Skip to main content

Windows improves handwriting-recognition skills at the peril of users’ security

Microsoft Surface Pro and Surface Pen 2017
Kyle Wiggers/Digital Trends

Windows has a built-in tool for improving its own handwriting recognition capability, and like many modern, smart features that increase their accuracy over time, it employs user data to do that. Some are concerned, however, that the way it stores that information could prove to be a security risk, as researchers have discovered everything from the content of emails to passwords stored in a single file.

Handwriting recognition was introduced in Windows 8 as part of its big drive toward touchscreen functionality. It automatically translates touch or stylus (these are the best ones) inputs into formatted text, improving its readability for the user, and giving other applications the ability to comprehend it. To help improve its accuracy, it looks at commonly used words in other documents, storing such information in a file called WaitList.dat. But digital forensics expert Barnaby Skeggs has highlighted that it stores just about any text on your system — not just handwritten content.

Recommended Videos

“Once [handwriting recognition] is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature,” Skeggs told ZDnet.

Please enable Javascript to view this content

Considering how ubiquitous the Windows search indexing system is, this could mean that the content of most documents, emails, and forms ends up inside the WaitList file. The concern is that someone with access to the system — via a hack or malware attack — could find all sorts of personally identifiable information about the system’s owner. Worse yet, WaitList can store information even after the original files have been deleted, potentially opening up even greater security holes.

PowerShell command:

Stop-Process -name "SearchIndexer" -force;Start-Sleep -m 500;Select-String -Path $env:USERPROFILEAppDataLocalMicrosoftInputPersonalizationTextHarvesterWaitList.dat -Encoding unicode -Pattern "password"

— Barnaby Skeggs (@barnabyskeggs) August 26, 2018

This is something that has purportedly been known about in the forensics space for some time and has provided researchers with a useful way to prove the prior existence of a file and in some cases its contents, even if the original had been scrubbed from existence.

Although typically such a potential security hole would warrant contacting Microsoft about the issue before making the public aware of it, Skeggs has reportedly not done so, since the handwriting recognition feature is working as intended. This isn’t a bug, even if it’s potentially exploitable.

If you want to close up that potential security hole on your system, you can delete WaitList.dat manually by going to C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester. If you don’t find that folder, you don’t have handwriting recognition enabled, so you should be secure.

Well, you should be secure against this potential security flaw at least. We’d still recommend you enable Windows Defender and use one of the best anti-malware solutions.

Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Gamers are finally flocking to Windows 11 after 3 years
Spider-man running on the Asus ROG PG42UQG.

Windows 11 is getting a lot more popular lately. In the latest Steam hardware survey, Valve clocked that 51.97% of its user base is now using Windows 11, which is a 4.28% increase compared to last month and the highest share the operating system has ever seen, despite being readily available for over three years.

Windows 10, the second-most popular operating system on Steam, fell by 2.71%, and now makes up 45.95% of the users Valve surveyed. Just a couple of months ago, when Valve released its August survey results, Windows 11 overtook Windows 10 for the first time in the hardware survey. The gap is only widening now, with the share lost by Windows 10 going almost directly to Windows 11. Earlier this year, Windows 11 adoption was actually down on the Steam hardware survey, with some claiming that Windows 10 offered better gaming performance.

Read more
You have one year to safely use Windows 10 before you’ll need to pay
Windows 11 logo on a laptop.

Microsoft will be allowing consumers to join its Extended Security Updates (ESU) program for the first time next year, and it announced the program pricing today in a blog post. The official end-of-service date for Windows 10 is October 14, 2025, but by paying $30 to join the ESU program, you can receive an extra year of security updates. This will allow you to continue safely using Windows 10 until around October 2026, a full two years from now.

By the time support for Windows 10 ends, it will be almost exactly four years since Windows 11 launched and a decade since Windows 10 launched. It takes a lot of work to keep an operating system secure and running smoothly, which is why a company like Microsoft can't just endlessly support every version of Windows it's ever shipped. It would end up costing a lot more money than it made -- and that's not how businesses function.

Read more
Microsoft outlines Recall security: ‘The user is always in control’
Recall promotional image.

Microsoft just released an update regarding the security and privacy protection in Recall. The blog post outlines the measures Microsoft is taking to prevent a data privacy disaster, including security architecture and technical controls. A lot of the features highlight that Recall is optional, and that's despite the fact that Microsoft recently confirmed that it cannot be uninstalled.

Microsoft's post is lengthy and covers just about every aspect of the security challenges that its new AI assistant has to face. One of the key design principles is that "the user is always in control." Users will be given the choice of whether they want to opt in and use Recall when setting up their new Copilot+ PC.

Read more