anal though.


And election fraud isn't a crime or even a felony? If one is going to commit one of those things, would the threat of another charge REALLY stop them?


You can also rent mailboxes, or use a friends. Neither of those are crimes.


And do you suppose nobody keeps track of who is renting that PO Box?


>they can simply mail you a unique qr code which you could then scan and complete the process entirely online. Or at a minimum bring physically to an office.

How is that any different than bringing any other piece of official mail that you receive at your home address?


Because it actually validates your address. Plenty of “official mail that you receive at your home address” can be accessed (or produced) without access to the listed address, but you can't spoof knowing information that you never received.


It would be reasonably easy to check my mail before I do every day.

Or maybe I conspire with someone that doesn't live here but wants to appear to live here (which can obviously also be done with utility bills).

I'm all for making it as easy as possible to vote, I'm analyzing the properties of the piece of mail that the government sends.


If you want to make it as easy as possible to vote, you can't have a permanent address requirement as such. As has been said, many, many people don't have one.


When you move to a new state, I suppose you don't fill in a bunch of forms to register yourself as a resident in the state then? So that when DMV and other institutions ask for residency they could just check back in the states records (or have you bring a copy of the state's residency certificate) ?

The state surely must know how to tax you, and thus they need to know who you are and that you're a resident in the state... It seems the information inevitably must be there already so why try to imitate that with a bunch of random tokens such as bills sent to an address where they could go straight to the source?

Just curious.


In the US, no, you don't need to fill out any forms to register yourself as a resident. The closest is probably moving your drivers license registration, which many people wait years to do after moving. Other than that, you generally prove residency by showing (as GP mentioned) bills mailed to you, or a copy of your lease.

You're responsible for filing your own state taxes based on when/how/where you worked.


> The closest is probably moving your drivers license registration, which many people wait years to do after moving.

Most states do require by law that you do this in a very short period of time after moving. (Although yes, it is not uncommon for people to violate this)


Only if you have a driving license and plan on driving.

I agree, it's quite odd that you never officially register as a resident of the state, but I guess it's part of the US's aversion to "papers please."


There's also the state v. federal political issue of the interstate commerce clause. Some municipalities in the pretty far past have tried to restrict people moving there by creating onerous registration barriers that were then struck down by the feds. They're allowed some leeway there, but there's a limit that they don't want to push and the feds are more than happy to enforce their power.

My state (CO) semi recently hit a morph of this concern because they had "pioneer" license plates that cost an extra $100 or so and were only available to people who could prove N generations of ancestry in CO. The feds struck that down as .gov services provided being dependent on state origin and therefore against the interstate commerce clause.


As a Colorado born kid, I always thought the pioneer plates were the ultimate form of the "Native" bumper sticker. Mind you, I think that basing your identity on where your mother happened to be when she gave birth is exceptionally stupid.

That said, Florida can take Rep. Boebert back at any point.


It’s also that there are different standards of requirements across the thousands of different government entities that care about residency. And there’s not much chance they’d agree.

My municipal tax authority and the US State department may have very different standards for validating “residency” and very different reasons for doing so.


Or voting. You typically register with the secretary of state to vote.


California requires you to register your vehicles within 20 days and firearms within 60 days of moving in-state.


I hope you mind me not asking but while I know on some general level how things work in the US the details are infinitely interesting the deeper I think about this.

You're responsible for filing your own state taxes based on when/how/where you worked.

This seems like having so many knots left untied, considering how much importance one might expect to be placed for a fundamental question such as residency.

The obvious case is that it seems like people could just move into a state and never tell anyone and omit paying taxes. While there must be mechanisms to prevent or curb this, it still probably applies to a non-trivial minority of so-inclined people already? Not an option for people who want to settle, of course, but for certain people, living some months or years anonymously in a particular state might be a viable opportunity.

Do counties / cities / towns also lack similar logging of identity? How can they offer public services to people if they really don't know who the people are, and most importantly, if the people are residents or not? Does everyone just keep showing their utility bills? How do they deal with the various John Smiths moving from place to place -- inevitably to addresses where another John Smith was living before as there will be collisions without an unique identity? Or does the driving license become the de-facto proof of residence once people move it over, and the driving license has a unique number to differentiate between individuals regardless of name and address?

I mean, for the state government there's an inevitable and pragmatic need for uniquely identifying the people who live in the state and if there's no central registry then this need will be approxximated by various mechanisms so that the society can function at all.

Conversely, let's say the government does track down residents who nobody officially knows about. If the state government really doesn't know who lives in that state how could they impose liabilities such as taxes onto people whose identity and location and length of official residence they don't know? If I move in with my friend who lives in another state at which point can I still say "I'm just visiting, no taxes me for, thank you" and if the state were to disagree how would they go about establishing I was a resident after all? How would I prove I'm still actually a resident in the old state (if I were) vs how could they prove I'm no longer a resident in the old state (if I weren't)? What is the mechanism that prevents me from living in two states and claiming always in one that I'm resident in the other state?


> check back in the state

I wish, but I don't think each of many departments talk or share individual's personal data between them, unless its collections or something. Like, DMV would not have access to one's tax status or details, and tax one's might not know one's driving license details. I wish the willpower & technology increases to make it happen.


But given how easy it is to foil, I don't understand what it "authenticates".

If you wanted to truly authenticate residency or at the very least prove that someone has access to the mailbox, sending them a one-time auth code per mail would be a better idea rather than relying on third-party services where people may use paperless billing for convenience.


I explicitly said it was not good authentication. :)

Mailing someone a code would be more secure but, to the parents point, would be even more onerous of a process for people to comply with.

Some comments above suggested above that this is an intentionally burdensome process, but to the contrary, bringing in a bill is one of the least burdensome ways to authenticate residency.


> bringing in a bill is one of the least burdensome ways to authenticate residency

My problem with this is how is the recipient supposed to authenticate said bill. Now we're talking about bringing a paper bill vs a printed one (or "faking" a paper bill by creasing/folding the printed one), but the real threat is fraudsters completely making up a fake bill to begin with. Unless the recipient has a relationship with the company that issues the bills, there is no way for them to verify whether the bill is real in the first place, making the whole endeavor pointless and only inconveniencing legitimate users.


Yes. There’s no question that a bill is a weak piece of evidence for residency. I am sure it only prevents low-effort or low-skill fraudsters, or casual fibs.

The latter is probably where they get the most utility out of these requirements.


Requiring people to print out a paper and fold it as if it had been in an envelope doesn't authenticate anything but access to a printer and some imagination. Just removing the requirement would be a better alternative.


I am referring to the requirement to produce a utility bill. Not the silly front-line bureaucratic interpretative variations thereof.


That's false. Many other countries have implemented simpler, more accurate, and less discriminatory systems.


> The point is to authenticate residency, and while it’s not a great system, there also isn’t any better alternatives.

"No-one important enough is bothered, so we haven't had to try to fix it" is a far cry from "there [aren't] any better alternatives". We're HN; that's not the hacker ethos.


RealID requirements were written in the past and exist in the present. While it would be great to have another solution, one doesn’t exist. Happy to hear a proposal, however. I, personally, haven’t been able to come up with a more equitable idea.


Why do you need to authenticate it in the first place? If people are discovered lying somehow, send them to jail. Otherwise, trust that people will be honest.

Fraud is not nearly the problem people think it is...


They could pay Google and Apple to tell them where you sleep, based on your phone GPS anyway.


>there also isn’t any better alternatives.

Of course there is. It's having a central resident registry like is common in most countries other than the US.


That is not an alternative for the DMV. There is no central registry and they can't create one.


As a counterpoint, I had no problem using a printed cell phone bill as evidence of residency at a California DMV.


You could give the cellphone company any damn address you want is the point. It proves nothing.


Isn't this just a consequence of inefficient government? These people don't get paid enough to care about their job to make a great experience for people. My friends working in government all say it's near impossible to get fired. It's why reasonable people try to not give more power to the government than they should.


I and my son both got RealIDs in California this year with printed bills after submitting the PDF versions online without any problem.


> I had to go to a local county courthouse 4 times to get a "realid" and to renew a driver's license.

If you have a passport... no need for a "real ID" driver license.

If you don't like having to carry that big book around, other solutions include a federal passport card (USD 65) [1]. Same size, so fits in wallet. Bonus is it does not have my address on it, nor does it show what state I live in.

If you're a legal non-citizen, you can use the passport of your home country (which you're required to have in the USA, and should carry with you when you travel anyway).

[1] https://travel.state.gov/content/travel/en/passports/need-pa...


Similar issue at our version of the DMV, the Traffic Department.

Had to provide proof of address and the only thing I had was the rental agreement with my landlord. But the copy I had was signed by me, but not countersigned by my landlord.

The clerk didn't want to accept it. I told him I could just walk out and fake a signature. He said that's OK and that he isn't a policeman. So I countersigned it in front of him. He paused and then accepted it.


> I told him I could just walk out and fake a signature. He said that's OK and that he isn't a policeman. So I countersigned it in front of him. He paused and then accepted it.

Well, I mean, forgery is a class C felony, at least in my state. If you had walked in with the signature on it, the clerk would have had plausible deniability. Your act of forging in front of the clerk took the plausible deniability away, making them complicit to a felony.

You're really lucky they accepted it. They had no good reason to take on that legal risk.


I'm quite sure he knew what would happen if he didn't accept it. I would rejoin the queue and use another counter.


I was worried about this when I got my RealID in CA, but I printed stuff out and took it in. I use heavy printer paper and I printed it in color on a laser printer, so maybe that's why it worked? Who knows. This policy is just insane.


"That's a note, right? You should fold it."[1]

[1]https://youtu.be/ppunAo8ckBc?t=174


It's so insane that this is the state of things. For some documents I have to sign they have to be printed out and signed with ink, and then scanned and not taken a picture of.

Why?

This is obviously way less safe than using digital signatures, which are bound to me by SSO. Anyone could sign any document with a fake signature that looks just like mine, it would be very hard for them to do a digital signature associated with my account.

I get so much paper mail it's insane. Paper mail that I'm supposed to respond to with more paper mail.

Fuck that.


It's intellectual laziness. Bureaucrats presume that paper, feeling more "solid" than a digital copy of something, is somehow more secure.

I've run across this many times when people use the word "best practices". The most safe thing is often breaking convention, so "best practices" becomes the unsafe thing everyone has done for years, even when it's _not_ industry standard or a good idea.


> They needed to see bills that offered proof of my residence (ie power/water/etc). Turns out they wanted them to be mailed to you,

What state? Certainly, that's neither in the Federal REAL ID requirements (more stringent than most preexisting state requirements) nor most states implementation of REAL ID (which can be narrower than what REAL ID allows.)

E.g., California, for REAL ID, requires documents (not necessarily bills, though those are among the things explicitly on the list of acceptable documents) that are printed (not necessarily mailed) and show the physical address.


I've made a couple attempts in the past to learn why proof of one's address was considered important in the REAL ID spec yet proof that is (and was in 2001) often easier to fake than obtain honestly is accepted. Each time I've come up short. Previous state IDs I got in two states did not demand any proof of my address that I can recall.

Is there a good explanation of the reasoning behind this requirement documented somewhere?


I would bet entire dollars it was some local person's interpretation of the requirements, rather than anything intentional at the legislative level.


Which is crazy, because those would be trivially easy to fake.

And then REAL ID is considered as reliable as a passport (except to fly internationally, of course), so you've bumped up the level of trust a huge amount with one simple edited printout of a bill.


When I was applying for driver's license, I could use a printed webpage of my bank report. Which is trivial to fake, because you can just edit the address in the HTML to whatever you like and print it. I could also use a renting agreement, which of course, is also trivial to fake since they don't verify with the landlord.

I think they just don't actually care where you live that much. And since they'll mail your card to that address, that place has to be associated with you somehow.


New York is possibly more lenient on these things, but after scrolling on the website I realized they allowed anything postmarked to you at the address. Fortunately I had just gotten a thank-you card in the mail with my name and address on it and that was accepted for 1 of 2 proofs of address for my RealID. And the second was just a form I signed that said I lived there, given to me by the DMV clerk when I was there.

I glanced at another state out of curiosity and it seemed stricter.


Get a color laser printer and print out whatever you’d like. Anybody that sees a crisp color printed paper will assume it was actually mailed to you.

Another tip if you need “proof of address” is to use any notice from your State that your license or other paperwork is expiring. They’re a government agency, the paper is printed on their letterhead, and it’s addressed to you at the address you’re already trying to establish!


Love this.

Also why does the DMV need a proof of residence? What if you live in a van?


If you do not have a physical address (e.g., live on a boat / in an RV), our local DMV will tell you to use the street address of a local homeless shelter.

This probably won't get you past the requirement of utility bills in your name at that address to get a "Real ID" that allows domestic flights without a passport, though.

Same thing for getting a PO box, you need a physical address first. The post office will tell you the same thing, to use the address of a homeless shelter.

The folks writing these laws do not live in vans, and do not care, nor even think about the impact of their actions on folks with alternative living arrangements / folks poorer than they are.


What if you're living in a van because #vanlife and you want to drive around the country nomadically for a couple years and not because you are actually financially qualified to be homeless?

Like, what if you are a millionaire living in a fancy RV driving around national parks for a couple years?


Then you get a mail forwarding service, which gives you a proper "permanent" mailing address. DDG for "rv mail forwarding" for many options.


Which doesn't fulfill the utility bill requirement.


Just get the utilities bills sent to your mailbox.

At the very least you can definitely get your bank statements sent there ...


The utility bills for the utilities you don't have? The whole point is you don't have a fixed address that requires utilities.


I’ve used my cell phone bill as my utility bill no problem.


Former van-denizen here. I always used friends' addresses (with their permission, for a limited amount of time) when I needed to get important docs or plates. Usually it's not too hard to find someone to let you receive some mail at their house. Utility bills were always a problem for me, but there are usually ways around. Proof of filing a tax return in-state is enough in most cases, even if you're not "at" that address anymore.


Then you rent a $500/mo bedroom somewhere, sleep in it once so it's not fraud to call it your residence, and have the roommates put the utilities in your name.

Now you have a residence address and utility bills in your name to your residence address, and you can get a driver's license there, just like a real boy.


Fair, but do people actually do this?

Is there a $100/mo closet I can rent for that purpose or does it have to be $500/mo bedroom? What's the smallest one can go?


People actually do this.

Do you really think wealthy people (who are naturally at risk of kidnapping, extortion, blackmail, threats against family, etc) have their driver's license address pointing to the place where their children sleep at night?

The DMV gives those records in bulk to third parties. It's as good as public. Additionally, every dumbfuck services vendor from a gym to a daycare to a doctor's office will demand to photocopy your ID card to provide service, and you can be damn well sure that they aren't doing a good job protecting that information. They're storing it on their malware-ridden front desk Windows computer along with everyone else's.

As far as $100/mo vs $500/mo: what's the difference? It's all under $10k/year. Who cares?


$400/mo invested in some shitcoins and NFTs could easily make you more than $10k/year.


The DMV typically needs a proof of residency because you're only allowed to have one state license - the one for the state of which you're a resident.


What’s inherently wrong with being licensed in multiple states?


> What’s inherently wrong with being licensed in multiple states?

Presenting, and having infraction points assigned to, different licenses for traffic offenses.

Using nonresident states to avoid license restrictions in the state of residency.


In many places in the US it's de-facto illegal to live in a van, in some places it's explicitly illegal. Even if the van is parked on private property it'd still be illegal to be your primary residence due to zoning. There are exceptions for RVs and boats because they have sleeping, cooking and toilet facilities (which are required to be built a certain way).


In many places your driver license is used as authoritative identification for many other things, and the assumption is that those things require this additional verification. I don't know, but I think registering to vote might be one of these things in some places (it's been a while since I registered).


Side note: Why don't we have national ID in the US?

I know many people don't want us to risk becoming a "show your papers" country, but A) We already kinda are (ever been pulled over?), and B) It just makes more sense to have something like ID be centralized, preferably with a much better model then SSN's.


There's a long weird history of this; the bottom line is that interest groups on all political sides hate it:

1. The ACLU-style left fear it will lead to more pervasive, easier surveillance, and more "papers please" style checks on poor people and immigrants.

2. The right hates it because it's an extension of government power, arguably a 10th amendment violation, and it would greatly simplify voting for people who traditionally vote democrat.

3. A nontrivial number of people believe (no-joke) that it would be a portent of the apocalypse, relating to the number of the beast in the book of revelation. This actually came up in a number of state legislatures as they standardized drivers licenses after 9/11.

The few polls I've ever seen actually say it's fairly popular with people, but those interest groups are non trivial.


There are federal IDs in the US, of several varieties. But people are not required to have one.

People mainly rely on their state drivers licenses because states regulate driving. (And most other day-to-day government interactions that require ID)

If you’re the authority asking for ID, you get to decide which one to ask for.


But SSN numbers already exist


Except knowing them is used as not just authentication, but authorization so you have to be careful using them as ID.

Also, there are collisions.


If you live in a vehicle/RV it can be hard to prove residence. I've used UPS Store boxes but most places have caught on to that and don't allow it anymore. I've been told you can use a homeless shelter as the residence and a box as a mailing address but haven't tried it myself.


What about other lesser-known private mail boxes?


They are all required to register as a personal mailbox company (PMB). States have DBs of these addresses and use them to filter out boxes.


In the states I've lived in, licenses and ids required proof of residency. If you can't prove you live in the state, you're not getting one.


That’s brilliant. Like a wholesome version of “mail fraud” ;)


Clever. Also remember to remove the printer headers and footers.


Is this recent? Which state? I just got my RealID in California in December, and tri-fold-free printed PDFs worked fine for me.


Interesting


I really hate dealing with my printer (or any printer for that matter), so I make pretty liberal use of my drawing tablet at this point. I import the PDF into Krita, use the ballpoint pen brush, and sign. I export to PNG, then use an imagemagick script to rotate it some random number between 1-3 degrees, and add noise onto it to look like a scan.

It's a pain, but it's still less annoying than dealing with a printer.


I have a png of my signature, and I just paste it into the pdf, and submit that. Haven't run into a complaint yet, and I don't have to print anything.


Just a couple months ago I had a couple of forms rejected with a note “needs wet signature”

They were for a 401(k) plan I was updating RMD choices. I got the PDF form from their site, filled it out in Preview, pasted my signature PNG, and used an app on my phone to fax it(!) to their number.

Got rejected. Had to actually print the damn things and sign them with a pen, scan them again with my phone’s camera, and re-fax them.

Was mildly infuriating.


As an HR administrator for a small business, this absolutely grinds my gears. According to every accountant and consultant I've ever talked to, the "wet signature" rule is enshrined in federal law (although I have yet to be able to find out exactly where). It applies to all brokerage operations (opening your custodial accounts); employee applications (even internal to your own company that never leave your own filing cabinet - keep in case of audit!); statements of information (form 5500) filed with the IRS (it's the only form you can't submit electronically - needs a wet signature?!). For everything else we deal with a saved drop-in signature in Acrobat works just fine. Almost not worth the employee's savings given their low participation rate and general ambivalence to the whole program.


Not sure if it's new, but I just recently filed a 5500 online. You can do it here: https://www.efast.dol.gov/welcome.html

But yes, dealing with brokerage forms that needed a wet signature faxed..


My mistake on the 5500 - we have a consultant / tax preparer that files the actual form for us, so it does look like the actual filing is electronic. What I was incorrectly remembering, it turns out, was that the authorization form for our consultant to electronically file needed a wet signature.


I printed, signed, scanned, and emailed Ameritrade. My scan was so good that it got rejected. They told me that digital signature is not accepted.


This has happened to me in the past. Now I always make sure to damage the paper and avoid putting it in the scanner straight. Bend a corner, wrinkle it a little, and select the image mode on the scanner to avoid the background looking too clean.


Add some fake coffee mug stains and lens flare :D


http://legacy.hanno-rein.de/hanno-rein.de/archives/349

For Latex documents, but same concept and a fun little add on.


Do you think it might have worked if you had run it through this FalsiScan program?


Yes, I bet it would have, and I wish I had heard about it then!

When I refaxed the forms, I just removed the PNG signatures from the PDFs first (leaving all other form fields typed in), printed them, signed them, made sure the two signatures were different in obvious ways (but still the "same"!), and scanned them at deliberately low resolution.

This program sounds like it automates all those steps.


Vanguard?

They're ridiculous with this. It's a huge pain with trusts.


SavingsPlus. They handle California's retirement programs.


How wet ? You could add a "splash" effect on top of the signature


Maybe a coffee cup ring?


I should probably do that. I've always hesitated because the paranoid part of me thinks they'll catch on to it being digital if I have to sign in ten different places and they see that the signature is literally identical for each one. My Krita solution, while annoying, allows for me to have a slightly different signature for each one, for each form I sign, allowing it to pass all but the most judicious level of forensics.

Granted, no one is going CSI on anything I sign. I should probably just make like ten pngs of my signature and paste those in.


I have three different signatures and a several versions of my initials loaded into Preview.app for use in signing PDFs because I don't want them all to look the same.


Preview is a killer app and it gets me though all sorts of situations., document signing (and doctoring), and PDF manipulation first and foremost.

Combined with notes.app which has some very nice features (document scan, share, to-do lists, reliable sync, adding of files, search etc) it is Apple at its best.


I do the same. I just have one saved. No one has ever complained, even when it's blatantly obvious that I didn't sign it by hand.

I figure even if they do complain, it doesn't matter. Its not like I don't have permission to do what I want with my own signature. The worst might be that they come back and say "sign it properly please" and then I have to go through the effort of printing it out and scanning it back in.


When we were buying a house back in 2009 (before electronic document signatures, which are the most amazing thing ever compared with the old way) we had to sign zillions of different pieces of paperwork going back and forth while making offers and so on. I was doing most of this during the day from the office, and all the paperwork had to be signed by both me and my wife.

So what I'd do was take the PDF, paste in my wife's signature, print it out, sign it myself, then fax it over. Never had any problems.


It depends on what you're signing. My letters of authorization to my bank require a "wet signature." Scanned or photographed and emailed is fine, but they want you to print and sign, and they've sent it back to me when they can tell I've used a digital stamp.

This product looks interesting, although the idea of me entering coordinates for the stamp instead of just stamping it in a GUI is not at all appealing...


I did my refi using that method till they realized i was using a digitized copy and sent over a person to collect wet signatures from me.


This, but with extra noise around the signature and with at least 4 unique copies, max number of times one has to sign full name a document (in my personal xp). Whomever is going to read it and check for digital, will probably check closer on the signed pages. Also make sure the signature isn't too perfect and not too regular on the ink :)


Ditto. I've been doing it 11 years at this point and it's never come back to bite me.


Ditto, had it only once that they complained the signature on separate documents was identical. Well, just wrote it down a couple more times in case I run into that again.


I do the same


There's also this website which I've used successfully with many bureaucracies.

https://www.scanyourpdf.com/


I've seen this one, I think it was on HN about a year ago, but a lot of the forms I've been signing in the last year have been stuff containing a fair amount of personal information (e.g. wife's immigration stuff, refinancing a house, banking annoyances, etc.). I can't really audit the code for an online service, and I find it unlikely that either Krita or ImageMagick are sending this information externally, considering both seem to work fine even without an internet connection.

EDIT: Clicking on it, I see the source code is available. If I can run it on my local box then this might be a little less nasty than mucking with the `convert` command.


https://news.ycombinator.com/item?id=23157408

Github repo: https://github.com/baicunko/scanyourpdf

But yeah, the security implications of uploading a PDF with your SSN and signature to a random website is, um, not good.


I'm not too enthusiastic about uploading personal information and a signature to a random website.


Years ago I user a good blue Ball pen and signed in a blank paper. I scanned this in high resolution, cropped, fattened the lines, removed background and saved it as a transparent PNG. I added this PNG as a stamp to my favourite PDF software and have signed many many documents. The thing to remember is to flatten comments after I stamped my signature onto the document.


You can actually sign a PDF this way just using Preview on MacOS.


I've signed and returned almost everything requiring a signature for years this way, you can even have multiple signatures (helpful when you need spouse to sign something too...) in Preview to speed up dealing with these kind of tasks. I've never once been asked to sign it with a pen instead, even for relatively complex transactions like houses/cars.

Because Preview lets you draw the signature using the TrackPad and a finger, I've had no difficulty making a very convincing replica of my actual signature in Preview.

While the linked tool may "look" more convincing with fake photocopy marks etc, for just signatures its not been necessary to go beyond Preview for me ever. In the US so much business is conducted on paperfree platforms like DocuSign etc that I don't think many people even notice the fact the signature is digital anymore, given platforms like DocuSign do more or less the same thing.


I had passport photos rejected due to my eyes being too shaded or something. One eye seemed a little darker according to the error messages. I tried taking new photos, including ones from I paid for (done at a pharamacy) and still failed.

In Preview I copied one eye and put it over my troubled eye, reversed. It worked.

I’ve been though face detection systems in various countries (US, UK, France) and I seem to get through ok.


I knew that, and I do run macOS, but the signature always looks "digital" to me. It's not bad, but with Krita and it's pen or pencil brushes, in combination with a decent drawing tablet (well, as decent as a Huion screen tablet is) with a pressure-sensitive pen, I can get something that looks outright indistinguishable to a physical signature.


Dare telling which exactly config for brushes do you use?


Nothing too crazy. There’s a built in ballpoint pen brush that I think looks pretty good. My tablet is pressure sensitive so it allows for the slightly uneven ink density that you get with cheap ballpoints.


Also iOS


I use Figma quite a bit for this. Just make my signature a component and drop it in where I need it.

Used to use Photoshop where I just made my signature a custom brush.

Disclaimer: I work for Figma.


I have a shell script based on ImageMagick that gives a PDF a "scanner" look. I typically open the PDF in Master PDF Editor to insert an image of my signature, then pass it through my script. When I do need it, it's rare, but it becomes a real life saver. It has avoided me the need to print and scan 100+ pages for a mortgage company, some stock brokers and banks. Key points of the script:

"+noise Random -fill white -colorize 95%" to add some noise to the image

"-distort ScaleRotateTranslate '$x,$y $angle'" to randomly shift horizontally and vertically the document, and randomly rotate it slightly

"-density 150" for a low-ish resolution so it better hides the fact the PDF wasn't really scanned

"-colorspace Gray" to make it black & white

"-quality 60" to increase JPG compression and somewhat reduce picture quality

  #!/bin/bash
  # Make a pdf look like it was scanned.
 
  if [ $# -ne 2 ]; then
      echo "Usage: $0 input output" >&2
      exit 1
  fi
  tmp="$1".scanner-look.tmp
  mkdir "$tmp" &&
  # without -flatten some PDF convert to a JPG with a black background
  convert -density 150 "$1" -colorspace Gray -quality 60 -flatten "$tmp"/p_in.jpg &&
  : || exit 1
  # each page is randomly shifted in the X and Y plane.
  # units seem to depend on angle of rotation in ScaleRotateTranslate?
  offset() { echo $(($RANDOM % 1000)); }
  for f in "$tmp"/p_in*jpg; do
      # each page is randomly rotated by [-0.5 .. 0.5[ degrees
      angle=$(python -c 'import random; print(random.random()-0.5)')
      x=$(offset)
      y=$(offset)
      convert "$f" \
        -blur 0x0.5 \
          -distort ScaleRotateTranslate "$x,$y $angle" +repage \
        \( +clone +noise Random -fill white -colorize 95% \) \
        -compose darken \
        -composite \
        ${f/p_in/p_out}.pdf || exit 1
  done
  # concatenate all the pages to one PDF
  # use "ls -v" to order files correctly (p_out-X.jpg where X is 0 1 2 ... 9 10 11 ...)
  pdftk $(ls -v "$tmp"/p_out*.pdf) cat output "$2" &&
  rm -rf "$tmp"


I have a script for the same purpose too, but I prefer a black-and-white 1-bit palette for that fax look. Here's my version -- note that it uses graphicsmagick, img2pdf, optipng, and pdftk. Also enforces A4 so some of you may want to change that. For fun it's doing the page processing in parallel to speed up a bit with large documents.

    #!/bin/bash

    # Adds a bad scanning effect to PDF files.

    if [ $# -ne 2 ]; then
      echo 1>&2 "Usage: $0 input.pdf output.pdf"
      exit 3
    fi

    convertPage() {
      # PDF filename in first parameter, page in second
      file=$1
      page=$(($2-1))
      png=$(printf "pdf2scan-page-%05d.png" $2)

      # Convert PDF page to black and white PNG
      gm convert -density 300 "$file"[$page] +dither -rotate 0.35 +noise Gaussian -type bilevel -fill white -fuzz 90% -colors 2 $png

      # Optimize PNG
      optipng -silent $png
    }

    export -f convertPage

    # Read number of pages
    pages=$(pdftk "$1" dump_data | grep NumberOfPages | sed 's/[^0-9]*//')

    # Loop through pages and convert in parallel
    for i in $(seq 1 $pages)
    do
      echo "$1":::$i
    done | parallel --eta --colsep ':::' convertPage {1} {2}

    # Create PDF from PNGs
    img2pdf -o "$2" --producer "" --pagesize A4 pdf2scan-page-*.png

    # Remove temporary files
    rm pdf2scan-page*
For a cleaner 1-bit look without noise and rotation, use "gm convert -density 300 "$file"[$page] +dither -colors 2 -type bilevel -fill white -fuzz 40% $png".


The 1-bit palette is a good touch. Making it use parallel(1) is a great and easy optimization. Nice!


Kind-of-related: I'm wondering if anyone can help me find a website I found a long time ago (probably through StumbleUpon, if that tells you anything about how long ago)

It was a "government document simulator." What you would do is upload a nicely scanned document, and it'd give you back a mis-alighed, crappy quality "scan" of that document, with random blotches and other visual noise. You know, like regular government/FOIA-received documents.

I feel like this is halfway there, if not more (so thank you!), but that website was so authentic.

I don't know if it's even around, but it made me giggle, and I'd like to find it again. If not--great startup idea!


Thanks for this!

"-flatten" results in all PDF pages being rendered into a 1 page PDF output. If "-flatten" is removed, I get a multi-page PDF output as expected. Thoughts?

EDIT: "-flatten" does what it is supposed to. Delete if operating on multipage PDF.


Weird. I could swear "-flatten" didn't behave like this years ago when I last used my script. But maybe I am misremember...

Edit: haha! The "-flatten" needs to be replaced with "-alpha flatten". This way, multi-page documents are still handled correctly, and alpha transparency is also handled correctly. I just tried on this sample file with transparent images: https://tcpdf.org/files/examples/example_042.pdf


Changing "-flatten" to "-alpha flatten" (without the double quotes) results in an error for me.

> convert: UnrecognizedAlphaChannelOption `flatten' @ error/convert.c/ConvertImageCommand/673.


Probably due to an older ImageMagick version. Try "-alpha remove" which should be more or less equivalent (I think)


Nice tool!

Though personally I just use something like Xournal++ to edit the PDF (add text, add a signature image, etc.) and then use the following command to "fake scan it":

convert -density 150 input.pdf -colorspace gray -blur 0x0.1 -sharpen 0x5.0 -level 10%,90% -rotate -0.5 -sharpen 0x1.2 output-scanned.pdf


I don't even bother with making it look like scanned. Just adding a png signature with Xournal and that's it. Mostly government requests it so they never cared enough to complain.


> For bureaucratic reasons, a colleague of mine had to print, sign, scan and send by email a high number of pages. To save trees, ink, time, and to stick it to the bureaucrats, I wrote this script.

I hear you, fellow Frenchman !


Don't know about different Jurisdictions, but from where I am - this has NO legal binding whatsoever. We have those gov issued digital, invisible signatures for that, embedded in our personal ID card. Whatever is properly signed with digital signature, the printed out page bears no legal force.

Anyway, businesses still like to do it this way ("Signing" pdf by applying some pixels). I wonder if it is just an inconvenience to overcome both for businesses and consumers that just write this off and don't bother that it is such a weak binding. It is like some dirty workaround/hack to put those silly signatures on digital documents to get stuff done.


In the US, the Uniform Electronic Transactions Act, passed by most states, clarifies that basically any sound or symbol or process is a valid electronic signature. This is in line with general contract law, under which any manifestation, written or verbal or even non-verbal, that would reasonably be understood as assent, is sufficient to form a contract. Of course, if you want a court to enforce that contract, you're going to have to prove that the other party did provide assent.


I don't know where you are at, but I know for a fact that a scan of a signed document is binding in the EU. As far as I understand it doesn't even have to be a scanned document, you can sing a digital document by adding an image of your signature or just using your finger and a touchscreen.

In the US from what I read[1] the situation is pretty much the same a scan of a signed document is binding as well as non cryptographic electronic signatures.

[1] https://resources.infosecinstitute.com/topic/legality-electr...


Even a spoken agreement is a legal binding. But it's always best to get it on paper, and if it's important, also use at least two witnesses.


This.

Generally speaking in most countries the civil law does not specify how the contract is supposed to be made. You can buy from the shop with just a nod of your head. Only some specific agreements have to be written down (and even fewer made in front of the notary).


Huh, I'm from EU. But what I remember from lectures on digital documents, they said something different. Will have to look up this stuff.


It has been four hours, OP is nowhere to be seen. I hope they're okay amidst all the legalese.

More seriously, do let us know what you find. I've heard both sides on this but the "verbal agreement is also binding (just gl proving it)" side is usually from better sources like an actual lawyer posting on a forum as opposed to a random boss making claims about signature requirements, for example.


> from better sources like an actual lawyer posting on a foru

Yeah, you're right. Please do not take me as an authority or lawyer on that matters. It's just what I think I know, but I may very well be wrong :)

What I read is that even informational documents are considered in court. However document that bears legal validity, must contain: document name, date, signature (with exceptions) and recipient.

However I did found a relevant quote:

> Section 5. > (1) A document shall be signed in one's own hand. A document of the organization shall be signed by the person whose position is indicated in the document. A personal signature reproduced in a paper document using technical means shall not ensure legal force of the document.

https://likumi.lv/ta/en/en/id/210205-law-on-legal-force-of-d...

But I'm not sure if print->sign->scan qualifies, as the signature itself isn't put there with technical means. But this rules out putting image as a signature on PDF.

This is not talking about e-documents. E-document states that it must be signed with secure electronic signature.

I know Latvian people are reading this too and this document is very helpful in that regard: https://www.tm.gov.lv/lv/media/7605/download


Interesting, thanks for sharing all this!

> Yeah, you're right. Please do not take me as an authority or lawyer on that matters.

Sorry I phrased my previous reply badly. What I meant is generally the two camps on this, that typically one of them seems to speak from a more knowledgeable position/perspective than the other. I did not mean to suggest that you are not knowledgeable!


I don't know where you live but in the EU eIDAS regulation sees a scanned document as a Simple Electronic Signature (SES). This is the most basic possible form of signing which is accepted.

So within the EU a scanned document is valid though the law does say the method used needs to be proportional to whats at stake.

[1] https://en.wikipedia.org/wiki/EIDAS


I've noticed that the court documents issued by civil courts in Turkey have electronic signatures with signed hashes for each of the signatories (judge, clerk and all else) in every document. To make people not freak out, they seem to have also added a PNG image of a slightly smeared generic wet-ink looking signature above the hash so it looks real on first sight. But if you look closely the signatures are all the same, and the signature says e-imza (e-signature) in cursive. Heh.

Another cool thing, the whole document itself does have a hash where you can go to the website of the ministry of justice and input the hash to verify the document. It was unexpectedly neat.


Comments in this sub-thread need to distinguish between two dimensions to a signature: is it capable of legally binding the signatory? In most cases, any format will do. Is it going to be easy to enforce (I.e., to prove it was you that signed, and not your dog headbutting your mouse?) That's a damn sight harder, and many forms of (legally valid!) E-signature might not be accepted for that reason. Depends how much assurance is needed in the circumstances.


I'm in the US and as far as I know, a digital signature is completely valid. [edit: ~it's the same way here.~ Misinterpreted parent comment.]

Yet Ford repeatedly insisted I print out the documents, sign them, and scan them. I tried a digital signature anyway - and they called me out on it.


"I tried a digital signature anyway"

Do you mean:

A) a cryptographic signature?

B) an image of your handwritten signature?

C) something else?

I think you and GP might be talking about different things.


Presumably B).

I’ve had many instances where people insist I print, sign, scan, rather than e-sign.

I too have put an image of my signature on the pdf rather than printing; I have had those both rejected and accepted.

I don’t have a printer and have been annoyed by this insistence greatly. Enough that seeing this post filled me with glee.


I meant B.


When companies ask for signatures to be done in a certain way, it’s often not because those things are a requirement to be a valid contract under the law, but because they want more evidence to support them should the contract be brought into question in court.

You could theoretically, in some cases, run a business on nothing but verbal contracts, but you would be foolish to do so because you’d have difficulty proving anything if it were disputed.


This is wrong, in the US an electronic signature can be just about anything. See my comment here https://news.ycombinator.com/item?id=30025456


What exactly is wrong? This doesn't contradict what I said. I agree my signature was valid without printing. It's frustrating that businesses do not.

edit: I see that I misinterpreted the parent comment. Sorry.


Yup, there was a literal act of congress that made e-signatures legally valid but it's not worth arguing with anyone who asks for an "ink" signature ime.


Same here. Real signatures on paper as well as cryptographic signatures are legally binding. Pasting a picture onto a PDF isn't but nobody wants to deal with the bureaucracy so they do it anyway. Getting a cryptographic token you can use to legally sign things is such a bureaucratic nightmare too, nobody wants to do it, including myself and I really like this stuff.


How does it work if you defraud someone using such a a PDF contract with a pasted signature?

You just get away with it because the contract wasn’t binding so there was no fraud, right?

I bet those “non-binding” contracts are actually much more binding than you might think.


Fax and autopen signatures are also valid. Make it look like a fax and you're golden.


This sounds really unlikely. Does your country also not honor any sort of verbal contracts?

Would a business agreement concluded over email not be binding? Can you get away with fraud by just tricking people into agreeing to use docusign?

If (not cryptographically) esigned contracts are not binding in your country, how does that not cripple law enforcements ability to combat fraud involving such contracts?

If I sell you a car and we use a contract like this, do I then get to keep both the car and the money? If not, how is that contract not binding?


Same over here! Only difference is that with our IDs/certs you usually have a visible cert block on the PDFs. You can get it to be invisible somehow, but that's a bit of a hassle.

But yes, anything that's not a proper digital signature might as well just be a random png pasted into a pdf. No legal binding power whatsoever.


For the software they provide us to sign documents, there is a checkbox when I sign PDF files - whether I want some overlay that indicated that it is digitally signed or not. Thats probably the user friendly part of digital signatures :)


Having moved from Germany to Austria I was pleasantly surprised that they have a functional national ID system that you can use to sign PDFs with a qualified electronic signature. Within Austria, they have been accepted everywhere so far.

https://www.handy-signatur.at/hs2/#!sign/single

When I tried sending such a document to a German insurance company, they refused to accept it. I ended up faxing the document :/


Usually sending them the following helps them be less stubborn:

> Gemäß Artikel 25 eIDAS-Verordnung hat eine qualifizierte elektronische Signatur die gleiche Rechtswirkung wie eine handschriftliche Unterschriftund wird in allen Mitgliedstaaten anerkannt.

Doesn't work always, but the times it doesn't I usually find a competitor that does prove to be more cooperative pretty easily!


At least in the federal state of Hesse a fax isn't considered safe: (German) https://www.heise.de/news/Datenschutzbeauftragter-Gaengiges-...


... anymore. It was seen as safe until the last old ISDN / analogue landlines were converted to VoIP ones, which was really not that long ago :D


For a project that you can use to actually sign (electronically of course) a PDF file or verify that a PDF file has a proper signature take a look a this:

https://github.com/spapas/pdf-sign-check

It uses org.bouncycastle and apache pdfbox and is completely open source. I'd be happy to help anybody that wants to use it in his organization!

We use it sucessfully in my organization (public sector in Greece) for some years; notice that to be able to sign you need to have a proper certificate for your organization.


Nice, but from my experience people don't know digitally signed PDF. They want paper with wet signatures or looking like wet signatures. On the other end of the scale I have seen pdfs signed with self created certificates or signed by mouse movement.


Yes, and in some contexts people seem to recognize digitally signed PDFs only when they “officially” processed by DocuSign, HelloSign, or a similar professional service.


Well it depends on the laws of each country. In my country (Greece) a digitally signed document is acceptable everywhere at least in the public sector. Actually it's illegal for a public servant to deny a digitally signed document!

No professional service is really needed to sign a document; it all depends on the acceptance of the certificate you use for signing by your government/laws. I.e you may need to buy a certificate from a trusted organization or you may need to generate a certificate from a public sector organization of your country.


This is actually an EU reglament, furthermore your Greek digital certificate should work everywhere in the EU! :) https://en.m.wikipedia.org/wiki/EIDAS


While eIDAS is absolutely stupid in how it defines electronic signatures (based on the wording, adding a picture of your signature would suffice), QES is not just any digital signature, as it needs to be coming from a certificate that's issued by a recognized CA and must be in a device that doesn't allow exporting the key.

Other than that, it's awesome not having to deal with this crap, though, public notaries are very unimpressed by this stuff.


Oh my goodness, I have dealt with a pedantic bureaucrat who rejected my signed PDF and insisted on the hand signature hahaha. So I printed the document out with my digital signature pasted twice, one below the other, and added a couple sharpie smudges to the bottom one before scanning to quietly “insist back” that there’s no difference between my manual and digital one. Regardless, The automaton was satisfied!


Preview on Mac OS can do this. You hold your signature up to the camera and then it creates an image you can add to any pdf.


Preview has to be one of the most under-appreciated apps on MacOS. It implements so much handy everyday functionality that requires third-party software on Windows. Or did, last time I used Windows (admittedly some time ago).


Yes, really. I use it all the time.

On feature that I use a lot in Preview is to combine pdf's. If you e.g. have a pdf invoice and want to combine that with the corresponding pdf receipt from the bank, I just open the two pdf files side by side in thumbnail view and just drag the pages (thumbnails) I want from one document to the other where I want to place them; rearranging the pages (thumbnails) later if I need to in the same thumbnail view. I am a huge fan of Preview! :-)


Recently learned about Ghostscript and man, it does PDF manipulation really fast. If you find yourself merging PDFs a lot, here you are:

    gs -q -sDEVICE=pdfwrite -o merged.pdf tobemerged1.pdf tobemerged2.pdf tobemerged3.pdf
Ghostscript is similar to ImageMagick in that it does so much that learning to do one specific thing is hard. But that line merged ~300MB of PDFs together in 20s on my M1. Doing that in Preview causes a beach ball.

I installed it with Homebrew, but the project home is yonder: https://www.ghostscript.com/


I love the integration with iOS as well. I was pleasantly surprised to find an option in Preview to use my iPad and the Apple Pencil for my signature. It even popped up some otherwise hidden UI on the iPad to do so.


Preview is the reason my personal, non-gaming computing is still on MacOS and not purely iOS. I'm not even joking.


Preview has an odd selection of functions, though. On one hand it allows you to do plenty of these functions that you mention, but otoh misses on very trivial stuff like "I'd like to make my image a bit larger so I could paste another one next to it".


Isn’t that just on the menu > adjust image size?


I mean, extend the canvas but keep the original image as it is.


Ahh, yes. I have wanted to do this too, and can’t. I suspect Preview isn’t the tool I’m supposed to use, even though it’s the ones I want to use as it doesn’t almost everything I want.


Exactly! It does everything BUT that, and because of that you have to go open a different app.


On Windows, everything requires a third party app. It's insane.

I wanted to convert XML to JSON. Well: Tough luck. Go download some app by some person from the store. We are sure it's completely safe!

Want to convert a video to a gif? Get another bloatware program.

There is so much command line stuff Linux users take for granted that Windows people struggle with every day.


on windows i find myself bouncing around a lot between pdf viewers, choosing between lightweight but feature sparse options (sumatra) and heavier, more featured programs (acrobat, foxit)

i've never thought about replacing preview.


I always use Preview to "sign" documents due to a lack of a scanner, but I've found in some cases, companies refuse to accept the document because they think it's not actually printed, signed with a pen, and then scanned...

Tools like this will skew and degrade the image in a similar way to a scanner so that it fits this ridiculous requirement


Have you tried signing a piece of paper with a pen and using Preview’s signature scan feature? It creates a very realistic looking signature in my opinion.


Yep, that is what I use. The signature itself looks completely handwritten (because it is), but the companies in question complain that it can't possibly be a handwritten signature because the document didn't look printed and scanned (???). It's slightly ridiculous, but not much I could do other than find a scanner/printer or "comply" with their document formatting requirement


Same. You don't need a camera, you can doodle a signature with a mouse and it's fine. I bought a house this way with no trouble.

It's funny to me to look at a company like DocuSign whose shares surged early on the in the pandemic because they expected a dramatic increase in need for digital signatures and then the price crashed when it turns out that signatures aren't actually useful and we can just live without them.


It is so handy, indeed! I really wish Apple spent some time to make users aware of things like this, which are baked into standard macOS software.


This issue this app attempts to solve is companies that insist on a scanned "wet" signature, and will send it back if it looks like you just pasted in your signature stamp.


I think the author of this tool is totally missing the point of the print/sign/scan legal hoop that one sometimes has to jump through. The law sometimes requires certain documents to be "in writing" and there is, unfortunately, a legal tradition tied to this that "in writing" means "physically on paper", which many lawmakers and bureaucrats unfortunately haven't managed to properly transition into the digital age.

However something that is quite a separate matter is the question of whether one needs to actually be in possession of that piece of paper. A scan of an original serves as proof that the original exists. ...and this is usually all that anyone requires for practical intents and purposes.

But: You're not supposed to do print/sign/scan, and then just throw away the original. You're kind of supposed to keep it in case you're ever asked by a court to produce it. The document partially loses its forensic value if no original can be produced.


If that's the point, why does nobody ever say to keep the original?

If the counterparty needs it, why don't they request you sign two copies and send them one? The idea that they would later want it for forensic evidence that you really did sign it seems odd: if it's in their benefit and you wanted it to not exist, and you're the one possessing that original copy... you can make it not exist.


I guess, when such administrative procedures are decided, then the kinds of considerations that go into it have to do with whether the document is more to your advantage or more to theirs. In a high stakes situation where the document is to their advantage (like you sign an employment agreement), they routinely will insist on having a signed original rather than just a copy or scan. In situations where the costs of dealing with paper originals outweigh the potential benefits, they might well not insist on having paper originals.

But, to come at it from the other side: If you want to make sure you can actually rely on the document in court, it's probably a good idea to keep originals and definitely a bad idea to use this FalsiScan tool.

The lowly-paid administrator who deals with you might not be able to detect the FalsiScan that you submit. But if something goes to court and it benefits them to undermine the forensic value of the document, then you might well find yourself faced with a digital forensics expert proving to the court that the document came from this FalsiScan tool. This opens the possibility that, for example, a third party with access to your computer that contains all the digital assets to create FalsiScans (like a scan of your signature) could have created the PDF.

It's not obvious that you would want to respond to that by saying "but I definitely definitely did use FalsiScan myself, meaning the PDF to represent my signature on the document".

If the other party can make it look like you purposefully sent something that would make it past their administrative procedures but would have questionable forensic value so that you could later have it thrown out in court, then you can no longer rely on the document yourself and could even be liable to damages that resulted from their relying on it.

If they can clear a slightly higher burden of proof in the general direction of fraud, they could even come after you criminally: Fraudulent creation of digital assets of forensic value (like scans of paper documents) is a criminal offence. -- At least in Germany; I don't know U.S. law that well.

That also applies to your original suggestion about making a document not exist whenever it serves your purpose for the document to not exist. ...that too is kind of a criminally relevant thing that you probably don't want to do.


I hate PDF's with a passion. Not once have I ever wanted to use one. All the pinching and zooming, such a waste of time. I'm giving this a shot next time I need one, the whole scanner thing needs to go. Are we stuck in the 90's?

Just bought another rental and it was an ordeal trying to find a scanner. Tried the college near me, was denied as you have to be a student. The library is closed down apparently. FedEx didn't have one. The one at the Office Depot was broken. I ended up driving 30 miles to a friends house to use theirs, which required driver upgrades since nobody had used it in a year. I don't understand the point of jumping through all these hoops.

I feel the same with credit card signatures, completely useless and has never once helped me with identity theft or fraudulent transactions. Now I just draw a horizontal line or smiley face.


If you have a basic handle on a GUI Bitmap editor such as Photoshop or GIMP, and you have a hi-resolution phone, you can just take a photo of the sheet as parallel as you can manage and then create a document that is the same dimensions and then use the warp tool to fit the likely skewed photograph to the exact digital document.


There's lots of apps that do it for you too. Scannable is one.


ha! As soon as I wrote that I thought "there's an app in that" and started mentally mapping out how it could work. I figured it'd need to be simple as possible, and even considered using the user's location to preëmpt the paper format choice :)

I'm not an app developer. Probably for the best.


> All the pinching and zooming, such a waste of time.

Sounds like what you really hate are mobile device displays.


When is the last time you had to pinch and zoom on a website? Text can reflow perfectly well, if you give the renderer the necessary information. With PDF, similar to PNG, you're specifically telling the renderer to put this pixel exactly over there and nowhere else, so it cannot nicely make it all be readable comfortably.

If mobile devices required zooming and panning to read anything, they'd not be popular at all, so they're apparently not where the problem lies.


A4 is the issue. Mobile friendly pdfs could be done, just stick bigger text on each page like a kindle does.


But then you have super narrow views on desktop, we don't want that either. What's wrong with just using the formats we already have for reflowable text, why bother trying to make PDF into something it's fundamentally made not to do?


Yeah good point. I think it’s that adobe stranglehold. “Never got fired for…” kind of thing.


Do you hate PDF's or do you hate scanned documents? How else should we send text or image documents in a portable format, MS Word? Google Docs?


(m)HTML (aka .eml). And it even supports multimedia !


Just take a photo next time, you can use Office Lens or Apple Notes.


Also Files on iOS has a document scanner hidden in the … menu.


Smart phone scanning apps are incredible. I’ve ditched a flatbed years ago and solely rely on my iPhone. It works like magic. The quality is good-to-great, and it fits well with my workflow. Worth the ten bucks or so investment.


Don't even need to spend $10 — the scanning is built into iOS, you can get to it from the Files or the Notes app, or even from your Mac (right-click somewhere and "Import from iPhone or iPad").


>Are we stuck in the 90's?

Since we accept signatures as proof of identity, we are really stuck in 3,000 B.C. [0]

[0] https://blog.thegrizzlylabs.com/2020/11/history-of-signature...


I was told by a convenience store clerk that it's best to simply write "SEE ID" in place of a credit card signature. In the event the card is stolen, or there is some doubt as to its user, perhaps the criminal would be stupid enough to actually show their ID.


Dropbox's mobile app includes a document scanning feature that seems to work well.


I recently learned that a cryptographic signing operation on a PDF is more or less bogus due to the complexity of the format. Every once in a while some researchers take a look and find a bunch of new ways to forge such things. I guess the root problem is that you end up signing a whole whack of stuff that you don't see or understand. That isn't ever going to work. I think that in practice you can only sign plain text if you want it to be secure.

So this really isn't any worse than the alternatives, at least for PDFs...


Signature_example.pdf in that repository is NSFW.


If that signature is NSFW, you might want to consider W'ing for another company instead.


Unless you've Gavin Belson.


See also: The license :D


It seems fine. It's just someone's initials => OlO


As is the readme.


Honest question: As long as you say you signed it, and you say it's your signature, does it matter how real it looks?


IANAL, but this depends on the jurisdiction. In some places (e.g. Ontario, Canada), e-signatures are fine; often this is because the law explicitly says they have the same effect as a "wet" signature. In this case, "looking real" doesn't enter into it.

In others (e.g. Denmark), you don't even need to sign - merely stating your intent to accept a contract, and having a clear record of that intention, is enough. In this case, again, "looking real" is a non-issue; you can even send an email in some cases.

In yet others, you will definitely be asked for a "wet" signature, and a digital signature is not considered legally acceptable. Here looking real could matter; if your signature is obviously non-physical, it may be refused.

This also varies by situation. In some places, banks want to see a wet signature, _and_ will compare it with an existing wet signature they have on file. In this case, it very much matters how real it looks, where "real" means "matches this other real signature". (Does this make sense? Arguably no, but that's the way it currently is.)


Singapore has this halfway thing which means some documents can be e-signed (purchase orders) but more “serious” documents like lease agreements need a wet signature.


I had to look it up when doing deals with someone in Japan, and Wikipedia (iirc) told me that specifically in Japan just scribbling over the pdf via the touchpad is not a legal thing—you have to do the paper dance. Judging from the comments here, France also doesn't encourage all-digital laziness.


And that raises the question for those of us that had to sign a bunch of documents when things were locked down: What purpose does the signature serve? It was a constant hassle that wasted a bunch of my time, and it ultimately was not a signature.


You are right, that it shouldn't make a difference technically.

I think the goal is to minimize the risk of someone rejecting your document because it looks photoshopped.


My go to these days is just open gimp -> use my tablet pen -> save again to PDF. I've never been questioned.


Yup, I just "sign" in Acrobat Reader using a signature image I scanned a long time ago, which should be pretty obvious to most people what I've done. But nobody ever complains.


Or use foxit reader to draw or put image as a signature on PDF: https://help.foxit.com/manuals/pdf-reader/foxit-reader-for-m...

I'm no way affiliated to foxit but that functionality there works. And saves trees.


If you have a Microsoft Surface you can just open PDFs with Edge, draw on them with the pen, and save them. It's such a nice feature!

Makes me actually like signing things. And it's also wonderful for sending feedback on stuff.


I use gimp for this. One layer the imported pdf, the next with my scanned signature from ... 1998? Position, scale to 1024 or so, export grayscale jpg with enough compression to create artifacts, done. The poorer quality the better, tends to make it seem more "legitimate."


I think I have witnessed the apogee of bureaucratic obsessions with printing and signing. I sent an email to what is similar to the IRS in my country and they answered by typing up the answer, printing it, signing and stamping it, scanning it and attaching it to the reply in my email.


What's the thing with the Penises in the readme and example pdf? Is this a joke?


Because the author is a child, and so am I, so I approve.

Ah yes, all of it is a joke, the example text is too. Which is fitting for the problem it is intended to solve.


That was substantially more penii than I was expecting to see today. On the other hand this whole project is a pretty funny troll tool, so fair play!


I still miss a coffee stain.


it could use a --coffee-stain


As someone living in Berlin, having to deal with German bureaucracy I can't thank you enough. Now it just needs a "send as Fax" button...:-)


I send "fax" via https://epost.de which is incredibly useful public authorities. You upload a PDF and they print it and send it as snailmail. Since they verify your identity, it has the legal status of a fax (is my understanding).


A similar absurdity is that most legal documents filed with the courts in the USA now use "conformed signatures" which means you just type your name and put /s/ next to it. That means you pretend you have a "wet signed" document somewhere to back it up, but in reality no lawyer is doing this.

https://www.cogencyglobal.com/blog/getting-document-signatur...

You can even sign your life away like this, especially as most notarization has now been replaced by systems like Verification by Certification.

https://www.ilga.gov/legislation/ilcs/documents/073500050k1-...

https://en.wikipedia.org/wiki/Sworn_declaration


Great, been using this https://www.scanyourpdf.com/ for very similar results (source: https://github.com/baicunko/scanyourpdf )


I know its open source, but do we really want to upload a (maybe sensitive) pdf to an unknown server? Because people will, when its in the form of a website.


This is really going to come in handy during the next real estate downturn (https://www.nolo.com/legal-encyclopedia/false-affidavits-for...)


Previous discussion: https://news.ycombinator.com/item?id=22811653

First comment posts a way to achieve something similar with imagemagick, which I've been using flawlessly since.


I built the same thing for the same reasons as a client side web app http://patmood.github.io/scanned_look/


Previous discussion: https://news.ycombinator.com/item?id=22811653 (April 2020, 770 points, 187 comments)


I just use convert from imagemagick.

There are so may options, e.g.:

     convert -density 100 -blur 0x0.1 +noise Gaussian -colorspace gray -rotate 0.5 -attenuate 0.2 mypdf.pdf scan.pdf


That's basically what this is doing to fake the scan: https://gitlab.com/edouardklein/falsisign/-/blob/master/fals...

> convert -density "${DENSITY}" "${PAGE_IN}" -linear-stretch 3.5%x10% -blur 0x0.5 -attenuate 0.25 -rotate "${ROTATION}" +noise Gaussian "${TMPDIR}/${PAGE_BN}-scanned.pdf"


I had to do this! It was a 3-4 page document and I thought printing and scanning was stupid, but did it anyway. Naturally I only printed and scanned the last page with the signature on it. They rejected it saying I had to print and scan the entire document!

I would be very tempted to use something like this next time, however I have a feeling that the same people who think this is sane would accuse you of fraud if they ever found out. Not sure if it's worth it.


I've done this sort of thing often (and more quick&dirty) and nobody had an issue with it yet. Just put a good quality signature on the doc and then export the whole thing as fairly low quality. Making the signature blue and the rest of the document black and white probably also helps. But I never even needed that much.


I vaguely recall hearing a while ago that it may be counted as a forgery if you copy and paste your own signature that way. These days it even happens that you can simply type your name as a signature, but it's quite hard to be sure what's okay and what's potentially a crime with these bureaucracies. But for a tool like that, it might be useful to write down in which jurisdictions it's certainly okay (or not) to use.


IANAL. Wikipedia, "Forgery is a white-collar crime that generally refers to the false making or material alteration of a legal instrument with the specific intent to defraud anyone (other than themself)."

Note defraud.


My go to tools:

Create an array of signatures on paper.

Use photoshop to make it transparent.

Take transparent images of signatures and make pdf stamps out of them.

Use pdf stamp to sign docs.

Print pdf with stamp markups as image to pdf printer.


Another comment: I completely love PDF exchange editor. Used their free version for years and finally paid for it which I should have done a long time ago.


Don't most PDF reader software (Adobe or otherwise) have the functionality to let you imprint a signature onto a PDF file and save it as a new file? You'd have to set up your signature (likely by scanning it) the first time, but once it's done, you can "sign" PDF documents with by clicking a couple buttons. I've done that for a ton of documents by now and have never heard a complaint.


Yeah but they don't accept that. They literally make you print out, sign in ink then scan back in and reject it if they detect you haven't done that properly.


Bonus points if you wrap the script in an Automator task in macOS so you can you run it in literally 2 clicks from Finder: https://bradt.ca/blog/how-to-make-a-pdf-look-scanned-imagema...

It is even easier now with Shortcuts in the latest macOS releases.


This could go a lot further. I once did something similar with a rubberstamp image taken from the web, replaced some of the on-a-curve text in the GIMP, applied various filters to make the seal look like it was stamped on unevenly, and composited it over the page. Did the trick.

Would be neat to have this take a rubberstamp image and do all that work too.


When I moved to Australia I needed to get some documents (uni degree, work experience etc) verified by the Australian Computer Society. They required me to get a notarized copy of the original and SCAN the notarized copy, to be uploaded electronically. To this date I've yet to come across anything more stupid than this....


Heh I had to make a version of this for myself. I had a vendor that required a "wet signature" for a document, so I took the PDF, added my digital signature, exported it to JPEG, and then used a command line tool to rotate the image 1% left and then 3% right so it looked like I scanned it a little crooked.

Worked like a charm.


Does anyone know of a good PDF-editor (with ability to alter OCR'd text) for Linux? Editing pdfs (I know, I know, pdfs are not meant to be edited) on Linux is huge PITA, and LibreOffice Draw/Write do not cut it for me, so I have to resort to Adobe Acrobat from dualbooted Windows.


Xournal is a great WYSIWYG Linux program that can edit PDFs for this sort of thing and similar use-cases.


Please don't use the WTFPL (the "whatever the fuck you want to do") license. It's not well thought out legally, especially in Europe.

https://en.m.wikipedia.org/wiki/WTFPL


> It's not well thought out legally, especially in Europe.

Does it matter, given its intent?


I used to use tools like these but then I wondered - why do I "need" to make an image look scanned? Why do I have to add all this noise to the image before sending it over? Why can't I just take a photo of whatever I need to send and leave it at that?


If you have a PDF editor that can save a PDF/A (archive PDF), it'll convert the whole document into an image. So, I just paste in my signature and export as a PDF/A and from their perspective it's just a single image like it was scanned.


PDF/A does not turn everything into an image. It is just a more restricted version of the PDF format, and it still has text, embedded fonts, etc.

The image conversion might be a separate feature in your PDF editor.


This is overkill. Instead:

1. Photograph your signature

2. Add to a pdf in Acrobat Reader using "Fill & Sign" function or paste into a docx file.

3. Use https://makescanned.com to give the pdf or docx a scanned effect.


Would be nice if one could add some stego-like features to the inserted signature img so that if lifted it would be detectable in a new pdf. Obviously the savy forger could circumvent it pretty easily but the lazy screenshooting crook would not notice.


I made a font of my 3/4 variations of signature, some initials, and personal logos, total about 10 characters, all mapped to A,B,C etc..

When I need to sign something & print, I use that font in pdf; or use Rand & Char formula is excel.


The command line methods outlined in the comments here: https://news.ycombinator.com/item?id=23157408 work quite well.


I did similar things when signing stuff. I used Adobe Sign (the Android app) to add my signature to the PDF and email it back.

Question: Is the signature done by FalsiScan and Adobe Sign equivalent legally?


I used my remarkable tablet to sign something once and it got rejected for looking too good. Had to print, sign, and scan with phone app to pass the must look crappy approval process.


Nice to see so many similar minds around. Of course I also have my procedure. Mostly gimp. My signature image has transparent background, so it can be put upon the signature line.


Web tool that does pretty much the same thing: https://www.scanyourpdf.com/


Favourite part has to be where you can have a list of signatures to randomly choose from. I assume it was done so that not all signs look same and robotic ?


Great thread about PDF scanning/combining tricks.


I don't get this, do people actually care if it looks scanned vs someone actually added a sig to it from acrobat/preview?


The biggest question I have is:

Why -z and -t for the x and y coordinates of the initials?

(More seriously: nice work. I'll probably use this myself someday.)


I don't know which I hate more, printers or PDFs. I wish everything could be done on DocuSign or similar platforms.


If you have MacOS, open the PDF with "Preview" and you can add your scanned signature using

    Tools->Annotate->Signature
You can have multiple signatures ready to use (see Annotate->Manage Signatures), e.g. multiple variations of yours, so they don't look all the same when signing a doc multiple times.

When including a signature you can position and resize it, e.g. to adjust for layout, font size, etc.


Very nice, I do this a couple times a year by hand. I'll have to keep this in mind for next.


I just use Micrsoft Edge to view a PDF and the pen tool to draw a signature.

Am I missing something?


I love the highly calibrated signature_guide.pdf you have to sign :D


That this even needs to be done is just absurd in 2022. Wow.

Great work though.


this is really great!

I love that penis ahhahha

I hate bureaucrats, and now that they lost some power due to web forms/applications they are tempted with some stupid requests, like this one :)


By signed, it doesn't mean digitally signed, right?


Correct. "wet print" signature.


Whenever I had to do this, I inserted my signature, that have saved as image file, with LibreOffice Draw and then used an ImageMagick one-liner to make it look scanned. A script automating this is welcome.


What's the use case of this?

Signing documents with visual signatures instead of cryptographic ones is already extremely archaic, but having to make them look like being signed by hand is absurdly so.


I have, in the past but not recently, run into situations where I need to visually sign something, and the form was rejected when I digitally signed it with MacOS Preview because they required the form be printed, signed, and re-scanned.

This would be helpful in that case.


You’re implying that a bureaucratic process being absurd and extremely archaic means it doesn’t exist?


The primary use case is addressing situations where wet ink signatures are required by a party to a transaction without having to print, sign, and scan a document.

Yes, it is an odd combination of legacy (sometimes regulatory) requirements and modern technology, but there are numerous situations where only wet ink signatures are accepted, and “digital signatures” are not accepted—even though the document is stored in a digital format.

Wet ink signatures are most commonly required in finance / investment / banking transactions. They are sometimes required for B2B transactions. While not as common in the US as in other countries, you can also run into requirements where documents must be signed via wet ink signature under seal (or stamp). Scanning a document with a signature line that has been embossed with a company seal looks somewhat comical and arguably legible (especially if the scan is done with a feed-through scanner) but is required to get business done sometimes.


But it's not a "wet ink signature," it's a PDF. The "wet ink signature" is on a piece of paper that never gets delivered.


It says right there in the description

> For bureaucratic reasons, a colleague of mine had to print, sign, scan and send by email a high number of pages. To save trees, ink, time, and to stick it to the bureaucrats, I wrote this script


Fun?


Heh. Probably unnecessary to make it look like it was put in the scanner misaligned. Just scan the signature itself and past that image onto the image of the document.


Meh. That really doesn’t always look very legit. Especially if you can “select” all the text, and when you select the signature you see a nice box around it. It’s then too obvious it was added as an image.

I don’t disagree that the whole “signing and scanning” is dumb, though.


You can rasterize the pdf, wouldn’t that solve it?


But you could also increase the size of the pdf and clog the bureaucracy's systems.


Very useful tool, thanks for sharing!


Oh goody! I've been looking for new ways to commit mail fraud!


Konrad Kajau forged Hitlers Diaries and nearly got away with it. He had a memorable line, it was something like “Fake? Real? There are efficient documents and inefficient document.” https://en.m.wikipedia.org/wiki/Konrad_Kujau https://en.m.wikipedia.org/wiki/Hitler_Diaries


Wow! How cold.


the author appears to be a fan of rocket ships


Am i the only one who finds the current state of signing documents to be a bit incomplete, inconsistent and all over the place?

For historical reasons, we still need to allow signing things by hand, which has a number of challenges in proving the authenticity of any such signature and preventing falsification of signatures (especially if you don't have the original document with the ink but rather a scanned copy).

Then, there are digital signatures, though instead of one large standard for all of the world, we have a whole bunch of regional ones. For example, in Latvia we have eParaksts (translates to "eSignature"): https://www.eparaksts.lv/en/

It is a largely commercial venture, which allows signing documents with either data in the chip that's embedded in our national ID, or i guess mobile solutions as well and also gives you the ability to verify these arbitrary documents in a centralized manner as well. The good thing here is that it supports signing arbitrary documents and storing them in an .edoc container or even embedding the signature inside of PDFs or whatever, but it still feels very regional, is still centralized and most of the software for reading PDFs directly doesn't recognize their CA or intermediate certs as trusted and therefore gives you errors, so you need to do verification on their site.

But what happens when you need to somehow indicate within a document that you're signing it digitally? You just put the text: "THIS DOCUMENT IS SIGNED WITH AN ELECTRONIC SIGNATURE AND A TIMESTAMP" in text at the bottom, which seems silly and doesn't really mean anything - how are you supposed to examine that if you ever need to print it? Furthermore, this kind of locks you in to using the .edoc container and keeping it around and perhaps even think about how to quickly get and display its contents. Sure, they have desktop software for that, but it's not like you can automate that super easily (not saying that working with digitally signed PDFs is a walk in the park, either).

In some parts of the world, an electronic signature just means taking a JPEG (or an equivalent) of your signature and embedding it in a particular spot of your PDF or whatever, which is plain nonsense in my eyes - sure, it looks pretty, but there's no actual cryptographic protection or benefit to doing so, since it's laughably easy to reproduce by anyone who wants to fake your signature. It actually surprised me when digitally signing a PDF came up as a Linux challenge on Linus Tech Tips and Luke thought that this approach is what was intended (whereas Linus interpreted it more or less correctly but searched for the wrong thing, more or less): https://www.youtube.com/watch?v=TtsglXhbxno&t=257s

So, here's my questions to all of you, maybe you have some thoughts to share:

  - why don't we have one centralized format of signing any and all pieces of data, with a focus on documents? (think GPG but actually used and internationally recognized)?
  - why don't we have one centralized, yet distributed CA infrastructure with intermediate certificates by country and then further nodes for each institution with people's certs being the leaf nodes, so that we can validate any signature globally?
  - why don't we have a format that involves representing this data both in digital and printed form, say, when you want to print a document, it essentially gives you this picture of your signature with a QR code besides it, that either involves enough information to validate this signature (be it crypto data or just an URL in the case of a web based solution), as well as the parsing logic to go the other way when scanning signed documents?
  - how did we get to the point where the above is not our current reality? why didn't document signing ever get the love that something like SSL/TLS did?
  - any ideas on how these things could possibly be improved? thoughts on fully decentralized solution (everyone has a private/public key) vs something that holds one's hands more and provides an easy to use interface or even lets you sign things on your behalf (e.g. like eSignature), ideally behind 2FA?
  - could any such initiative ever be fully free and open source, possibly subsidized by the governments of the world? i mean, (almost) everyone has a pen, but not everyone should pay for DocuSign or whatever, right?


*add NSFW


Hey Gitlab, could you consider adding the following CSS so that README images don't break out of their containers? Having to horizontally scroll to see this image is brutal.

    .md img {
        max-width: 100%;
        height: auto;
    }
I think that goes here: https://gitlab.com/gitlab-org/gitlab/-/blob/55a4cc5a53903250...


You’d want to pair that with `height: auto`, or else it’ll damage the aspect ratio of images that specify width and height attributes (which you always should).


Yep, will add.

Image in question is missing those values. I personally think README images should be be lazyloaded (making those inlined aspect ratios important) but I guess that's down to the maintainer.


Hey there, GitLab Dev Evangelist here. Thank you for flagging this and for the suggestion.

A change based on your comment was merged earlier today (with a link to your comment in the description): https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78933


With the way people write CSS today, is there an argument today to not just have it be part of a reset, e.g.:

    img {
        max-width: 100%;
    }


That they are not already doing that made me believe it was intentional. Principle of least astonishment to start.

Anyway I agree, and have that present on all projects.


Just zoom out of course. Silly users!


Thanks! I asked our Dev Evangelists to look into this suggestion.


I bet this change will be live in the next few hours.


I bet someone with the right skills could just make a PR / MR for this fix.


Signature_example.pdf 8====> :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: