Results 1 to 16 of 16

Thread: WaitList.dat file secretly stores written snippets and much more

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    27,491
    Thanks
    0
    Thanked
    1,698 times in 589 posts

    WaitList.dat file secretly stores written snippets and much more

    Windows 8/10 file might include scribbled down passwords, emails, and Office texts.
    Read more.

  2. #2
    Member
    Join Date
    Apr 2004
    Location
    Geneva, Switzerland
    Posts
    144
    Thanks
    0
    Thanked
    9 times in 5 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Well,
    I have a desktop, and this feature is turned on!

    But, couldn't found the file (even in the hidden files). Is this something Microsoft already addressed?
    The more you live, less you die. More you play, more you die. Isn't it great.

  3. #3
    Registered User
    Join Date
    Aug 2018
    Posts
    11
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Not to belittle the information but that has been known about for a very long time, am I being a little tin-foil hat when he is "Seeking job opportunities in Australia for Jan 2019"?

  4. #4
    Admin Saracen's Avatar
    Join Date
    Jul 2003
    Posts
    18,328
    Thanks
    997
    Thanked
    3,170 times in 2,253 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Well, my antipathy to W10 is no secret, and that antipathy started with W8, so I'll put that out there in the interests of full disclosure.

    What probably isn't so much of a '"no secret", as in harder to remember, is why my suspicion and antipathy started with W10, which centred around a series of MS 'decisions', and corporate announcements, all of which in my opinion spoke volumes about MS's full-blown centrism on what was right for them, and a complete disregard for the best interests of users, and this speaks volumes, whether old news or not.

    Who in their right mind, and I mean what complete and utter moron of a developer/team, thought that in any universe, it was a good idea to indulge in this kind of 'secret' data capture without, at an absolute minimum, a very clear, plainly worded and explicit warning to users whenever anything was done that activates this.

    I mean, the vast majority of users aren't security experts and most are barely computer-literate, and this presents an enormous, whopping-great security risk, which is pnly conceivably excusable if MS clearly warned users.

    The fact that this file is required to somehow train and improve handwriting capture is no excuse for such a potentially dsnaging security risk, and such a pathetic reason for potentially exposing millions of users in order to help their feature improve tells me all I need to know about how much consideration MS give to their users.


    Each time I mention my very considerable scepticism about putting our entire lives on electronic devices, I get called, jn various manners usually involving tinfoil and headwear, paranoid. Is it really paranoia if you are being followed tracked, digitised and databased?

    I've pointed out before thatcI have a whole network of machines that are not net-connected. Instead, they're air-gapped. Why? Because I don't know enough, or have enough time, to ensure stuff I put on a machince cannot be compromised. But if it is completely air-gapped, it does at least restrict any hacker to requiring physical access. And if, as in my case, data is at least thorougjly encrupted (as mine is) and in the case of very sensitive dwta, stored or removablw media that are only inserted when I need them, and otherwise securely locked away, it is reasonably secure even against someone with physical access.

    As time goes on, all I see is greater and greater risk of data being compromised, if not on your machine then on systems of someone you've given it to be it bank, phone provider, online shop or even HMRC.

    So, when I recently recently had a request from a solicitor to email some information they needed, including name, address, DOB, etc, and proof of ID including copies of driving licence, birth cert, passport, and utility bills I laughed at the notion of emailing such copies. Hell, no. I'll bring 'em in and they can examine whatever they need, but they're not, under sny circumstances, getting what amounts to an identity thief's wet dream of a theft starter kit by email.

    Maybe I am paranoid, but if I'm not extremely careful, it's 100% certain nobody else is going to do it for me.

    Which is why, whstever their supposed excuse, MS sneaking around behind user's backs doing this kind of thing is utterly inexcusable and a gross breach of trust.

    And you lot wonder why I'm not trusting?
    Noli nothis permittere te terere.


  5. #5
    “High End” Admin peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,540
    Thanks
    2,563
    Thanked
    3,117 times in 2,484 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: WaitList.dat file secretly stores written snippets and much more

    This sort of covert data gathering isn’t new. Index.dat files gathe web browsing behaviour (and other things) and those files can be very persistent. And the have been around since Windows 95.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  6. #6
    Senior Member
    Join Date
    Aug 2006
    Posts
    1,197
    Thanks
    7
    Thanked
    62 times in 54 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Unless it's not on windows 10 pro I don't see the file either and I have written input enabled (for when I have my graphics tablet in), the thing is that when it's enabled the VERY first thing I do (actually think it's during install) is disable the bits which send data back to Microsoft (not that I really think they'd do anything nefarious with it but I see no reason for it) which supposedly help 'improve' the way it works etc.

  7. #7
    Senior Member
    Join Date
    May 2014
    Posts
    801
    Thanks
    47
    Thanked
    103 times in 67 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    It's literally called Text Harvester, that's fantastic! Someone in the Microsoft dev department went "how can we call a keylogger without actually calling it a keylogger?"..."How about text Harvester?" *cookies all round*.

  8. #8
    Senior Member
    Join Date
    May 2009
    Location
    Where you are not
    Posts
    411
    Thanks
    143
    Thanked
    35 times in 28 posts
    • Iota's system
      • Motherboard:
      • GA-P67A-UD5-B3
      • CPU:
      • Intel Core i7 2600K
      • Memory:
      • 2 x BL2KIT25664FN2139
      • Storage:
      • 4 x CTFDDAC064MAG-1G1 (Raid 0)
      • Graphics card(s):
      • ASUS Radeon R9 290 DC-2
      • PSU:
      • Corsair Professional Series Gold AX750
      • Case:
      • Lian Li PC-X500B
      • Operating System:
      • Windows 10 Pro 64-bit
      • Monitor(s):
      • 2x Samsung 22" widescreen P2270 2ms DVI HD LCD TFT Ecofit
      • Internet:
      • 40Mbps SKY Fibre

    Re: WaitList.dat file secretly stores written snippets and much more

    May as well have called it "Keylogger" and be done with it.

  9. #9
    Senior Member spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    838
    Thanks
    56
    Thanked
    164 times in 122 posts
    • spacein_vader's system
      • Motherboard:
      • Asus B85M-G
      • CPU:
      • i5 4460 3.2GHz
      • Memory:
      • 4x4GB Crucial DDR3 1600
      • Storage:
      • 128GB SSD, 256GB SSD
      • Graphics card(s):
      • Asus RX-480 Dual OC 4GB
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Antec Mini P180
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Origin Fibre Max

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by Tabbykatze View Post
    It's literally called Text Harvester, that's fantastic! Someone in the Microsoft dev department went "how can we call a keylogger without actually calling it a keylogger?"..."How about text Harvester?" *cookies all round*.
    A keylogger logs all keystrokes. A text harvester only records ones that result in text (so no Alt, ctrl etc.)

  10. #10
    Admin Saracen's Avatar
    Join Date
    Jul 2003
    Posts
    18,328
    Thanks
    997
    Thanked
    3,170 times in 2,253 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by peterb View Post
    This sort of covert data gathering isn’t new. Index.dat files gathe web browsing behaviour (and other things) and those files can be very persistent. And the have been around since Windows 95.
    Generic snooping, yes. But I'd say there's a marked qualitative difference between browsing behaviour, and whole blocks of potentially private text data. If index.dat is a baby's stumbling first steps, this sounds more like a cross between an Olympic marathoner and Usain Bolt's speed.
    Noli nothis permittere te terere.


  11. #11
    Admin Saracen's Avatar
    Join Date
    Jul 2003
    Posts
    18,328
    Thanks
    997
    Thanked
    3,170 times in 2,253 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by LSG501 View Post
    Unless it's not on windows 10 pro I don't see the file either and I have written input enabled (for when I have my graphics tablet in), the thing is that when it's enabled the VERY first thing I do (actually think it's during install) is disable the bits which send data back to Microsoft (not that I really think they'd do anything nefarious with it but I see no reason for it) which supposedly help 'improve' the way it works etc.
    But would disabling telemetry help?

    Unless I misread this, it isn't necessarily being "phoned home", but merely recorded locally, without the user's knowledge. The risk is that anyone snooping, either locally or via remote access, could access data that should not have been surreptioudly (and aithout any security) recorded in the first place.
    Noli nothis permittere te terere.


  12. #12
    Chillie in here j.o.s.h.1408's Avatar
    Join Date
    Dec 2005
    Location
    a place called home
    Posts
    8,482
    Thanks
    747
    Thanked
    251 times in 189 posts
    • j.o.s.h.1408's system
      • Motherboard:
      • ASUS P6T Delux
      • CPU:
      • Intel core i7 920 @ 3ghz
      • Memory:
      • 3GB DDR RAM
      • Storage:
      • 1TB Samsung F1, 500GB Seagate baracuda + 320gb Seagate PATA +150GB WD PATA
      • Graphics card(s):
      • EVGA 480GTX SC edition
      • PSU:
      • Seasonic M12 600W Module PSU FTW
      • Case:
      • Lian Li PC-A7010B (the rolls royce of pc cases)
      • Operating System:
      • vista ultimate edition and windows xp
      • Monitor(s):
      • 22inch 2005FPW dell monitor
      • Internet:
      • 24mb BE There Broadband

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by Saracen View Post
    Well, my antipathy to W10 is no secret, and that antipathy started with W8, so I'll put that out there in the interests of full disclosure.

    What probably isn't so much of a '"no secret", as in harder to remember, is why my suspicion and antipathy started with W10, which centred around a series of MS 'decisions', and corporate announcements, all of which in my opinion spoke volumes about MS's full-blown centrism on what was right for them, and a complete disregard for the best interests of users, and this speaks volumes, whether old news or not.

    Who in their right mind, and I mean what complete and utter moron of a developer/team, thought that in any universe, it was a good idea to indulge in this kind of 'secret' data capture without, at an absolute minimum, a very clear, plainly worded and explicit warning to users whenever anything was done that activates this.

    I mean, the vast majority of users aren't security experts and most are barely computer-literate, and this presents an enormous, whopping-great security risk, which is pnly conceivably excusable if MS clearly warned users.

    The fact that this file is required to somehow train and improve handwriting capture is no excuse for such a potentially dsnaging security risk, and such a pathetic reason for potentially exposing millions of users in order to help their feature improve tells me all I need to know about how much consideration MS give to their users.


    Each time I mention my very considerable scepticism about putting our entire lives on electronic devices, I get called, jn various manners usually involving tinfoil and headwear, paranoid. Is it really paranoia if you are being followed tracked, digitised and databased?

    I've pointed out before thatcI have a whole network of machines that are not net-connected. Instead, they're air-gapped. Why? Because I don't know enough, or have enough time, to ensure stuff I put on a machince cannot be compromised. But if it is completely air-gapped, it does at least restrict any hacker to requiring physical access. And if, as in my case, data is at least thorougjly encrupted (as mine is) and in the case of very sensitive dwta, stored or removablw media that are only inserted when I need them, and otherwise securely locked away, it is reasonably secure even against someone with physical access.

    As time goes on, all I see is greater and greater risk of data being compromised, if not on your machine then on systems of someone you've given it to be it bank, phone provider, online shop or even HMRC.

    So, when I recently recently had a request from a solicitor to email some information they needed, including name, address, DOB, etc, and proof of ID including copies of driving licence, birth cert, passport, and utility bills I laughed at the notion of emailing such copies. Hell, no. I'll bring 'em in and they can examine whatever they need, but they're not, under sny circumstances, getting what amounts to an identity thief's wet dream of a theft starter kit by email.

    Maybe I am paranoid, but if I'm not extremely careful, it's 100% certain nobody else is going to do it for me.

    Which is why, whstever their supposed excuse, MS sneaking around behind user's backs doing this kind of thing is utterly inexcusable and a gross breach of trust.

    And you lot wonder why I'm not trusting?
    I love windows 10. it runs very well so far. Its just the force updates that are a bit of a pain

  13. #13
    Senior Member
    Join Date
    May 2014
    Posts
    801
    Thanks
    47
    Thanked
    103 times in 67 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by spacein_vader View Post
    A keylogger logs all keystrokes. A text harvester only records ones that result in text (so no Alt, ctrl etc.)
    I feel like that is a liberal application of semantics. Sure it doesn't capture all keys but it is still serving the same purpose. With a security hat, this is a keylogger, plain and simple and what is even worse is the contents aren't even encrypted or hashed, it's plaintext.
    Last edited by Tabbykatze; 25-09-2018 at 08:20 AM.

  14. #14
    Senior Member spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    838
    Thanks
    56
    Thanked
    164 times in 122 posts
    • spacein_vader's system
      • Motherboard:
      • Asus B85M-G
      • CPU:
      • i5 4460 3.2GHz
      • Memory:
      • 4x4GB Crucial DDR3 1600
      • Storage:
      • 128GB SSD, 256GB SSD
      • Graphics card(s):
      • Asus RX-480 Dual OC 4GB
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Antec Mini P180
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Origin Fibre Max

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by Tabbykatze View Post
    I feel like that is a liberal application of semantics. Sure it doesn't capture all keys but it is still serving the same purpose. With a security hat, this is a keylogger, plain and simple and what is even worse is the contents aren't even encrypted or hashed, it's plaintext.
    I wasn't offering a defense, just clarifying the difference. It's still a spectacularly bad idea.

  15. #15
    “High End” Admin peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,540
    Thanks
    2,563
    Thanked
    3,117 times in 2,484 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by j.o.s.h.1408 View Post
    I love windows 10. it runs very well so far. Its just the force updates that are a bit of a pain
    Well that’s easy to stop - just disconnect it from the internet and that has the advantage of minimising all the potential security/privacy risks as well.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  16. #16
    Chillie in here j.o.s.h.1408's Avatar
    Join Date
    Dec 2005
    Location
    a place called home
    Posts
    8,482
    Thanks
    747
    Thanked
    251 times in 189 posts
    • j.o.s.h.1408's system
      • Motherboard:
      • ASUS P6T Delux
      • CPU:
      • Intel core i7 920 @ 3ghz
      • Memory:
      • 3GB DDR RAM
      • Storage:
      • 1TB Samsung F1, 500GB Seagate baracuda + 320gb Seagate PATA +150GB WD PATA
      • Graphics card(s):
      • EVGA 480GTX SC edition
      • PSU:
      • Seasonic M12 600W Module PSU FTW
      • Case:
      • Lian Li PC-A7010B (the rolls royce of pc cases)
      • Operating System:
      • vista ultimate edition and windows xp
      • Monitor(s):
      • 22inch 2005FPW dell monitor
      • Internet:
      • 24mb BE There Broadband

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by peterb View Post
    well that’s easy to stop - just disconnect it from the internet and that has the advantage of minimising all the potential security/privacy risks as well.
    lol joker

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •