Results 1 to 16 of 16

Thread: WaitList.dat file secretly stores written snippets and much more

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,073 times in 719 posts

    WaitList.dat file secretly stores written snippets and much more

    Windows 8/10 file might include scribbled down passwords, emails, and Office texts.
    Read more.

  2. #2
    Senior Member
    Join Date
    Apr 2004
    Location
    Geneva, Switzerland
    Posts
    374
    Thanks
    0
    Thanked
    26 times in 15 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Well,
    I have a desktop, and this feature is turned on!

    But, couldn't found the file (even in the hidden files). Is this something Microsoft already addressed?
    The more you live, less you die. More you play, more you die. Isn't it great.

  3. #3
    Registered User
    Join Date
    Aug 2018
    Posts
    12
    Thanks
    0
    Thanked
    1 time in 1 post

    Re: WaitList.dat file secretly stores written snippets and much more

    Not to belittle the information but that has been known about for a very long time, am I being a little tin-foil hat when he is "Seeking job opportunities in Australia for Jan 2019"?

  4. #4
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Well, my antipathy to W10 is no secret, and that antipathy started with W8, so I'll put that out there in the interests of full disclosure.

    What probably isn't so much of a '"no secret", as in harder to remember, is why my suspicion and antipathy started with W10, which centred around a series of MS 'decisions', and corporate announcements, all of which in my opinion spoke volumes about MS's full-blown centrism on what was right for them, and a complete disregard for the best interests of users, and this speaks volumes, whether old news or not.

    Who in their right mind, and I mean what complete and utter moron of a developer/team, thought that in any universe, it was a good idea to indulge in this kind of 'secret' data capture without, at an absolute minimum, a very clear, plainly worded and explicit warning to users whenever anything was done that activates this.

    I mean, the vast majority of users aren't security experts and most are barely computer-literate, and this presents an enormous, whopping-great security risk, which is pnly conceivably excusable if MS clearly warned users.

    The fact that this file is required to somehow train and improve handwriting capture is no excuse for such a potentially dsnaging security risk, and such a pathetic reason for potentially exposing millions of users in order to help their feature improve tells me all I need to know about how much consideration MS give to their users.


    Each time I mention my very considerable scepticism about putting our entire lives on electronic devices, I get called, jn various manners usually involving tinfoil and headwear, paranoid. Is it really paranoia if you are being followed tracked, digitised and databased?

    I've pointed out before thatcI have a whole network of machines that are not net-connected. Instead, they're air-gapped. Why? Because I don't know enough, or have enough time, to ensure stuff I put on a machince cannot be compromised. But if it is completely air-gapped, it does at least restrict any hacker to requiring physical access. And if, as in my case, data is at least thorougjly encrupted (as mine is) and in the case of very sensitive dwta, stored or removablw media that are only inserted when I need them, and otherwise securely locked away, it is reasonably secure even against someone with physical access.

    As time goes on, all I see is greater and greater risk of data being compromised, if not on your machine then on systems of someone you've given it to be it bank, phone provider, online shop or even HMRC.

    So, when I recently recently had a request from a solicitor to email some information they needed, including name, address, DOB, etc, and proof of ID including copies of driving licence, birth cert, passport, and utility bills I laughed at the notion of emailing such copies. Hell, no. I'll bring 'em in and they can examine whatever they need, but they're not, under sny circumstances, getting what amounts to an identity thief's wet dream of a theft starter kit by email.

    Maybe I am paranoid, but if I'm not extremely careful, it's 100% certain nobody else is going to do it for me.

    Which is why, whstever their supposed excuse, MS sneaking around behind user's backs doing this kind of thing is utterly inexcusable and a gross breach of trust.

    And you lot wonder why I'm not trusting?

  5. #5
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    This sort of covert data gathering isn’t new. Index.dat files gathe web browsing behaviour (and other things) and those files can be very persistent. And the have been around since Windows 95.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  6. #6
    Senior Member
    Join Date
    Aug 2006
    Posts
    2,207
    Thanks
    15
    Thanked
    114 times in 102 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Unless it's not on windows 10 pro I don't see the file either and I have written input enabled (for when I have my graphics tablet in), the thing is that when it's enabled the VERY first thing I do (actually think it's during install) is disable the bits which send data back to Microsoft (not that I really think they'd do anything nefarious with it but I see no reason for it) which supposedly help 'improve' the way it works etc.

  7. #7
    Senior Member
    Join Date
    May 2014
    Posts
    2,385
    Thanks
    181
    Thanked
    304 times in 221 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    It's literally called Text Harvester, that's fantastic! Someone in the Microsoft dev department went "how can we call a keylogger without actually calling it a keylogger?"..."How about text Harvester?" *cookies all round*.

  8. #8
    Senior Member
    Join Date
    May 2009
    Location
    Where you are not
    Posts
    1,330
    Thanks
    606
    Thanked
    103 times in 90 posts
    • Iota's system
      • Motherboard:
      • Asus Maximus Hero XI
      • CPU:
      • Intel Core i9 9900KF
      • Memory:
      • CMD32GX4M2C3200C16
      • Storage:
      • 1 x 1TB / 3 x 2TB Samsung 970 Evo Plus NVMe
      • Graphics card(s):
      • Nvidia RTX 3090 Founders Edition
      • PSU:
      • Corsair HX1200i
      • Case:
      • Corsair Obsidian 500D
      • Operating System:
      • Windows 10 Pro 64-bit
      • Monitor(s):
      • Samsung Odyssey G9
      • Internet:
      • 500Mbps BT FTTH

    Re: WaitList.dat file secretly stores written snippets and much more

    May as well have called it "Keylogger" and be done with it.

  9. #9
    Missed by us all - RIP old boy spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    2,015
    Thanks
    184
    Thanked
    1,086 times in 410 posts
    • spacein_vader's system
      • Motherboard:
      • MSI B450 Tomahawk Max
      • CPU:
      • Ryzen 5 3600
      • Memory:
      • 2x8GB Patriot Steel DDR4 3600mhz
      • Storage:
      • 1tb Sabrent Rocket NVMe (boot), 500GB Crucial MX100, 1TB Crucial MX200
      • Graphics card(s):
      • Gigabyte Radeon RX5700 Gaming OC
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Fractal Design Meshify C
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Zen Internet

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by Tabbykatze View Post
    It's literally called Text Harvester, that's fantastic! Someone in the Microsoft dev department went "how can we call a keylogger without actually calling it a keylogger?"..."How about text Harvester?" *cookies all round*.
    A keylogger logs all keystrokes. A text harvester only records ones that result in text (so no Alt, ctrl etc.)

  10. #10
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by peterb View Post
    This sort of covert data gathering isn’t new. Index.dat files gathe web browsing behaviour (and other things) and those files can be very persistent. And the have been around since Windows 95.
    Generic snooping, yes. But I'd say there's a marked qualitative difference between browsing behaviour, and whole blocks of potentially private text data. If index.dat is a baby's stumbling first steps, this sounds more like a cross between an Olympic marathoner and Usain Bolt's speed.

  11. #11
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by LSG501 View Post
    Unless it's not on windows 10 pro I don't see the file either and I have written input enabled (for when I have my graphics tablet in), the thing is that when it's enabled the VERY first thing I do (actually think it's during install) is disable the bits which send data back to Microsoft (not that I really think they'd do anything nefarious with it but I see no reason for it) which supposedly help 'improve' the way it works etc.
    But would disabling telemetry help?

    Unless I misread this, it isn't necessarily being "phoned home", but merely recorded locally, without the user's knowledge. The risk is that anyone snooping, either locally or via remote access, could access data that should not have been surreptioudly (and aithout any security) recorded in the first place.

  12. #12
    Chillie in here j.o.s.h.1408's Avatar
    Join Date
    Dec 2005
    Location
    a place called home
    Posts
    8,545
    Thanks
    757
    Thanked
    256 times in 193 posts
    • j.o.s.h.1408's system
      • Motherboard:
      • ASUS P6T Delux
      • CPU:
      • Intel core i7 920 @ 3ghz
      • Memory:
      • 3GB DDR RAM
      • Storage:
      • 1TB Samsung F1, 500GB Seagate baracuda + 320gb Seagate PATA +150GB WD PATA
      • Graphics card(s):
      • EVGA 480GTX SC edition
      • PSU:
      • Seasonic M12 600W Module PSU FTW
      • Case:
      • Lian Li PC-A7010B (the rolls royce of pc cases)
      • Operating System:
      • vista ultimate edition and windows xp
      • Monitor(s):
      • 22inch 2005FPW dell monitor
      • Internet:
      • 24mb BE There Broadband

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by Saracen View Post
    Well, my antipathy to W10 is no secret, and that antipathy started with W8, so I'll put that out there in the interests of full disclosure.

    What probably isn't so much of a '"no secret", as in harder to remember, is why my suspicion and antipathy started with W10, which centred around a series of MS 'decisions', and corporate announcements, all of which in my opinion spoke volumes about MS's full-blown centrism on what was right for them, and a complete disregard for the best interests of users, and this speaks volumes, whether old news or not.

    Who in their right mind, and I mean what complete and utter moron of a developer/team, thought that in any universe, it was a good idea to indulge in this kind of 'secret' data capture without, at an absolute minimum, a very clear, plainly worded and explicit warning to users whenever anything was done that activates this.

    I mean, the vast majority of users aren't security experts and most are barely computer-literate, and this presents an enormous, whopping-great security risk, which is pnly conceivably excusable if MS clearly warned users.

    The fact that this file is required to somehow train and improve handwriting capture is no excuse for such a potentially dsnaging security risk, and such a pathetic reason for potentially exposing millions of users in order to help their feature improve tells me all I need to know about how much consideration MS give to their users.


    Each time I mention my very considerable scepticism about putting our entire lives on electronic devices, I get called, jn various manners usually involving tinfoil and headwear, paranoid. Is it really paranoia if you are being followed tracked, digitised and databased?

    I've pointed out before thatcI have a whole network of machines that are not net-connected. Instead, they're air-gapped. Why? Because I don't know enough, or have enough time, to ensure stuff I put on a machince cannot be compromised. But if it is completely air-gapped, it does at least restrict any hacker to requiring physical access. And if, as in my case, data is at least thorougjly encrupted (as mine is) and in the case of very sensitive dwta, stored or removablw media that are only inserted when I need them, and otherwise securely locked away, it is reasonably secure even against someone with physical access.

    As time goes on, all I see is greater and greater risk of data being compromised, if not on your machine then on systems of someone you've given it to be it bank, phone provider, online shop or even HMRC.

    So, when I recently recently had a request from a solicitor to email some information they needed, including name, address, DOB, etc, and proof of ID including copies of driving licence, birth cert, passport, and utility bills I laughed at the notion of emailing such copies. Hell, no. I'll bring 'em in and they can examine whatever they need, but they're not, under sny circumstances, getting what amounts to an identity thief's wet dream of a theft starter kit by email.

    Maybe I am paranoid, but if I'm not extremely careful, it's 100% certain nobody else is going to do it for me.

    Which is why, whstever their supposed excuse, MS sneaking around behind user's backs doing this kind of thing is utterly inexcusable and a gross breach of trust.

    And you lot wonder why I'm not trusting?
    I love windows 10. it runs very well so far. Its just the force updates that are a bit of a pain

  13. #13
    Senior Member
    Join Date
    May 2014
    Posts
    2,385
    Thanks
    181
    Thanked
    304 times in 221 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by spacein_vader View Post
    A keylogger logs all keystrokes. A text harvester only records ones that result in text (so no Alt, ctrl etc.)
    I feel like that is a liberal application of semantics. Sure it doesn't capture all keys but it is still serving the same purpose. With a security hat, this is a keylogger, plain and simple and what is even worse is the contents aren't even encrypted or hashed, it's plaintext.
    Last edited by Tabbykatze; 25-09-2018 at 08:20 AM.

  14. #14
    Missed by us all - RIP old boy spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    2,015
    Thanks
    184
    Thanked
    1,086 times in 410 posts
    • spacein_vader's system
      • Motherboard:
      • MSI B450 Tomahawk Max
      • CPU:
      • Ryzen 5 3600
      • Memory:
      • 2x8GB Patriot Steel DDR4 3600mhz
      • Storage:
      • 1tb Sabrent Rocket NVMe (boot), 500GB Crucial MX100, 1TB Crucial MX200
      • Graphics card(s):
      • Gigabyte Radeon RX5700 Gaming OC
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Fractal Design Meshify C
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Zen Internet

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by Tabbykatze View Post
    I feel like that is a liberal application of semantics. Sure it doesn't capture all keys but it is still serving the same purpose. With a security hat, this is a keylogger, plain and simple and what is even worse is the contents aren't even encrypted or hashed, it's plaintext.
    I wasn't offering a defense, just clarifying the difference. It's still a spectacularly bad idea.

  15. #15
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by j.o.s.h.1408 View Post
    I love windows 10. it runs very well so far. Its just the force updates that are a bit of a pain
    Well that’s easy to stop - just disconnect it from the internet and that has the advantage of minimising all the potential security/privacy risks as well.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  16. #16
    Chillie in here j.o.s.h.1408's Avatar
    Join Date
    Dec 2005
    Location
    a place called home
    Posts
    8,545
    Thanks
    757
    Thanked
    256 times in 193 posts
    • j.o.s.h.1408's system
      • Motherboard:
      • ASUS P6T Delux
      • CPU:
      • Intel core i7 920 @ 3ghz
      • Memory:
      • 3GB DDR RAM
      • Storage:
      • 1TB Samsung F1, 500GB Seagate baracuda + 320gb Seagate PATA +150GB WD PATA
      • Graphics card(s):
      • EVGA 480GTX SC edition
      • PSU:
      • Seasonic M12 600W Module PSU FTW
      • Case:
      • Lian Li PC-A7010B (the rolls royce of pc cases)
      • Operating System:
      • vista ultimate edition and windows xp
      • Monitor(s):
      • 22inch 2005FPW dell monitor
      • Internet:
      • 24mb BE There Broadband

    Re: WaitList.dat file secretly stores written snippets and much more

    Quote Originally Posted by peterb View Post
    well that’s easy to stop - just disconnect it from the internet and that has the advantage of minimising all the potential security/privacy risks as well.
    lol joker

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •