A toilet camera that can analyze your poop isn’t as private as its marketing suggests.
In October, Kohler Health announced the Dekoda, a $599 camera that hangs on the rim of your toilet and analyzes your stool and urine for potential health insights.
Obviously, the product raised questions about privacy. However, Kohler designed the camera’s sensors to face downward and advertised the system as end-to-end encrypted, a term that often implies the provider can’t read the user’s data.
(Credit: Kohler Health)
But a former technology advisor to the Federal Trade Commission took a closer look at the encryption claims, and found them to be bogus. “Responses from the company make it clear that—contrary to common understanding of the term—Kohler is able to access data collected by the device and associated application,” Simon Fondrie-Teitler wrote on his blog this week.
End-to-end encryption is most often used when talking about messaging apps, such as WhatsApp, Signal, or Apple’s iMessage. The term means that only the sender and recipient’s devices can decrypt any data, preventing the service provider from reading the messages.
This is why WhatsApp and Signal can’t hand the contents of you messages over to law enforcement. The encryption keys are stored on the devices, not the company’s servers.
(Credit: Kohler Health)
On the Dekoda, however, Kohler is a data recipient. The camera gathers the data, encrypts it, and sends it to Kohler to de-scramble for analysis.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Fondrie-Teitler confirmed this when emailing Kohler’s privacy contact. “The other ‘end’ that can decrypt the data is Kohler themselves,” he wrote, later adding: “What Kohler is referring to as E2EE here is simply HTTPS encryption between the app and the server, something that has been basic security practice for two decades now, plus encryption at rest.”
Kohler Health, a division under Kohler Co., tells us the end-to-end encryption only applies to data sent between the user and the company. “We encrypt data end-to-end in transit, as it travels between users’ devices and our systems, where it is decrypted and processed to provide and improve our service,” it said.
Recommended by Our Editors
Kohler Health also confirmed that it can harness the collected data to train AI programs, a concern that Fondrie-Teitler flagged. “If a user consents (which is optional), Kohler Health may de-identify the data and use the de-identified data to train the AI that drives our product. This consent check-box is displayed in the Kohler Health app, is optional, and is not pre-checked,” Kohler Health says.
This all means that Kohler Health can theoretically take a closer look at your poop data once it hits its servers. The company’s privacy policy mentions collecting “Health data, including fecal and urine images,” along with sensor information concerning “gut health and blood in bowl.”
Still, the company told us: “We also encrypt sensitive user data at rest, when it’s stored on a user’s mobile phone, toilet attachment, and on our systems.”
In response to the privacy concerns, it noted: “Privacy and security are foundational to Kohler Health because we know health data is deeply personal. We welcome user feedback and want to ensure they understand that every element of the product is designed with privacy and security in mind.”
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Read Full Bio
