Kohler launched in October DakotaA $600-plus monthly subscription device that attaches to the rim of your toilet and collects pictures and data from inside, promising to track and provide insight into gut health, hydration and more. To address obvious privacy concerns, the company emphasizes that the sensors are only on the bottom side of the bowl, and reassures potential buyers that data collected by the device and the app is secure with “end-to-end encryption.”
Kohler Health home pagepage for Kohler Health Appand a support page All use the term “end-to-end encryption” to describe the security an app provides for data. many media shops included the claim in its articles covering the launch of the product.
However, the company’s responses make it clear that – contrary to common understanding of the term – Kohler is able to access the data collected by the device and associated applications. Additionally, the company says that data collected by devices and apps can be used to train AI models.
What is end-to-end encryption?
“End-to-end encryption”, or E2EE, is a method of securing data that ensures that only the sender and their chosen recipient can see it. Implemented correctly, this prevents other parties, including the developer of the application, from accessing protected data. E2EE is best known for its use in messaging applications such as WhatsApp, iMessage, and Signal, where it allows users to communicate securely and privately without worrying about their messages being viewed by app developers, Internet service providers, and even governments.
E2EE also provides an additional layer of security if the application developer’s servers are compromised by an attacker. Any data stored on those servers would be meaningless to the attacker, which could significantly reduce the impact of the breach. For more detailed information on E2EE see An in-depth look at end-to-end encryption From the Electronic Frontier Foundation.
What is Kohler doing?
The initial problem with Kohler’s use of the term “end-to-end encryption” is that it is not clear how it might apply to their product. The term is generally used for applications that allow some form of communication between users, and Kohler Health does not feature any user-to-user sharing. So while one “end” will be the user, it is not clear what the other end will be.
I thought Kohler might actually have implemented a related data security method known as “client-side encryption,” which is used by services like Apple’s iCloud and password manager 1Password. This technology allows an application to backup a user’s data to the developers server, or synchronize data between multiple devices owned by the user, without allowing anyone except the user to access the data.
But emails exchanged with Kohler’s privacy contact made clear that the other “end” that can decrypt the data is Kohler itself: “User data is encrypted at rest when it is stored on a user’s mobile phone, toilet attachment, and on our systems. Data in transit is also end-to-end encrypted as it travels between user devices and our systems, where it is decrypted and used to provide our service.” “
He additionally told me, “We have designed our systems and processes to protect identifiable images from access by Kohler Health employees through a combination of data encryption, technical security measures, and governance controls.”
What Kohler is referring to as E2EE here is simply HTTPS encryption between the app and the server, something that has been basic security practice for two decades now, along with encryption at rest.
How is Kohler using the data?
If Kohler can access the data stored on their servers, what are they doing with it? Although I don’t have an exact answer, there are indications that they are using it for other purposes beyond just providing a service to the user. This may include training AI models.
In response to my question about the use of E2EE, Kohler told me “Our algorithms are trained only on de-identified data.” When signing up for an account on the app, users are asked to allow Colherr to “research, develop and improve its products and technology and to use the data for de-identification.” [the user’s] Data for legitimate purposes.”
and this Privacy Policy The data may be used “to create aggregated, de-identified and/or anonymized data that we may use and share with third parties for our legitimate business purposes, including analyzing and improving the Kohler Health Platform and our other products and services, promoting our business, and training our AI and machine learning models.”
<a href