A new New York law requires retailers to disclose if personal data collected about you results in algorithmic changes to their prices. And we’ve profiled a new cellular carrier that aims to offer the closest thing possible to truly anonymous phone service — and its founder, Nicholas Merrill, who spent more than a decade in court fighting an FBI surveillance order targeted at one of his Internet service provider’s customers.
Putting a camera-enabled digital device in your toilet that uploads the analysis of your actual bodily waste to a corporation represents such a ridiculously bad idea that, 11 years ago, it was the subject of a parody infomercial. In 2025, it’s a real product – and its privacy problems, despite the company’s marketing copy behind it, are exactly as bad as any normal human being could have imagined.
Security researcher Simon Fondry-Tytler published a blog post this week revealing that Dakota, a camera-packing smart device sold by Kohler, does not actually use “end-to-end encryption” as it claimed. That term generally means that the data is encrypted so that only the user device on the “end” of the conversation can decrypt the information it contains, not the server that sits between them and hosts that encrypted communication. But Fondry-Teitler found that Dakota only encrypts its data from the device to the server. In other words, according to the company’s definition of end-to-end encryption, one end is essentially — forgive us — your back end, and the other is Kohler’s backend, where the images it outputs are “decrypted and processed to provide our service,” as the company wrote in a statement to Fondry-Teitler.
In response to his post he said that this usually happens No As for what end-to-end encryption means, Kohler has removed all instances of that term from its description of Dakota.
The cyber espionage campaign known as Salt Typhoon represents one of the largest counterintelligence debacles in modern American history. State-sponsored Chinese hackers infiltrated nearly every American telecommunications and gained access to real-time calls and texts of Americans including then-President and Vice-Presidential candidates Donald Trump and J.D. Vance. But according to the Financial Times, the US government has refused to impose sanctions on China in response to that hacking spree amid the White House’s effort to reach a trade deal with the Chinese government. That decision led to criticism that the administration was backing major national security initiatives in an effort to accommodate Trump’s economic goals. But it’s worth noting that imposing sanctions in response to espionage has always been a controversial move, given that the United States undoubtedly carries out espionage-oriented hacking around the world.
As 2025 approaches, the country’s lead cyber defense agency, the Cyber Security and Infrastructure Agency (CISA), still does not have a director. And the nominee to fill the post, once considered unqualified, now faces congressional hurdles that have permanently diminished his chances of running the agency. Sean Plankey’s name was left out of the Senate vote on a panel of appointments Thursday, according to CyberScoop, suggesting his nomination may be “killed.” Plankey’s nomination faced diverse opposition from senators on both sides of the aisle with various demands: Republican Senator Rick Scott of Florida blocked his nomination due to the Department of Homeland Security (DHS) terminating a Coast Guard contract with a company in his state, while GOP senators from North Carolina opposed any new DHS nominee unless disaster relief funds were allocated to their state. Meanwhile, Democratic Senator Ron Wyden has demanded CISA publish a long-awaited report on telecommunications security before his appointment, which has still not been released.
The Chinese hacking campaign centered on malware dubbed “Brickstorm” was first revealed in September, when Google warned that the secret spying tool had been infecting dozens of victim organizations since 2022. Now CISA, the National Security Agency and the Canadian Center for Cyber Security have jointly added to Google’s warnings this week in an advisory on how to spot malware. He also warned that the hackers behind it are positioned not only for espionage targeting US infrastructure but also for potentially disruptive cyberattacks. Most troubling, perhaps, is one particular data point from Google, which measures the average time until Brickstorm breaches are discovered in a victim’s network: 393 days.
<a href