Pulse of Truth

1753 readers

282 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

151

‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted (techcrunch.com)

submitted 13 hours ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

35 comments fedilink hide all child comments

Kohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train AI.

you are viewing a single comment's thread
view the rest of the comments

[–] commie@lemmy.dbzer0.com 6 points 12 hours ago* (last edited 12 hours ago) (2 children)

https is end to end

surely, once I read this article, I'll find they implemented ssl

edit:

as I suspected, Kohler is one of the ends of the e2ee. and it is implemented. what is the news here exactly

[–] Nikokin@lemmy.world 3 points 10 hours ago (1 children)

Https is the transit. End to end encrypted means it's encrypted before, during, and after transit. Ie the data at rest would/should be encrypted

[–] commie@lemmy.dbzer0.com 0 points 9 hours ago (1 children)

and Kohler said they are encrypting the data at rest

[–] Asetru@feddit.org 1 points 5 hours ago

They also said they decrypt after transit before they encrypt at rest, so it's not encrypted in between and they can look at your data. So it's not e2e if you want both ends to be you.

[–] theunknownmuncher@lemmy.world 2 points 10 hours ago (1 children)

That's not what end to end encryption means. All encrypted transmissions are not end to end encrypted.

[–] commie@lemmy.dbzer0.com 1 points 9 hours ago (1 children)

if Kohler is the other end of your transmission, and the data is encrypted til they decrypt it, it's e2ee. if you disagree, try explaining why.

[–] theunknownmuncher@lemmy.world 4 points 8 hours ago* (last edited 8 hours ago) (1 children)

Because that's plainly not what end to end encrypted means. That's just HTTPS.

if Kohler is the other end of your transmission

They're providing the service. End to end encryption maintains an encrypted communication channel between two clients that the service provider cannot decrypt.

By your definition, all HTTPS traffic would be end to end encrypted.

The term "end to end encryption" is just not applicable to this context and using it as marketting to users in order to give them a false sense of security is disingenous.

[–] pivot_root@lemmy.world -1 points 8 hours ago* (last edited 8 hours ago) (1 children)

From the perspective of the Kohler toilet camera being the sender and the Kohler shit-reviewing service being the recipient, TLS can technically be end-to-end encryption. As long as the shit-reviewing server is doing the TLS termination itself—and not Cloudflare or a reverse proxy—that meets the definition insofar as only the two communicating parties having the ability to see the cleartext. That's assuming the server has disk encryption and no employee has access to it while the disk is unlocked.

Kohler calling it E2EE is still disingenuous as fuck regardless of my above hypothetical, however.

[–] theunknownmuncher@lemmy.world 2 points 7 hours ago

Again, nope. Not what end to end encryption means. That's just HTTPS.