Mastodawn

‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted

https://infosec.pub/post/38542048

‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted - Infosec.Pub

Kohler, the makers of a smart toilet camera, can access customers’ data stored on its servers, and can use customers’ bowl pictures to train AI.

Show thread

commie Dec 3

https is end to end

surely, once I read this article, I’ll find they implemented ssl

edit:

as I suspected, Kohler is one of the ends of the e2ee. and it is implemented. what is the news here exactly

Show thread

theunknownmuncher Dec 4

That’s not what end to end encryption means. All encrypted transmissions are not end to end encrypted.

Show thread

commie

if Kohler is the other end of your transmission, and the data is encrypted til they decrypt it, it’s e2ee. if you disagree, try explaining why.

Show thread

theunknownmuncher Dec 4

Because that’s plainly not what end to end encrypted means. That’s just HTTPS.

Show thread

pivot_root Dec 4

From the perspective of the Kohler toilet camera being the sender and the Kohler shit-reviewing service being the recipient, TLS can technically be end-to-end encryption. As long as the shit-reviewing server is doing the TLS termination itself—and not Cloudflare or a reverse proxy—that meets the definition insofar as only the two communicating parties having the ability to see the cleartext.

Kohler calling it E2EE is still disingenuous as fuck regardless of my above hypothetical, however.

Show thread

theunknownmuncher Dec 4

Again, nope. Not what end to end encryption means. That’s just HTTPS.

Show thread

commie Dec 4

By your definition, all HTTPS traffic would be end to end encrypted.

yes. it is.

Show thread

SaveTheTuaHawk Dec 4

Waiting for the first leaked celebrity poop.