If I'm reading this right it's in-browser JS signing software. The author makes the claim that native software is hard to audit, but neglects the much bigger problem of having to verify the JS downloaded on-demand for every session. What you are served is not guaranteed to be the same as what's hosted on GitHub.
These days with service workers and what not you might need more than a quick glance at the network log if you suspect the web page is malicious.
Even for non-malicious sites this can be a problem.
I think a notable case of the second category is jwt.io which last I checked definitely seemed to fire a few network requests after I pasted a token.
(Happy to be corrected if this is obviously false or has been corrected later.)
That said I couldn't see my token in one of them but it is scary enough to make me avoid using that site.
BTW, I think their statement/claim
> "Warning: JWTs are credentials, which can grant access to resources. Be careful where you paste them! We do not record tokens, all validation and debugging is done on the client side."
is correct, it's just to scary for me to put client credentials there at all when it isn't trivially east to prove that they aren't uploaded.
This is for signing a document with a "hand" signature, not cryptographically signing it with a cryptographic signature. Besides, if you don't trust in-browser JS then you shouldn't trust any site on the web, e.g. online banking.
That this is running completely locally without any software to install is pretty useful and cool. Your criticism isn't great (IMO borders on concern-trolling) because the alternative is something where the docs go to some centralized SaaS that store everything including your signature for an unknown period of time.
If there is software entirely in a web page and does not send data to internet, then you could just save the HTML file (and other needed files, if any) to your computer and then use that.
You do not have to connect to the internet to access a local HTML file. If you disconnect the internet, then anything in the file that tries to access the internet will not work, so you can also know that it isn't sending stuff to the internet.
In the case of sensitive pdfs, it's enough to check you network is not inexplicably in use, and I explain how to do a network audit in the notebook (yay literate programming). BTW this is "sign" as in overlay an image of your physical signature, not certify with a digital signature.
I've seen people complain that Preview can be inaccurate and shouldn't be trusted for important legal documents (like the ones you might want to sign). https://mobile.twitter.com/sunshowers6/status/13930051073739... Anyone else have experience with this?
Preview can't apply proper PDF signature though - while Adobe Acrobat Reader (the free one) can. Many countries can issue a digital certificate that can be used with these documents to make them legally and properly signed.
I thought this was about adding a digital signature with an x509 certificate, which has been a PITA for ages because of the PDF standard, plus browsers isolation from certificate stores, let alone hardware devices.
(Linux) Load the PDF in xournal, click on > Tools > Image. Select a jpeg holding my signature. Change the dimensions and drag the signature around as needed. Note that you then have to export to PDF rather than saving it.
(Android) Using the OneDrive app. There's a signature option in the annotate menu.
For me the title was misleading: Reading the title I tought that the article was about digitally signing documents (with your keys not your signature) :D
It looks like a useful service but in case you didn't know: you can do this locally on macOS using Preview. Click on Tools->Annotate->Signature and add your own signature. You can even write it down on paper, put in front of webcam and it will recognise it and turn it to black & white. Very useful for filling out different forms.
A free account on Adobe Acrobat online can sign PDFs, you don't need to have any kind of subscription. I'm not sure why the author felt they needed to subscribe if they were just signing PDFs. https://documentcloud.adobe.com
I know there's a tendency to trust Adobe because they're a large company, but how do you know what they're doing with your data? How do you know what they'll do with it at any time in the future? Is the other party okay with giving them your data? What if they decide to sell your data in the future?
Sure, you could presumably try to get to the bottom of this, but it's easier to just use a local option.
I first read it as that too. But upon more careful reading, I understood what he meant is that since Adobe has bad subscription practices, he doesn't want to use any Adobe products, even free ones. This type of signing (image signature as opposed to cryptographic signature) is supported in free Adobe Reader software too, on all platforms, including Android.
can anyone recommend a linux desktop app that does this? I've run into the same issue as the author. I got a lifetime for the great app https://markuphero.com but they haven't added saved signatures yet - I just write with my pen. Also although I trust them reasonably it would be nice to have something local.
As said in another comment, I am very happy with Xournal++. It let you add pictures (I draw my signature once in Photopea and saved the file) and text (useful to fill forms).
For especially sensitive data, the assurance in this post -- that if you don't see a network request occur on save, your data remains local -- is not sufficient.
Some malicious programs use techniques like delayed network requests to send data when you're not expecting it, and you basically have to audit the entire application to make sure it isn't making these covert requests.
I know no one takes this seriously but you never know what will happen. Maybe someday we can replace PDFs with something open and more straightforward and practical.
The claim of only using software that has source code available to audit never made sense to me.
Does he go through every single line of code on every single application he uses to ensure privacy? Does this mean he is an expert in the Linux kernel? And chromium, and sendmail...
Like I get it's great that these are open source, but it's really not realistic for someone to audit every single line of code in every software to be guaranteed that nothing nefarious happens. If a bad actor wanted to hide an RPC request, they wouldn't label it as _sendUserDataToServer(), so it would require quite a good understanding of the call stack on the functions you are looking at.
Just look at the Linux kernel, it's auditable but recently it came to light that a university had submitted nefarious code to it. Presumably that code passed code reviews, static analysis, and some sort of testing? Yet it still made it in. It's just not feasible to have 100% confidence that third party software is ensuring your privacy.
My understanding is that it doesn’t answer all the risks you call out, it’s just that it is lower than the same risks and more for proprietary, non-OSS software.
If components are OSS then I have an easier time auditing. And perhaps I audit one section, and trusted people audit other sections and we can all run a trivial verification program.
Again, it’s not perfect, it’s just better. And it at least has the conditions for perfect review, while other methods do not.
> Does he go through every single line of code on every single application he uses to ensure privacy? Does this mean he is an expert in the Linux kernel? And chromium, and sendmail...
You're misunderstanding it. You don't need to go over every line to benefit from the source being available. It's very rare for bad actors to publish outright malicious source code and just hope no one spots it. People who want to release malware just about always insist that you cannot inspect the source code.
Of course, it's possible to release good source code and also introduce malware into the official binaries, lying about it corresponding to the published source, but that's another matter.
> It's just not feasible to have 100% confidence that third party software is ensuring your privacy.
It's rare to aim for absolute perfection and absolute guaranteed trustworthiness. Insisting on Free and Open Source software is a pretty effective means of avoiding many forms of malware.
> but it's really not realistic for someone to audit every single line of code in every software to be guaranteed that nothing nefarious happens.
This is missing the point. Having the source code decreases the chance of having malicious software by allowing random people to read the code. Anyone can raise alarm if they see anything suspicious and it's easy to check such claims.
>Just look at the Linux kernel, it's auditable but recently it came to light that a university had submitted nefarious code to it.
...and it came to light because it is auditable. Short of rejecting digitalisation and returning to monke, is there anything better in terms of trust and security than using open source software?
By exposing your source publically it only requires one person to check to provide herd immunity. It's game theoretically superior to providing source code for one off audits on request.
[+] [-] maqp|4 years ago|reply
Tony Arcieri explains the issues more broadly here https://tonyarcieri.com/whats-wrong-with-webcrypto
Also, Nadim Kobeissi formalized it wrt Protonmail a while ago: https://eprint.iacr.org/2018/1121.pdf
[+] [-] skinkestek|4 years ago|reply
Even for non-malicious sites this can be a problem.
I think a notable case of the second category is jwt.io which last I checked definitely seemed to fire a few network requests after I pasted a token.
(Happy to be corrected if this is obviously false or has been corrected later.)
That said I couldn't see my token in one of them but it is scary enough to make me avoid using that site.
BTW, I think their statement/claim
> "Warning: JWTs are credentials, which can grant access to resources. Be careful where you paste them! We do not record tokens, all validation and debugging is done on the client side."
is correct, it's just to scary for me to put client credentials there at all when it isn't trivially east to prove that they aren't uploaded.
[+] [-] thirsteh|4 years ago|reply
That this is running completely locally without any software to install is pretty useful and cool. Your criticism isn't great (IMO borders on concern-trolling) because the alternative is something where the docs go to some centralized SaaS that store everything including your signature for an unknown period of time.
[+] [-] zzo38computer|4 years ago|reply
You do not have to connect to the internet to access a local HTML file. If you disconnect the internet, then anything in the file that tries to access the internet will not work, so you can also know that it isn't sending stuff to the internet.
[+] [-] tlarkworthy|4 years ago|reply
[+] [-] ContentSP321|4 years ago|reply
If you are transporting over HTTPS and have a Content Security Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) it seems like that job is largely taken care of.
[+] [-] cyanydeez|4 years ago|reply
this looks more like drawing a image onto a pdf.
[+] [-] lopatin|4 years ago|reply
[+] [-] Wowfunhappy|4 years ago|reply
[+] [-] sp332|4 years ago|reply
[+] [-] divbzero|4 years ago|reply
[+] [-] izacus|4 years ago|reply
[+] [-] tlarkworthy|4 years ago|reply
[+] [-] s09dfhks|4 years ago|reply
[+] [-] marianov|4 years ago|reply
[+] [-] bachmeier|4 years ago|reply
(Linux) Load the PDF in xournal, click on > Tools > Image. Select a jpeg holding my signature. Change the dimensions and drag the signature around as needed. Note that you then have to export to PDF rather than saving it.
(Android) Using the OneDrive app. There's a signature option in the annotate menu.
[+] [-] nestorD|4 years ago|reply
[+] [-] Haemm0r|4 years ago|reply
[+] [-] thouitsme|4 years ago|reply
[+] [-] gspr|4 years ago|reply
[+] [-] patrakov|4 years ago|reply
[+] [-] terramex|4 years ago|reply
[+] [-] windsurfer|4 years ago|reply
[+] [-] bachmeier|4 years ago|reply
Sure, you could presumably try to get to the bottom of this, but it's easier to just use a local option.
[+] [-] tlarkworthy|4 years ago|reply
[+] [-] smnrchrds|4 years ago|reply
[+] [-] cupcake-unicorn|4 years ago|reply
[+] [-] nestorD|4 years ago|reply
[+] [-] jawns|4 years ago|reply
Some malicious programs use techniques like delayed network requests to send data when you're not expecting it, and you basically have to audit the entire application to make sure it isn't making these covert requests.
[+] [-] CyberDildonics|4 years ago|reply
[+] [-] ilaksh|4 years ago|reply
[+] [-] andy0x2a|4 years ago|reply
Does he go through every single line of code on every single application he uses to ensure privacy? Does this mean he is an expert in the Linux kernel? And chromium, and sendmail...
Like I get it's great that these are open source, but it's really not realistic for someone to audit every single line of code in every software to be guaranteed that nothing nefarious happens. If a bad actor wanted to hide an RPC request, they wouldn't label it as _sendUserDataToServer(), so it would require quite a good understanding of the call stack on the functions you are looking at.
Just look at the Linux kernel, it's auditable but recently it came to light that a university had submitted nefarious code to it. Presumably that code passed code reviews, static analysis, and some sort of testing? Yet it still made it in. It's just not feasible to have 100% confidence that third party software is ensuring your privacy.
[+] [-] prepend|4 years ago|reply
If components are OSS then I have an easier time auditing. And perhaps I audit one section, and trusted people audit other sections and we can all run a trivial verification program.
Again, it’s not perfect, it’s just better. And it at least has the conditions for perfect review, while other methods do not.
[+] [-] MaxBarraclough|4 years ago|reply
> Does he go through every single line of code on every single application he uses to ensure privacy? Does this mean he is an expert in the Linux kernel? And chromium, and sendmail...
You're misunderstanding it. You don't need to go over every line to benefit from the source being available. It's very rare for bad actors to publish outright malicious source code and just hope no one spots it. People who want to release malware just about always insist that you cannot inspect the source code.
Of course, it's possible to release good source code and also introduce malware into the official binaries, lying about it corresponding to the published source, but that's another matter.
> It's just not feasible to have 100% confidence that third party software is ensuring your privacy.
It's rare to aim for absolute perfection and absolute guaranteed trustworthiness. Insisting on Free and Open Source software is a pretty effective means of avoiding many forms of malware.
[+] [-] fsflover|4 years ago|reply
This is missing the point. Having the source code decreases the chance of having malicious software by allowing random people to read the code. Anyone can raise alarm if they see anything suspicious and it's easy to check such claims.
[+] [-] Mordisquitos|4 years ago|reply
...and it came to light because it is auditable. Short of rejecting digitalisation and returning to monke, is there anything better in terms of trust and security than using open source software?
[+] [-] tlarkworthy|4 years ago|reply