Big fan of the idea of offline in-browser tools: works on any device, and "installing" the program is as simple as visiting a webpage or opening the saved HTML file. This one uses WebAssembly, but even that isn't necessary: I wrote a couple of PDF tools for my own use that simply use pdf-lib: https://shreevatsa.net/pdf-pages/https://shreevatsa.net/pdf-unspread/
I created something similar for pdf diffing since I needed “visual” diffing instead of “textual” diffing. It uses Mozilla’s PDF.js library as the rendering engine. It’s amazing how much you can do in-browser. https://parepdf.com/
I created a tool to take project plans from a tool that we use to model schedules and generate gantt diagrams from the data in a way that is better than the commercial tool. It's all just a zip file containing an html file and a couple of javascript files. Others in our company are using it now as it is easier and produces better output than the modeling tool.
When I decided on a local html for the app, I wanted something that did not require installing a language like python, did not require installing, and would work on Windows and Mac.
I also love the idea. However it's really hard to trust as a non IT person who understands that's possible and how to verify (via dev tools for example) that it's truly working offline.
I'm not really sure what the solution is, but I'd love to be able to navigate to a site like that and know that it's not uploading my files somewhere, without having to take your word for it.
Software that does not run in the browser can do even worse things (that are not possible in a browser): it could access (and upload) arbitrary files other than just the PDF file(s) you gave it access to, it could set up things that stay running even after you close it (like a virus or keylogger), etc — so you need to verify/trust the developer or run it inside a sandbox, and the same is true for in-browser software. At least with a browser, the tools needed for monitoring and disabling network access (dev tools) are built-in to the browser (e.g. don't have to separately install Little Snitch).
One thing that seems worse with software-on-a-webpage is the risk of malicious behaviour getting added later (this is also possible with non-browser software with automatic "updates"): you could mitigate it, if you trust or have verified one particular version of such a webpage, by saving the HTML file (put it in a Dropbox folder say) and opening the file (maybe with network disabled), whenever you need to use it. But then you lose the advantage of "don't have to install anything"; it's a trade-off.
I have been looking far and wide for a tool that replicates Acrobat's /fill and sign/ feature, allowing me to fill out NON-form-fillable PDFs.
Something where I can fill it out, save, and then open up later to edit and add/remove previous additions.
Adobe as a business, their pushiness about creating an account and the fact that they bundle McAfee's shitware with Acrobat never sat well with me, so I'd love an alternative.
Surprisingly there's a few decent options on Android, but nothing worth while I could find for Windows or Linux.
Maybe someone here can help a guy out with a pointer?
Xournal++ does the job, with a recognizably 90s interface. It stores a separate file with the overlay you create, and can produce a new PDF which combines the original file with your overlay. I use it any time I need to do something official.
FoxIT's free PDF reader[0] has a Fill & Sign feature. And, it also allows you to type text anywhere on a PDF, in case that's what you actually want.
It's available for PC, Mac and Linux. (While the Linux version isn't as full-featured, I'd expect/hope all the versions have these 2 features...though I see that the feature-matrix on their website shows the Linux version doesn't have the Form Filling feature that the other versions have, FWIW, so it might lack one or both of the features I've mentioned).
The Fill-and-Sign feature is accessible from the Home tab -- there's a tool right end of the ribbon called "Fill & Sign".
The text-typing feature is also accessible from the Home tab: you choose the Typewriter tool from the ribbon, move the cursor where you want the text to show up, click there, then start typing -- the text will show up in a faint box (which disappears when you e.g. click somewhere else).
Later, you can click the Typewriter's arrow cursor on the text and the box will reappear -- you can then delete the box and its text, if you like, or you can double-click inside the box and get a text-cursor, which you can use to delete/add text.
I've used the Typewriter a bunch -- it works pretty well. (I think I've used Fill & Sign in the past, but not as often).
I use https://www.ilovepdf.com/ . They have a ton of tools. Their Sign PDF includes the ability to add text, dates, a signature from a PNG, etc.
I am not affiliated with or have any relationship with them other than as a happy user.
I’ve found Inkscape to work very well for editing most PDFs in any way I’ve wanted to so far. If you just want to add or alter text the interface is reasonably simple while retaining the power to change mostly anything in the document, and in my experience it’s well supported and easy to set up on Linux, Windows, and Mac.
I've used LibreOffice Draw for this with fairly good results just inserting text boxes on top of the necessary fields. It's not the fastest, and probably is a bit overkill for the job, but it does work!
i just created an account for you :-)
save it as an PWA to your machine, if you have no internet it will cache the last version - so you will be able to go fully offline and not even need to fetch the dns queries
> You do not believe us?
We know that websites on the internet promise a lot of stuff. You can try our promise by yourself. Load the webpage, disable your internet connection and start editing PDFs. You are gonna be surprised.
The question is about being able to load in the first place. Can it be loaded in one machine, saved, and then opened in the browser of another machine?
Technically the app can cache files and phone home the next time we connect to internet i guess? Not aware of how WASM works.
Not paranoid but just want to know if this tool can be downloaded once and run from browser forever -- without having to disable internet.
Does it not generate any network traffic at all - zero - even when there is internet connectivity available? Whether to the home domain or otherwise? Even telemetry?
> Not paranoid but just want to know if this tool can be downloaded once and run from browser forever -- without having to disable internet.
You can turn off Internet for a single tab through Chrome's dev tools. F12, Network, change from "No throttling" to "Offline." Would be a bit annoying to do each time you use the app though.
Unfortunately not aware of a quick easy way to cut off Internet to a single tab in Firefox, but if you're fine temporarily killing Internet access to the entire browser (all tabs), you can do Alt > File > Work Offline. With the keyboard shortcuts (Alt > F > K) it's actually very fast to do.
It would be nice though if you opened a local .html file if it by default was cut off from accessing the Internet until it asked for and was granted permission by the user, much like GPS, webcam and mic use are. Would be much more convenient than the two options above (which require you to remember to do that each time you use the app.)
we do not use any telemtry on the site, not event google analytics
but i have to say that cloudflare reports us on page-hits, which is even included in the free version
EDIT: we also use google ads since a few hours, to cover hosting expenses (1 ad on the page, should be enough for this small site)
Can you please explain why? I care about privacy and security, and this trend seems like we're going backwards. If something needs network access, web apps make sense. But I liked offline tools better when we called them "programs". Web apps to me seem like they turn the web browser into an operating system. I already have an OS.
There are some advantages to using the web as a platform: it’s fully cross platform, completely sandboxed, easy to use, has good backwards compatibility so will likely work forever regardless of OS/browser updates, gives you good debugging tools, and means you can use it without saving it locally if you want
Depending on which OS system you use, your programs can connect to internet and leak your data. As far as I know, neither Windows nor macOS have any built in firewall for outgoing connections. For mac Little Snitch or Lulu are indispensable. A JS app running in the browser sometimes maybe even easier to monitor. You can at least, see the network traffic by the built in devtool.
The fact that you can have a wonderful signature stamp, but the only way to get the image into the system is to hold an image up to your webcam is insane to me.
I have a perfect png signature with transparency, but there's no way to import it.
The lack of a good PDF editor in Linux has always seemed strange to me, considering the relative frequency of "fiddle with a PDF" tasks like splicing pages and so on.
Sure you can do it with Pdftk (or stapler these days), and a mish-mash of pdfinfo, Imagemagick and so on but the GUI programs mostly seem pretty bad offerings considering they're a fairly thin shell around library operations.
You can add (“merge”), remove, delete pages, which is technically editing.
You can annotate the document by adding text, pictures, signatures, checkboxes as well as fill PDF form fields: unfortunately as you noticed you cannot “edit” existing text.
(I initially used the term annotator but it confused people so much that I changed it for edit and editor)
Adobes OCR can't handle a simple black-white tax document. To say nothing of OCRing scans. God help you if one text field wasn't recognized, because you sure as hell can't add the missing field.
And handy functions like "combine two PDF pages into one" (for example, combining front and back scan of something) are always easier to do by Googling than by using any software, even when you pay for it.
What do you mean it 'doesn't work'? I use Preview to delete pages, convert to black and white, annotate (redact, add signature, circle, highlight) on PDFs weekly.
Curious if you have some sample PDFs that are problematic. I'm not doubting you, it's just that I would love to forward them on the the team at Apple that maintain Preview so they can determine what the issue is and address it.
Since CoreGraphics on MacOS has fairly rich PDF support, Preview can do some degree of PDF manipulation: reorder pages, delete pages, insert pages, rotate, crop, annotate, etc.
I've been using pdfarranger for years without issue. It's even available in the Debian (and probably Ubuntu) repositories (sudo apt-get install pdfarranger)
IMO the reason PDF tools are bad on linux has a lot to do with history.
Per Wikipedia, PDF is a standard that was originally developed by Adobe. It was a proprietary standard for ~15 years before it became an open standard.
Nowadays, the relationship between Adobe and PDF is like Google and Chromium. Other PDF tools are playing catch up, but it’s en enormous amount of tedious work that mist would only do for a good paycheck, which is hard to find outside of Adobe.
I created a similar offline tool during covid because I didn't want to upload sensitive data to random servers, it's open source if that can be useful to someone else : https://timothebarbe.github.io/pdfModer (Im not a front end dev, the UI is not very good)
Or even fill the forms of the existing PDFs... I'm struggling with many PDF forms, usually from various government agencies. They all seem to require Adobe Reader and can't open them anywhere else. And the few that I can open and input the values have broken field calculation (for example they won't add values from field A and B into field C).
There also seems to be two ways to fill a field. I notice this when I fill fields on a PDF in Chrome and save it. And then open it in Preview.
Preview doesn't show the values I put into the fields in Chrome.
Also kinda unrelated but also worth mentioning, if you have a PDF document with a version less than 1.7, opening and reexporting or even reprinting it in Preview.app as PDF will not actually manage to get you a document that's PDF1.7 or above.
The issue that many people were raising is with regards to privacy (not saying your app infringes upon it in any way). If PWA deployment can ensure that the app truly stays offline, then that’s a good thing.
I personally like open source better, as it is easier to examine the inner workings of the app. It also helps tech-savvy users fix bugs and verify that it doesn’t do anything they don’t want it to do. Etc etc
Also, Electron apps can be sandboxed using Flatpaks for instance. Flatpaks aren’t perfect of course, but they do provide some guarantees. You can even use Flatpaks while keeping the source code closed.
Machine translations for Finnish seem to be quite shoddy. The rotate tool is called ”A PDF is spinning” etc. Even the language name is wrong in the language selector.
For anyone want to build a tool like this, you can try my WIP library here, it's based on Pdfium and Wasm, you can build a tool support editing and previewing with it.
"uses WebAssembly" - forgive me but what? How do I know my PDF isn't going to Russia? or China? I mean, I could wireshark it but I'd like to know more about what's in the webassembly. PDF's are sensitive to some organizations. As already stated, some orgs even block online pdf tools for obvious reasons.
I'm interested in this but I would be even more so if there was source so I can audit. Since it's running locally in my browser anyway.
always ironic when ppl say this on websites hosted in the us, a country with the most documented cases of governmental organisation backdooring/spying :/
> always ironic when ppl say this on websites hosted in the us, a country with the most documented cases of governmental organisation backdooring/spying :/
That is because other countries do not let you document/publish this information. :-)
> backdooring and censorship are two very different things
Parent poster talked about backdooring being documented in the US, not comparing the two in general. I posted links about non-US governments making it illegal to document the backdooring or other things the government may worry about an unpopular reaction to. The practice of the 1st amendment in the US offers very strong, but not absolute, protections against this.
> In its release, WikiLeaks said "Marble" was used to insert foreign language text into the malware to mask viruses, trojans and hacking attacks, making it more difficult for them to be tracked to the CIA and to cause forensic investigators to falsely attribute code to the wrong nation. The source code revealed that Marble had examples in Chinese, Russian, Korean, Arabic and Persian.
The government and media pretends that attribution is a slam-dunk when it virtually never is. On the other hand, there are big career benefits to discovering the next "Chinese" malware vs. stumbling upon some US/EU script kiddy nonsense that included Chinese characters as a prank/red herring. There is incentive to misattribute & sensationalize.
I would wager that ~100% of CIA/NSA malware (or any state actor, really) has a plausible red herring cover. It would be foolish not to.
i'm even less virtuous than russia or china, yet i can't spy on you
(once again, it's a combination of current technical capability, concentration of current and early important technologies being developed in your jurisdiction, concentration of current and popular technologies being developed in your jurisdiction, etc)
What does it even mean lol. I really like how you implied that it's a problem of WebAssembly.
How is checking a web page's network connection, WebAssembly or not, harder than reading ALL the source code (if you don't read them all you can't be sure!) of a non-trivial app?
I was expecting something along the lines of pdf.js or something. WebAssembly was a shock, but I looked at the asm, saw golang, decompiled back to go and looked. all good. still... all it takes is an errant http.client call.
It's interesting that they don't just supply the source code. Are they hoping if there's enough interest then they can turn this into a service? This type of functionality is great but I don't like the black box approach.
Edit: After some consideration, maybe they're worried that someone else would create a service using their work.
Does anyone know of a good way to tile large PDFs (i.e. split a single PDF into smaller pages)? Adobe reader only allows you to do this when printing and you can't save the tiled PDF as its own file.
Some time ago I had success with https://github.com/rrthomas/pdfjam for that purpose under Linux. It used to be included in the standard Debian repositories but that no longer seems to be the case which might mean it is an unmaintained project that has build issues. Worth trying though, if it builds on a modern system.
It might also be worth trying if the PDF reader in a Chrome/Chromium can use its “pages per sheet” option when using a print-to-PDF driver (included by default with Windows these days IIRC, likely available as an option at least on other OSs). You may lose some fidelity on things like images this way, depending on the options selected in the print to PDF driver.
If you want to do multiple files you may want to burst them and recombine. If you are doing it for file size purposes there may be better options though, as I dont think there is any way to split in 500kB chunks for example.
acrobat does a ton of stuff. there are lots of tools that do some of the things it can do, but I don't you're going to find something that's a complete replacement for free
> "Keep your sensitive data to yourself. Wether you are modifying banking statements, prescription or other critical documents, we have no access to it."
> Source not available, no acknowledgement or explanation as to why
No, really, HTTP and SOCKS proxies cannot carry QUIC traffic, so browsers don't even try. They just send it right through.
If you block UDP, I guess I can still try DNS for exfil. HTTP proxies don't support DNS, and browsers need to be explicitly configured to proxy DNS through SOCKS, if the SOCKS proxy even supports it. Chances are, DNS exfil will work.
Now, if you were to do what I do to disable network access, then I'd have no chance: network namespace in a jail with zero network interfaces (not even loopback).
I'm going to need a bug tracker link for that, it seems to dumb to be true. Surely they would just not use HTTP/3 if they can't do it through the configured proxy. I wouldn't bet my life on it though, I have seen dumber bugs.
edit: tested this the old-fashioned way with Firefox 116.0.3 on Ubuntu and nginx 1.25.1. Firefox does connect over HTTP 3 and CORRECTLY DOESN'T CONNECT AT ALL with a (bad) proxy configured. You are spreading FUD.
My Chrome 115.0.5790.170 doesn't seem to use HTTP 3 at all.
> Surely they would just not use HTTP/3 if they can't do it through the configured proxy.
That's what I thought, at first. But, back when Chrome introduced QUIC, this was a known phenomenon in proxy-restricted but not-UDP restricted setups. I doubt I'd be able to find a bug report for it, given Google's nature, but there's a few reports[1][2][3] by proxy vendors asking for QUIC to be disabled or traffic will go through, even when Chrome is configured to use a proxy.
And here's[4] a user report with the same observation, with Chrome connecting directly to its mothership without going through the configured proxy. The user reports successful blocking upon disabling QUIC
I assure you, I had no such intention. I was just reporting from memory, of years ago, back when I was in college and had to deal with a proxy-restricted network, and QUIC was being rolled out.
> My Chrome 115.0.5790.170 doesn't seem to use HTTP 3 at all.
Maybe your Chrome has HTTP/3 blocked for some reason. Or, more likely, Chrome supports a different draft of the HTTP/3 spec than the server you're testing against. It has a history of doing that too.
Your links point to people and services using intercepting proxies, not configuring one in their browsers. Techniques intercepting TCP traffic and redirecting it to a proxy will not work when the traffic is UDP. This is not a browser issue.
In this thread we were talking about the user willingly configuring a proxy in the browser or OS.
> Your links point to people and services using intercepting proxies, not configuring one in their browsers.
Sorry, I didn't look too closely through any of those links, because I never used those specific products myself.
But I do clearly remember this being an issue for me back in the day. So I dug further. You'll be happy to see this bug report[1] and this commit[2]. Note these words from a Chromium dev: "This code was written when we discovered a problem with QUIC bypassing proxies."
Thanks! This is scary, however you'll agree that a bug on Chrome closed 6 years ago is a far cry from your claim that "HTTP and SOCKS proxies cannot carry QUIC traffic, so browsers don't even try. They just send it right through" present tense. Still thank you for finding this reference, it is a sign that setting a proxy in your system is not as secure as a firewall/netns.
Yeah, I agree. I should've checked the validity before posting it, instead of just going by memory from years ago.
> ... finding this reference ...
It was a lot more effort than I'd have liked to put into my original comment, but hey, I was ticked off by your accusation of spreading FUD. Also didn't help that search engines today aren't what they used to be.
Does this absolutely prevent a page from saving information, eg local stiarge, and later transmitting it when you either visit the site or a Web page where it is iframed?
1. starts by suggesting devTools, which is simple, elegant, and wrong.
2. improves by suggesting the "Work Offline" menu option of the File menu, which is hidden by default on both Windows and Linux, and also wrong.
3. improves to a state of minimal functionality with implicitly ordered steps to use Private Browsing, Offline Mode, and confidential file "upload." And, I guess, always remembering to close all private browsing windows upon completion?
I'll rankly speculate f this ever caught on, 25% of users will forget to check offline mode until after they have finished editing their confidential document, 40% will leave a stray Private Browsing window open at all times, 10% will accidentally continue doing all their browsing in the same Private Browsing window, and 1% will somehow paste their private GPG keys in the query string of the URL.
Not just browsers. (Other) Native apps have the same problem. For some reason we have elaborate permissions for all sorts of things but nothing remotely user friendly for various kinds of network activity.
Little Snitch and Lulu on Mac are reasonably user friendly. I am pretty sure there are equivalents on Linux, though not entirely certain about Windows.
Having to find and install separate firewall software is exactly what I mean by not remotely user friendly, regardless of how relatively user friendly any particular firewall may be.
Why can I not simply disable network access in the app settings? Why am I not being asked to grant this permission just like I'm asked to grant access to my photos?
Permissions systems on desktop platforms are mostly useless for regular users and only somewhat less useless on mobile.
Honest question: how are you monetizing? I don’t see a single ad on the website, but I have not tried to use it to edit any document. Are they being injected at the time of edit?
If it's on a hosted website, then it's cross platform + no download / install process + everywhere always available when you have internet + easy sharable
can also +1 pdf24. I use it near daily at my job to merge and embed fonts on pdf files at work. also supports OCR etc, which isn't fast but works just fine.
I've found that "PDF-XChange Editor" does everything i wanted for free. At least in the version I nabbed a few years ago, not sure if they have removed options from the free version since.
Reordering pages, splitting, joining all worked in the free version, and it's not bloated. Windows only though. I think they might watermark the output when using the Save option directly, but you can get round that using Print to PDF.
Their site looks a bit "scammy", but it's actually decent software.
The question of why they would use ads is answered literally in the statement about it. You can disagree with it, but it is already explained and isn't a surprising answer.
