Kohler is facing privacy backlash after security researchers revealed the company's $599 smart toilet camera isn't actually "end-to-end encrypted" as advertised. The Dekoda device, which photographs users' waste to analyze gut health, gives Kohler full access to customers' most intimate data - and the company admits it uses these images to train AI algorithms.
The smart home privacy nightmare just got more personal. Kohler, the century-old plumbing giant, is scrambling to defend its marketing claims after security researcher Simon Fondrie-Teitler tore apart the company's privacy promises around its controversial toilet camera.
The Dekoda device launched earlier this year with a bold pitch: attach a $599 camera to your toilet bowl, let it photograph your waste, and get personalized gut health insights delivered through a mandatory $6.99 monthly subscription. To calm obvious privacy fears, Kohler's website prominently claimed all data was secured with "end-to-end encryption."
But that's not what's actually happening. Fondrie-Teitler's investigation reveals Kohler is using basic TLS encryption - the same security that protects regular websites - while misleadingly calling it "end-to-end encryption." The distinction matters enormously for user privacy.
True end-to-end encryption, used by Signal, WhatsApp, and Apple's iMessage, means only the sender and recipient can read the data. Even the company providing the service can't access it. TLS encryption only protects data while it travels over the internet, but companies can still read everything once it reaches their servers.
"Using the right terms matters, especially in the context of users' privacy concerns," the original TechCrunch investigation noted. The terminology confusion could lead customers to believe Kohler can't see their toilet photos when the company actually has full access.
When confronted, a Kohler privacy contact told Fondrie-Teitler that customer data is "encrypted at rest" on phones and company servers, but crucially admitted that data "travels between the user's devices and our systems, where it is decrypted and processed to provide our service." That's the opposite of end-to-end encryption.
The privacy implications get worse. Since can access the toilet photos, the company confirmed it's using this intimate data for AI training. A company representative told Fondrie-Teitler that Kohler's "algorithms are trained on de-identified data only," but provided no details about the de-identification process or whether users explicitly consented to their waste photos becoming AI training material.
