‘End-to-End Encrypted’ Smart Toilet Camera Lacks Promised Security
▼ Summary
– Kohler launched a smart toilet camera called the Dekoda that analyzes images to provide gut health advice.
– The company incorrectly used the term “end-to-end encryption” to describe standard TLS encryption for data in transit.
– A security researcher clarified that Kohler can access and decrypt user data on its servers, unlike true end-to-end encryption.
– Kohler stated its AI algorithms are trained only on de-identified data, addressing concerns about using customer pictures for training.
– The Dekoda device costs $599 and requires a subscription of at least $6.99 per month.
A new smart toilet camera designed to monitor gut health has come under scrutiny for its misleading claims about data security. Kohler’s Dekoda device attaches to a toilet bowl, captures images, and analyzes them to provide health insights. While the company assured customers that all data is protected with “end-to-end encryption,” a security expert has clarified this is a significant misrepresentation of the actual safeguards in place.
The term “end-to-end encryption” is widely recognized from secure messaging platforms like Signal and WhatsApp, where only the communicating users can read the messages. In this case, the company appears to be describing standard TLS encryption, which secures data while it travels over the internet but does not prevent the company itself from accessing the information on its servers. This distinction is crucial for user privacy, as it means Kohler could technically view the images captured by the camera.
Upon reviewing the privacy policy, security researcher Simon Fondrie-Teitler noted the discrepancy. The policy indicates data is encrypted during transmission and while stored, but Kohler’s own statements confirm the data is decrypted and processed on their systems to deliver the service. A company representative stated that user data is “encrypted at rest” on the user’s phone, the toilet attachment, and Kohler’s servers, and that data in transit is “encrypted end-to-end” between devices and their systems. However, this description aligns with transport-layer security, not true end-to-end encryption where the service provider cannot decrypt the information.
This situation raises questions about how the collected images might be used. Given that Kohler can access the data on its servers, there is a possibility the pictures could be utilized to train artificial intelligence algorithms. The company has asserted that its “algorithms are trained on de-identified data only,” though this claim comes from a representative’s email and is not independently verified. The device carries a price tag of $599 plus a required monthly subscription starting at $6.99, making the clarity of its privacy promises especially important for potential buyers.
(Source: TechCrunch)
