Kohler is currently under fire because a researcher discovered that the company’s $600 smart toilet attachment records sensitive data about your bathroom habits and uses it to train AI models, as per Techdirt. This is an entirely predictable step in the ongoing “enshittification” era, where corporations constantly push the limits of mass commercial surveillance to turn a profit.
If you’re wondering exactly what sort of data a toilet is collecting, this story centers around the Kohler Dekoda attachment. This device uses optical sensors and validated machine-learning algorithms to supposedly deliver “valuable insights into your health and wellness.” In plain English, it tracks how often you answer nature’s call.
When you’re dealing with sensitive health information like this, you’d absolutely expect top-tier security, unlike the case in South Korea, where camera footage from inside a gynaecologist’s clinic got leaked. Kohler claimed this data on your bathroom habits was “end-to-end encrypted.” However, a security researcher named Simon Fondrie-Teitler found that the description wasn’t exactly accurate.
This sheds light on both enshittification and the move to a mass commercial surveillance dystopia
True end-to-end encryption (E2EE) is supposed to secure transmitted data so only the sender and the intended recipient can read it. Crucially, it should prevent the developer and the host company from accessing the raw data. Fondrie-Teitler initially thought Kohler might have implemented a related method called “client-side encryption,” which would allow data to be backed up or synced without the developer accessing it.
But the company clarified that the “other end” that can decrypt the data is Kohler itself. Fondrie-Teitler confirmed the situation after exchanging emails with Kohler’s privacy contact. The company stated that user data is encrypted at rest when it is stored on the phone and the toilet attachment, and also on their systems. They clarified, “Data in transit is also encrypted end-to-end, as it travels between the user’s devices and our systems, where it is decrypted and processed to provide our service.”
This means that while the data is encrypted during transmission, Kohler has the keys to unlock it once it reaches their servers. This is not E2EE in the way most consumers understand it. The researcher also found that the company is quite open about its intentions for this sensitive information. Responses from the company make it clear that “the data collected by the device and app may be used to train AI models.”
This is the real kicker. Kohler isn’t satisfied with the $600 you paid for the hardware; they want to get in on the cash flow generated by selling your data. And this toilet data is just one piece of a much larger puzzle. Your electrical meter, your phone, your ISP, and even your automaker are already spying on your every movement and choice. For example, automakers spy on your driving habits, often without telling you, just so they can sell that information to insurance companies that then raise your rates.
When companies get caught doing things like this, they often try to dodge responsibility by insisting the data is “anonymized.” That term has always been gibberish, though. Here in the States, this lack of corporate oversight and corrupt inability to pass even basic internet privacy protections means you can expect this behavior to only get worse from here. Add to that, the administration itself snooping on its own senators.
Published: Dec 16, 2025 05:30 pm