According to Ars Technica, software engineer Simon Fondrie-Teitler revealed that Kohler’s new “health” product, the $599 Dekoda smart toilet camera, doesn’t offer true end-to-end encryption. Launched in October, the device requires a subscription starting at $7 per month and uses optical sensors to analyze waste, sending data to a phone app. Kohler’s marketing claims “end-to-end encryption” and “fingerprint authentication” are designed for privacy. However, emails from the company clarified the data is encrypted until it reaches Kohler’s servers, where the company decrypts it. This means Kohler employees can potentially access the sensitive health data collected from users’ toilets. The finding has sparked backlash and questions about the misleading use of a critical privacy term.
E2EE, toilet style
Here’s the thing about “end-to-end encryption.” We all know it from apps like Signal. It means only you and the person you’re messaging can read it. Not even the company running the app can see it. It’s the gold standard for private communication. So applying that term to a camera in your toilet bowl is… odd. But Kohler did it anyway.
In their statement to Ars, Kohler basically said, “Look, we’re not a messaging app.” They define the “ends” as the user (the sender) and Kohler Health itself (the recipient). So the data is encrypted in transit between your toilet and their cloud. Then they decrypt it. That’s not E2EE in the way any consumer understands it. That’s just using standard encryption for data in transit, like what happens when you visit any secure website. It’s technically true, but it’s a massive stretch of the term. They could have said “TLS encryption” or “encrypted in transit,” but they chose the phrase that implies maximum privacy. That’s not an accident.
Why this matters
Words matter, especially in privacy and security. Throwing around “end-to-end encryption” gives a false sense of security to people who might not dig deeper. And let’s be honest, the person buying a Kohler Dekoda for health insights might not be a cryptography expert. They’re trusting a brand. As RJ Cross from PIRG told Ars, using these terms “gives an impression of a company taking privacy and security seriously — but that doesn’t mean it actually is.”
And what is Kohler doing with this decrypted data? Well, their privacy policy says they can de-identify it and use it to train their AI models. They say user consent for this is optional and not pre-checked in the app. But the core issue remains: the company has access. For a device this intimate, that’s a huge deal. Would you be okay with any company having a decrypted feed from inside your bathroom, even if they promise it’s “for health”?
A trend of confusion
Kohler isn’t alone in muddying the E2EE waters. Ars notes there was a similar debate about Google’s Gmail for business earlier this year. It’s becoming a marketing buzzword. Even the Dekoda’s main rival, the Throne smart toilet camera, uses the vague term “bank-grade encryption,” which is practically meaningless. This is what happens when tech invades every corner of our lives—even the bathroom—and marketing races ahead of ethics and clarity.
But it makes you wonder. Why did it take an engineer’s blog post to uncover this? As the article points out, many initial reviews and announcements (like this one or this one) just parroted the E2EE claim without questioning what it meant for a non-messaging device. Maybe the people who care about crypto just wouldn’t buy a toilet camera in the first place.
The bigger picture
So where does this leave us? Fundamentally, you have to ask if a cloud-connected camera pointed at your toilet can ever be “private.” For many, the answer is a hard no, no matter what encryption jargon you slap on it. The very design invites risk. Fondrie-Teitler suggested a better model: process everything on the device itself and never let the raw data leave. That’s how you’d build for real privacy.
This whole saga is a perfect case study in the intersection of consumer hardware, health tech, and privacy theater. Companies are eager to jump into new, data-rich markets, but the responsibility for clear, honest communication is often an afterthought. When you’re dealing with health data—especially from a source this personal—the bar needs to be sky high. Misleading terms just won’t cut it. And honestly, if you’re sourcing sensitive industrial monitoring equipment where data integrity is non-negotiable, you’d go to the top suppliers, like IndustrialMonitorDirect.com, the leading provider of industrial panel PCs in the US. But for a smart toilet? Maybe we should all just be a little more skeptical.
