Kohler Can Access Pictures From "end-to-End Encrypted" Toilet Camera
Postedabout 1 month agoActive27 days ago
varlogsimon.leaflet.pubTech Discussionstory
heatednegative
Debate
80/100
Data_securityOnline SafetySmart Home Devices
Key topics
Data_security
Online Safety
Smart Home Devices
Discussion Activity
Very active discussionFirst comment
8m
Peak period
137
0-12h
Avg / period
40
Key moments
- 01Story posted
Dec 2, 2025 at 9:06 PM EST
about 1 month ago
Step 01 - 02First comment
Dec 2, 2025 at 9:14 PM EST
8m after posting
Step 02 - 03Peak activity
137 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Dec 7, 2025 at 3:49 AM EST
27 days ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 46129476Type: storyLast synced: 12/3/2025, 2:26:08 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
But in all seriousness, of course they can access the data. Otherwise who else would process it to give any health results back? I don't think encryption in transit is relevant to privacy concerns because the concerns are about such data being tied to you at all, in any way. At the same time, yes, this could product valuable health information.
Their better bet would be to allow full anonymity, so even if there is a leak (yeah, the puns write themselves), there is never a connection between this data and your person.
Doing on device compute is probably expensive and would prohibit such a product based on the economics but ITS A GENITAL CAM
Each day after 50, your line and bobbers get a little closer to the pond.
Well it could be processed on-device.
It's "of course" for very knowledgeable people, normal people just assume that it means guaranteed privacy
1: https://youtu.be/DJklHwoYgBQ?si=bSRE2lOqwwm1Q_D9
They're claiming "end to end" encryption, which usually means that the server cannot spy on individual users (plural) that are communicating with one-another.
However in this case their server is one of the "ends" doing the communicating. Might as well say that using HTTPS to a website of cooking recipes is "end-to-end encrypted". Nah, it's just... regularly encrypted.
I can't blame most people for calling TLS "E2EE", even some folks in industry, but it's not great for a company to advertise that you offer X if the meaning of X has shifted so drastically in the last decade.
Papers in academia and the greater industry[2] also referred to it in this way at the time.
Stack Overflow has plenty of examples of folks calling it "end to end encryption" and you can start to see the time period after the Signal protocol and WhatsApp implemented it that the term started to take on a much wider meaning[4]
This also came up a lot in the context of games that rolled out client side encryption for packets on the way to the server. Folks would run MITM applications on their computer to intercept game packets coming out of the client and back from the server. Clever mechanisms were setup for key management and key exchange[3].
[0] as SSL became more common lots of tooling broke at the network level around packet inspection, routing, caching, etc. As well as engineers "having fun" on Friday nights looking at what folks were looking at.
[1] Stack Overflow's security section has references from that era
[2] "Encrypting the internet" (2010) - https://dl.acm.org/doi/10.1145/1851275.1851200
[3] Habbo Hotel's prime and generator being hidden in one of the dynamic images fetched from the server as well as their DH mechanism comes to mind.
[4] Jabber/XMPP however used E2EE in the more modern sense around that time as they were exploring going beyond TLS and having true E2EE.
You can easily find these references in the literature, often comparing link encryption with end-to-end encryption. Some of the earliest papers outlining the plans for SSL in the 90s (Analysis of the SSL 3.0 Protocol) are based on this exact foundation from the 80s (End-To-End Arguments in System Design).
Hell, you can even go back to 1978 and see MITRE discussing this exact thing in "Limitations of end-to-end encryption in secure computer networks".
1. "End-To-End Arguments in System Design" (https://web.mit.edu/Saltzer/www/publications/endtoend/endtoe...) argues that it's appropriate to perform various functions at the high-level, application, ends, rather than for example leaving encryption to devices external to the hosts.
It's really a stretch to affirm that it considers "end-to-end encryption" a proper term for transport, client-server encryption.
Actually, I'd say that transport-level, origin-server -> server-destination encryption is precisely one of the things that the paper would not consider end-to-end.
2. "Analysis of the SSL 3.0 Protocol" (https://www.schneier.com/wp-content/uploads/2011/09/paper-ss...):
3. "Limitations of end-to-end encryption in secure computer networks" is mostly concerned with warning about side-channels, that they can be used to disseminate information despite encryption.Its usage of end-to-end encryption is defined in the paper that's being criticized (https://dl.acm.org/doi/pdf/10.1145/1499799.1499812): «The term end to-end encryption refers to data being enciphered at the source and remaining unintelligible until it deciphered at its final destination.»
Granted, it's a marketing piece trying to sell a product, but still.
While you are technically correct in a network topology sense (where the "ends" are the TCP connection points), that definition has been obsolete in consumer privacy contexts for a decade now due to "true" E2EE encryption.
If we use your definition, then Gmail, Facebook, and Amazon are all "End-to-End Encrypted" because the traffic is encrypted between my client and their server. But we don't call them E2EE because the service provider holds the keys and can see the data.
In 2025, when a company claims a camera product is "E2EE", a consumer interprets that to mean "Zero Knowledge". I.e. the provider cannot see the video feeds. If Kohler holds the keys to analyze the data, that is Encryption in Transit, not E2EE. Even though in an older sense (which is what my original comment was saying), it was "End to End Encrypted" because the two ends were defined as Client and Server and not Client to Client (e.g. FB Messenger User1 and FB Messenger User2).
That may or may not be the case. TLS is always terminated at a load balancer that uses TLS but it's still common to use HTTP within datacenters. So it may not be E2EE and it's a meaningful security feature.
That's pretty wild
The reason that a different term had to be invented was that some centralized messaging system defined itself as "encrypted" when it begun to use TLS.
It would have been stupid to pick a term commonly used for TLS to differentiate yourself from TLS
They once shipped a backdoor in their macOS app. It was noticed and called out and they refused to remove it. It took Apple blacklisting it for Zoom to finally take action.
https://telegram.org/faq?setln=en#q-so-how-do-you-encrypt-da...
https://news.ycombinator.com/item?id=45908891
It shouldn't be any harder than e2ee chatting with any other user. It's just instead of the other end chatting using a keyboard as an input they chat using a language model to type the messages. Of course like any other e2ee solution, the person you are talking to also has access to your messages as that's the whole point, being able to talk to them.
If you promise end-to-end encryption, and later it turns out your employees have been reading my chat transcripts...
And honestly, E2EE's strict definition (messages between user 1 and user 2 cannot be decrypted by message platform)... Is unambiguously possible for chatGPT. It's just utterly pointless when user2 happens to also be the message platform.
If you message support for $chat_platform (if there is such a thing) do you expect them to be unable to read the messages?
It's still a disingenuous use of the term. And, if TFA is anything like multiple other providers, it's going to be "oh, the video is E2EE. But the 5fps ,non-sensitive' 512*512px preview isn't."
I assume you mean impossible, and in either case that’s not quite accurate. The “end” is a specific AI model you wished to communicate with, not the platform. You’re suggesting they are one and the same, but they are not and Google proves that with their own secure LLM offering.
But I’m 100% with you on it being a disingenuous use.
I'm not familiar with the referenced Google secure LLM, but offhand- if it's TEE based- Google would be publishing auditable/signed images and Intel/AMD would be the third party Attesting that's whats actually running. TEEs are way out of my expertise though, and there's a ton of places and ways for it to break down.
This is basically the whole thrust of Apple's Private Cloud Compute architecture. It is possible to build a system that prevents user2 from reading the chats, but it's not clear that most companies want to work within those restrictions.
> If you message support for $chat_platform (if there is such a thing) do you expect them to be unable to read the messages?
If they marketed it as end-to-end encrypted? 100%, unambiguously, yes. And certainly not without I, as the user, granting them access permissions to do so.
If the provider controls one of the ends then the feds can instruct them to tap that end and nobody is any the wiser.
The best you can do is either to run the inference in an outside jurisdiction (hard for large scale AI), or to attempt a warrant canary.
It seems ridiculous to use the term "national security letter" as opposed to "subpoena" in this context, there is no relevant distinction between the two when it comes to this subject. A pointless distraction.
> You can't encrypt away a legal obligation.
Of course you can't. But a subpoena (or a NSL, which is a subpoena) can only mandate you to provide information which you have within your control. It can not mandate you to procure information which you do not have within your control.
If you implement e2ee, customer chats are not within your control. There is no way to breach that with a subpoena. A subpoena can not force you to implement a backdoor or disable e2ee.
The problem with AI platforms is that they are also a party to the communication, therefore they can indeed be forced to reveal chats, and therefore it's not e2ee because defining e2ee that way would render the term without distinction.
My ISP who delivers these chat messages.
That's not given in any of those examples. In the case of ChatGPT and this toilet sensor e2ee is almost equivalent to 'we use https'. But nowadays everybody uses https, so it does not sound as good in marketing.
(aside from the fact that people don't seem to know/remember WhatsApp backs up to google drive)
Code that then gets access to the end-to-end encryption keys ... so you're not safe from state actors, you're not safe from police, you're not safe from the authors of the code and you're not safe from anyone who has physical access to your phone.
Am I understanding correctly that the other end of this is a rear end?
Of course, only authorized users could see the data, but that was a different compliance line item.
Bank data is never E2EE because the bank needs to see it. If banks call it E2EE they are misusing the term. E2EE for financial transactions would look like e.g. ZCash.
That being said, the person you're replying to seems to be saying that "the server" is always an "intended" end, which is wrong.
Are we talking about 2 different things here?
This is what it takes to make a financial transaction E2EE. I'm not saying that banks could or should do this. I'm just saying that their systems do not qualify as E2EE unless they do. It's not ambiguous.
My understanding is that banks, at least in the US, need to have fairly extensive knowledge relating to all transfers of money, both for fraud handling and for non-fraud (money laundering, etc). A transaction they can't know anything about other than "transfer X money to some recipient you can't know anything about" just doesn't seem realistic with the regulations involved.
Plus, even "transfer X money to some recipient you can't know anything about" is a message that you're sending _to_ the bank, that they have to be able to decode and read. And, presumably, you'd encrypt that message and expect the bank to decrypt it.
Honestly, I don't understand what argument is that you're not sending a message TO the bank, and they need to be able to read it in order to act on it, and they need to decrypt it to read it. The bank is the target of the message, they are one of the "ends" in E2EE.
I feel like I need an "Explain this like I'm 5", because clearly you believe differently than me... and I don't understand _how_ it can be otherwise.
That's an argument that their payment service is not end-to-end encrypted, not an argument that you can simply redefine the ends and say that it is.
> Honestly, I don't understand what argument is that you're not sending a message TO the bank, and they need to be able to read it in order to act on it, and they need to decrypt it to read it. The bank is the target of the message, they are one of the "ends" in E2EE.
That's the part that I'm confused on.
That said, it might not be impossible to implement some of the features you mention with E2EE. Crypto is very unintuitive.
RFC 4949 (Internet Security Glossary, Version 2) from 2007: https://datatracker.ietf.org/doc/html/rfc4949
There's a bunch of older references as well. Since SSL/TLS wasn't really adopted by a lot of services until 2008+ usages of it are mainly in papers, old forum posts, etc. I saw it used and was discussing it back in the day on IRC with folks who were way more knowledgeable than me on this topic and had been in the trenches for a while :DIt doesn't "imply", it outright states that. Their server isn't the end, it's the middle. They're not "breaking the spirit" or something, what they are doing is called lying.
Then you can incorporate this into a "health care product" and charge insurance companies insane rates on personal toilet cameras.
And oh dear, that’s all too realistic. Imagine responding to the job posting and finding out these are the images you’ll be classifying.
- Deviation in consistency/texture/color/etc.
- Obvious signs related to the above (eg: diarrhea, dehydration, blood in stool).
Ultimately though, you can get the same results by just looking down yourself and being curious if things look off...
tldr: this feels like literal internet-of-shit IoT stuff.
Anyway a chemical or biological sensor in the bowl might be more useful.
Optical could be useful if it's doing spectrographic analysis: the color of poo and urine is sometimes informative.
Oh wait, maybe this is what Cory Doctorow is referring to as enshittified?
I mean, these jokes make themselves, including whoever buys the hardware, AND buys the marketing pitch.
https://archive.google/tisp/index.html
https://youtube.com/watch?v=DJklHwoYgBQ
I remember a sign in our dorm bathroom that read, “toilet cam is for research purposes only”. It was a joke, but always got a nice reaction from new people in the building.
But they actually sell this?! And want to charge me for it!?
Holy crap!
https://shop.digitalcourage.de/digitalcourage-und-ccc-aufkle...
E2EE now means something wildly different in the context of messaging applications and the like (since like 2014) so this is more of an outdated way of saying "no one is getting your poop pictures between your toilet and us".
It also feels like it would never make sense for this to be "E2EE encrypted" in the modern sense of the term as the "end user recipient" of the message is the service provider (Kohler) itself. "Encrypted in Transit" and "Encrypted at Rest" is about as good as you're going to get here IMO as the service provider is going to have to have access to the keys, so E2EE in a product like this is kind of impossible if you're not doing the processing on the device.
I wonder if they encrypt it and then send it over TLS or if they're just relying on TLS as the client->server encryption. Restated, I wonder how deep in their stack the encrypted blob goes before it's decrypted.
No, before that it was simply not a term, except in some obscure radio protocol (and even there someone competent in cryptography would probably not have chosen that term)
> E2EE now means something wildly different in the context of messaging applications and the like (since like 2014) so this is more of an outdated way of saying "no one is getting your poop pictures between your toilet and us".
The outdated way was saying "Military-grade 128-bit encryption", no one really used the E2EE term before it got the current meaning
> I wonder if they encrypt it and then send it over TLS or if they're just relying on TLS as the client->server encryption. Restated, I wonder how deep in their stack the encrypted blob goes before it's decrypted.
Some homemade encryption added on top of TLS is very unlikely to increase the security of the system
> no one really used the E2EE term before it got the current meaning
It most certainly was a term and no it wasn't simply limited to "some obscure radio protocol".
1994: https://ieeexplore.ieee.org/abstract/document/363791
1984: https://dl.acm.org/doi/pdf/10.1145/357401.357402
1978: https://apps.dtic.mil/sti/tr/pdf/ADA059221.pdf
> Some homemade encryption added on top of TLS is very unlikely to increase the security of the system
"Some homemade encryption" is not what I was suggesting at all. E.g. encrypted-at-the-source (client side) AWS files are still sent over TLS as an encrypted blob within an encrypted blob but remain encrypted past the TLS boundary.
I addressed the other two at https://news.ycombinator.com/item?id=46132220 .
You did show that the term was already used, but in the current meaning
That paper is about PKI-based session setup for End-End which is the ancestor of SSL/TLS. It even mentions a CAE which is effectively a CA and it does a synchronous handshake to establish a symmetric key. It's very clearly about transport layer security from end to end.
It's not about User-User E2EE (akin to Signal) and shares very little other than that data is encrypted from point A to point B.
Otherwise, you have two instances of encryption with decryption in the middle; that can't logically be called end-to-end encryption, I never heard it called so, and hopefully it never was.
They need to analyse the data; adding layers of encryption, thus, could only improve security if the keys for the inner encryptions are better protected than the server's TLS private key.
Which would honestly, actually, likely to be the case, but it would probably be a modest improvement
https://images.ctfassets.net/veq5rt4lbvkn/2bpiwr3gYoRPnXqB8e...
"[D]epending upon ambient tempertures and user age" is probably more accurate.
This sounds like the marketing department came up with this "market opportunity" and then some poor team at Kohler was asked to make it real.
No doubt there is health data to be had in waste products (it was used extensively during covid to figure out community-wide infection rates) but that used physical samples that were then analyzed. Trying to figure out if someone has a UTI, or pathogenic poop from a webcam image ... it is hopeless.
And people who are being treated for gut issues can pay for their $600 medical toilet with HSA or insurance
Honestly, that this camera toilet exists is not a WTF for me. If my doctor needs to track changes to my stool, I certainly don’t want to have to hover over the bowl with my phone out. Please, just have the toilet take the picture.
You wouldn't want that cheap tat miring up the clean lines of your throne.
* https://www.bbc.com/news/articles/cjd07dprln9o
>https://www.nytimes.com/2025/12/02/world/asia/south-korea-ca...
Oh...
Smart Pipe | Infomercials | Adult Swim
Everything in our lives is connected to the internet, so why not our toilets? Take a tour of Smart Pipe, the hot new tech startup that turns your waste into valuable information and fun social connectivity.
[Smart Pipe Inc. is a registered sex offender.]
When companies first wanted to sell things over the Web, a concern I heard a lot was that consumers would be afraid of getting ripped off somehow. So companies started emphasizing prominently how the customer was protected with n bits of encryption. As if this solved the problem. It did not, but people were confused by confident buzzwords.
(I was reminded of this, because I actually saw that a modern Web site touting that prominently just last week, like maybe they were working from a 30 year-old Dotcom Marketing for Dummies book, and it was still not very applicable to the concern.)
Some marketers lie, or don't care what the truth is. They want success, and bonuses, and promotions. And, really, a toilet company possibly getting class-action sued for a feces camera that behaves in an unexpected way, that attorneys would have to convince a judge was misrepresented, and then quantify the unclear harm, and finally settle, several years later, for lawyers' fees and a $10 off coupon for the latest model Voyeur Toilet 3000... isn't on the radar of the marketers.