“End-to-End Encrypted”
Simon Fondrie-Teitler (Hacker News, Slashdot):
In October Kohler launched Dekota, a $600 (plus monthly subscription) device that attaches to the rim of your toilet and collects images and data from inside, promising to track and provide insights on gut health, hydration, and more. To allay the obvious privacy concerns, the company emphasizes the sensors are only pointed down, into the bowl, and assures potential buyers that the data collected by the device and app are protected with “end-to-end encryption”.
Kohler Health’s homepage, the page for the Kohler Health App, and a support page all use the term “end-to-end encryption” to describe the protection the app provides for data. Many media outlets included the claim in their articles covering the launch of the product.
However, responses from the company make it clear that—contrary to common understanding of the term—Kohler is able to access data collected by the device and associated application. Additionally, the company states that the data collected by the device and app may be used to train AI models.
E2EE has become a marketing term, and I no longer believe it unless the company also provides a technical description of what they mean by it. For over a decade—before iCloud Advanced Data Protection—Apple marketed iMessage as being E2EE. This was technically true, because the protocol was E2EE, but in practice the system was not E2EE because Apple had access to the key (in the iCloud backup). In Kohler’s case, there seems to be nothing that’s actually E2EE. It’s “simply HTTPS encryption,” combined with “technical safeguards and governance controls.”
Previously:
- Secure Signal Backups
- Advanced Data Protection for iCloud
- Reminder: iMessage Not Meaningfully E2E
- Zoom’s End-to-End Encryption Has Arrived
- Zoom Meetings Aren’t End-to-End Encrypted
11 Comments RSS · Twitter · Mastodon
I think you kinda hit it, which is "end to end" is ambiguous. I've always considered it akin to "encrypted in transit" (ie: HTTPS), in that on the origin device and possibly (usually) on the server, the information is not encrypted, as that is "encrypted 'at rest'". Folks who are serious about encryption always make that distinction, and anyone who doesn't should be suspect.
@CM Wikipedia says:
End-to-end encryption (E2EE) is a method of implementing a secure communication system where only the sender and intended recipient can read the messages. No one else, including the system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to read or send messages.
That seems pretty clear to me, but I guess the rub is what counts as part of the “system.”
It's not ambiguous. Encrypted in transit is not e2ee.
Some people just lie about how their systems work.
Isn‘t Kohler as the service provider the intended recipient of the data and E2EE (implement by using HTTPS) therefore technically correct (the best kind of correct, as we know)?
In the context of messaging sender and recipient are universally understood… in everything else, not so much
"Isn‘t Kohler as the service provider the intended recipient of the data"
No. That would be like calling Dropbox e2ee because they use secure connections. They, like Kohler, are storing the data for you, but *you* are at both ends of the e2ee.
This isn't confusing unless people want to make it confusing.
@Plume Or they just don't know better, which is what these marketing campaigns hope for. Mainstream media keeps repeating "end to end encrypted" without an explanation, so the term has stuck, but very little understanding of what it means, so when a company uses the term, someone who has been indoctrinated to think e2ee is good assumes implicitly that the company is doing a good job.
What Léo said. And I didn‘t mean to justify Kohler. Just in the context of the Wikipeadia quote they can argue, that in their interpretation of the marketing they technically are the intended recipient — how else would they provide value?
And too few journalists understand (or try to) that they dilute a term, which at one point meant „your data is yours and stays protected, even from us“. Although, as Micheal stated, Apple got there first…
"how else would they provide value?"
Store data on their server and do analysis on my client, which is what they implied they did.
@Plume Yeah, if you told me a system like this really was E2EE, the implication would be that they store the data on their server but never have access to it. It’s just dumb storage for the smart client, like the recently discussed Signal backups.
Maybe I‘m too distrustful, but I assumed they collect and process on their servers and use E2EE only as laymen speak for „your data is safe with us“, diluting the meaning even more (and not caring one tiny bit), while assuring buyers
In the case of something like this poop-cam… one end is you, the ‘end’ user (haha), and the other end is.. you again? Why would that be end to end? If no one but you can see it, isn’t that just ‘encrypted’?
Since this is not a social network or communications platform (I think??) so, to me, "End to End Encrypted" doesn’t even make sense in this context, *unless* there is another party — Kohler, the FBI, your doctor, etc.
This feels like a marketing person heard of something cool and decided to use it.
Perhaps we need new terms/words for meaningful distinctions of privacy that make sense to end-users, completely separate from technologies that power them.
- “Only you can see it, ever, and you’re on your own”
- “(same as above)… unless you lose your password and go through a gauntlet to prove to us that you are who you say you are, and we’ll unlock it for you"
- “(same as above) unless there’s a court order in which case the government can see it, but you’ll be notified”,
- “(same as above) but you won’t be notified”,
- etc.
