Kohler’s ‘End-to-End Encrypted’ Smart Toilet Camera Isn’t Actually Very Private

Matt Growcoot

A close-up of a white toilet with a bidet attachment installed on the rim, showing control features on the side in a softly lit bathroom.

In October, Kohler announced it was getting into the photography game via a smart camera designed to be installed inside a toilet. The Dekoda was advertised as “end-to-end encrypted,” but an engineer has shown this isn’t true.

The Dekoda is advertised as a “first-of-its-kind health tracker” that analyzes gut health, hydration, and whether there is blood in a person’s stool. A camera going inside a toilet is a sensitive matter, so obviously Kohler was keen to stress that “privacy comes first”, emphasizing the lens only points down and data is protected with “end-to-end encryption.”

But engineer Simon Fondrie-Teitler, a software engineer and former Federal Trade Commission technology advisor, was immediately skeptical. End-to-end encryption is for user-to-user sharing features, commonly found on messaging apps like WhatsApp, iMessage, and Telegram. So while one end of the encyrption is obvious, who or what is at the other end is confusing.

A sleek, modern white device with smooth curves and a metallic dual-lens camera attachment, floating against a gradient background of light gray and warm beige tones.

After the engineer contacted Kohler, it became clear that the other “end” is the company best known for its plumbing products. “User data is encrypted at rest, when it’s stored on the user’s mobile phone, toilet attachment, and on our systems,” Kohler says. “Data in transit is also encrypted end-to-end, as it travels between the user’s devices and our systems, where it is decrypted and processed to provide our service.”

What Kohler is referring to is standard TLS encryption, which secures data in transit over the internet. In practice, this is just HTTPS — a basic part of internet infrastructure for more than two decades.

The company says that, “We have designed our systems and processes to protect identifiable images from access by Kohler Health employees through a combination of data encryption, technical safeguards, and governance controls.” Nevertheless, it means that Kohler can access the data and that raises the question: what are they doing with it?

Well, it turns out that Kohler may be using the images to train an AI. Dekoda works via an app, and when users sign up they are asked to allow the company to use their data to “research, develop, and improve its products and technology, and to de-identify [the user’s] data for lawful purposes.”

The Kohler Dekoda costs $599. To use the app, users must pay for a subscription which ranges from around $70 to over $150 annually, depending on the selected plan.

Image credits: Kohler

,
, , , , ,
PetaPixel articles may include affiliate links; if you buy something through such a link, PetaPixel may earn a commission.
Related Articles
A sleek, modern white device with smooth curves and a metallic dual-lens camera attachment, floating against a gradient background of light gray and warm beige tones. Kohler Just Unveiled a Toilet Camera
Bored at Work, Engineer Builds a Camera Out of Trash
A man holds a bowling ball, preparing to bowl on the left; on the right, bowling pins scatter and fall as a ball strikes them at the end of the lane. Insta360 X5 Inside a Bowling Ball Captures Incredible 360-Degree Footage
This Homebrew High Speed Camera is Headed to Kickstarter Soon
Discussion