‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted

Kohler’s smart toilet camera, Dekoda, which captures images of users’ toilet bowls to analyze gut health, has been marketed as using “end-to-end encryption” to secure user data. However, security researcher Simon Fondrie-Teitler revealed that Kohler’s claim is misleading. The company actually employs TLS encryption, which protects data during transmission over the internet but does not provide true end-to-end encryption where only the communicating users can access the data. This distinction is critical because users might mistakenly believe Kohler cannot access their images, when in fact the company can decrypt and process the data on its servers. Kohler’s privacy contact confirmed that user data is encrypted at rest on devices and servers, and encrypted in transit, but is decrypted on Kohler’s systems for analysis. This means Kohler has access to the images, raising concerns about potential use of this data, such as training AI algorithms. The company stated that their algorithms are trained only on de-identified data,