Pagesigner not working: What to do at the next dispute?

Hi,
For one of my last trades, arbitration was needed. The arbitrator asked me to make a print screen using pagesigner.
However, pagesigner did not work and with several tries I probably had all the errors that pagesigner can generate:
-“Server sent alert 2,70” error.
-“ERR_BLOCKED_BY_CLIENT” error.
-“Pagesigner is not compatible with this website because the website does not use RSA ciphersuites”

I would like to resolve this problem, just in case a trade goes into dispute/arbitration again and I need to confirm that I send or (not)received fiat.

Is this a known problem with pagesigner? how can I fix it?
Any help would be very much appreciated.

kind regards,

WT

There are mixed feelings about PageSigner as these threads reveal:


Use Veruv instead of PageSigner.

thanks ZeroTax, i’ll look into that

Hello ZeroTax,

I have had a multitude of problems with using Pagesigner (as described in the first linked thread above) and its lack of development or support.

This Veruv looks interesting…but the big question is - how secure is it? It seems as though you have to login to your bank account using their ‘sandboxed’ browser. Hopefully someone can explain/show that we can have confidence in doing this.

{Edit - It looks like it might work similarly to Pagesigner as an browser addon. Haven’t had time to test this out yet though].

https://veruv.com/about/security

Sure, I read that but a statement that they are good people with good intentions doesn’t mean there is proof of security.

“Our users entrust us in handling their sensitive information which is why security is our top priority in all aspects of our service to maintain trust with our users.”

"The embedded browser you see on our website used for capturing snapshots is our highest security concern. We ensure the browser is safe and secure to use as if you were browsing on your own computer with your own browser at home.

In summary, the embedded secure browser runs inside a hardened network-isolated one-time-use Docker container running Chrome with sandboxing enabled with only Selenium as input and a Squid proxy server as output."

As far as I can see from this webpage, we are trusting them that that is true.

So without trusting them, what dangers would be considerable?

  1. Get a copy of your login-credentials?

You are safe with certificate based authentication at login.

  1. “Hijack” your login-session?

No severe harm can be made with certificate based signing of risky operations like moving of funds.

  1. Observe your personal data?

Possible.

I read somewhere that Pagesigner only works with TLS v1.0/v1.1 and doesn’t support the TLS v1.2+ protocol that most (if not all) web banking is using nowadays.

Besides that, Pagesigner looks dead, even the firefox extension is not in the mozilla addons site anymore.

Veruv works, but still, is it acceptable as an option for arbitration reasons? This needs to be addressed somehow cause the last thing someone wants is to contact their bank for digital signed documents and raise suspicions.

2 Likes

The bank would not normally issue a digitally signed bank statement even if one asks for it. I suppose screensharing is the default choise for the majority by now…