from the literal-enshittification dept
In the enshittification era, companies rushing to profit off the gold mine of mass commercial surveillance are routinely intent on pushing their luck. Automakers spy on your driving habits (without telling you) to sell that data to insurance companies that raise your rates. Your ISP, phone, and even electrical meter all report on your every movement and choice, often with only middling consent.
So of course this has also now expanded to your toilet. Kohler is under fire now after a researcher discovered that the company’s smart toilet devices record all manner of sensitive data, then don’t do a particularly good job securing that information.
This entirely predictable story is centered around Kohler’s $600 Dekoda toilet attachment, which uses “optical sensors and validated machine-learning algorithms” to deliver “valuable insights into your health and wellness.” Read: it tracks how often you poop, in case you had difficulty with that.
But while Kohler explains this data on your pooping habits is “end to end encrypted,” a researcher named Simon Fondrie-Teitler found that description to be… inaccurate:
“Responses from the company make it clear that—contrary to common understanding of the term—Kohler is able to access data collected by the device and associated application. Additionally, the company states that the data collected by the device and app may be used to train AI models.”
“End-to-end encryption” (E2EE) secures transmitted data so both the recipient and the sender can read it. Ideally, it’s supposed to prevent everybody else, including the developer and host company, from reading it. Kohler’s “end to end encryption” doesn’t do that:
“I thought Kohler might actually have implemented a related data protection method known as “client-side encryption”, used by services like Apple’s iCloud and the password manager 1Password. This technique allows an application to back up a user’s data to the developers servers, or synchronize data between multiple devices owned by a user, without allowing anyone but the user to access the data.
But emails exchanged with Kohler’s privacy contact clarified that the other “end” that can decrypt the data is Kohler themselves: “User data is encrypted at rest, when it’s stored on the user’s mobile phone, toilet attachment, and on our systems. Data in transit is also encrypted end-to-end, as it travels between the user’s devices and our systems, where it is decrypted and processed to provide our service.”
Why is Kohler pushing its luck here and distorting the definition of end to end encryption? Because it’s not satisfied with charging you $600 for the hardware. It wants in on the cash flow generated by selling data on your every habit to a vast, largely unregulated cabal of dodgy data brokers, who in turn historically have done a piss poor job securing private data from bad actors.
And while your electrical usage, pooping habits, and daily movement habits individually may not seem like much of a threat, this data is often unified under profiles by both corporations and global governments (which refuse to regulate these markets because it allows them to avoid warrants) as part of our ever-expanding mass, hyper-commercialized surveillance state.
Why does the government and an unregulated coalition of global corporations need data on how often you poop in a system with almost zero real world accountability for privacy abuses? Why ask why! Just sit back and enjoy the innovation.
Companies, like Kohler does here, will often try to dodge responsibility for bad choices by also insisting this data is “anonymized,” but that’s always been a gibberish term. Here in the States, it’s the inevitable enshittified outcome of our corrupt inability to pass even basic internet privacy protections, or implement meaningful corporate oversight. So this sort of shitty behavior will only get worse from here.
Filed Under: data brokers, dekoda, encryption, enshittification, health, pooping, security, smart devices, surveillance
Companies: kohler
