Windows File May Be Secretly Hoarding Your Passwords and Emails

Discussion in 'HardForum Tech News' started by Megalith, Sep 22, 2018.

  1. Patton187

    Patton187 Gawd

    Messages:
    668
    Joined:
    Feb 12, 2012
    I am in that group. I think most would be best served to leave it be and at most rurn off the telemetry settings.
     
  2. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,959
    Joined:
    Nov 1, 2012
    Yeah and MS said they didn't collect your data either. Are you that naive?
     
  3. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,959
    Joined:
    Nov 1, 2012
    I haven't used Windows for years for anything critical just for this reason.
     
  4. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,440
    Joined:
    Jul 11, 2005
    Too bad search in Windows 10 sucks. It's way better in 7. Lol.
     
    Wrecked Em likes this.
  5. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    In the context of modern computing where virtually everything is collecting data, the idea that Windows 10 is some sort of unique security issue because of data collection is at best silly unless you're completely disconnected from all technology.
     
  6. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Really? The local search system in 10 is very much the same as 7.
     
  7. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,440
    Joined:
    Jul 11, 2005
    I work with Win 10 daily, and whenever I switch to 7 for X reason, search is always faster and more useful. My main work system is on NVMe storage, so that's not the bottleneck. It's the code. The matching of text criteria and speed is junk, especially considering all the "effort" put into it.

     
    Wrecked Em likes this.
  8. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    My work system is still on Windows 7 and all of personal systems are on Windows 10. I use search on both all of the time and I simply have no idea what you're talking about. Again, the local index service is very much the same.
     
  9. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    While the transparency has been slow in coming I think it's pretty good today. The local diagnostics viewer logs what is being sent to Microsoft and is viewable in plain text JSON. Microsoft explains in its enterprise deployment docs everything that gets transmitted, even things like the internet status indicator.
     
  10. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Diagnostic data from something as complex as Windows requires training to understand. There is documentation for this: https://docs.microsoft.com/en-us/wi...vel-windows-diagnostic-events-and-fields-1709
     
  11. Simmonz

    Simmonz 2[H]4U

    Messages:
    2,506
    Joined:
    May 14, 2008
    There are other options out there. Those not exploring them shouldn't get sympathy.
     
    mufcfan likes this.
  12. mufcfan

    mufcfan Limp Gawd

    Messages:
    245
    Joined:
    Feb 23, 2005
    You are mixing things together. The indexed data is useful because when the service or whatever deciphers your scribbling it can try to associate what you wrote and not 'recognize' it as something completely off.
    Also, indexing <> "recording your every e-mail and text". It is collecting metadata for faster search results, a method used by every OS and content provider.

    Except that since telemetry cannot be turned off, everyone knows that they collect data and MS never said that they don't collect data. A few weeks ago there was a news post about the list of servers the pre-installed services and apps can send data to.
    Sending diagnostic data was also possible way before the idea of Win10 even came about. The change to make it mandatory is obviously not welcome, I completely agree.
    Indexing has been around for decades, which is a form of data collection. It existed locally for decades and is used by every single online service which lets you store your own content. Some of them even shares the data (Google, Facebook, etc.).

    This is a tech forum. Stop inventing BS. It won't help the discussion and someone just might believe it.
     
  13. DocNo

    DocNo Gawd

    Messages:
    654
    Joined:
    Apr 23, 2012
    Ugh, the other day I noticed one of my users machines had the pen crap enabled and I noted it for something to figure out how to purge at a later time. I guess I need to prioritize that now. It will be interesting to see if the file is there and how big it is. What a cluster. The fact that it's the roach motel for all text - if it ever exists on the machine and remains even if the source file(s) are deleted... wow, just wow.

    To this who claim it's the same as the indexer, it's not. When source files are deleted the data related to them is purged out of the indexes. This thing grows forever.

    How incredibly stupid.
     
  14. raz-0

    raz-0 [H]ardness Supreme

    Messages:
    4,541
    Joined:
    Mar 9, 2003
    I have desktops with no touch input and a 2 in 1 notebook. Lets see.

    Article says the path is C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester\WaitList.dat

    Desktop - path doesn't even exist.

    notebook - deliberately turned on pen input and did some quick browsing by wirting URLs. Path also doesn't exist.

    checked appdata local, locallow, and roaming. Nada.

    OK, I looked up some other articles about this, and looking at them I did some more beating up on pen input.

    The path STILL isn't there, although a new file is under input personalization called textharvesterrestart.sav.

    SO time to reboot and see wht is what.
     
    Last edited: Sep 25, 2018
  15. mufcfan

    mufcfan Limp Gawd

    Messages:
    245
    Joined:
    Feb 23, 2005
    If it was meant for me: I don't say it is the same as indexing, but the article says that the source is indexed data.
    So, turning off indexing and deleting the file (if it even exists) and it shouldn't get created again.
     
  16. raz-0

    raz-0 [H]ardness Supreme

    Messages:
    4,541
    Joined:
    Mar 9, 2003

    So more update to this for posterity. I went through the whole damn training of my handwriting thing. I wrote out some word docs full of uncommon words saved local. I did some test one not pages in the cloud. I turned on pretty much everything in ink. Windows search services are running. I rebooted multiple times and repeated some of the doc creation and web browsing. I did some picture to math stuff.

    I basically sat here TRYING to get it to log something for over an hour, and got jack and shit. So either something was patched out between when the goober who is quoted in the article wrote his parsing tool in 2016 and today when a bunch of sites decided to stir the shit and create panic, or it was never as simple to get this stupid file to exist as suggested, or I do something else weird not obviously in the chain of ink behaving itself that prevents said file from existing.

    That being said, if it did exist, who the hell is using pen input to enter passwords and such. I did that once in tablet mode just to try it with something inconsequential. Nothing like automated typos in a password field.
     
  17. Armenius

    Armenius I Drive Myself to the [H]ospital

    Messages:
    18,663
    Joined:
    Jan 28, 2014
    Don't know about anyone else, but I never enter a password or anything else sensitive using the pen on my SP4 for this very reason because I always assumed there was no security filter. How is Windows supposed to know if the field you're writing in should be secure or not unless you explicitly tell it?
     
  18. DocNo

    DocNo Gawd

    Messages:
    654
    Joined:
    Apr 23, 2012
    It has zero to do with indexing. If the pen/tablet services are loaded, the file is there. I verified and it's on that one machine. I deleted it and it came back. So now off to follow up on some promising threads on spiceworks on using GPO to turn the crap off. Who knows what the user did to trigger it being loaded.
     
  19. mufcfan

    mufcfan Limp Gawd

    Messages:
    245
    Joined:
    Feb 23, 2005