The bathroom is arguably the last bastion of absolute privacy in modern life. But for those who bought into Kohler’s latest high-tech promise, that door has been left wide open. The home appliance giant is facing a privacy storm after a developer exposed that its “Dekoda” smart toilet camera—marketed as “end-to-end encrypted”—is nothing of the sort.

This isn’t just a technical quibble; it is a fundamental breach of trust involving the most intimate data imaginable. While Kohler promised that your biological data was for your eyes only, the reality is that the company holds the keys to unlock those images, process them, and potentially use them to train their artificial intelligence models.

The Myth of Encryption

The controversy centers on the Dekoda, a device priced at $599 (approx. KES 78,000) that clips onto a toilet bowl to analyze waste for health insights. Kohler’s marketing explicitly claimed the device used “end-to-end encryption” (E2EE)—the gold standard of security used by apps like Signal or WhatsApp, where not even the service provider can read the messages.

However, Simon Fondrie-Teitler, a former technologist for the U.S. Federal Trade Commission, wasn’t convinced. After analyzing the device’s network traffic and grilling Kohler’s privacy team, he revealed a starkly different reality:

• The Lie: Kohler claimed E2EE, implying they could never see your images.
• The Reality: The device uses standard Transport Layer Security (TLS). This protects data while it travels through the internet (like a standard banking website), but once it arrives at Kohler’s servers, the company decrypts and views it.
• The Risk: Because Kohler decrypts the data to process it, a hack at Kohler’s headquarters could expose millions of intimate photos.

“Responses from the company make it clear that—contrary to common understanding of the term—Kohler is able to access data collected by the device,” Fondrie-Teitler noted in his report.

The Kenyan Context: Smart Homes and Privacy

Why should a Nairobi resident care about a luxury American toilet gadget? Because the “Internet of Things” (IoT) is flooding the Kenyan market. From smart security cameras in Kilimani to health-tracking wearables in Westlands, Kenyans are inviting more sensors into their private spaces than ever before.

This incident serves as a critical warning for local consumers and regulators. Under Kenya’s Data Protection Act (2019), companies are required to be transparent about data processing. Kohler’s misuse of the term “end-to-end encryption” would likely run afoul of local transparency mandates if the product were officially distributed here.

Furthermore, the cost of entry for this privacy invasion is steep. The device costs roughly KES 78,000, plus a monthly subscription of about KES 900 ($6.99). For that price, users are paying to have their most private moments potentially fed into an AI training dataset.

Training AI on Your Biology

Perhaps the most unsettling detail is why Kohler needs access to the unencrypted images. The company admits it uses the data to “research, develop, and improve” its products. In plain English: your biological data is being used to make their AI smarter.

While Kohler insists the data is “de-identified,” privacy advocates have long warned that stripping a name from a file does not guarantee anonymity, especially when the data itself—biological markers—is unique to the individual.

As smart devices continue to blur the line between convenience and surveillance, the Dekoda scandal is a potent reminder: if a company holds the encryption keys, you don’t own your data—you’re just leasing your privacy.