It previously became known about the smart camera Dekoda from the company Kohler — the device attaches to a toilet, takes photographs of its contents, and provides the owner with wellness advice for digestion. The manufacturer assured that the Dekoda cameras “see” only the toilet contents, and all data is protected by “end-to-end encryption,” but it has now emerged that end-to-end encryption is not provided on the device and its associated service.
Image source: kohlerhealth.com
Image source: kohlerhealth.com
Kohler is using the term “end-to-end encryption” improperly, noted cybersecurity expert Simon Fondrie-Teitler. Studying the company’s privacy policy, he established that the manufacturer means encryption that safeguards data during its transfer over the internet — this refers to TLS encryption, which is used for connecting to websites via the HTTPS protocol.
Considering that modern users are increasingly concerned about privacy issues, it is important to employ correct terminology. The term “end-to-end encryption” can be applied to instant messaging services like Apple iMessage, Signal, and WhatsApp — but it is not applicable to TLS encryption, and users will be mistaken if they see it and decide that Kohler cannot view the camera images.
The manufacturer did not dispute this stance, and its representative clarified that user data is “encrypted at rest when stored on the user’s phone, on the toilet camera, and in our systems. <..> During transmission, the data also undergoes end-to-end encryption when moving between the user’s devices and our systems, where it is decrypted and processed to provide our services.”
Given that Kohler has access to user data on its servers, the company has the capability to utilize images from customers’ toilets to train artificial intelligence. The company did not deny this either, but reported that “[Kohler’s] algorithms are trained only on de-personalized data.” The Dekoda camera costs $559 and operates only with a mandatory subscription starting at $6.99.
About the Author
