this post was submitted on 03 Dec 2025
197 points (100.0% liked)

Pulse of Truth

1753 readers
354 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago
MODERATORS
krogoth@infosec.pub
197
‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted (techcrunch.com)
submitted 21 hours ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub
62 comments fedilink hide all child comments
 

Kohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train AI.

you are viewing a single comment's thread
view the rest of the comments
[–] x00z@lemmy.world 5 points 5 hours ago (2 children)

What we're looking for is "zero-knowledge storage". If it's anything else we can just ignore the whole "encryption" marketing. That's because claiming "end-to-end encryption" is still semantically valid if it's transit only and they are the other end.

[–] hunnybubny@discuss.tchncs.de 2 points 2 hours ago

What if it was AI to AI encrypted, huh?

[–] NotMyOldRedditName@lemmy.world 2 points 4 hours ago (2 children)

Doesn't end to end also mean at rest?

But at rest still doesn't matter as they'll own the key unless it's zero knowledge like you said.

[–] x00z@lemmy.world 2 points 2 hours ago (1 children)

End-to-end means a path from point A to point B.

End-to-end encryption could definitely include at rest encryption, but only as part of the path that isn't one of the ends. An example would be where a service like WhatsApp stores your message until it can be delivered to the other contact. End-to-end includes "zero knowledge storage" in this example because WhatsApp can not view your message. You are one end and your contact is the other end. The data is stored encrypted at rest (going trough their servers) because their server is neither end. This is literally why end-to-end encryption exists.

In the case of the smart toilet storage, you are not both ends. Instead you are one end and the storage provider is the other end. The transit is still end-to-end encrypted but it does not imply "zero knowledge storage". They use the term end-to-end encryption because they transfer the data to their servers without people being able to intercept it. And that's semantically correct.

[–] NotMyOldRedditName@lemmy.world 1 points 1 hour ago

Ah, that makes it clear how it may or may not include at rest.

Thanks!

[–] Quill7513@slrpnk.net 2 points 3 hours ago

it does not. end to end encryption and point to point encryption are two ways of delivering an encrypted message to a destination. a point to point encrypted message has a message and header that are decrypted by every node in the network to determine where to route it next. an end to end encrypted message has its header and body encrypted separately such that only the sender and recipient see the body, but the nodes can read the header for routing. encrytion at rest just means that the message, once saved to disk, is encrypted