Kohler Can Access Pictures from "End-to-End Encrypted" Toilet Camera
77 comments
·December 3, 2025Terr_
bmandale
This is an incredibly common misuse of the term e2ee. I think at this point we need a new word because you have a coin flip's chance of actually getting what you think when a company describes their product this way.
fastball
I have never seen "e2ee" abused this way personally.
WatchDog
Any new term you come up with, will end up being misused by marketers.
tacitusarc
“In transit encryption”
boomboomsubban
Creating a new term for the less secure definition doesn't work, as they'll just continue to call it E2EE encrypted.
kstrauser
I despise how often that’s used. “Do you have end to end encryption?” “Sure! We use TLS for everything, and KMS for at-rest.” “So… no?”
geoduck14
This is exactly what E2EE means. I used to work at a bank, and our data was E2EE, and we had to certify that it was E2EE - from the person paying, through the networks, through the DNS and Load balancers, until it got to the servers. Only at the servers could it be unencrypted and a (authoried) human could look at it.
Of course, only authorized users could see the data, but that was a different compliance line item.
modeless
No, E2EE doesn't mean it's encrypted until the service provider decrypts it. E2EE means the service provider is unable to decrypt it. What you are describing is encryption in transit (and possibly at rest).
Bank data is never E2EE because the bank needs to see it. If banks call it E2EE they are misusing the term. E2EE for financial transactions would look like e.g. ZCash.
kstrauser
Nah. You have no reasonable expectation that the bank itself can’t access your financial records. Anyone reading Kohler’s lies would have every expectation that the Internet of Poopcam screenshots are theirs and theirs alone.
lukeschlather
Anyone reading that is misunderstanding what E2EE means. As the article says, that's client-side encryption. Kohler isn't lying, people are confusing two different security features.
hahn-kev
Doesn't that just mean HTTPS then?
koolba
> However in this case there are no other users, and their server is one of the "ends" doing the communicating, which is... perhaps not a literal contradiction in terms, but certainly breaking the spirit of the phrase.
Am I understanding correctly that the other end of this is a rear end?
addaon
While they’re taking one “end” much less literally than usual, they are taking the other “end” much more literally…
codingdave
Sounds like the crappiest data source for AI training yet.
But in all seriousness, of course they can access the data. Otherwise who else would process it to give any health results back? I don't think encryption in transit is relevant to privacy concerns because the concerns are about such data being tied to you at all, in any way. At the same time, yes, this could product valuable health information.
Their better bet would be to allow full anonymity, so even if there is a leak (yeah, the puns write themselves), there is never a connection between this data and your person.
fastball
You could have a classifier running on-device that sends summary data (rather than raw images) back to Kohler.
karlgkk
Yeah, it’s kinda like such a reasonable thing too
Doing on device compute is probably expensive and would prohibit such a product based on the economics but ITS A GENITAL CAM
Sanzig
Well, this waste analyzing piece of e-waste costs $600, so you could probably cram a lot of inference horsepower in there if you wanted to.
g-b-r
> But in all seriousness, of course they can access the data. Otherwise who else would process it to give any health results back?
It's "of course" for very knowledgeable people, normal people just assume that it means guaranteed privacy
schmuckonwheels
Imagine the collective brainpower that could be used to help solve the world's ills, and instead decided, no, what we need is a camera pointed at your asshole which we feed into an AI-powered SaaS we can then sell to you for a subscription. This industry is finished.
EdwardDiego
They claim it only points about your doings, but even then...
alexjplant
Satire is dead. A toilet company killed it.
halapro
Could easily have been an SNL sketch in 2010
neilv
> Kohler Health’s homepage, the page for the Kohler Health App, and a support page all use the term “end-to-end encryption” to describe the protection the app provides for data. Many media outlets included the claim in their articles covering the launch of the product.
When companies first wanted to sell things over the Web, a concern I heard a lot was that consumers would be afraid of getting ripped off somehow. So companies started emphasizing prominently how the customer was protected with n bits of encryption. As if this solved the problem. It did not, but people were confused by confident buzzwords.
(I was reminded of this, because I actually saw a modern Web site touting that prominently just last week, like maybe they were working from a 30 year-old Dotcom Marketing for Dummies book, and it was still not very applicable to the concern.)
Some marketers lie, or don't care what the truth is. They want success, and bonuses, and promotions. And, really, a toilet company possibly getting class-action sued for a feces camera that behaves in an unexpected way, that attorneys would have to convince a judge was misrepresented, and then quantify the unclear harm, and finally settle, several years later, for lawyers' fees and a $10 off coupon for the latest model Voyeur Toilet 3000... isn't on the radar of the marketers.
handfuloflight
I'm so sorry for the people who work on this and have to look at the data.
lotrjohn
They can encrypt data coming out of both ends?!
rglover
Even (especially?) for its stated purpose, this is cursed technology.
est
I feel End-to-end is over marketed. Yes it protects your data from transmission pipes, but data on both your "ends" can be easily controlled and duplicated. Your picture on your device can be accessed by 3rd party, so does your data on the server.
g-b-r
End-to-end encryption is not a term used for communication between clients and servers, although I saw several marketers trying to do it.
For normal people E2EE means privacy, and that's why some company tries to sneak the term in products where it makes no sense.
est
> For normal people E2EE means privacy
It's misunderstood.
In the begining it's used to describe chat apps, your chat message are delivered in a secure way.
But later some marketers try to use it as a "transport channel" for client-server interactions.
tracerbulletx
This obsession with personal health data collection is in its self counter productive to health outcomes and insane behavior.
joezydeco
How does one "train" an AI with a flood of random toilet pictures and no corresponding medical data to match it with?
imglorp
"potty training". Sorry.
Anyway a chemical or biological sensor in the bowl might be more useful.
Optical could be useful if it's doing spectrographic analysis: the color of poo and urine is sometimes informative.
hackernudes
They probably do clinical trials (or at least something like that) where they get baseline data from participants through other means.
joezydeco
I'm talking about sold units in the field.
g-b-r
They probably do match it, with data collected from other sources
captainkrtek
I think the obvious things are:
- Deviation in consistency/texture/color/etc.
- Obvious signs related to the above (eg: diarrhea, dehydration, blood in stool).
Ultimately though, you can get the same results by just looking down yourself and being curious if things look off...
tldr: this feels like literal internet-of-shit IoT stuff.
cowsandmilk
?? I got very confused from the start of this article because it is clear that Kohler is one end of the communication from how the product is described and marketed. They’re just stating the data is encrypted between the device and them.
amingilani
> it is clear that Kohler is one end of the communication
That’s not end-to-end encryption. By that logic HN, and any other website over HTTPS is E2E encrypted.
richbell
That is what "end-to-end encryption" has come to mean in marketing. In the same way that every single product is "natural."
g-b-r
No, they're just trying to mislead their clients
So basically their marketing-department is abusing a security term in order to sound good, as opposed to a software flaw.
They're claiming "end to end" encryption, which usually implies the service is unable to spy on individual users that are communicating to one-another over an individualized channel.
However in this case there are no other users, and their server is one of the "ends" doing the communicating, which is... perhaps not a literal contradiction in terms, but certainly breaking the spirit of the phrase.