this rootless Python script rips Windows Recall’s screenshots and SQLite database of OCRed text and allows you to search them.

  • a1studmuffin@aussie.zone
    link
    fedilink
    English
    arrow-up
    111
    arrow-down
    2
    ·
    7 months ago

    Wow, it’s pretty wild they didn’t even attempt to encrypt or protect this data, even if it is local to your machine. What a treasure trove for malware to sift through.

      • addie@feddit.uk
        link
        fedilink
        English
        arrow-up
        12
        ·
        7 months ago

        I thought that it was encrypted if your home directory was encrypted? The impression that I got was that it was just a SQLite database stored in the clear. The user must certainly be able to make queries of that database in order for it to work, so even if it’s hosted by a non-user service, malware running locally will still be able to exfiltrate the data.

        • BradleyUffner@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          7 months ago

          All true, which is what I meant by “not well” encrypted. It’s technically encrypted, but for all practical purposes it might as well not be.

      • a1studmuffin@aussie.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        Is it? I skimmed the GitHub source code and couldn’t see anything involving encryption, but it’s totally possible I missed something. Perhaps just accessing the database from python is enough to decrypt it.

    • jaybone@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      7 months ago

      Now ransomware hackers can sell all your shit to someone else if you refuse to pay.