Failures

by Karl Bode


Filed Under:
iot, privacy, security, smart vibrators

Companies:
standard innovation



Smart Vibrator Company To Pay $3.75 Million For Private Data Collection

from the masturbatory-metadata dept

Given the often-comedic "security" featured on "smart" tea kettles, televisions, refrigerators and light bulbs -- was there any question that your sex toys would suffer from the same problems plaguing other Internet of Things devices?

Last fall, a company named Standard Innovation was sued because its We-Vibe vibrator collected sensitive data about customer usage. Specifically, the device and its corresponding Bluetooth-tethered smartphone app collected data on how frequently (and for how long) users enjoyed the toy, the "selected vibration settings," the device's battery life, and even the vibrator's "temperature." All of this rather personal data was collected and sent off to the company's Canadian servers, where the company claims it's used to conduct research for future products and product updates.

Unlike many IoT products, Standard Innovation does fortunately encrypt this data in transit, but like most IoT companies, it failed to fully and clearly disclose the scope of data collection to customers, what was being done with that data, and how to opt out (or preferably, opt in).

The end result was a lawsuit by one of the device's users (pdf) claiming this improperly-disclosed data collection violated Illinois privacy laws. This week, Standard Innovation struck a $3.75 million settlement (pdf). Under the terms of the deal, Standard Innovation will designate $3 million of the total for customers who downloaded the app and used it with the We-Vibe device, each individual receiving about $10,000 each. The remaining $750,000 is then destined to be divided between customers who purchased the devices alone, with each individual in that instance receiving roughly $200 each.

The company tells the Chicago Tribune it had learned its lesson about the collection of masturbatory metadata:

"Standard Innovation denied any wrongdoing in the settlement, which spokesman Denny Alexander called "fair and reasonable." Some changes agreed to in the settlement have been in place since We-Vibe updated its We-Connect app and privacy notice in September, he said.

"At Standard Innovation we take customer privacy and data security seriously. We have enhanced our privacy notice, increased app security, provided customers more choice in the data they share, and we continue to work with leading privacy and security experts to improve the app," he said."

Of course the real lesson here continues to be: if you want to be smart about device security in the internet of broken things era, you're almost always better off with the dumb alternative.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 17 Mar 2017 @ 5:16am

    Here's me hoping this is turned into some sci-fy porn parody.

    Swordfish doesn't count.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2017 @ 6:41am

    What, no embedded camera?

    How are they supposed to "conduct research for future products and product updates" without video?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2017 @ 6:55am

    IoT: product in search of a market

    ProTip: Stupid products do not have a sustainable market

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2017 @ 7:19am

    Barrister Johnson, "Your Honor, I can prove that my client was NOT at the scene of the murder. She clearly was using her Iot vibrator for 7 hours and could not have been at the scene of the crime!"

    Judge Smith, "Mr. Johnson, I am impressed with your attention to detail as well as your client's stamina. Case dismissed!"

    Judge Smith, "Miss Jones, maybe we could go get a cup of coffee after dinner tonight?"

    reply to this | link to this | view in chronology ]

  • icon
    Bergman (profile), 17 Mar 2017 @ 7:30am

    You know...

    ...for an exhibitionist, that's not a bug. It's a feature!

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 17 Mar 2017 @ 7:45am

    $3.75 million? Well, they're fucked.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2017 @ 7:58am

    How many of these companies decide to collect all the data that they can just because they can, and then try and figure out how to profit from it latter?

    reply to this | link to this | view in chronology ]

  • icon
    discordian_eris (profile), 17 Mar 2017 @ 8:00am

    I guess that the company just learned that truth is a double headed dildo. With telemetry.

    reply to this | link to this | view in chronology ]

  • icon
    SteveMB (profile), 17 Mar 2017 @ 8:15am

    I guess that the company just learned that truth is a double headed dildo. With telemetry.

    But without lube.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2017 @ 9:23am

    I like the phrase Internet of Broken Things...

    This reminds me of how often we hear security advice about protecting our personal info from "bad guys".

    I'm strongly inclined to think of regular companies and corporations as are part of those bad guys. I think they started all this by believing they could collect, use and sell user data as they please. Many, if not most, didn't even bother to protect the data from internal or external theft. How much credit card and identity theft came directly from this?

    I remember routinely getting junk mail with my social on it. Or having school IDs with my social on it. Boooo!!

    reply to this | link to this | view in chronology ]

    • icon
      OA (profile), 17 Mar 2017 @ 9:25am

      Re:

      Oops. That was me. I thought I was logged in.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Mar 2017 @ 3:03pm

      Re:

      I'm strongly inclined to think of regular companies and corporations as are part of those bad guys.

      Signs of a company I will avoid:

      1. Using Exact Target, Constant Contact, or other.
      2. Advertised on NPR or FOX (Not because of the network, just that I've noticed if it's on NPR or FOX, they are companies I'd prefer to avoid.)
      3. Has a "sucks" site they run
      4. Did you check the BBB and RipOff Report? Even if there are a lot of complaints, you have to see if they are reasonable or stupid complaints.
      5. Is a media "darling" in any way, shape or form. Because as much as I hate to say it, the common American is an utter, drooling idiot. They might be nice people - most are - but they aren't the sharpest tool in the box.
      6. Is Sony, Microsoft, AT&T, ComCast, Verizon, T-Moble, or sells product at Radio Shack.

      reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 17 Mar 2017 @ 11:43am

    ...and how to opt out (of data collection)

    Given the lack of user controls, this is probably activated much like hidden features in games:

    Up, Up, Down, Down, Left, Right, Left, Up....

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2017 @ 2:24pm

    Lots of companies collect lots of data. Where is the line?

    reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 17 Mar 2017 @ 3:21pm

    "Dear Miss Jones,

    You smart vibrator has detected that you have the beginnings of a yeast infection. We recommend that you get that taken care of immediately."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2017 @ 5:11pm

    My GF and I have one, and it's pretty fun. It would be more fun if it didn't constantly drop the connection. We were in a LDR for a while and when it worked properly, it was a ton of fun to be able to remotely control her vibe. She's since moved in with me, so we have less need for a remote control vibe. ;-)

    As for the data collection... I'm not particularly bothered. Seems like usage stats. Did it need to be personally identifiable? No. But that seems more like somebody just didn't think through the implications of how they were collecting the data.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Mar 2017 @ 1:56pm

      Re:

      > As for the data collection... I'm not particularly bothered.

      Cool. Please post your name, username and password along with a release so that we can all enjoy your data. I mean, if it doesn't bother you, then why not?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2017 @ 8:37pm

    Life lessons

    Lessons learned the hard way tend to stick to you.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Mar 2017 @ 4:11pm

    Smart Vibrators

    The product on many peoples lips :)

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.