Please refer this to California's High Technology Theft Apprehension and Prosecution Program [1] and the FBI's Internet Crime Complaint Center [2]. San Francisco's Financial Crimes Unit [3] may also take interest. (Given RightSignature is owned by Citrix [4], I'd also consider flagging this to their GC [5].)
The facts of the case are also so plainly in your favour that you should be able to get a lawyer on contingency to go after the agency and potentially also landlord for damages.
This is likely a criminal case: the government goes to court not you. You of course can (should!) sue as well, but you are looking for something different. For sure get a good lawyer, they will get you a nice sum of money after their fees, and do this all at no cost to you (other than time you have to spend in court - but in this case it is worth it just be punish them for their actions)
> aren’t the damages limited to the deposit amount?
No.
They might be. There may also be compensation for time, effort and distress. In some cases, statute provides double and treble damages, or allows for reïmbursement of legal costs.
More directly: the links I provided are more criminal than civil in nature. Damages are relevant in sentencing.
That's why important stuff is done in three copies -- one to each party and the third to a notary. Here the document signing service acts as such third party and it's the rare case where they have to show up and say which copy is legit.
It's also very rare -- I worked in a similar company for years and only heard of one case of disputed signing and none of disputed contents.
I would not count on a judge to read through technical mumbo-jumbo even if it's completely obvious to you how hashes work, it's probably not for them, so the company has to put a statement.
And that three-copy tradition goes back to "indenture contracts" of the 14th century, at least.
The phrase "indentured" means "cut into sharp pointy teeth" (a zig zag pattern). The contract is written out in triplicate by hand on a large sheet. Being hand-cut after the whole document is signed, it is hard to perfectly replicate that cut. Additionally, someone would write "A BIG LATIN WORD" over the area to be cut, so to forge the other piece(s) you have to recreate the demi-penstrokes plausibly.
When two copies don't match, someone is lying. The essential third copy is stored at the Notary Office, which tells you whom is lying.
"Indentured servants" were bound by such a contract.
I imagine it would be fairly hard to flawlessly forge a split document even today, at least if you used paper with long fibers and the edges were intact. Even if you match the cut perfectly, I'd bet that under a microscope you could tell that cut fibers on the two halves don't match. A remarkably solid approach considering the simplicity.
The split tally is similarly elegant.
Of course, just giving a notary a copy works almost as well.
This is exactly why RightSignature is an expensive SaaS contract and not just something you can self host for cheap: providing somebody credible to testify which document was actually signed.
this is a lazy, clumsy editing attempt, done through a document registration service which exists to prevent exactly this and yet, you have to be an experienced nerd (eg https://en.wikipedia.org/wiki/Matthew_Garrett has a doctorate and decades of software development experience) who will jump through a bunch of hoops to even begin to build a case beyond he-said-she-said. And he still doesn't have a settlement or criminal conviction in hand, so he's not even half done... Or look at the extensive forensics in the Craig Wright case just to establish simple things like that they were edited or backdated to a legally acceptable level.
Meanwhile, the original PDF edit in question took maybe 5 minutes with entry-level PDF tools.
I think Gwern was too focused on academic PDFs posted publicly to support some argument. There, it's actually advantageous to make a completely new PDF with your faked data, since it prevents people from finding the original and doing a comparison.
But for official documents used as legal proof, staying as close as possible to the original is required for a forgery to avoid sticking out simply for having the wrong formatting. But you usually won't find those posted publicly on the internet.
Or, if you don't want to fight this battle in lieu of other tenants, _threaten_ to sue to either force the agency to reveal the name and address of the landlord, or ideally, have them put pressure on the landlord to return the security deposit.
I'm already suing over the security deposit - that's actually an open and shut case. In this case it's not clear that I actually suffered any personal damage so it's not immediately clear whether I have standing in a civil suit.
Did you ask a lawyer-- any lawyer-- before writing the sentence surrounding this word?
I assume the answer is yes. But I also think I remember reading a blog by you where you wasted hours attempting to reverse-engineer some hardware before finally sending it the help flag.
Something similar happened to me recently. I was in Portugal for a year and a guy from the agency gave me fake electricity and water bills (he modified the bill PDFs). I found it out by using the pdf metadata too, but didn't go any further tha n that. We were able to make him pay back our money, but we didn't sue him.
I also found out that metadata can be overwritten. What is the best possible way to save yourself from these kinds of problems I wonder?
One solution is electric invoicing with digital signatures. For example there is the French Factur-X (known in Germany as ZUGFeRD), an invoice PDF with embedded XML data that can optionally be signed. That way if you receive the invoice you can check who signed it and if that's the same entity that supposedly issued the bill.
There is a lot of movement in that space right now because European governments use this data for VAT processing and have discovered that signed machine-readable data is a lot better than stacks of paper audited by humans
Another part of the solution is reporting such cases and making sure these people are charged with fraud
Lawyers have had the answer to this for a couple of hundred years.
Have multiple copies of everything, at the time of signing. I usually get two copies of a contract. I sign them both, the other party signs them both, and we each get a copy. Same with any amendments or codicils.
We are each responsible for maintaining our own copy.
If they could do it digitally then you pull in your expert to testify that it was changed and they pull in their expert to testify that it wasn't or if it was then it was done by some mysterious hacker and they shouldn't be held liable for the attempt.
Meanwhile with paper, the judge and jury can look at your copy and see that it was obviously printed out and the aged for 10 years where their copy is fresh off the presses and your signature on it is either not a match at all or is suspiciously identical on every line.
Even if the digital version can be technically safer, I feel the paper version tells a more compelling story that non-cryptography experts can follow along with.
Sounds like there's pretty clear evidence present on the RightSignature site, but they really need to provide a way to verify a document without the site being up and intact. That certification page is basically worthless otherwise.
It's difficult, because the certification page is part of the PDF so obviously can't include a hash or signature of itself. And you can't just rely on a hash since someone could tamper with the file and just update the hash. A well defined way to extract the signed payload would work, but their design doesn't currently involve any cryptography so it would be a pretty wholescale redesign.
The PDF format supports this, at least Adobe Reader can validate a signed PDF if it's signed in a certain way[1]. I know DocuSign does this - and Reader even has a little button to view the signed version (embedded in the PDF, I think)[2].
[1]: https://helpx.adobe.com/acrobat/desktop/e-sign-documents/man...
[2]: Example in Adobe Reader: https://i.moveything.com/1cf1e4ea5619 (redacted partly by me)
Signing PDFs digitally is kind of a pain, though. There are several different standards, compatible with different readers, and you need to pay up to get a trusted certificate or Adobe will stick a huge "THIS DOCUMENT WAS SIGNED BY AN UNKNOWN PARTY" banner across the screen when you open it. And then you need to opt into the services of a timestamp server to validate your signature or your document might be marked untrusted when your certificate expires.
It's a better technical solution but unfortunately it's not as simple as you'd hope it to be.
Yes it is not perfect. At least in Lithuania you can use government issued personal ID to sign PDFs that pass Adobe/Foxit checks of signature authenticity. Trusted timestamp is part of a valid signature as it allows to check validity of signee certificate at the time of signing.
Adobe says:
Source of Trust obtained from European Union Trusted Lists (EUTL).
This is a Qualified Electronic Signature according to EU Regulation 910/2014.
Foxit says:
Source of Trust obtained from European Union Trusted Lists (EUTL).
This is a Qualified Electronic Signature according to EU Regulation 910/2014.
I remember a case in a different jurisdiction where a judge dismissed a digitally signed document with an argument they aren't a party of PKI system and don't have a key, so they can't do anything. This stuff is weird.
Remember to enumerate all breaches of law and professional rules with direct statute citations that you or legal assistance can come up with. Plan on this being read by a judge and feed them a happy path toward a conviction.
Wouldn't a sha256 collision be impractical? Like wouldn't it be more compute than the couple grand a security deposit would be? SHAttered was in 2017 with SHA-1 and took 110 years of GPU equivalent compute.
It feels like just a mistake or an error with RightSignature? Like they uploaded the wrong doc, clicked the wrong button, and were confused on their side because the version they meant to send was at the top of the page?
OP mentions in the article that the draft was uploaded on 9/22/25, so it can't have been a simple mix up where the version with the addendum was the one they had originally intended to have signed, since it didn't exist yet.
If you just mean that they had the second version in their system but never intended to send it at all, then I'm not sure what possible innocent explanation there would be for uploading a newly modified version of an already signed lease that's run its course.
Ok, that makes sense. I re-read the post. I thought the signed doc checksum was the same for both, but it seems like the certification page is inserted into the actual document, thus breaking your ability to verify the final document checksum? Seems strange that the provider doesn't email the final doc to both parties after signing. Also, kinda weird that they knew it would say uploaded 9/22 and still offered to screen share.
The signed hash matches the original version of the document (sans tenant's signature, sans fraudulent addition). The hash doesn't match any other version of the document.
I think they're referring to the 'signed checksum' field on the document, and this line from the article
> Interestingly, the certificate page was identical in both documents, including the checksums, despite the content being different.
I think they took this to mean that the signed copy and the copy with the fraudulent addendum both hashed to the same checksum, but I'm not sure that's what was meant; based on the article it's not obvious to me that OP was able to check the signed checksum, though I can't imagine they didn't try. It's the 'original checksum' field that matched the base.pdf clean document without signature or addendum.
No, the modified copy included the same certificate page simply because it was a modified copy of the PDF with the certificate page. There's no actual way I've determined to verify the signed checksum field.
Ah, so the 'signed checksum' field isn't actually the checksum of the signed document? How odd . . . but yeah, now that I think about it, they couldn't know the hash of a document before they generate it, but they would need to in order to include it in the document, hence an impossible cycle; they must have overlooked that . . .
im wondering if printing to PDF basically just makes a PDF that is a screenshot of the original, and removes any sort of existing meta data or formatting
Please refer this to California's High Technology Theft Apprehension and Prosecution Program [1] and the FBI's Internet Crime Complaint Center [2]. San Francisco's Financial Crimes Unit [3] may also take interest. (Given RightSignature is owned by Citrix [4], I'd also consider flagging this to their GC [5].)
The facts of the case are also so plainly in your favour that you should be able to get a lawyer on contingency to go after the agency and potentially also landlord for damages.
[1] https://oag.ca.gov/ecrime/httap
[2] https://www.ic3.gov
[3] https://www.sanfranciscopolice.org/stay-safe/crime-preventio...
[4] https://www.zdnet.com/article/citrix-acquires-rightsignature...
[5] https://www.bu.edu/alumni/profile/antonio-g-gomes-esq tony.gomes@citrix.com
This is likely a criminal case: the government goes to court not you. You of course can (should!) sue as well, but you are looking for something different. For sure get a good lawyer, they will get you a nice sum of money after their fees, and do this all at no cost to you (other than time you have to spend in court - but in this case it is worth it just be punish them for their actions)
I don’t get it, aren’t the damages limited to the deposit amount?
> aren’t the damages limited to the deposit amount?
No.
They might be. There may also be compensation for time, effort and distress. In some cases, statute provides double and treble damages, or allows for reïmbursement of legal costs.
More directly: the links I provided are more criminal than civil in nature. Damages are relevant in sentencing.
If they did it to one, they likely did it to many more. I would expect a class action could be filed with enough digging.
That's why important stuff is done in three copies -- one to each party and the third to a notary. Here the document signing service acts as such third party and it's the rare case where they have to show up and say which copy is legit.
It's also very rare -- I worked in a similar company for years and only heard of one case of disputed signing and none of disputed contents.
I would not count on a judge to read through technical mumbo-jumbo even if it's completely obvious to you how hashes work, it's probably not for them, so the company has to put a statement.
And that three-copy tradition goes back to "indenture contracts" of the 14th century, at least.
The phrase "indentured" means "cut into sharp pointy teeth" (a zig zag pattern). The contract is written out in triplicate by hand on a large sheet. Being hand-cut after the whole document is signed, it is hard to perfectly replicate that cut. Additionally, someone would write "A BIG LATIN WORD" over the area to be cut, so to forge the other piece(s) you have to recreate the demi-penstrokes plausibly.
When two copies don't match, someone is lying. The essential third copy is stored at the Notary Office, which tells you whom is lying.
"Indentured servants" were bound by such a contract.
I imagine it would be fairly hard to flawlessly forge a split document even today, at least if you used paper with long fibers and the edges were intact. Even if you match the cut perfectly, I'd bet that under a microscope you could tell that cut fibers on the two halves don't match. A remarkably solid approach considering the simplicity.
The split tally is similarly elegant.
Of course, just giving a notary a copy works almost as well.
This is exactly why RightSignature is an expensive SaaS contract and not just something you can self host for cheap: providing somebody credible to testify which document was actually signed.
Finally an explanation for the three copies. Always wondered about this, but somehow was too busy to look it up.
Funny, I remember Gwern asking why people don't do this more often: https://gwern.net/blog/2022/pdf-forgery
I think OP is an instance that proves the point
this is a lazy, clumsy editing attempt, done through a document registration service which exists to prevent exactly this and yet, you have to be an experienced nerd (eg https://en.wikipedia.org/wiki/Matthew_Garrett has a doctorate and decades of software development experience) who will jump through a bunch of hoops to even begin to build a case beyond he-said-she-said. And he still doesn't have a settlement or criminal conviction in hand, so he's not even half done... Or look at the extensive forensics in the Craig Wright case just to establish simple things like that they were edited or backdated to a legally acceptable level.
Meanwhile, the original PDF edit in question took maybe 5 minutes with entry-level PDF tools.
I think Gwern was too focused on academic PDFs posted publicly to support some argument. There, it's actually advantageous to make a completely new PDF with your faked data, since it prevents people from finding the original and doing a comparison.
But for official documents used as legal proof, staying as close as possible to the original is required for a forgery to avoid sticking out simply for having the wrong formatting. But you usually won't find those posted publicly on the internet.
> Because there’s no Photoshop for PDFs, maybe?
Xournal++
It feels like you need to sue them for scamming you with fake documents. Their attempts didn't work on you, but it might've scammed many others.
Or, if you don't want to fight this battle in lieu of other tenants, _threaten_ to sue to either force the agency to reveal the name and address of the landlord, or ideally, have them put pressure on the landlord to return the security deposit.
I'm already suing over the security deposit - that's actually an open and shut case. In this case it's not clear that I actually suffered any personal damage so it's not immediately clear whether I have standing in a civil suit.
> it's not immediately clear whether I have standing in a civil suit
You research took time and their illegal withholding robbed you of your money’s time value.
More pointedly, the people involved would rationally pay well to avoid even the complaint making it into a public filing.
> so
Did you ask a lawyer-- any lawyer-- before writing the sentence surrounding this word?
I assume the answer is yes. But I also think I remember reading a blog by you where you wasted hours attempting to reverse-engineer some hardware before finally sending it the help flag.
Class action, especially federal if any other tenant signed this agreement over the internet while moving to California.
Returned deposit, or some civil-law settlement from wire-fraud forging (criminal law) documents is the goal?
Something similar happened to me recently. I was in Portugal for a year and a guy from the agency gave me fake electricity and water bills (he modified the bill PDFs). I found it out by using the pdf metadata too, but didn't go any further tha n that. We were able to make him pay back our money, but we didn't sue him.
I also found out that metadata can be overwritten. What is the best possible way to save yourself from these kinds of problems I wonder?
One solution is electric invoicing with digital signatures. For example there is the French Factur-X (known in Germany as ZUGFeRD), an invoice PDF with embedded XML data that can optionally be signed. That way if you receive the invoice you can check who signed it and if that's the same entity that supposedly issued the bill.
There is a lot of movement in that space right now because European governments use this data for VAT processing and have discovered that signed machine-readable data is a lot better than stacks of paper audited by humans
Another part of the solution is reporting such cases and making sure these people are charged with fraud
Lawyers have had the answer to this for a couple of hundred years.
Have multiple copies of everything, at the time of signing. I usually get two copies of a contract. I sign them both, the other party signs them both, and we each get a copy. Same with any amendments or codicils.
We are each responsible for maintaining our own copy.
There should be a way to do this digitally.
Honestly, the paper solution is the solution.
If they could do it digitally then you pull in your expert to testify that it was changed and they pull in their expert to testify that it wasn't or if it was then it was done by some mysterious hacker and they shouldn't be held liable for the attempt.
Meanwhile with paper, the judge and jury can look at your copy and see that it was obviously printed out and the aged for 10 years where their copy is fresh off the presses and your signature on it is either not a match at all or is suspiciously identical on every line.
Even if the digital version can be technically safer, I feel the paper version tells a more compelling story that non-cryptography experts can follow along with.
Sounds like there's pretty clear evidence present on the RightSignature site, but they really need to provide a way to verify a document without the site being up and intact. That certification page is basically worthless otherwise.
It's difficult, because the certification page is part of the PDF so obviously can't include a hash or signature of itself. And you can't just rely on a hash since someone could tamper with the file and just update the hash. A well defined way to extract the signed payload would work, but their design doesn't currently involve any cryptography so it would be a pretty wholescale redesign.
The PDF format supports this, at least Adobe Reader can validate a signed PDF if it's signed in a certain way[1]. I know DocuSign does this - and Reader even has a little button to view the signed version (embedded in the PDF, I think)[2]. [1]: https://helpx.adobe.com/acrobat/desktop/e-sign-documents/man... [2]: Example in Adobe Reader: https://i.moveything.com/1cf1e4ea5619 (redacted partly by me)
Signing PDFs digitally is kind of a pain, though. There are several different standards, compatible with different readers, and you need to pay up to get a trusted certificate or Adobe will stick a huge "THIS DOCUMENT WAS SIGNED BY AN UNKNOWN PARTY" banner across the screen when you open it. And then you need to opt into the services of a timestamp server to validate your signature or your document might be marked untrusted when your certificate expires.
It's a better technical solution but unfortunately it's not as simple as you'd hope it to be.
Yes it is not perfect. At least in Lithuania you can use government issued personal ID to sign PDFs that pass Adobe/Foxit checks of signature authenticity. Trusted timestamp is part of a valid signature as it allows to check validity of signee certificate at the time of signing.
Adobe says: Source of Trust obtained from European Union Trusted Lists (EUTL). This is a Qualified Electronic Signature according to EU Regulation 910/2014.
Foxit says: Source of Trust obtained from European Union Trusted Lists (EUTL). This is a Qualified Electronic Signature according to EU Regulation 910/2014.
I remember a case in a different jurisdiction where a judge dismissed a digitally signed document with an argument they aren't a party of PKI system and don't have a key, so they can't do anything. This stuff is weird.
I so wish there was a conclusion on what happened with the leasing agency
As yet, nothing - I'm in the process of drafting a complaint to the department of Real Estate, but the agency hasn't said anything further
Remember to enumerate all breaches of law and professional rules with direct statute citations that you or legal assistance can come up with. Plan on this being read by a judge and feed them a happy path toward a conviction.
Wouldn't a sha256 collision be impractical? Like wouldn't it be more compute than the couple grand a security deposit would be? SHAttered was in 2017 with SHA-1 and took 110 years of GPU equivalent compute.
It feels like just a mistake or an error with RightSignature? Like they uploaded the wrong doc, clicked the wrong button, and were confused on their side because the version they meant to send was at the top of the page?
OP mentions in the article that the draft was uploaded on 9/22/25, so it can't have been a simple mix up where the version with the addendum was the one they had originally intended to have signed, since it didn't exist yet.
If you just mean that they had the second version in their system but never intended to send it at all, then I'm not sure what possible innocent explanation there would be for uploading a newly modified version of an already signed lease that's run its course.
Ok, that makes sense. I re-read the post. I thought the signed doc checksum was the same for both, but it seems like the certification page is inserted into the actual document, thus breaking your ability to verify the final document checksum? Seems strange that the provider doesn't email the final doc to both parties after signing. Also, kinda weird that they knew it would say uploaded 9/22 and still offered to screen share.
The signed hash matches the original version of the document (sans tenant's signature, sans fraudulent addition). The hash doesn't match any other version of the document.
I think they're referring to the 'signed checksum' field on the document, and this line from the article
> Interestingly, the certificate page was identical in both documents, including the checksums, despite the content being different.
I think they took this to mean that the signed copy and the copy with the fraudulent addendum both hashed to the same checksum, but I'm not sure that's what was meant; based on the article it's not obvious to me that OP was able to check the signed checksum, though I can't imagine they didn't try. It's the 'original checksum' field that matched the base.pdf clean document without signature or addendum.
No, the modified copy included the same certificate page simply because it was a modified copy of the PDF with the certificate page. There's no actual way I've determined to verify the signed checksum field.
Ah, so the 'signed checksum' field isn't actually the checksum of the signed document? How odd . . . but yeah, now that I think about it, they couldn't know the hash of a document before they generate it, but they would need to in order to include it in the document, hence an impossible cycle; they must have overlooked that . . .
Right, it's the hash of the document before they add the certificate page, but unfortunately there's no easy way to extract that to calculate it
At this stage, agency must either:
Option A: Return the deposit themselves immediately (since they claim to be mere intermediaries, surely they can recoup from their client)
Option B: Provide full landlord details AND actively facilitate the return by compelling their client to comply with the law
The pdf-forgery and the back and forth with the agency is huge shaming fun, but the deposit is the goal.
I'm getting a 403
https://web.archive.org/web/20250926012745/https://mjg59.dre...
Not I
It's notable PDF has built-in mechanism for certified signing and signatures.
Yes it's very convoluted, as everything with PDFs, but it's there.
depends on the frontend, I created signed certificates for a learning platform. It was like 2-3 lines of code.
does printing to PDF solve this problem, i wonder?
The problem of getting two contracts with different content and identically claimed hashes? Not sure I follow.
im wondering if printing to PDF basically just makes a PDF that is a screenshot of the original, and removes any sort of existing meta data or formatting