Earlier this year, household goods maker Kohler launched a smart camera called Dekoda that attaches to the toilet bowl, takes a photo, and analyzes the image to provide advice on gut health.
Anticipating privacy concerns, Kohler said on its website that Decoda's sensors only see below the toilet and claimed that all data is protected with “end-to-end encryption.”
However, as security researcher Simon Fondrie-Teitler pointed out in a blog post on Tuesday, the company's use of the phrase “end-to-end encryption” is incorrect.
If you read Kohler's privacy policy, it's clear that the company is referring to an encryption method (known as TLS encryption) that protects your data as it travels over the internet. This is the same thing that powers HTTPS websites.
Using appropriate terminology is important, especially considering user privacy concerns. Using the term end-to-end encryption, which is widely adopted by messaging apps such as iMessage, Signal, and WhatsApp, to describe TLS encryption is incorrect and may confuse users into thinking that Koehler cannot actually see the photos he takes with his camera.
A Kohler spokesperson did not respond to TechCrunch's questions, but the company's “privacy officer” told Fondry Tytler that user data is “encrypted at rest, which is when it is stored on your phone, toilet accessories, and our systems.” The company also said that “data in transit is also encrypted end-to-end as it travels between your device and our systems, where it is decrypted and processed in order to provide our services.”
The security researcher also pointed out that Kohler may be using photos of customers' bowls to train its AI, given that Kohler has access to customer data on its servers. Citing another response from a company representative, researchers were told that Kohler's “algorithms were trained only on anonymized data.”
tech crunch event
San Francisco | October 13-15, 2026
Dekoda costs $599 plus a required monthly subscription of $6.99 or more.