Noroboto: Lying Fonts and Mitigation in Rust

Wouldn't ligatures be a more effective attack vector for the "Maryland -> Delaware" case? That's all that ligatures do -- render a specific sequence of characters as something else.

At that point you can just paste a screenshot of your doc into word and celebrate.

Also, the mitigation can probably be fooled with ligatures since they are only verifying the letters alone as far as I skimmed.

I don’t even understand the threat model. Is my opponent in a court case going to use this on the PDF they give the court? Surely the judge will be pretty annoyed since you can’t even ctrl+f in the files then.

Someone could also just make a font file that swaps all of the characters around. So like an A looks like a Z, and a Z looks like an A.