this rootless Python script rips Windows Recall’s screenshots and SQLite database of OCRed text and allows you to search them.

  • a1studmuffin
    link
    fedilink
    English
    1106 months ago

    Wow, it’s pretty wild they didn’t even attempt to encrypt or protect this data, even if it is local to your machine. What a treasure trove for malware to sift through.

    • @BradleyUffner
      link
      English
      215 months ago

      It IS encrypted. Not well, but it’s encrypted.

      • @[email protected]
        link
        fedilink
        English
        125 months ago

        I thought that it was encrypted if your home directory was encrypted? The impression that I got was that it was just a SQLite database stored in the clear. The user must certainly be able to make queries of that database in order for it to work, so even if it’s hosted by a non-user service, malware running locally will still be able to exfiltrate the data.

        • @BradleyUffner
          link
          English
          65 months ago

          All true, which is what I meant by “not well” encrypted. It’s technically encrypted, but for all practical purposes it might as well not be.

      • a1studmuffin
        link
        fedilink
        English
        15 months ago

        Is it? I skimmed the GitHub source code and couldn’t see anything involving encryption, but it’s totally possible I missed something. Perhaps just accessing the database from python is enough to decrypt it.

    • @jaybone
      link
      English
      65 months ago

      Now ransomware hackers can sell all your shit to someone else if you refuse to pay.