Windows secretly collects sensitive data via Handwriting Recognition tool

Windows has a built-in tool for improving its own handwriting recognition capability, and like many modern, smart features that increase their accuracy over time, it employs user data to do that. Windows Handwriting Recognition has been around for quite a while. Many Windows users who prefer touch-screen or stylus as input methods know the importance of this feature. However, the same, seemingly “innocent” feature is actually tracking your texts. According to a recent discovery, a Windows file named WaitList.dat secretly stores your texts with the help of Windows Search Indexer service. This includes everything from your passwords, emails, texts, and private chats.

This feature was first introduced in Windows 8 as part of its big drive toward touchscreen functionality. It automatically translates touch or stylus (these are the best ones) inputs into formatted text, improving its readability for the user, and giving other applications the ability to comprehend it. It means the secret tracking of users has been occurring for a number of years. Some are concerned that the way it stores that information could prove to be a security risk.

Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs first discovered the information about the file back in 2016 but wasn’t paid much attention. However, after a new and exclusive interview with ZDNet – it appears that the file, in fact, is reasonably dangerous.

Every touch-screen Windows PC with a handwriting recognition feature enabled maintains this file storing users text.

“Once it (handwriting recognition tool) is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature,” Skeggs says.

Considering how ubiquitous the Windows search indexing system is, this could mean that the content of most documents, emails, and forms ends up inside the WaitList file. The concern is that someone with access to the system — via a hack or malware attack — could find all sorts of personally identifiable information about the system’s owner. Worse yet, WaitList can store information even after the original files have been deleted, potentially opening up even greater security holes.

Leave a Reply