Smart Vibrator Company To Pay $3.75 Million For Private Data Collection
from the masturbatory-metadata dept
Given the often-comedic "security" featured on "smart" tea kettles, televisions, refrigerators and light bulbs -- was there any question that your sex toys would suffer from the same problems plaguing other Internet of Things devices?
Last fall, a company named Standard Innovation was sued because its We-Vibe vibrator collected sensitive data about customer usage. Specifically, the device and its corresponding Bluetooth-tethered smartphone app collected data on how frequently (and for how long) users enjoyed the toy, the "selected vibration settings," the device's battery life, and even the vibrator's "temperature." All of this rather personal data was collected and sent off to the company's Canadian servers, where the company claims it's used to conduct research for future products and product updates.
Unlike many IoT products, Standard Innovation does fortunately encrypt this data in transit, but like most IoT companies, it failed to fully and clearly disclose the scope of data collection to customers, what was being done with that data, and how to opt out (or preferably, opt in).
The end result was a lawsuit by one of the device's users (pdf) claiming this improperly-disclosed data collection violated Illinois privacy laws. This week, Standard Innovation struck a $3.75 million settlement (pdf). Under the terms of the deal, Standard Innovation will designate $3 million of the total for customers who downloaded the app and used it with the We-Vibe device, each individual receiving about $10,000 each. The remaining $750,000 is then destined to be divided between customers who purchased the devices alone, with each individual in that instance receiving roughly $200 each.
The company tells the Chicago Tribune it had learned its lesson about the collection of masturbatory metadata:
"Standard Innovation denied any wrongdoing in the settlement, which spokesman Denny Alexander called "fair and reasonable." Some changes agreed to in the settlement have been in place since We-Vibe updated its We-Connect app and privacy notice in September, he said.
"At Standard Innovation we take customer privacy and data security seriously. We have enhanced our privacy notice, increased app security, provided customers more choice in the data they share, and we continue to work with leading privacy and security experts to improve the app," he said."
Of course the real lesson here continues to be: if you want to be smart about device security in the internet of broken things era, you're almost always better off with the dumb alternative.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: iot, privacy, security, smart vibrators
Companies: standard innovation
Reader Comments
Subscribe: RSS
View by: Time | Thread
Swordfish doesn't count.
[ link to this | view in chronology ]
What, no embedded camera?
[ link to this | view in chronology ]
Re: What, no embedded camera?
[ link to this | view in chronology ]
ProTip: Stupid products do not have a sustainable market
[ link to this | view in chronology ]
Re:
Huh? What is your address? 101 Under Rock trail?
[ link to this | view in chronology ]
Judge Smith, "Mr. Johnson, I am impressed with your attention to detail as well as your client's stamina. Case dismissed!"
Judge Smith, "Miss Jones, maybe we could go get a cup of coffee after dinner tonight?"
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
You know...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
But without lube.
[ link to this | view in chronology ]
I like the phrase Internet of Broken Things...
This reminds me of how often we hear security advice about protecting our personal info from "bad guys".
I'm strongly inclined to think of regular companies and corporations as are part of those bad guys. I think they started all this by believing they could collect, use and sell user data as they please. Many, if not most, didn't even bother to protect the data from internal or external theft. How much credit card and identity theft came directly from this?
I remember routinely getting junk mail with my social on it. Or having school IDs with my social on it. Boooo!!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
I'm strongly inclined to think of regular companies and corporations as are part of those bad guys.
Signs of a company I will avoid:
[ link to this | view in chronology ]
Given the lack of user controls, this is probably activated much like hidden features in games:
Up, Up, Down, Down, Left, Right, Left, Up....
[ link to this | view in chronology ]
[ link to this | view in chronology ]
You smart vibrator has detected that you have the beginnings of a yeast infection. We recommend that you get that taken care of immediately."
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
As for the data collection... I'm not particularly bothered. Seems like usage stats. Did it need to be personally identifiable? No. But that seems more like somebody just didn't think through the implications of how they were collecting the data.
[ link to this | view in chronology ]
Re:
Cool. Please post your name, username and password along with a release so that we can all enjoy your data. I mean, if it doesn't bother you, then why not?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Life lessons
[ link to this | view in chronology ]
Smart Vibrators
[ link to this | view in chronology ]