Windows File May Be Secretly Hoarding Your Passwords and Emails

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,003
Stylus or touchscreen-capable Windows PC owners who use handwriting gestures should know that all text files on their machines are likely being harvested in an unencrypted file called “WaitList.dat.” While worrisome, this is technically not a vulnerability, as the OS intentionally does this to improve handwriting recognition. "Once it is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat.”

"On my PC, and in my many test cases, WaitList.dat contained a text extract of every document or email file on the system, even if the source file had since been deleted," the researcher added. Furthermore, Skeggs says WaitList.dat can be used to recover text from deleted documents. "If the source file is deleted, the index remains in WaitList.dat, preserving a text index of the file," he says. This provides crucial forensic evidence for analysts like Skeggs that a file and its content had once existed on a PC.
 

MMitch

Gawd
Joined
Nov 29, 2016
Messages
807
Disclaimer: I didn't read the article.

If you use a desktop windows 10 without any gesture or whatever, does it still records it ? (KBM)
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,831
From TFA: "Skeggs has not contacted Microsoft about his findings, as he, himself, recognized that this was a part of an intended functionality in the Windows OS, and not a vulnerability." Wow! How is the presence of a file that stores all text from files in clear text format NOT a security problem, even if it is working as intended?

Disclaimer: I didn't read the article.

If you use a desktop windows 10 without any gesture or whatever, does it still records it ? (KBM)
according to TFA, if you ever activated/played with touch screen input, this file thereafter stores ALL text from any file indexed by the OS File Index system regardless of how the text enters the system. This includes indexed emails. It didn't say if this file crosses user profiles. Will be even worse if User A uses the touch feature,even once, and this file starts keeping every user's file info.

Guessing malware writers will start attempting to load scripts to send this static named file back to spy central.
 
Joined
Mar 18, 2013
Messages
3,587
My thought exactly! I've disabled (or not enabled) handwriting recognition/gestures, but I just checked each of my tree Windows 10 Pro at home for the absence of the WaitList.dat, just in case I f*cked up.
I keep looking at password managers but I'm so paranoid now I've paralysed my own ability to pull the damned trigger and get it.
 

Bigshrimp

Limp Gawd
Joined
Oct 7, 2009
Messages
297
It is pretty scary to use a 3rd party anything to become a password storage device. It will probably get hacked on the cloud somehow, lol.
 

ManofGod

[H]F Junkie
Joined
Oct 4, 2007
Messages
12,008
Yeah, my bad.
Nice thread sig you got going there, to bad you have not a clue what you really mean. LOL, paid by MS! Good luck with that line of reasoning but hey, I guess if you do not believe in conspiracy theories, you must be paid by MS. So, anyone here actually have that file and physically open it? Seriously, can anyone here tell me it is actually happening to them? Serious question.

Also, I would think this file would become multi gigabytes in size if it does as it is proclaimed to do.
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
Nice thread sig you got going there, to bad you have not a clue what you really mean. LOL, paid by MS! Good luck with that line of reasoning but hey, I guess if you do not believe in conspiracy theories, you must be paid by MS.
It's pretty silly stuff. Random people on the internet making up a bunch of stuff with no proof and with no real alternatives. It's the same nonsense that's only helped to entrench Windows on the desktop over the years. If Windows is really that bad, people using it don't have a flip about made up nonsense, they want practical, real world alternatives that are better.
 

ManofGod

[H]F Junkie
Joined
Oct 4, 2007
Messages
12,008
It's pretty silly stuff. Random people on the internet making up a bunch of stuff with no proof and with no real alternatives. It's the same nonsense that's only helped to entrench Windows on the desktop over the years. If Windows is really that bad, people using it don't have a flip about made up nonsense, they want practical, real world alternatives that are better.
I know you use hand writing recognition, do you have that file and can you open it in notepad or wordpad?
 

DrLobotomy

Supreme [H]ardness
Joined
May 19, 2016
Messages
6,736
Well I have a triple boot system with Win 7, Win 8.1 & Win 10 and that file does not exist on any of them. However I do not have a touch screen and this is a desktop and not a laptop.

Just an FYI.
 

Zuul

Gawd
Joined
Jan 7, 2013
Messages
850
It's pretty silly stuff. Random people on the internet making up a bunch of stuff with no proof and with no real alternatives. It's the same nonsense that's only helped to entrench Windows on the desktop over the years. If Windows is really that bad, people using it don't have a flip about made up nonsense, they want practical, real world alternatives that are better.
lol
 

Hagrid

[H]F Junkie
Joined
Nov 23, 2006
Messages
8,961
It's pretty silly stuff. Random people on the internet making up a bunch of stuff with no proof and with no real alternatives. It's the same nonsense that's only helped to entrench Windows on the desktop over the years. If Windows is really that bad, people using it don't have a flip about made up nonsense, they want practical, real world alternatives that are better.
Most of us have to use it, not by choice if we want to play all the games. Can you prove that MS does not send/collect this info?
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
Can you prove that MS does not send/collect this info?
I have no more specific knowledge of what's going here than anyone else. It's clear that there is data collection in Windows 10, that was never denied by Microsoft. At this point the discussion of this subject has become insane. Virtually everything is collecting data and leveraging it for some purpose. Give people an alternative to Windows 10 otherwise it's just noise. If at some point there is evidence that the data collection in Windows 10 is causing problems for people, like ID theft or people getting arrested because Windows 10 is feeding info to government, etc, then I'll stop using it.
 

Hagrid

[H]F Junkie
Joined
Nov 23, 2006
Messages
8,961
I have no more specific knowledge of what's going here than anyone else. It's clear that there is data collection in Windows 10, that was never denied by Microsoft. At this point the discussion of this subject has become insane. Virtually everything is collecting data and leveraging it for some purpose. Give people an alternative to Windows 10 otherwise it's just noise. If at some point there is evidence that the data collection in Windows 10 is causing problems for people, like ID theft or people getting arrested because Windows 10 is feeding info to government, etc, then I'll stop using it.
There is identity theft all the time. No way to know if it's caused by MS or not. So really at a stand still.
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
There is identity theft all the time. No way to know if it's caused by MS or not. So really at a stand still.
Sure. Conventional Windows malware that's existed for decades that has zero to do with Windows 10 telemetry is a part of it. There there's all these Linux server based web sites that get hacked everyday where people steal info. Or Linux based Android phones.

Everyday there's story after story about how peoples' privacy has been invaded that has jack shit to do with Windows 10. Regardless of Windows 10 the average person can get fucked on privacy a million different ways. That's the truth and what find so silly about most of this.
 

Hagrid

[H]F Junkie
Joined
Nov 23, 2006
Messages
8,961
Sure. Conventional Windows malware that's existed for decades that has zero to do with Windows 10 telemetry is a part of it. There there's all these Linux server based web sites that get hacked everyday where people steal info. Or Linux based Android phones.

Everyday there's story after story about how peoples' privacy has been invaded that has jack shit to do with Windows 10. Regardless of Windows 10 the average person can get fucked on privacy a million different ways. That's the truth and what find so silly about most of this.
But if you can't rule it out, then what? I think it would be better if it just did not collect anything, IMO.
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
I think it would be better if it just did not collect anything, IMO.
Fair enough and I've never argued against easy ways to turn off data collection. But it's a lot more complex subject than many realize. Modern software systems are increasingly built on data driven processes. Wipe Windows 10 from the face of Earth right now and that doesn't change. Windows 10 is a symptom, not a cause. Data driven AI isn't going away as long as the demand for more and more tech at less and less cost drives markets.

Like any other tech, people wanted this and that and the other at less and less cost and that's what they got. However all tech have negative side affects. All of that convenience and capability at ever lower cost comes at a price. With all of the people I see constantly with their heads glued to their smartphones, the rebellion is a ways off.
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
I know you use hand writing recognition, do you have that file and can you open it in notepad or wordpad?
That file is there, it's not a secret and I think something like this was even in Windows 7, suggestions for handwriting recognition have been in Windows since 7.
 

haste.

[H]ard|Gawd
Joined
Nov 11, 2011
Messages
1,651
But if you can't rule it out, then what? I think it would be better if it just did not collect anything, IMO.
This twisted logic is scary. "If you cant rule it out". Then dont use your phone. You cant rule out that u aren't being recorded triggering keywords. Dont post to H. Cant rule out they aren't monetizing your forum posts. Dont drive your car. Cant rule out it's not tracking ur every movement.

The level of conspiracy and paranoia is getting out of control... I wish it wasnt being encouraged.
 

janis2018

n00b
Joined
Jan 17, 2018
Messages
43
Windows 10 touch screen keyboard is slow that it can write one Word in second on Intel cpu
 

Delicieuxz

[H]ard|Gawd
Joined
May 11, 2016
Messages
1,159

Uvaman2

2[H]4U
Joined
Jan 4, 2016
Messages
3,143
This function is obviously going way above any logical need to improve the recognition program.
 

Nukester

[H]ard|Gawd
Joined
Mar 21, 2016
Messages
1,428
We are all walking $. Even my Apple Watch tells apple where I am, when I sleep, what I do... I'm ok with it for now, but am starting to get that nagging feeling about all of this.
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,447
Heh heh. And then some of you have the audacity to claim MS doesn't spy on you. Every fucking letter ever typed stored in a file and sent to MS.
 

tetris42

Supreme [H]ardness
Joined
Apr 29, 2014
Messages
4,518
Nice thread sig you got going there, to bad you have not a clue what you really mean. LOL, paid by MS! Good luck with that line of reasoning but hey, I guess if you do not believe in conspiracy theories, you must be paid by MS.
I didn't come to that conclusion lightly. I've seen you troll people, gaslight me, and you have a very consistent pattern of trying to ridicule anyone who criticizes Microsoft. You're involved in every Microsoft-related thread, and I've never seen you acknowledge any flaw or drawback of the company on any level. Seriously, out of your almost 10k posts, do you have ONE where you have been critical of the company on anything? That's not normal behavior. Most people, even fans, understand companies have pros and cons. If you're not paid by them,you should be, because your behavior is so consistent with someone who is, it's indistinguishable from someone who is an actual shill.

Your entire posting history is founded on trolling anyone who is critical of Microsoft on pretty much anything, not just conspiracy theories. It's amazingly consistent. So if I'm wrong, all I can say is you're the most committed person to defending Microsoft I've ever encountered.
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
I didn't come to that conclusion lightly. I've seen you troll people, gaslight me, and you have a very consistent pattern of trying to ridicule anyone who criticizes Microsoft.
You're the one fabricating stuff about people being paid by Microsoft. You have no proof and certainly no facts on the subject. So this holier than thou nonsense is just that.
 

tetris42

Supreme [H]ardness
Joined
Apr 29, 2014
Messages
4,518
You're the one fabricating stuff about people being paid by Microsoft. You have no proof and certainly no facts on the subject. So this holier than thou nonsense is just that.
Where's your PROOF it's fabricated? I provided proof of the gaslighting. When I made a mistake in this thread earlier, I backpedaled and owned up to it. And for the record, I'm not saying Microsoft necessarily, it could be an intermediary company that Microsoft pays rather than any sort of direct payment. But you are correct, it's based on hundreds of cases of circumstantial evidence. That's all I have to work with.
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
Where's your PROOF it's fabricated?
Because you have no proof for something that's not true. This is an anonymous forum so people making up stuff, big deal.

Bottom line is that I've never told anyone to update to or use Windows 10. We're deploying it at work, it works well on my personal devices. If it doesn't for others then it doesn't. For my needs there isn't an alternative. Folks like you seem to a lot more worried about bashing folks than providing real world practical solutions.
 

tetris42

Supreme [H]ardness
Joined
Apr 29, 2014
Messages
4,518
Because you have no proof for something that's not true. This is an anonymous forum so people making up stuff, big deal.

Bottom line is that I've never told anyone to update to or use Windows 10. We're deploying it at work, it works well on my personal devices. If it doesn't for others then it doesn't. For my needs there isn't an alternative. Folks like you seem to a lot more worried about bashing folks than providing real world practical solutions.
I think your style is more concern-trolling and not advocating outright everyone use product X, since that's not as effective. Just how ManofGod's style is to not say everyone use Windows, but to attack anyone who raises a criticism of it. It's about influencing the conversation, not someone literally say "buy product X."

As for real world solutions, that's not at all true. My main problem with Windows 10 is the loss of user control changes to their system. I've looked at the problem long and hard and the only real world solution I've seen to the problems W10 introduces is to disable automatic updates, however even THAT varies on each build. Not a great solution, but it's literally the only one for the normal user and not a large business. It's not ideal, but hey, it IS a solution. So the ball's back in your court, since you're accusing me of not providing solutions, what would YOUR real world practical solution be to someone who needs to use Windows but doesn't want it modified without their permission, ever, and retain the ability to revert back or skip updates that cause problems? Windows 7 is dying slowly, and LTSB isn't accessible to the average Joe. I'd say YOU'RE the one without a solution to that problem.
 

RealBeast

Gawd
Joined
Aug 4, 2010
Messages
648
While I have no dog in this fight (still running all Windows 7 since I will not yet give up), this thread seems to have veered wildly off course. o_O
 
  • Like
Reactions: Void
like this

mufcfan

Limp Gawd
Joined
Feb 23, 2005
Messages
266
Heh heh. And then some of you have the audacity to claim MS doesn't spy on you. Every fucking letter ever typed stored in a file and sent to MS.
When did the sending part happen?
Also, let's not forget that you need to have touch enabled for that file to be created. Most people will never have to worry about that.
Even if someone is worried, the data comes from indexed locations. If you use handwriting, then turn off indexing for sensitive locations for now.

I foresee two scenarios:
With the capability to recognize handwriting in existence since Windows Vista, if I remember correctly, then this text file probably been part of the process for about 10 years. If nothing bad came from it since then, then I don't think that this will change for now.
The other scenario is that the file will get encrypted in a future patch.
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
I think your style is more concern-trolling and not advocating outright everyone use product X, since that's not as effective. Just how ManofGod's style is to not say everyone use Windows, but to attack anyone who raises a criticism of it. It's about influencing the conversation, not someone literally say "buy product X."
I'm offering my opinion and vantage point like anyone else. There's hundreds of millions of Windows 10 users out, that all of them are having the same experiences with it would be absurd. At any rate, who the hell really cares about what OS someone else uses? I certainly don't.

As for real world solutions, that's not at all true. My main problem with Windows 10 is the loss of user control changes to their system. I've looked at the problem long and hard and the only real world solution I've seen to the problems W10 introduces is to disable automatic updates, however even THAT varies on each build. Not a great solution, but it's literally the only one for the normal user and not a large business. It's not ideal, but hey, it IS a solution. So the ball's back in your court, since you're accusing me of not providing solutions, what would YOUR real world practical solution be to someone who needs to use Windows but doesn't want it modified without their permission, ever, and retain the ability to revert back or skip updates that cause problems? Windows 7 is dying slowly, and LTSB isn't accessible to the average Joe. I'd say YOU'RE the one without a solution to that problem.
I've never argued against Microsoft having more options for non-enterprise users for controlling Windows updates. That said, I think it's best that most people don't touch that stuff because they don't know what the hell they are doing;
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
With the capability to recognize handwriting in existence since Windows Vista, if I remember correctly, then this text file probably been part of the process for about 10 years.
Handwriting recognition became a mainstream feature in Windows with Windows XP Tablet PC Edition. The basics are very similar however the recognition engine is much more AI/data driven these days, it's kind of shocking how accurate the recognition is these days compared to 15 years ago.
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,447
When did the sending part happen?
The data is collected to improve gesture recognition - and that doesn't happen on the local machine obviously. Also, with with logic does the system need to record your every e-mail and text for gesture improvement? That's not just fishy, it's a barrel of month old rotten cod.
 

ManofGod

[H]F Junkie
Joined
Oct 4, 2007
Messages
12,008
The data is collected to improve gesture recognition - and that doesn't happen on the local machine obviously. Also, with with logic does the system need to record your every e-mail and text for gesture improvement? That's not just fishy, it's a barrel of month old rotten cod.
So, because someone claimed it on the internet, therefore, it is true? Hmmmm, lots of strange things out there that are true then, never one of guessed. :D :D :D Proof please, just saying. ;)
 
Top