Earlier this year, home goods maker Kohler launched a smart camera called the Dekoda that attaches to your toilet bowl. The device takes pictures and analyzes the images to provide insights on your gut health. Anticipating privacy concerns, Kohler stated that the camera’s sensors only look down into the toilet and claimed all data is secured with “end-to-end encryption.”
However, security researcher Simon Fondrie-Teitler pointed out that Kohler’s use of the term “end-to-end encryption” is incorrect. By reading the company’s privacy policy, it becomes clear Kohler is actually referring to TLS encryption, which secures data as it travels over the internet. This is the same technology that powers HTTPS websites.
Using precise terminology matters, especially regarding user privacy. The phrase “end-to-end encryption” is widely associated with messaging apps like iMessage, Signal, and WhatsApp, where not even the service provider can access the data. Applying it to TLS encryption is misleading and could confuse users into thinking Kohler cannot see the pictures taken by the camera.
A Kohler spokesperson did not respond to questions, but a company privacy contact told the researcher that user data is encrypted when stored on the user’s phone, the toilet attachment, and on Kohler’s systems. They also stated that data in transit is encrypted end-to-end as it travels between user devices and company systems, where it is decrypted and processed.
The security researcher also raised the possibility that Kohler could use customers’ toilet bowl pictures to train AI, given the company can access the data on its servers. In response, a company representative stated that Kohler’s algorithms are trained only on de-identified data.
The Dekoda costs $599 plus a mandatory subscription of at least $6.99 per month.