Earlier this year, home goods maker Kohler launched a smart camera called the Dekoda that attaches to your toilet bowl, takes pictures of it, and analyzes the images to advise you on your gut health.
Anticipating privacy fears, Kohler said on its website that the Dekoda’s sensors only see down into the toilet, and claimed that all data is secured with “end-to-end encryption.”
The company’s use of the expression “end-to-end encryption” is, however, wrong, as security researcher Simon Fondrie-Teitler pointed out in a blog post on Tuesday.
By reading Kohler’s privacy policy, it’s clear that the company is referring to the type of encryption that secures data as it travels over the internet, known as TLS encryption — the same that powers HTTPS websites.
Using the right terms matters, especially in the context of users’ privacy concerns. Using the expression end-to-end encryption — widely adopted by messaging apps such as iMessage, Signal, and WhatsApp — to describe TLS encryption is wrong, and can potentially confuse users who see that expression and think Kohler actually cannot see the pictures that the camera takes.
A Kohler spokesperson did not respond to questions from TechCrunch, but a company “privacy contact” told Fondrie-Teitler that user data is “encrypted at rest, when it’s stored on the user’s mobile phone, toilet attachment, and on our systems.” The company also said that, “data in transit is also encrypted end-to-end, as it travels between the user’s devices and our systems, where it is decrypted and processed to provide our service.”
The security researcher also pointed out that given Kohler can access customers’ data on its servers, it’s possible Kohler is using customers’ bowl pictures to train AI. Citing another response from the company representative, the researcher was told that Kohler’s “algorithms are trained on de-identified data only.”
Techcrunch event
San Francisco
|
October 13-15, 2026
The Dekoda costs $599 plus a mandatory subscription of at least $6.99 per month.
