Literal Enshittification: ‘Smart’ Toilets Play Fast And Loose With Your Pooping Data
from the literal-enshittification dept
In the enshittification era, companies rushing to profit off the gold mine of mass commercial surveillance are routinely intent on pushing their luck. Automakers spy on your driving habits (without telling you) to sell that data to insurance companies that raise your rates. Your ISP, phone, and even electrical meter all report on your every movement and choice, often with only middling consent.
So of course this has also now expanded to your toilet. Kohler is under fire now after a researcher discovered that the company’s smart toilet devices record all manner of sensitive data, then don’t do a particularly good job securing that information.
This entirely predictable story is centered around Kohler’s $600 Dekoda toilet attachment, which uses “optical sensors and validated machine-learning algorithms” to deliver “valuable insights into your health and wellness.” Read: it tracks how often you poop, in case you had difficulty with that.
But while Kohler explains this data on your pooping habits is “end to end encrypted,” a researcher named Simon Fondrie-Teitler found that description to be… inaccurate:
“Responses from the company make it clear that—contrary to common understanding of the term—Kohler is able to access data collected by the device and associated application. Additionally, the company states that the data collected by the device and app may be used to train AI models.”
“End-to-end encryption” (E2EE) secures transmitted data so both the recipient and the sender can read it. Ideally, it’s supposed to prevent everybody else, including the developer and host company, from reading it. Kohler’s “end to end encryption” doesn’t do that:
“I thought Kohler might actually have implemented a related data protection method known as “client-side encryption”, used by services like Apple’s iCloud and the password manager 1Password. This technique allows an application to back up a user’s data to the developers servers, or synchronize data between multiple devices owned by a user, without allowing anyone but the user to access the data.
But emails exchanged with Kohler’s privacy contact clarified that the other “end” that can decrypt the data is Kohler themselves: “User data is encrypted at rest, when it’s stored on the user’s mobile phone, toilet attachment, and on our systems. Data in transit is also encrypted end-to-end, as it travels between the user’s devices and our systems, where it is decrypted and processed to provide our service.”
Why is Kohler pushing its luck here and distorting the definition of end to end encryption? Because it’s not satisfied with charging you $600 for the hardware. It wants in on the cash flow generated by selling data on your every habit to a vast, largely unregulated cabal of dodgy data brokers, who in turn historically have done a piss poor job securing private data from bad actors.
And while your electrical usage, pooping habits, and daily movement habits individually may not seem like much of a threat, this data is often unified under profiles by both corporations and global governments (which refuse to regulate these markets because it allows them to avoid warrants) as part of our ever-expanding mass, hyper-commercialized surveillance state.
Why does the government and an unregulated coalition of global corporations need data on how often you poop in a system with almost zero real world accountability for privacy abuses? Why ask why! Just sit back and enjoy the innovation.
Companies, like Kohler does here, will often try to dodge responsibility for bad choices by also insisting this data is “anonymized,” but that’s always been a gibberish term. Here in the States, it’s the inevitable enshittified outcome of our corrupt inability to pass even basic internet privacy protections, or implement meaningful corporate oversight. So this sort of shitty behavior will only get worse from here.
Filed Under: data brokers, dekoda, encryption, enshittification, health, pooping, security, smart devices, surveillance
Companies: kohler
Comments on “Literal Enshittification: ‘Smart’ Toilets Play Fast And Loose With Your Pooping Data”
Nah… too easy.
Re:
Mutually Assured Enshittification?
Re:
What? We’re here to talk shit!
Well, end-2-end encryption means encrypted from sender to receiver. Now if there is only the client and the company server, it’s also technically E2E, but using some smelly definition.
So let’s say they’re just making a dump of the user data.
Trust this industry...
…to always be plumbing new depths.
Crap.
This is really shitty.
They really don’t give a shit about protecting your privacy, and their (rear)end-to-end encryption is so ineffective that third parties will be on your ass in the time it takes for you to do your business. You might want to take some time and take a load off but KOhler needs to butt out(house).
The S in IOT stands for… well, not security, that’s for sure.
Ugh.
The sad part is, there was an episode of the animated show ‘American Dad!’ that reminds me a lot of this. Specifically there was an episode (Paranoid Frandroid) that involved a plot by the CIA where people were secretly recorded on the toilet in gastrointestinal distress, with the idea of using it as blackmail material.
This, of course, reminds me of that except arguably dumber. Somehow.
(Also, how does it do ‘wellness checks’ through ‘optical scanning’? I’m in no way a doctor, but I’m pretty sure it takes MORE THAN LOOKING at… well, literal shit.)
Re:
That episode is from 2017, so may well have been inspired by the 2014 “Quantified Toilets” hoax:
But the idea’s not new. Frederick Pohl mentioned it in the 1980 book “Beyond the Blue Event Horizon”, for example:
Re:
The German “Flachspüler” toilet has a shelf to allow for exactly that. Shelf awareness: Experts explain why you should be inspecting your poop.
It’s believed they may have been invented for detecting worms, but a modern doctor is quoted in the linked article as saying “The number one thing to look for is blood”. Another said “The color, consistency, frequency and other characteristics can offer valuable insight about your overall health.”
And, of course, before modern medical labs, what were doctors gonna do other than look at it and maybe smell it? I hope not taste it, as some did with urine.
Re: Re:
That German “flachspüler” toilet was also referred to as “das Deutsche Leistungs Klo”, which can be translated to : “the German achievement toilet”. I heard this in the 70s from a Cabaret Group called “ Die Münchner Lach und Schiess Gesellschaft”
Fast and loose
That IS my pooping data!!!
End 2 End
User’s end to Company’s end. God forbid someone steals you crap data before the company can sell it. What about their profit margines? You think a $600 toilet seat isn’t bad enough?
It gets worse
What this article doesn’t mention, but the Ars article does, is that on top of the $600 hardware, “it also requires a subscription that starts at $7 per month” for the privilege of using this mis-marketed advertising/insurance data dump.
Too.. many.. puns.