Security

Bottom Line on Kohler Toilet E2EE Claims

Leave a comment

A security researcher supposedly exposing privacy risk in a Kohler networked toilet didn’t get to the bottom of anything.

But seriously, what is this crap?

The initial issue with Kohler using the term “end-to-end encryption” is that it’s not obvious how it could apply to their product. The term is generally used for applications that allow some kind of communication between users, and Kohler Health doesn’t have any user-to-user sharing features. So while one “end” would be the user, it’s not clear what the other end would be.

The researcher takes issue with the term E2EE, despite an already-compromised meaning, pretends it has a pure canonical definition, then catches Kohler failing to meet his fictional standard.

That’s a definitional sleight of hand and for what end, exactly?

Whatsapp is a Facebook product that falsely claims E2EE. When they say “we can’t read your messages” they actually mean they can read your message when your contact taps a Report button, and they harvest all the metadata, and cloud backups may be accessible, and….

The researcher even cites Whatsapp as an example of E2EE. That’s like saying Exxon is an example of how to protect the environment. Marlboro is an example of healthy living.

At least Kohler is being plain and honest about being an end of their encryption. They say they will use the data and why. What the hell are the huge warehouses of Whatsapp staff doing with all the data they harvest from bogus E2EE, which apparently even fooled this researcher into promoting?

Talk about burying the lede: if you want to hunt vulnerabilities the Kohler AI training angle is actually interesting research! What happens when de-identified stool image datasets get breached or sold? What’s the actual re-identification risk? What are the clinical validation standards for the insights they’re selling?

Instead we got “users at a company who use your data can access your data.”

No shit.

A real security/privacy analysis of the back-end architecture was available and the researcher chose definitional games instead. I mean, if you want to hate on Kohler, there is plenty to dislike without cooking up encryption claims.

The subscription model is $600 for hardware that becomes a brick if you stop paying or they shut down. That’s the enshittification lifecycle applied to your actual toilet.

De-identification is hard, and this is distinctive dumps. Stool images are biometric-adjacent. The claim that de-identified toilet photos can’t be re-identified is… doubtful.

The gut health insight market is largely unvalidated. What evidence-based intervention follows from the data? “Your stool is different today” brings what actionable change beyond what you can detect naturally already? It’s quantified self for a process that mostly works fine without surveillance.

Attack surface expansion. Your toilet worked fine before. Now it’s a networked sensor with dependencies, firmware updates, and an app that needs permissions. Every connected device adds more liability; this one points at you with your pants down.

Subscription healthtech has misaligned incentives. They need you anxious enough to keep paying but not so alarmed you see a real doctor. That’s a weird optimization target to sit on.

And so forth…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.