They're claiming "end to end" encryption, which usually implies the service is unable to spy on individual users that are communicating to one-another over an individualized channel.
However in this case there are no other users, and their server is one of the "ends" doing the communicating, which is... perhaps not a literal contradiction in terms, but certainly breaking the spirit of the phrase.
I can't blame most people for calling TLS "E2EE", even some folks in industry, but it's not great for a company to advertise that you offer X if the meaning of X has shifted so drastically in the last decade.
Papers in academia and the greater industry[2] also referred to it in this way at the time.
Stack Overflow has plenty of examples of folks calling it "end to end encryption" and you can start to see the time period after the Signal protocol and WhatsApp implemented it that the term started to take on a much wider meaning[4]
This also came up a lot in the context of games that rolled out client side encryption for packets on the way to the server. Folks would run MITM applications on their computer to intercept game packets coming out of the client and back from the server. Clever mechanisms were setup for key management and key exchange[3].
[0] as SSL became more common lots of tooling broke at the network level around packet inspection, routing, caching, etc. As well as engineers "having fun" on Friday nights looking at what folks were looking at.
[1] Stack Overflow's security section has references from that era
[2] "Encrypting the internet" (2010) - https://dl.acm.org/doi/10.1145/1851275.1851200
[3] Habbo Hotel's prime and generator being hidden in one of the dynamic images fetched from the server as well as their DH mechanism comes to mind.
[4] Jabber/XMPP however used E2EE in the more modern sense around that time as they were exploring going beyond TLS and having true E2EE.
While you are technically correct in a network topology sense (where the "ends" are the TCP connection points), that definition has been obsolete in consumer privacy contexts for a decade now due to "true" E2EE encryption.
If we use your definition, then Gmail, Facebook, and Amazon are all "End-to-End Encrypted" because the traffic is encrypted between my client and their server. But we don't call them E2EE because the service provider holds the keys and can see the data.
In 2025, when a company claims a camera product is "E2EE", a consumer interprets that to mean "Zero Knowledge". I.e. the provider cannot see the video feeds. If Kohler holds the keys to analyze the data, that is Encryption in Transit, not E2EE. Even though in an older sense (which is what my original comment was saying), it was "End to End Encrypted" because the two ends were defined as Client and Server and not Client to Client (e.g. FB Messenger User1 and FB Messenger User2).
Am I understanding correctly that the other end of this is a rear end?
Of course, only authorized users could see the data, but that was a different compliance line item.
Bank data is never E2EE because the bank needs to see it. If banks call it E2EE they are misusing the term. E2EE for financial transactions would look like e.g. ZCash.
Anyway a chemical or biological sensor in the bowl might be more useful.
Optical could be useful if it's doing spectrographic analysis: the color of poo and urine is sometimes informative.
- Deviation in consistency/texture/color/etc.
- Obvious signs related to the above (eg: diarrhea, dehydration, blood in stool).
Ultimately though, you can get the same results by just looking down yourself and being curious if things look off...
tldr: this feels like literal internet-of-shit IoT stuff.
Oh wait, maybe this is what Cory Doctorow is referring to as enshittified?
I mean, these jokes make themselves, including whoever buys the hardware, AND buys the marketing pitch.
>https://www.nytimes.com/2025/12/02/world/asia/south-korea-ca...
Oh...
Smart Pipe | Infomercials | Adult Swim
Everything in our lives is connected to the internet, so why not our toilets? Take a tour of Smart Pipe, the hot new tech startup that turns your waste into valuable information and fun social connectivity.
[Smart Pipe Inc. is a registered sex offender.]
I remember a sign in our dorm bathroom that read, “toilet cam is for research purposes only”. It was a joke, but always got a nice reaction from new people in the building.
But they actually sell this?! And want to charge me for it!?
Holy crap!
When companies first wanted to sell things over the Web, a concern I heard a lot was that consumers would be afraid of getting ripped off somehow. So companies started emphasizing prominently how the customer was protected with n bits of encryption. As if this solved the problem. It did not, but people were confused by confident buzzwords.
(I was reminded of this, because I actually saw a modern Web site touting that prominently just last week, like maybe they were working from a 30 year-old Dotcom Marketing for Dummies book, and it was still not very applicable to the concern.)
Some marketers lie, or don't care what the truth is. They want success, and bonuses, and promotions. And, really, a toilet company possibly getting class-action sued for a feces camera that behaves in an unexpected way, that attorneys would have to convince a judge was misrepresented, and then quantify the unclear harm, and finally settle, several years later, for lawyers' fees and a $10 off coupon for the latest model Voyeur Toilet 3000... isn't on the radar of the marketers.
E2EE now means something wildly different in the context of messaging applications and the like (since like 2014) so this is more of an outdated way of saying "no one is getting your poop pictures between your toilet and us".
It also feels like it would never make sense for this to be "E2EE encrypted" in the modern sense of the term as the "end user recipient" of the message is the service provider (Kohler) itself. "Encrypted in Transit" and "Encrypted at Rest" is about as good as you're going to get here IMO as the service provider is going to have to have access to the keys, so E2EE in a product like this is kind of impossible if you're not doing the processing on the device.
I wonder if they encrypt it and then send it over TLS or if they're just relying on TLS as the client->server encryption. Restated, I wonder how deep in their stack the encrypted blob goes before it's decrypted.
You wouldn't want that cheap tat miring up the clean lines of your throne.
And people who are being treated for gut issues can pay for their $600 medical toilet with HSA or insurance
Honestly, that this camera toilet exists is not a WTF for me. If my doctor needs to track changes to my stool, I certainly don’t want to have to hover over the bowl with my phone out. Please, just have the toilet take the picture.
That’s not end-to-end encryption. By that logic HN, and any other website over HTTPS is E2E encrypted.
For normal people E2EE means privacy, and that's why some company tries to sneak the term in products where it makes no sense.
It's misunderstood.
In the begining it's used to describe chat apps, your chat message are delivered in a secure way.
But later some marketers try to use it as a "transport channel" for client-server interactions.
BTW, someone please tell me that there is/was a social media site dedicated to poop, and the founder got rich from it. I need that today.
codingdave•1h ago
But in all seriousness, of course they can access the data. Otherwise who else would process it to give any health results back? I don't think encryption in transit is relevant to privacy concerns because the concerns are about such data being tied to you at all, in any way. At the same time, yes, this could product valuable health information.
Their better bet would be to allow full anonymity, so even if there is a leak (yeah, the puns write themselves), there is never a connection between this data and your person.
fastball•1h ago
karlgkk•58m ago
Doing on device compute is probably expensive and would prohibit such a product based on the economics but ITS A GENITAL CAM
Sanzig•49m ago
aerostable_slug•17m ago
g-b-r•24m ago
It's "of course" for very knowledgeable people, normal people just assume that it means guaranteed privacy