Long-distance dildo devotee deploys ding-dong over data deceit A class-action lawsuit against a Chinese sex toy company accused of storing intimate data from its internet-connected dildo can move ahead, a California judge has decided. Lovense was sued [PDF] in January 2018 in America by unhappy customer "S.D." after she discovered that the company was storing not just the time and date …
There can be any number of legitimate purposes for collecting the data -- but they need to be spelled out in the privacy and data retention policies. None of the product's users would have read the policies anyway and the company would have had legal coverage. However, associating the data to a clear-text email address (if that is in fact what they were doing) instead of something like a serial number is a poor technical decision. Whomever made THAT decision should be job-shifted to "product testing".
Still, I am unsure if wiretapping is the correct legal category for this. Control of the device is through a cloud-based control system so the manufacturer IS a party to the "conversation". The users cannot connect directly, so user A sends a control message the cloud, which in turn tells user B. Presumably user B sends a message back via the same channels to user A that the control message was received and was accepted. Ignoring the salacious nature of the product, logging the fact that a message of a given type was processed is pretty much standard on any of these IOT devices: Light On. Light Off, Set Temperature to 71°F, doorbell contact triggered, pump relay activated, etc.
For any given email message, my mail server logs show the sending and recipient email addresses as well as the subject line and the date and time the message was received. Could the judge consider that "wiretapping" as well? I realize that this is just a preliminary hearing, but my worry with cases like this are the unintended consequences that impact seemingly unrelated things.
Logging vs wiretapping -
I certainly would not consider this wiretapping, as you say C&C instructions are sent through the cloud and logged. However there's no reason to be keeping all that data indefinitely. If needed for support can be deleted after a few days, and if needed for long-term performance analysis etc, should be anonymised
This sounds a bit like saying the post office is party to the contents of a letter or parcel you sent.
No it isn't.
All it is party to is the receivers address in the case of a letter. A bit more in the case of a parcel but even their they don't need to know the senders address. Even if it's recorded they give you a tag so you can check and they don't take your address.
At no point to they have any idea of the content or log it.
So why should these people think they should have any access to the content of the message sent between the app and device, beyond that needed to ensure the data that is received is what was sent?
Maybe that's all your post office logs. In the "land of the nominally free", they keep images of all the sides for both letters and parcels. Whether those images are OCR'd and the data sent to your permanent file is not specified.
Google trawling your email content to sell you stuff is different how? People will gladly sign-up to T&Cs that share more personally sensitive info, via their email conversations, than intimate massage habits
Good evening.
Now, let's move on to something ruder.
Wankel Rotary Engine.
Well... ha ha ha.
Now it's time for 'A Book at Bedtime'. Alan Hutchinson reads another extract from a series of bedside books.
Number 32. 'The lady lies with her left leg planted firmly on the ground and the right hand waiting. The gentleman with the melon switches on the battery and places his left thigh on the edge of the swivel table, keeping the neck of...
In case you are not up to doing the research yourself.
The devices themselves, both the male and female versions work rather well, the missus and I have tested them very thoroughly. The software, the Bluetooth stability, etc, is very less than optimal.
I have considered writing a 3rd party app for it, but the testing can be distracting.
About 15 years ago I had a go at this and made a couple of controllers based on a DTFM decoder and a PIC, and hacked some Ann Summers devices to make male and female versions. All they needed was a phone at each end (even a land-line phone would do) to control them without any data collection happening in the middle.
Quite fun, but back when feature phones were still the norm (the iPhone was still a couple of years in the future back then), trying to remember which numeric keypad button corresponded to a particular fun-toy function (and, yes, they could do way more than the standard Ann Summers toys they were based on) was hard when your brain wasn't entirely in your head.
Call me antiquated if you will, but whoever is stupid enough to buy an internet-connected dildo really deserves to get shafted.
Yes, pun intended.
... using this system from opposite ends of the globe as well as sat at a restaurant table.
I said stupid?
Maybe we're actually looking at certified idiots.
O.
Well, it is a product obviously for the "connected generation" where actual human-to-human contact isn't done. We've all seen the photos of "parties" where everyone is sitting around playing with their phones. Sad world we're living in.
Icon: Paris because she represents... err.... forgot what I going to say. Anyway, she represents it.
Although all this is the epitome of modernist trivia, I hope the Chinese Dildo People get off; but really, cases like this were made to be heard by the sacred monsters of Supreme Courts past. I should value the comments of old busters like Salmon P. Chase, Oliver Wendell Homes jr., and William Taft on this affair.
As a judge, how do you face the court with a straight face? You have to sit in your judge office at the back there and pour over the details of the case. Does it include photos? What sort of evidence are we talking here? Is it possible to look sternly at people collecting dildo data while telling them to knock it off?
Who is the lawyer that had to present the sentence, "Well technically it's not wiretapping because it's a bluetooth dildo, so..." and what sort of thought processes were involved in coming up with that argument? What do they say when their families ask "How was work?"
Can you imagine the dev life in that company? Like do they have meetings where the product testers give feedback to the dev team? What do the minutes of those meetings look like? Who pours over all that collected data? Are they thinking, "Hmmm, quite a few people like it supermaxed. Maybe we need to add a superdupermax-extreme speed" *writes product manager an email*.
So many questions... Personally, I think this article focused on all the wrong issues.
The real question is why does the app require an email address at all?!!!
There is no technical reason - those Plug'n'play home video cameras work perfectly well by just using the serial number of the device to connect (usually by scanning a QR code) - no information about the user at all.
Anyone providing their email address to a dildo app in the first place is not thinking straight. It is obvious that their real purpose of collecting that information is for some other monetisation.
We used to call that blackmail.
Depending on version, Android forces location services to be turned on to use Bluetooth...
https://www.theregister.co.uk/2017/11/01/google_fast_pair_bluetooth/
Even if this device does not implement "Fast Pair", if using an Android 6.0 or later, what are the chances if some of the device (and location) information has hit Google servers? After all, we get to hear of "careless" software engineers slurping data almost every other week.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
