Pulse of Truth

1798 readers

89 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

205

‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted (techcrunch.com)

submitted 6 days ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

64 comments fedilink hide all child comments

Kohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train AI.

you are viewing a single comment's thread
view the rest of the comments

[–] Nikokin@lemmy.world 4 points 5 days ago (1 children)

Https is the transit. End to end encrypted means it's encrypted before, during, and after transit. Ie the data at rest would/should be encrypted

[–] commie@lemmy.dbzer0.com 0 points 5 days ago (1 children)

and Kohler said they are encrypting the data at rest

[–] Asetru@feddit.org 1 points 5 days ago (1 children)

They also said they decrypt after transit before they encrypt at rest, so it's not encrypted in between and they can look at your data. So it's not e2e if you want both ends to be you.

[–] commie@lemmy.dbzer0.com 2 points 5 days ago (1 children)

I think what your talking about is zero knowledge. but that's not what was promised.

[–] Asetru@feddit.org 2 points 5 days ago

Absolutely not. E2EE means it's encrypted from end to end. If I send data and I'm also the person to receive it on my app to inspect it, I'm both ends and the data should not be decryptable in between by anybody else if it's advertised as e2ee. Zero knowledge on the other hand doesn't mean that you transfer information securely but that you can prove that you have some information without it ever even being sent.