Hacker News new | past | comments | ask | show | jobs | submit login
Manafort Left an Incriminating Paper Trail Converting PDFs to Word (slate.com)
334 points by ronwen on Feb 23, 2018 | hide | past | web | favorite | 224 comments

Semi-related tip: I despise protected pdfs with a passion. Especially when you download a datasheet and you can't add annotations or highlights to it. So, how to remove this protection? One way is to print to postscript and convert back to pdf, but then you can't copy text from it.

Here's how (on windows): download qpdf (http://qpdf.sourceforge.net/) and run

     qpdf.exe -decrypt encrypted.pdf woho.pdf
I made a small batchfile since I never remembered that syntax,

    # usage:
    #    decrypt.sh mypdf.pdf
    # the decrypted file will be named mypdf.pdf, while the old encrypted is now mypdf.pdf-encrypted.pdf
    echo pdf to de-secure: $1
    read -n 1 -s -p "Press any key to continue"
    mv "$1" "$1"-encrypted.pdf
    qpdf.exe -decrypt "$1-encrypted.pdf" "$1"
    echo encrypted file is now named: $1-encrypted.pdf
    echo decrypted file is: $1

> I despise protected pdfs with a passion

When I want to "protect" a PDF, I print it as a TIFF and then PDF that document. It's less "protecting" than "making it difficult to alter or copy-paste from," but it works. (Also good for ensuring your redaction blobs can't be moved.)

Why use TIFF? It supports layers, so I'm not sure it'd guarantee that redaction blobs are effective.

Only way to be sure is to print with redaction blobs and then scan back into PDF.

Out of curiosity, why would you ever need/want to do that?

Put that in AWS Lambda and charge $1 each. Boom, Saas-retirement-fund.

Open in Chrome and print the PDF as PDF; also removes any editing restrictions while maintaining ability to select text.

$1 is going to struggle to beat free:


I always find it hard to trust free. Even with T&Cs/ToS/Privacy, if I'm not paying for it, I feel that its all lies. Combine that with a site that looks like that, and I'm assuming my PDF will have a virus attached to it.

Sure, but you're thinking about that kind of stuff even slightly, you're not going to be uploading your documents anywhere. I suspect the Venn diagram overlap between "thinks about online security" and "uploads documents to random web sites, even if they cost money" is small.

If it's anything I need to care about privacy with, I'm not uploading it to someone else's server even if I pay for it, I'm doing it locally.

But if it's say, as a friend recently experienced, a handout from a teacher in Corel Draw format, you bet your ass I'm uploading it to whatever the top google result for "convert corel draw to pdf online" is.

I don't pay anything to use HackerNews. How much do you pay?

If time is still money ... way too much!

That is a completely different beast. I was talking specifically about uploading and downloading files I intend to open.

Just make the UX really great. And be sure to have a really complicated-but-looking-nice UI for downgrading, and people will blog about it.

> One way is to print to postscript and convert back to pdf, but then you can't copy text from it.

If you use the following GhostScript command it's still possible to select the text in the unprotected PDF.

    "%ProgramFiles%\gs\gs9.22\bin\gswin64c.exe" -dSAFER -dBATCH -dNOPAUSE -sDEVICE=pdfwrite -sFONTPATH=%windir%/fonts;xfonts;. -sPDFPassword= -dPDFSETTINGS=/prepress -dPassThroughJPEGImages=true -sOutputFile=Unprotected.pdf Protected.pdf

It's funny how this isn't even about encrypted pdfs but plain ones.

They are actually encrypted, but with an empty string as the (read) password.

Since this is a common 'technique' to 'protect' PDF documents, as some PDF viewers (such as Adobe reader) won't allow selecting text on these 'protected' PDF's. It's so common that most PDF tools assume an empty string if no password is explicitly supplied.

Source: I run a SaaS that converts PDF invoices to structured data, so I've examined quite a few PDF files the last couple of years.

Also, the current PDF permissions model is comically obtuse IMO. Acrobat doesn't even expose the permissions bits directly, rather each permission exposed in Adobe's UI represents various permutations of those permissions bits rather than a 1:1 mapping. It has to, because the design of that bitfield is nuts.

The semantics of the bits are described in ways that are very open to interpretation, and can be used to specify combinations of permissions that just don't make sense (example: allow content extraction for copy/paste, but don't allow content extraction for accessibility purposes, like screen readers for the blind). I suspect there are no two PDF parsers that handle that bitfield in the same way, and that it may not even be possible to implement support for it without baking in contradictions and unexpected behaviors (from a user's perspective at least). I'd be surprised if even Adobe's implementation handled it in its entirety.

If you're on a Mac, just open the PDF in Preview and then Save As to a different file name. This gives you a PDF visually identical to the original (with TOC, selectable text, etc) but with no protection.

Preview is the unsung hero of macOS. It does so much that Adobe Reader charges for: signatures, annotations, page rearrangement, plus it has the added bonus of being able to open obj and stl files.

It doesn’t do actual (cryptographic) signatures that Adobe charges for. It only does pretty pictures of handwritten signatures as an inserted object, a trivially falsifiable things.

That’s true, although you might want to use something like docusign for that.

Isn't this ultimately what Dmitry Sklyarov got busted for?

On a Mac I think printing to the built in PDF saver might work?

Didn't work for me. But easy to remove with ghostscript https://www.cyberciti.biz/faq/removing-password-from-pdf-on-... (bottom of article)

Yes, or universally just open the pdf in Chrome, print, choose to save as pdf.

Windows also has this now: "Microsoft print to PDF". Might be only Windows 10, not sure.

I've used the Windows XPS printer as well.

Windows 8 and plus

Yes this works

There are certain things I cannot believe are still this difficult with as advanced as user-friendly technology is: sending files to someone else, and converting documents.

Sending files to someone else is a problem with a ton of solutions, some of them better than others, but none of them actually solving the problem. Email often has size limits and spam filters block certain attachments. Dropbox is often restricted at most workplaces, and not everyone uses it. It also has size restrictions. USB is the most reliable, but then you get into the whole "it's NTFS formatted which doesn't work on my Linux machine" or it's HFS and I need to use it on Windows" nonsense, plus sending it longer distances takes days through the mail.

But converting documents... guys it's just electricity running through fancy sand. It shouldn't be that hard. I work on software where I'm often connected to a jump server without Office installed on it, and the software expects me to open a spreadsheet for troubleshooting. I was doing some audio recording recently and the hoops I had to jump through to save it as MP3 weren't insurmountable, but still pretty annoying.

And don't get me started on the Office 2003 spreadsheet that makes me boot up my Windows XP VM to open because the macros won't work on Office 2017. Or when I need to use Visio but there's no Mac version so I have to open my VM too.

And the web just makes it worse... no more software incompatibilities because when software isn't supported anymore, we just shut the servers down and everything is gone forever.

Actually, converting PDF to a file format is very non-trivial. The problem is that the PDF typically retains none of the semantic structure of the original file. Yes, I know there are converters to Word, none of which are perfect, but in each case the people who wrote the converters had to do a lot of work. PDF is all about geometry. So even the characters in a word do not have to be together in the PDF content stream. (I worked extensively on semantic reconstruction of PDF documents before I retired.)

I wish more PDF creation softwares would allow to embed the original document within, like how LibreOffice does it.

Document incompatibility is an entire industry. If you could convert Office documents easily, you wouldn't need so many office licenses.

For sending files, Firefox Send is pretty cool and straightforward. The files are sent P2P and are E2E encrypted. I'm not sure why Mozilla hasn't added a bookmark for it in Firefox yet.


They push Pocket more than Send, it seems, and as far as I know Send is actually built by Mozilla, and Pocket isn't. (Someone correct me if I'm wrong).

Both are built and run by Mozilla. (Pocket started out as a separate company, but then the whole company was bought by Mozilla). That said, Send is the right thing to use here, not Pocket.

>The files are sent P2P

afaik they're uploaded to s3, not sent p2p.

Correct. Though they are client side encrypted and the key is never sent anywhere.

Signal is also an excellent p2p e2e encrypted file sharing service.

Tox. A proper p2p messaging tool.

IIRC Signal needs phone numbers.

So Mr Manafort should chose Tox over Signal in any future crimes.

What's up with reading Visio documents on OSX anyway? Why should that be so hard? What business decision drove not supplying Visio with the Office stuff on Mac anyway? They give you Excel, Word, OneNote, PPT etc but not that.

Visio was a separate product by a separate company until well after Office was established. Then MS bought it and (sorta) integrated it into the Office suite. I'm betting that Visio is still very different under the hood compared to the rest of Office.

Keybase has a pretty great solution for this. They allow you to upload files sent to anyone based on a popular public account name, so freehunter@hackernews for example. Then once that user makes a keybase account, they can access any files attached to accounts they link to their keybase.

https://keybase.io/docs/kbfs has more info

Nixon was caught because he taped himself obstructing justice. Manafort was caught because he emailed incriminating documents in the clear. How the hell are we going to catch criminals who somehow avoid doing monumentally stupid things?

Different context but Buffett's quote “If a cop follows you for 500 miles, you’re going to get a ticket,” applies here. If you are a criminal you don't violate only one law. You tend to violate multiple laws and at some point you are going to be sloppy.

And just to be overly clear, the quote does not generalize to: "If the FBI watches you for 500 days, you're going to get charged with money laundering and conspiracy to defraud the United States".

If the FBI watches you for 500 days, they will either find something to charge you with, or they will entrap you into doing something they can charge you with, because their budget does not include as much money for "pointless investigations of innocent people" as it does for "nailing guilty-looking people to the wall, and making the agency look good in the press".

Generally speaking, the "trap" they use is to provoke you into lying to them, because lying to them is a felony (Title 18, United States Code, Section 1001). [1]

[1] https://reason.com/archives/2018/02/08/donald-trump-shouldnt...

-- edit - I realized the URL might make it look like a slanted political article, but it's more about the law than it is about politics. The article author is the same guy that runs the Popehat website.

They will also charge you with a felony if you accidentally lie to them. If you tell them "good morning" as a greeting, and the weather is actually a bit lousy outside, they could charge you.

You really need professional coaching in order to talk to them. You'll have to program yourself to say things like "in my opinion..." or "in my memory of that event..." or "hypothetically, if..."

It's really counterproductive. Because any conceivable response could incriminate the respondent, the interviewee can plead the 5th to anything they are asked, including "is water wet?"

Buffet's quote applies to non-criminals as well.

More in the US than elsewhere. In Germany, you obey the speed limit, and only rubes pass on the right. In the US, everyone drives 9 mph above the posted limit if they're being careful, and people pass on the right willy-nilly, regardless of what local laws say. But if the police really want to enforce that on you, they can.

There are tons of "blue laws" in the US, some from over a hundred years back. Sometimes the police decide to enforce those. One such occasion precipitated the landmark Supreme Court case Lawrence vs. Texas.


It's kind of strange. In the U.S., people get angry if they get a speeding ticket for going 12 miles over the speed limit (see any conversation about speed cameras). There doesn't seem to be any push back against having speed limits; rather, it seems like most people think we should have them and then ignore them.

That has varied. The speed limit commonly got set to 50/55 mph due to the National Maximum Speed Law in 1974 [1]. It ended up being a giant government shit show that resulted in an estimated < 1% gasoline savings. There was a lot of push to repeal that over time, which worked.

Typically you'll see 70 or 75 on US highways now. To go much higher, the US is going to have to up its road construction & maintenance game, as the German autobahn is maintained at considerably higher quality.

[1] https://en.wikipedia.org/wiki/National_Maximum_Speed_Law

Speed limits are to tax tourists and provide an excuse to harass blacks. /s

I'll stop passing people in the right lane when they stop cruising at 5 below the speed limit (or more frequently: fluctuating their speed from +10 to -10 of the limit randomly) in the passing lane.

If you are going the same speed as the person to your right, you are in the wrong lane.

People just have no clue. The number of times I've seen some overloaded U-Haul lumber over to the left lane and just sit there as it struggles to get up hills is supremely aggravating.

I don't like passing on the right and will avoid it when I can, but I also don't like being in a traffic clump and will always look for ways to escape it or avoid getting trapped in it. If I have to pass you on the right to avoid getting pincered by the clump of traffic coming up behind me, I will.

> In Germany, you obey the speed limit

German living in Germany here: er, no. Typical is slighly more than +10%. If you keep to the speed limit, people behind you will get upset.

Foreigner visiting Germany here: I ALWAYS try to keep to speed limit, sometimes 10% slower. You have well hidden radars and you can't use radar-finding apps (forbidden by law). Last time I was driving not strictly I had two photos in 15 minutes. If this makes you upset, drop the radars, I will happily drive 10% faster.

I was being descriptive, not prescriptive. Please obey the speed limits.

Germans were kind of late to the whole RADAR party in recent history (1940s). So now they are perhaps overcompensating a bit.

German living in Germany here: er, no. Typical is slighly more than +10%. If you keep to the speed limit, people behind you will get upset.

My one trip to Germany was in Stuttgart in the early 2000's, and it was my German coworkers who made that observation. The car ride I took seemed to corroborate it.

Has it always been that way, or has it changed over time?

It's been that way for as long as I can remember, certainly since before I started driving myself in '87.

People pass on the right because people block the passing lane. It shouldn’t be possible in most cases to pass on the right.

Rant: I see this in the Bay Area all the time. On many freeways, the fast lane is also the carpool/HOV lane, at least during high-traffic times. The idea is that the government wants to encourage carpooling and/or low-emissions vehicles, therefore restricting the fast lane to such people would encourage such things.

But I often see people get in the fast lane not because they want to go faster than the adjacent lane, but rather because they have more than one person in the car and they just feel entitled to use the fast lane regardless of how fast they want to drive. Like, they don't understand the concept of lanes being related to speed, and are just thinking, "hey I'm a carpool, I get to drive in the carpool lane!" or something.

I've seen people in 20-year-old Chrysler minivans packed full of kids go all the way over to the fast lane and proceed to drive 10 under the speed limit, followed by a parade of cars passing them on the right because WTF. I can only assume that they literally don't understand that if the other people in their lane are going faster than they are, they're supposed to move over to a slower lane. Or they just don't think about it at all. I have no idea.

It's illegal in Colorado to use the left lane without passing. For a while, the cops were actually enforcing this and it was a joy to drive in Colorado. But for about the past year, the cops seem to have stopped enforcing it and the left lane hogs have returned.

Per the CHP, there is no concept of a "fast lane" or a "passing lane" on a freeway. While it is customary and polite for slower cars to drive on the right, they're not required to do so.

It varies from state to state. Some states prohibit passing on the right. Some don't. In Ohio in the late 90's, the law was that anything which you could drive on was a lane. I was slowing down in the right lane and signalling a right turn into a parking lot, right when the young lady behind me decided to drive over the empty parking spaces on the right-hand side and pass me. There was a fender-bender. The policeman summarily ruled it was my fault, because according to the law in Ohio, I was responsible for looking out for someone passing me in the "lane" comprised of the empty parking spaces. I think California Law is different, so people can have bike lanes.

Understood, I know the legalities vary from state to state. I was ranting about it purely based on etiquette. I’ve lived all over the US, and every area seemed to have a distinct traffic personality. I expected Bay Area traffic to be either very aggressive or very polite, but was surprised to find it best characterized as extreme rudeness via profound levels of incompetence and/or obliviousness to other drivers.

You've never seen someone pass a stopped school bus on the shoulder?

No, wouldn’t surprise me if people did. Clearly not what I was talking about. I’ve watched a car attempt to pass on the shoulder because two jackhats were driving side-by-side on a two lane highway going 10 under they lost control and nearly hit me. I was pissed at the driver attempting the stupid maneuver and the one blocking the left lane for miles on end.

Thankfully I haven't, but I fully believe that people can be dumb or dickish enough to do that.

I saw that in the US once, as well as someone cutting off a funeral procession. In the latter case a cop almost instantly pulled them over, fortunately.

Leave a small town downtown at 1 or 2 am (whatever is around the bars' closing time) with a light out -- even just a license plate light?

You may get pulled over. If you're cool about it and appear sober, you may just get a warning.

If things look more askance, you'll be put through sobriety tests.

Hell, I would get this outside SF when I was young and dumb enough to work stupid hours, and would occasionally be driving (well, speeding) home from the office around bar closing time. After a quick "follow my finger with your eyes" test, they'd let me go with a warning.

"The average professional in this country wakes up in the morning, goes to work, comes home, eats dinner, and then goes to sleep, unaware that he or she has likely committed several federal crimes that day. Why?"

Three Felonies a Day


So I read the book, and discovered the author was full of SSSS. You have to stretch the definitions of criminal acts beyond their breaking points just to establish (local) infractions, and even violating federal regulations (which aren't criminal statutes) is something people rarely do--maybe 1x or 2x a year, usually with regards to their tax return).

Harvey Silverglate's claims are like the Hot Coffee case. It makes for a good sound byte but when you actually look into the details the truth is the exact opposite of what was claimed.

I heard about this several years ago. I've spent much time thinking about it since and I don't have a clue how we could go about fixing this.

It seems to me that concentrated benefits and diffuse costs seems to skew US laws towards, say, tyranny. We just don't realize it until it's prosecuted like we are conditioned to think tyranny presents itself. I imagine there are plenty of people in the US that already feel it as if living under the US legal system is already tyranny.

BTW - is "tyranny" even the right word for this? I feel like when federal prosecutors only have to actually present their case in 2% of charges to juries by using/abusing the plea bargain system to scare the defendant into submission with a ridiculous opening bid, it feels like something odious.

One might also argue that if you notice the cop following you and continue driving another 490 miles, you will deserve that ticket. And maybe an award for fuel economy.

A friend of mine once spotted a policeman down the road, turning on his lights. Since he was on a limited-access highway, he decided to pull over very quickly and just wait the policeman out. (They were on opposite shoulders, and the left shoulder didn't extend back to where my friend was.) The policeman got out of his car and ordered him to proceed with hand gestures. My friend decided he could be in worse trouble if he didn't.

(Yes, it was really my friend and not me.)

My story of weird police interaction:

My wife was driving my pickup on the freeway late at night; I'm in the passenger seat dozing, sleeping off a party we went to.

Anyhow, she's pulling over and I see the red and blues flashing around us, and I'm wondering what's going on. She's asking me where I keep my registration. We stop, and the cop stops behind us.

Then a second pulls in behind him. I'm sitting there wondering WTF because the worst thing I can think is wrong is a burned out tail light...

Cops come up on both sides; we roll down our windows, cops shine flashlights around within the vehicle - my head is pounding, thanks guy...

Cop asks my wife: "Why did you pull over?"

My wife replies: "Because you had your lights on, blipped the siren, and pulled us over...?"

Cop then says: "...Go on, get outta here."

We're both looking at each other like "WTF was that about?" - but my wife pulls out, gets up to speed, stays at the speed limit, then gets off at the nearest exit. We take surface streets home.

To this day, I have no idea what it was about.

Just a random guess, but they may have been hunting for a self-incriminating admission of drunk driving. I got pulled over for speeding once, and the first thing the cop asked was "Why do you think I pulled you over?". I shrugged, and said I had no idea. He claimed I was speeding, but let me off with a warning. In another instance where I got pulled over for speeding[1], the cop told me as much, but then asked how fast I thought I was going. I told him 65 (which was 10 over the limit of 55). He claimed that I was going 70 (15 over 55), but wrote me a ticket for 65 in a 60 zone (5 over, notice that he went with the speed that I claimed, but changed the speed limit in my favor). Apparently the fine varies based on the amount over the speed limit, so he basically gave me a lower fine. My hunch, is in both cases, they were just looking for admission of guilt.

[1] Just so people don't get the wrong idea, I am generally a very cautious driver, there were the only two speeding related encounters in 15+ years.

Never say a number. If you want to give the option to the cop to give you a ticket with a lower fine attached, just say "my speedometer said I was okay." And that will probably result in a citation for an equipment violation instead of for speeding.

You can't say "I don't know," either, because that sets you up for some variation on negligent driving.

The safest response for the court record is "I don't answer questions without legal counsel present," but that is likely to provoke the cop into ensuring that there will be a court record.

> "Why do you think I pulled you over?"

That's pretty standard; nearly every traffic stop I've witnessed or heard about contains that line.

I believe they do it because -- assuming you give a truthful/correct answer -- it makes it less likely you'll contest the ticket, and if you do, they can tell the judge, "when I asked why they thought I'd pulled them over, they told me it was because they were speeding". If you admit to the infraction, you don't really have much of a leg to stand on in court.

And the de jure standard answer is "because you had a reasonable suspicion I was committing a crime," or "I don't answer questions without legal counsel present."

Of course, since many cops will retaliate against smartasses, the de facto standard answer is "I don't know. Why did you pull me over?" This is always truthful, correct, and non-incriminating, because you can't be expected to read the cop's mind.

Yep, totally. I usually use the wording "I'm not sure", or, better, "I can't be sure", since "I don't know" is often not entirely truthful.

If I had to guess, driving slow. Her pulling over instead of speeding up was smart, but mildly suspicious to a cop without an active call.

With the fuel economy of your average police cruiser taken into account the award should probably go to the police officer.

yes, that was the original point that was being made by Buffett.

well, i don't know the context of buffett's quote, what he meant, but i can say with confidence that in the US, even the most upstanding citizen breaks several laws per day.

speed limits, imperfect stops, improper turns from a stop, unsafe lane change, following too closely, breaking too fast...

The problem with a lot of these is the definitions contain imprecise terms subject to an officers whims of interpretation.

And that's just driving. Many laws are just ridiculous and you don't even know they exist to avoid breaking them.

Google "never talk to cops" for an interesting video from a law prof and a cop.

Most of what you described aren't laws...they're regulations. I know that's nitpicking, but if you're going to make a claim about precision you should be precise about what is really happening.

I think a significant part of it is that, at least in the US, it takes a loosey-goosey though-process to follow Manafort's path.

To have the analytical bent to think through all the risks you're exposed to in your criminal financial dealings and to take steps to reduce those risks probably also means you're able to realize (1) you can only reduce the risks so much so that a substantial possibility that you'll lose everything continues to exist; and (2) there are a lot of not-unambiguously-illegal ways to make money and acquire power capitalizing on your excellent analytical abilities.

I think this is right. This is just one instance of a whole trove of risks one has to expose themselves to.

I suppose we currently are not and don't? I think a big aspect of this is that everyone makes mistakes and with an increasingly interconnected, complicated, and honestly insecure digital world those mistakes are just going to be amplified.

That's why white collar crime is so difficult to prosecute. And it's why prosecutor's rely so much on getting low level people to turn on high level people.

I think that has a lot more to do with prosecutors never going after executive because they are buddy-buddy.

Martin Shkreli is a perfect example of a CEO that can get canned when it is decided he should be.

Reading the book, "The Chicken Shit Club", it's a combination of the prosecutors being buddy buddy with the big defense lawyer firms (someone who has a reputation for going after white collar crime and being aggressive about it might not get a job with the big defense firms after their time in the DOJ or SEC or what have you), and Congress being buddy buddy with the execs and getting upset when the DOJ does their job.

exactly the book I was thinking of when writing my comment! (:

While that book was really well written, it made me incredibly angry. The fact that I read it mostly in pubs didn't help matters.

I think the problem is not as big because you don't need to have those people do monumentally stupid things all the time. It's sufficient if they do it every so often.

And unless someone is an incredibly paranoid person which has the privacy routines ingrained in their DNA, everyone does make stupid mistakes every once in a while.

Dread Pirate Roberts is a good example of 99.9% doing a good job of hiding his identity but one f*up at the very beginning before he was serious undermined everything afterwards.


Giving your personal email away if a MONUMENTAL screw up.

Also if you're so protective and perfectionist you're not going to actually go through with anything, especially something as risky as fraud. And honestly, when you need something to just work and work right now, you're willing to cut quite some slack with your procedures, which are not designed for emergencies.

Everybody's stupid sometimes, and it only takes once to do you in.

Mostly true. Hans Reiser and Ross Ulbricht were smart folks who got caught nonetheless.

But not always true. No one's figured out Satoshi Nakamoto yet.

Reiser: murderer, Ulbricht: drug dealer, would be (indirect) murderer. For completeness sake we could add mr. Madsen but his case hasn't gone through yet though I think he will come out as guilty as they come for now we are required to give him the benefit of the doubt. Nakamoto - if he even is an individual - has not been charged with any crimes.

Where’s the indictment and warrant for Satoshi Nakamoto? Who is even looking for him/her other than armchair internet slueths?

May be he is not indicted but he is sitting over quite a bit of virtual cash so I bet there is a lot o criminals that would like to have a chat with him.

Nakamoto is also not a criminal, so there's less will to uncover their identity.

But yes, you're correct it's not a forever and always thing.

And less ability. Private citizens don't have the ability to subpoena records.

The common trait of those two is not smarts but that they were each much less smart than they thought they were.

Didn't they find a "how to get away with murder" book in Reiser's car?

And 'ol Ross had a whole journal of his illegal activity sitting right on his hard drive.

Didn't they find a "how to get away with murder" book in Reiser's car?

They did and the bananas thing is he also very nearly did get away with it anyway - a plea deal under which he could have walked away with time served + a few months was available to him. Fortunately, his own hubris got him 15 to life.

> No one's figured out Satoshi Nakamoto yet.

Just because nobody has published it?

"No one's figured out Satoshi Nakamoto yet."

Is that a fact?

To be fair, a lot of crimes essentially boil down to doing one monumentally stupid thing. So if you don't do the stupid thing, you aren't criminal.

Well, that's one piece of information the investigators got somehow, but we don't know where the evidence started (I hope we find out if it goes to trial). Anti-money laundering laws and foreign bank account reporting requirements must be a big help for the feds to notice things and provide a basis to subpoena records for further investigation. Those laws seem to be ratcheting up lately.

I guess hoping that someone who works for them does something monumentally stupid just once and can be flipped.

What, the spending at $25,000 at Duane Reade (NYC-area drugstore) wasn't a dead giveaway of money laundering?

https://www.buzzfeed.com/jasonleopold/manafort-under-scrutin... (bottom)

The entire inventory of the store is barely worth 25K, I assume he must have been loading up on gift cards a la Mexican drug lords (http://am.blogs.cnn.com/2009/06/10/drug-lords-using-gift-car...).

Or he had some really expensive meds and bad insurance. That's pretty unlikely though.


$21,300 for his meds. The remaining ~4,000 maybe just fell out of his wallet.


For people thinking that he should have known better on a technical basis, maybe but remember that during the time in question he was a 64-68 year old man (= graduated college around the time Unix was being rewritten in C) who's never worked in a technical field. By the time most of these capabilities existed Manafort had been management/executive for years or decades.

That's not to say that he couldn't have learned were he interested, but his daily life had very little intersection with this kind of thing until he spiraled into a hole of debt, at which point "do I trust this person" ranked a lot higher than "how are this person's technical skills?"

Not sending a written paper trail should be covered in Criminal Surivial Strategies 101. Whether it's telegraph, snail mail, email or WhatsApp, this is just sloppy criminal work. For example Steven Cohen avoided an insider trading conviction by making sure nothing bad ever had his name on it. If you needed to discuss something secret, you talked to him in person.

Background: https://www.google.com/amp/s/amp.ft.com/content/efda2ca2-ec6...

Even though Manafort was associated with foreign government figures it took being associated with the U.S President to be investigated. It didn't matter before... having a paper trail was ok, no one cared.

It's likely people such as that don't even realize they are creating a paper trail.

"Paper trail? There was no paper! How could there be a trail!?"

E-mail especially is very easy to discover.

The "e" in "e-mail" stands for "evidence." :)

Link is dead for non FT subscribers.

(Or at least for those who the FT thinks would pay for a subscription)

He was working with first tier Russian oligarchs who hold a lot of his debt. They could have readily afforded to provide him with a moonlighting troll bot coder to keep his tradecraft sharp.

Do you really need a technical background or some sort of college training to find the File > Save As > PDF option?

Using File -> Save As -> PDF requires several skills

Window management in Windows GUI:

1. Usage of File Menu and/or Ribbon Menu

2. Knowledge of Word's PDF integration

File System knowledge:

1. What a "file" is

2. What "file formats" are

3. What a PDF is

4. That a word document can be saved or printed as a PDF

Etc etc etc

I work with non-technical folks all the time and printing/saving as PDF comes up often.

Usually in most cases I can install a PDF printer and let them "print to PDF" and they can understand it, but before they know the process, they look at me like I'm speaking Latin when I try to describe what files are, what PDFs are, what conversion is, what the file menu is used for, etc.

You beat me to it.

HN readers who don't work with non-technical users may not realize just how lost and unable to explore many people are, particularly when they didn't grow up with computers. There's also a huge problem with "dialog blindness."

If you have an understanding of how "computers" (hardware, OS, apps, websites, doesn't matter it's all the same mystery box) work then you can explore with less fear. I deal with people in their 20s and 30s who don't grasp that a "scanner XYZ not found" error may mean that they should look for a way to select a scanner. Many of my older end users are clearly using a lot of software entirely by rote, though it's definitely not limited to them.

"Didn't grow up with computers" (have contact with computers during compulsory education) in the West is likely people over 50.

Can probably go to 55-58 for people who have degrees; ie people who used computers during Uni education.

If you're older you've probably had 20 years with computers in the workplace save for some niches, seems long enough to learn to use a simple point-click menu.

You're underestimating how much things have changed in the last 30-50 years. Manafort knows how to use common Office programs like Microsoft Word and Excel. There's a pretty good chance that he's even somewhat skilled (by his standards) with Excel or at least that he's experienced. He may have understood from reading about it in the past that document files can save a history of changes, and he knew to some extent the difference between a document and a PDF.

None of that means that he actually understands what is happening behind the scenes. Odds are good that his college exposure to computers was limited to Hollerith cards used for registration.

Put differently, Manafort is from the generation that indents in word processors by hitting space 4-5 times.

There's a great deal of assumptions in that comment.

How much of that is applicable in this case?

He knew enough to attach the file to an e-mail and send it to someone else asking for a PDF version. So the only piece of missing knowledge here appears to be finding the option in word's menus.

Does word have save as PDF option if you haven't bought acrobat?

Haha.. I don't buy into it either. Something is fishy about the story, or maybe this is a secret plea deal with a behind the scenes type negotiation process to trick other conspirators into providing more evidence.

So, you’re saying this team of six government prosecutors signing the indictment, each of whom would be disbarred and prosecuted for knowingly lying to the court, are willing to take those risks for... what exactly? Getting a single conviction that won’t even get them a raise?

You don't buy that many people are quite bad with computers?

When it is your job to hide your financial activities, then no not really.

> When it is your job to hide your financial activities

"On February 11, 2011, another trader, Trader E, wrote to Trader C: 'shall we spoof.' Trader C responded: 'sure.'


Even the most minimalist 2018-era bank compliance program would at least teach traders not to use the word 'spoof' in a recorded electronic chat, but a decade ago our primitive forebears did not quite understand the problem."


Why can't people be bad at their jobs?

I'm having trouble buying any other explanation than, "This absurdly overcomplicated workflow introduced by conventional office software not designed to cover its tracks didn't cover its own tracks" as plausible.

You've never worked tech support, have you?

We all leave huge incriminating paper trails to some extent. This is why privacy is so important, because we’re all committing crimes in theory. That being said Manafort looks very very guilty and his crimes, which are financially based, I think are even more reprehensible in this era of global austerity and low economic growth.

Back to the privacy point, we are currently going through NIST 800-53 at work. We only need 800-171 but we thought the 800-53 standard would make us a better organization. So many things I didn’t think of. Do you have a micro-cut shredder first of all? Those Enron-esque cross-cut shredders don’t cut it anymore with open source machine learning that can easily reassemble those documents. Also, do you have an access code for your printer so the document only prints when he/she is up there, and doesn’t get left throughout the day in the tray for prying eyes? Also are your servers currently sitting in inventory up high on the shelves in case water gets into the building? So many things...

AmazonBasics 12-Sheet High-Security Micro-Cut Paper, CD, and Credit Card Shredder with Pullout Basket https://www.amazon.com/dp/B00D7H8XB6/ref=cm_sw_r_cp_api_zCfK...

Manaforts crimes are as bad as they are because he and his buddies were instrumental in destroying a country that was already fighting for its survival and many people have died and will continue to die as a result of this. If you compare the reaction to the VW scandal to what is happening here it is funny how the 'end result' is so much worse in the case of Manafort that it is a miracle he's just indicted for what are in essence financial issues.

The austerity and economic issues are very tiny part of the contrast here, the real damage is the instability in an already fragile region of the world and the machinations to act against the interests of almost all parties in the region except for the Russians.

Yes I see what you mean, and wow thanks for putting his crimes in a broader context.

It’s my hope that “financial crimes” are just going to be a convenient way to indict the many many people who have committed crimes like him.

Back in 2016, a weird / interesting / pretty smart idea in Clinton’s platform was to help the US deficit by only enforcing current tax laws. Lol that’s all it was, enforcing the laws that were already there to raise an additional 100 billion+ in revenue every year. It makes you think how many people are committing tax fraud at this very moment...

Matt Levine at Money Stuff has a recurring comment of (US) securities laws being the best tool currently available for what many people view as social issues.

https://www.bloomberg.com/view/articles/2016-01-25/climate-c... and the linked https://www.bloomberg.com/view/articles/2015-11-06/exxon-mig... are the examples I've found so far, but I remember him making the comment repeatedly.

How many of those tax laws were on the level of '3 felonies a day'? The US tax laws and their penalties can be pretty horrible, and you could possibly ruin a whole bunch of older middle class people who use something equivalent to turbotax badly.

>>It’s my hope that “financial crimes” are just going to be a convenient way to indict the many many people who have committed crimes like him.

They often are. Despite the many actually heinous crimes he committed, Al Capone was ultimately nailed for tax evasion.

> Those Enron-esque cross-cut shredders don’t cut it anymore with open source machine learning that can easily reassemble those documents.

That's interesting! When I googled for this, I found a few papers, but nothing like a git repository. Do you have more information?

I remember there was also a big effort to reassemble the shredded files by the German Stasi after the fall of the wall, both algorithmically and manually. Not sure if those efforts are ongoing, but it could be another avenue to explore if you are interested.

I recently read that the digital scanning of shredded Stasi documents ran into some technical trouble;


If not, this would make a great blog post idea.

No shredder can match the document-eradicating power of an incinerator.

Interestingly enough, many documents have been recovered from Pompeii.

Quick history refresher: Pompeii was an ancient Roman city-town near Naples. When Mount Vesuvius erupted in the year 79, Pompeii was covered in ~15 feet of lava and volcanic ash. One imagines that this was highly distressing to the residents of Pompeii, but none were available for comment as they were all busy being incinerated. I guess we'll never know how they really felt about it.

Then sometime in the 1900s a group of workers were excavating the area for a new project. They had been burning these odd little bits of coal they'd found. Imagine the horror when someone realized the "coal" was actually old manuscripts that had crumpled up into little balls of carbon due to the volcanic eruption. The workers had been burning priceless ancient Roman artifacts!

Researchers were able to mechanically separate some of the manuscripts, and with the aid of modern computer vision systems, we've been able to read some of them. It's quite an amazing story.

So I guess you probably want to spend the extra $20 and spring for the really good incinerator on Amazon. You don't want future historians literally digging through your incriminating financial documents.

During the Oakland Hills Fire[0] fragments of books and newspapers fell from the sky on us in Albany (north-east of Berkeley). Half- and quarter-pages.

[0] https://en.m.wikipedia.org/wiki/Oakland_firestorm_of_1991

It is incredibly easy to ensure that a controlled fire combusts all of its fuel completely. You just add excess oxygen to the combustion chamber.

Uncontrolled fires, and things burning under a blanket of ash, will not have sufficient oxygen in some places, will have CO as a reaction product instead of just CO2, and may leave unburnt carbon. Think about how charcoal is made--oxygen-free pyrolysis.

The waste product of a document incinerator is ash, water, and CO2. It is literally impossible to recover any information content from it.

I scoffed a bit at this part:

>Try it in Adobe Acrobat (via the “Save as Other” command under “File” on a Mac) and you’ll quickly be redirected to Adobe’s website and presented with a handful of subscription packages that will allow you to transform your documents. [...] Indeed, it’s probably a little safer, all things considered.

If I was doing shady stuff the last thing I'd want to do is send my incriminating documents to some 3rd party service. That being said I would also probably not send them over the clear in emails either.

It's pretty insane how cavalier people are with email security (or lack thereof). I can't imagine that they would be so lenient if they were sending each other the files over regular mail. I think most people simply don't realize how thoroughly unsecure stock email is, you're basically lending an open postcard over the internet and you can be sure that a bunch of copies are made along the way. It's pretty much the worst way to share sensitive documents online short of posting them on facebook.

It's actually much worse than sending incriminating documents through the mail, even printed brazenly on a postcard.

To capture incriminating physical mail, the authorities have to already be monitoring you at the time you send the documents. With email they are typically able to go back and capture emails from days, weeks, and years prior.

> It's actually much worse than sending incriminating documents through the mail, even printed brazenly on a postcard.

I know I'm nitpickig, but the USPS photographs of all pieces of mail and digitizes it. This information is considered metadata and is not protected against unwarranted searches, so postcards are much worse (for privacy), because even the small-town PD can get access to them without having to look for an "IT guy" to help. Email requires assistance from a TLA agency (or a search warrant served to the mail provider).

> the USPS photographs of all pieces of mail and digitizes it

Thanks, I had no idea.

While doing some genealogy recently I found that a distant ancestor had unclaimed mail in the post office shortly before he died.

I found it vaguely amusing to envision walking in and asking for it now, 125 years later; I guess some distant descendant of mine might be able to ask for a photo of mail I'd sent or received.

When I was involved with a contract negotiation, they emailed me a pdf offer with addresses, names and important numbers retracted with black and asked if these terms are OK with me and we can talk about the numbers.

I noticed that when I select a region of text with a mouse, the retracted' black text becomes white text over black background. It revealed name of our competitor, addressees and numbers in their offer, the whole retraction was just a typographic trick.

When in doubt, print -> scan -> convert to pdf.

I think you meant "redacted" vs "retracted". But yeah, there are a lot of stories out there of people assuming a black bar over black text is high security.

There was a document released by the State Dept at one point where the redactions were just black box over the text. You could just select, copy and paste to see it.

I compared documents and maybe not surprisingly, they seemed relatively minor points.

Hilarious those journalists

"I attempted to transform my Word draft of this blog post into a PDF. I confess that I did fumble a bit at first (it’s been a while), but I eventually managed to get the job done. According to my stopwatch, the full ordeal took me 42 seconds."

When the real problem ws turning a PDF into Word.

Not necessarily. There might not have been an obvious criminal action if Manafort just had someone else convert an existing P&L disclosure from PDF to Word. The real problem was asking someone to convert his fraudulent Word doc to PDF.

And since PDF is encapsulated PostScript, and PostScript is a Turing-complete language, this problem is actually uncomputable in general! I guess it can be done well enough in practice by pattern-matching — if the document came from Word originally, it's probably possible to reverse the process — but that is one converter I would certainly not want to have to write!

The complexity of many file formats is staggering and I try (usually with no success) to convince people to rely only on simpler formats that can be audited easily.

Another example: I seem to recall a case awhile back where Word change-tracking contained sensitive information even though “the document” didn’t seem to.

Sadly it used to be easy to rely on plain text implicitly but then we made Unicode so complicated that you have to be careful there too. Fingerprinting through zero-width sequences, etc. is essentially unnoticeable if you do not actively look for it.

They caught the BTK killer because law enforcement told him he would be anonymous if he simply sent them a word doc. https://en.wikipedia.org/wiki/Dennis_Rader

Word docs used to contain a UUID of the variety that included the MAC address of the machine that created, allow a doc to be traced back to the machine on which it was created.


Another life ruined by not knowing LaTeX

...and other criminal activity.

This is sort of an aside to the article; but it boggles my mind how many people in the business world view PDF's as secure, unalterable documents.

No, Manafort knew what he was doing here, and was doing it for technically sound (albeit legally fraudulent) reasons: Word documents, unlike PDFs[1], store editting history. Manafort knew this, and wanted to evade that tracking.

Where he fell down was in the actual conversion step, and in failing to realize that his email to Gates about the conversion were themselves a history of the edit. But his technical instincts were sound. If all Mueller had was that final PDF, he wouldn't have been able to detect the fraud (absent some other info, that is).

[1] Obviously "PDF" is a histoically complicated format and some versions have features that might allow tracking. But the PDF/A documents emitted by typical "export" tools are stateless representations of printed documents, AFAIK.

> Manafort knew what he was doing here

Word has a Document Inspector [1] that cleans up documents’ histories. He had it converted back to a PDF because that’s the format (a) the original document was in and (b) most bank documents are provided as.

[1] https://support.office.com/en-us/article/remove-hidden-data-...

PDF/A is not typically the standard choice for exporting tools, and it is certainly not a stateless representation of printed documents. PDFs, including PDF/A documents, can and do store extensive metadata, and can include attached files. PDF/A is intended for long-term archiving, not security.

Metadata can be removed, and PDF signing can cryptographically prove a file has not been edited or modified, but it is similarly not typically the standard choice for a conversion tool.

I don't think it's necessary to convert to PDF to remove this history (I believe just copying the content to a new document would be sufficient). However, if the recipient is expecting a PDF and gets a Word file, that's going to raise a red flag.

The better (technically, not legally) approach might be to directly edit the PDF, though I'm not sure what the tooling is like there.

Exactly. Conversion to PDF 'flattens' the document.

In what way do you mean flattened?

Authorship and metadata? No, that is often still present, and many tools will include author and software data by default.

Layers? No, PDFs can have extensive layers.

> In what way do you mean flattened?

Surely in the context of the episode we're talking about: the discovery of the $4M in fraudulent income claimed in the document. In the Word document, that edit would be discoverable. In PDF it is not.

You seem to be making an abstract argument about "PDF security" here. The point of the subthread is a practical point about whether Manafort was correctly generating a fraudulent document or whether he was being a technical rube. He was doing the fraud the right way.

I am trying to clear up what appear to be hugely misleading assumptions about how PDFs work.

Edit: and based on the information provided in these news reports, he was being a massive technology rube.

> I am trying to clear up what appear to be hugely misleading assumptions about how PDFs work.

I'm sure you are. But in the process you are spamming an only tangentially related subthread with the clear implication that PDFs store editting history in the way Word documents do (they don't). This is doing the opposite of what you want.

No one here is talking about "editing PDFs" or making PDFs "secure from editting", so your points are only confusing the matter.

>>In what way do you mean flattened?

The document becomes uneditable by most commonly used PDF readers (Adobe Reader DC, web browsers, etc.). You can still edit it, but changing the actual content becomes substantially more difficult.

Editing a PDF is relatively simple with the appropriate tools, and PDFs are not "flattened" by any of the typical definitions I am familiar with. Numerous PDF editors exist, and the standard is well documented (ISO 32000) and freely published online by Adobe. Signing a PDF is a more effective method to prevent tampering, as compared to relying on people only having PDF readers.

Could have saved a lot of trouble by buying Acrobat Pro.

If you have a track record on the span of decades of doing shady stuff, why would you associate yourself with a lightning rod of controversy? Why join any political campaign?

Manafort is not a smart man.

Money and a desire to get back to positions of influence, most likely. See this article for a lot of detail:


People need to read this if it's the one thing they read about this guy.

This is an example of bad technology failing its user.

These programs should protect user privacy by stripping identifying information by default, allowing the user the option to preserve it.

All technology should protect its users by default, otherwise everyone is at risk, not just the bad guys.

> This is an example of bad technology failing its user.

I don't think that's fair to say. You can literally import PDF files in Word via the most common File > Open dialog. [1] You can also save as PDF in Word via the File > Save As dialog. [2] These are not exactly some obscure hidden functions.


[1] https://support.office.com/en-us/article/edit-pdf-content-in...

[2] https://support.office.com/en-us/article/save-or-convert-to-...

You can also right click a pdf > Open with > Word.

But the default does not protect users. Putting the onus on users to protect themselves is the problem.

Actually that's one example where lack of privacy accidentally leads to a good outcome for society.

Also he was not failed by a piece of software. They recovered the document from his email. How would his email strip the document of identifying information?

Stringer Bell said it best: https://www.youtube.com/watch?v=pBdGOrcUEg8

FBI has virtually unlimited resources and they really want this guy. So, he only made it easier, no doubt they would have caught that even without the paper trail. FBI had access to his corp returns and to his loan application. Everything he has done is under the microscope and unless he can hand Trump on a silver plate, he's toast. He's almost 70 years old and you're talking about 20 years sentences.

When you deal with Russians crooks and people in those circles, you tend to lower your guard. You think you will not get caught "because in Ukraine they had money in suitcases," or through a gazillion shell companies. The funny thing is that he might have just gotten away, if he wasn't involved in the Trump campaign. Call it greed or money mismanagement, but knowing when to quit may mean life or death (kinda)

The other factor at play is presidential pardons.

Manafort pleading innocent could be a strategy to appear as the victim of the "deep state".

Not a lawyer, but IMO someone has to go to jail. All this money spent, the media and Mueller isn't going to end his career shooting blanks.

You can plead however you want to, but if the evidence is crystal clear, you're toast. Even if Trump pardons him, NY would step in http://thehill.com/homenews/state-watch/333370-ny-ag-investi... , apparently a lot of the laundering took place in NY (get paid in foreign bank from foreign sources; don't declare to IRS+State; pay suppliers and mortgages from that account directly, without declaring it. Millions and millions of it, not chump change)

Decisions, decisions. Give up Trump (if he is hiding something) and kinda go to witness protection because they'll get sued for decades or life in jail.

A minor point, but accepting a pardon carries a confession of guilt.

As an aside, Adobe Acrobat Pro's PDF-to-PPTX is a godsend if you're ever given a slide deck in PDF form that you need to update/remake to certain aesthetic standards (i.e. a partner/coworker sends you something you need to update to your company's standard formatting, for distribution to management, potential investors, etc.). Images become editable, backgrounds become editable shapes, and text boxes and even tables are preserved with remarkable accuracy. Extremely useful if you ever find yourself in such a situation.

The real lesson is: if you're going to do anything ilegal, don't discuss what you're doing on email. People so often forget that email is an official paper trail of everything you do.

As Olivia Nuzzi put it: "Dance Like No One is Watching; Email Like It May One Day Be Read Aloud in a Deposition"

All PDF to Word convertors I know are online services. Does that mean these people left copies of their documents on some servers? Those servers could also have timestamped logs of these people's access. If they were so careless with their own documents, if they altered more important ones, does that mean that there are now important documents stored somewhere in a random online pdf-word convertor?

You can actually convert pdf to word in word, it's pretty cool!

right, do people still use online tools these days?


The whole point of a PDF is that it's an artifact that isn't meant to be edited. You edit the source document that the PDF was generated from, then generate a new PDF from that. In this case, Manafort specifically couldn't do that because he was up to something shady. If people were using the electronic signatures properly, his modifications would've stuck out like a sore thumb.

Getting a clean conversion from PDF to some editable format is hard, at least without Microsoft tools. I've been trying to convert a PDF manual to something I can edit using Ubuntu. LibreOffice produces a Draw document where the text is too big for its text boxes. Abiword extracts the text and loses the images and most of the formatting. An online service at least produced a usable document.

Even a guy with millions won't buy Acrobat.

If drug dealers on Tor are smart enough to use GPG to encrypt communications and files, then it does sort of surprise me that these multi-millionaire mafia-type elitist with connections to Russian cybercriminal oligarchs, can't get basic security right.

You can't make this stuff up, but someone will certainly claim it is made up.

Too bad Manafort and Gates didn't have an account on my unlimited Cloud Platform. They could've created an account, uploaded the .pdf, converted it to .doc, edited it online, and then converted it back to .pdf without being tracked. The only evidence would have been user-specific log files showing which user changed which filenames and when, but all those content changes would have been lost provided they delete the originals.

Hindsight is always 20/20 I guess.

I'm sure they asked their "IT" staff to do the work for them. I wonder how they felt about doing these things

IT staff regularly have to lock people out of accounts/computers remotely after workers are fired or monitor everyone's internet access so they either get used to just doing what is told or don't work.

Thinking of launching a cyber-essentials course for aspiring white collar criminals. What are the easiest online training platforms.


Even my mother who actually couldn't find the "any" key to continue knows how to do this...

I don't think it was the conversion that was the issue, the gleeful schadenfreude of the article notwithstanding. Mueller is armed with subpoenas after all. This makes it easier for Mueller at best.

Maybe Gates had the conversion program installed and Manafort did not?

It is actually really difficult to convert a PDF to Word. Clearly the author has never tried.

well with adobe pro he would not have these problems.

OT: Does this have ANYTHING to do w/ Trump Russia Collusion?

Separate OT: Do we know any political party that colluded, in primaries? Or that received foreign $? Or used 'bots' to make it seem like they have support? Or that had it's operatives use state instruments to disrupt the opposing party?

Mueller's remit is to investigate any crimes related to the campaign and election. Trump/Russia collusion is just one of many including money laundering and obstruction of justice.

Manafort was campaign chairman and is alleged to have convinced Trump to change positions on Ukraine as a a result of outside funds. Hence investigating money laundering is directly relevant to Mueller's remit.

Where is what the internets say: according to WaPo ( http://archive.is/AUN7q ) Manafort was operating for 10 years - each of the 8 years of Obama.

Where can I find the source for: 'Manafort was campaign chairman and is alleged to have convinced Trump to change positions'.

Also, what is your feeling on amount and frequency Dems were actually paid directly by foreign govs?

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact