Windows is recording every keystroke on devices with handwriting recognition enabled

mongeese

mongeese

Posts: 643   +123
Staff
Facepalm: From the moment you first handwrote or enabled handwriting recognition on your PC, your WaitList.dat file began compiling every text file the PC received. In my own file on my Windows tablet, I found documents I’ve written, PDFs I’ve downloaded, and emails sent to me.

The purpose of the file is to record what you write so that future text can be predicted, allowing Windows to better determine what you’re trying to handwrite. Many phone keyboards work in a similar fashion, but it would have been nice to know that the file existed – it dates to at least Windows 8, if not Windows 7. The file’s lack of protection is an issue, however, as it can be copied in under a second and will likely contain sensitive information or passwords on many people's computers.

It was first noticed and experimented upon by Digital Forensics and Incident Response expert Barnaby Skeggs, who found that “text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature.”

"On my PC, and in my many test cases, WaitList.dat contained a text extract of every document or email file on the system, even if the source file had since been deleted," Skeggs revealed in an interview with ZDnet.com. "If the source file is deleted, the index remains in WaitList.dat, preserving a text index of the file."

Your own file can be found at: C:\Users\%user%\AppData\Local\Microsoft\InputPersonalization\TextHarvester

It can be opened using Microsoft Word, but it will be a largely nonsensical mess – mine was over 8000 pages, many of which were filled with seemingly random symbols and lines of JavaScript. Fortunately, Skeggs created a free program that can make sense of the file and isolate each entry into a separate document.

If you’re concerned about your data, then all you need to do is delete the WaitList.dat file and disable handwriting recognition. At this time, there is no evidence that the data is being uploaded to Microsoft, or that there is any malware that takes advantage of it. In future, it would be nice to see Microsoft release an update that stored the file a little more securely.

Permalink to story.

https://www.techspot.com/news/76575-windows-recording-every-keystroke-devices-handwriting-recognition-enabled.html

 
Interesting find there my friend.

C:\Users\%user%\AppData\Local\Microsoft\InputPersonalization\TextHarvester

No such file found on my system.

Is this more for those on Windows 7 though?
 
  • Like
Reactions: jtveg and j05hh
Good morning to everyone that were asleep for the last few years. This is well known and many people warned about this and the paid Micro$oft posters burred and downvoted those comments to death.
Moreover the "news" that these things work only when enabled is also wrong. All spyware features of windows 10 work regardless if the UI shiny button is in on or off position. It always sends data, it just does it maybe less obvious when in off position...
 
  • Like
Reactions: Sum Guy, ShagnWagn, Knot Schure and 1 other person
I found the file on my win 8.1 pro touch screen pc... I open the file using wordpad and found no traces of emails or documents...
 
  • Like
Reactions: Teko03
I see I have every system here not calling home... I mean the maker Microsoft.. I know what is trying to call out. Windows 10 you can opt out of of contacting Microsoft as well. Beyond what MS gives you the choice one of many.
 
netman said:
I found the file on my win 8.1 pro touch screen pc... I open the file using wordpad and found no traces of emails or documents...
Click to expand...

Looks like someone didn't read the article too closely.

DaveBG said:
Good morning to everyone that were asleep for the last few years. This is well known and many people warned about this and the paid Micro$oft posters burred and downvoted those comments to death.
Moreover the "news" that these things work only when enabled is also wrong. All spyware features of windows 10 work regardless if the UI shiny button is in on or off position. It always sends data, it just does it maybe less obvious when in off position...
Click to expand...

That's why we have third party utilities that actually can block the spying. Unfortunately Microsoft tries to thwart them with every bi-annual update. The real question people need to ask themselves is why their even USING Windows 8.1/10. Anything of worth you can do on Windows was available in Windows 7 more easily, usually faster and with far less embedded spying.
 
  • Like
Reactions: ShagnWagn, BSim500 and Knot Schure
Windows 10 is adding a hidden G.U.I.D. to every thumb drive you format, logging keystrokes even when you are offline, backdooring bitlocker volumes with a 32 digit key identifier, backdooring your online activities with "Host Process for Windows Services" and many other illegal malware "Features"

Hey Microsoft....
Even if you get rid of the malware, I cannot LEGALLY enter into a Licensing Agreement unless you can prove the sourcecode actually belongs to YOU!

SHOW ME THE SOURCECODE or F%#K U

I do not pay for my own enslavement!

Who here thinks Blackmail and Extortionware Licensing agreements are Legal for Microsoft but Nobody else?

Edward Snowden had it right the first time....
It does you no good to send messages using "secure" encryption when the Operating System is backdoored to watch you type the message you are about to encrypt
 
  • Like
Reactions: DaveBG
Right side bob said:
Bullwinkle M said:
Windows 10 is adding a hidden G.U.I.D. to every thumb drive you format, logging keystrokes even when you are offline, backdooring bitlocker volumes with a 32 digit key identifier, backdooring your online activities with "Host Process for Windows Services" and many other illegal malware "Features"

Hey Microsoft....
Even if you get rid of the malware, I cannot LEGALLY enter into a Licensing Agreement unless you can prove the sourcecode actually belongs to YOU!

SHOW ME THE SOURCECODE or F%#K U

I do not pay for my own enslavement!

Who here thinks Blackmail and Extortionware Licensing agreements are Legal for Microsoft but Nobody else?

Edward Snowden had it right the first time....
It does you no good to send messages using "secure" encryption when the Operating System is backdoored to watch you type the message you are about to encrypt
Click to expand...
I don't want to sound *** but any proof? That would be nice, and maybe how to stop it....
Click to expand...

Proof?
Sure, just read the E.U.L.A.
Microsoft says they can do EVERYTHING that a spyware platform can do but without using the words "Spyware Platform" and then they claim they are not liable for anything they do to you as they extort your data and blackmail you into agreeing to their terms just to use "YOUR" computer

Just format a thumb drive in Windows 10 and look for the hidden G.U.I.D.

We should all know by now that a G.U.I.D. identifying just the thumb drive alone would be pointless as you can already identify it by it's serial number and other non removable meta data contained on every thumb drive using free portable apps

No, a secret hidden G.U.I.D. put on every thumb drive by Microsoft would identify something else, like the exact machine it was formatted on and who the Operating System is registered to
That way, they could not only open any bitlocker volume on the thumb drive, but also prove it was YOU who created the volume

Speaking of Proof, shouldn't we be demanding that Microsoft prove their wild claims that Windows 10 is the most secure and/or the best version of Windows EVER?

If I am the only one who must prove my claims without the source code, I think it's only fair to demand Microsoft prove "THEIR" claims "WITH" the source code, don't you?

How to stop it?
The only way to access the Internet is by allowing "Host Process for Windows Services" through your firewall but doing so allows Microsoft to do whatever they want on your computer

Try this....
Block EVERYTHING in your firewall except your browser and "Host Process for Windows Services"
(Glasswire Firewall makes it easy to do)
You can see that Windows is still being updated with only that one service allowed and that blocking that service will completely disconnect you from the Internet

So no, you cannot stop Microsoft from accessing your computer if you want to use the Internet on a "Modern" Windows machine
 
The simple fix is to use O&O Shut up 10 and turn that **** off it takes all of 30 seconds and as MS tend to reinstate everything you turned off with just about every improvement update the take 30 secs and rerun O&O Shut up 10
 
Running that python script produced 9100 records. I mean, I opened about twenty of them and they're full of extremely tedious stuff that have nothing to do with anything I've typed in. EA licensing or EULA guff in various languages is the most common thing I saw. There was nothing interesting.
 
Bullwinkle M said:
Right side bob said:
Bullwinkle M said:
Windows 10 is adding a hidden G.U.I.D. to every thumb drive you format, logging keystrokes even when you are offline, backdooring bitlocker volumes with a 32 digit key identifier, backdooring your online activities with "Host Process for Windows Services" and many other illegal malware "Features"

Hey Microsoft....
Even if you get rid of the malware, I cannot LEGALLY enter into a Licensing Agreement unless you can prove the sourcecode actually belongs to YOU!

SHOW ME THE SOURCECODE or F%#K U

I do not pay for my own enslavement!

Who here thinks Blackmail and Extortionware Licensing agreements are Legal for Microsoft but Nobody else?

Edward Snowden had it right the first time....
It does you no good to send messages using "secure" encryption when the Operating System is backdoored to watch you type the message you are about to encrypt
Click to expand...
I don't want to sound *** but any proof? That would be nice, and maybe how to stop it....
Click to expand...

Proof?
Sure, just read the E.U.L.A.
Microsoft says they can do EVERYTHING that a spyware platform can do but without using the words "Spyware Platform" and then they claim they are not liable for anything they do to you as they extort your data and blackmail you into agreeing to their terms just to use "YOUR" computer

Just format a thumb drive in Windows 10 and look for the hidden G.U.I.D.

We should all know by now that a G.U.I.D. identifying just the thumb drive alone would be pointless as you can already identify it by it's serial number and other non removable meta data contained on every thumb drive using free portable apps

No, a secret hidden G.U.I.D. put on every thumb drive by Microsoft would identify something else, like the exact machine it was formatted on and who the Operating System is registered to
That way, they could not only open any bitlocker volume on the thumb drive, but also prove it was YOU who created the volume

Speaking of Proof, shouldn't we be demanding that Microsoft prove their wild claims that Windows 10 is the most secure and/or the best version of Windows EVER?

If I am the only one who must prove my claims without the source code, I think it's only fair to demand Microsoft prove "THEIR" claims "WITH" the source code, don't you?

How to stop it?
The only way to access the Internet is by allowing "Host Process for Windows Services" through your firewall but doing so allows Microsoft to do whatever they want on your computer

Try this....
Block EVERYTHING in your firewall except your browser and "Host Process for Windows Services"
(Glasswire Firewall makes it easy to do)
You can see that Windows is still being updated with only that one service allowed and that blocking that service will completely disconnect you from the Internet

So no, you cannot stop Microsoft from accessing your computer if you want to use the Internet on a "Modern" Windows machine
Click to expand...

I have a tinfoil hat to sell you. It's even open source.
 
  • Like
Reactions: mongeese
psycros said:
netman said:
I found the file on my win 8.1 pro touch screen pc... I open the file using wordpad and found no traces of emails or documents...
Click to expand...

Looks like someone didn't read the article too closely.

DaveBG said:
Good morning to everyone that were asleep for the last few years. This is well known and many people warned about this and the paid Micro$oft posters burred and downvoted those comments to death.
Moreover the "news" that these things work only when enabled is also wrong. All spyware features of windows 10 work regardless if the UI shiny button is in on or off position. It always sends data, it just does it maybe less obvious when in off position...
Click to expand...

That's why we have third party utilities that actually can block the spying. Unfortunately Microsoft tries to thwart them with every bi-annual update. The real question people need to ask themselves is why their even USING Windows 8.1/10. Anything of worth you can do on Windows was available in Windows 7 more easily, usually faster and with far less embedded spying.
Click to expand...
What utilities are you thinking of? I'd be interested.
 
Polycount said:
What utilities are you thinking of? I'd be interested.
Click to expand...
External firewall would work best. Windows spying is behaving like rootkit - its almost impossible to detect it even with specialized software within the OS itself. The OS will lie to any software asking to check the traffic.
 
DaveBG said:
Good morning to everyone that were asleep for the last few years. This is well known and many people warned about this and the paid Micro$oft posters burred and downvoted those comments to death.
Moreover the "news" that these things work only when enabled is also wrong. All spyware features of windows 10 work regardless if the UI shiny button is in on or off position. It always sends data, it just does it maybe less obvious when in off position...
Click to expand...

Seems this situation has been around for a while as the program by Skeggs, wlrip.py, has a 0.2 version that is 2 years old per GitHub.
 
Good I dont have a TextHarvester folder. Microsoft gave you privacy options in the windows 10 install. If you unticked the option that sends keystokes to Microsoft your keystrokes will not be recorded in such folder
 
Polycount said:
psycros said:
netman said:
I found the file on my win 8.1 pro touch screen pc... I open the file using wordpad and found no traces of emails or documents...
Click to expand...

Looks like someone didn't read the article too closely.

DaveBG said:
Good morning to everyone that were asleep for the last few years. This is well known and many people warned about this and the paid Micro$oft posters burred and downvoted those comments to death.
Moreover the "news" that these things work only when enabled is also wrong. All spyware features of windows 10 work regardless if the UI shiny button is in on or off position. It always sends data, it just does it maybe less obvious when in off position...
Click to expand...

That's why we have third party utilities that actually can block the spying. Unfortunately Microsoft tries to thwart them with every bi-annual update. The real question people need to ask themselves is why their even USING Windows 8.1/10. Anything of worth you can do on Windows was available in Windows 7 more easily, usually faster and with far less embedded spying.
Click to expand...
What utilities are you thinking of? I'd be interested.
Click to expand...

O&O Shut Up 10 for starters gpedit for seconds
 
tipstir said:
Interesting find there my friend.

C:\Users\%user%\AppData\Local\Microsoft\InputPersonalization\TextHarvester

No such file found on my system.

Is this more for those on Windows 7 though?
Click to expand...

Fortunately It wasn't on mine either, although I haven't enabled handwriting.
 
[CENTER]C:\Users\%user%\AppData\Local\Microsoft\InputPersonalization\TextHarvester[/CENTER]

[LEFT]Imagine how easy it is to simply copy this file onto a USB memory stick and then simply search through it for "@" symbols (emails) followed by the "passwords" to those email addresses. It wouldn't be very hard to do at all. [/LEFT]
[CENTER]:scream: :bomb: (n) (N):mad:[/CENTER]
 
You must log in or register to reply here.

Similar threads

midian182
FTC accuses Jeff Bezos and Amazon CEO Jassy of using auto-deleting messages to obstruct antitrust case
Replies
8
Views
78
pmshah
P
midian182
Samsung unveils the All-in-One Pro: A sleek alternative to the iMac with a 27-inch 4K display
Replies
10
Views
219
Bobbydpue
Bobbydpue
midian182
  • Locked
Russian authorities used facial recognition tech to identify and arrest Navalny funeral...
Replies
23
Views
389
scavengerspc
scavengerspc

Latest posts

Back