One of the top-selling smart-home devices in America is an indoor security camera made by Wyze Labs. It’s also, as of recently, a possible security threat: A hacker was able to livestream a video feed from one family’s camera earlier this month, transmitting their child’s bedroom to the entire world.
The story is alarming enough on its own, but there are also serious questions about how these cameras were secured, which puts them at the heart of ongoing debates over how we should be protecting our data and technology from snoops and hackers.
Despite being kept under control for now, this particular story will happen again. In fact, it already has (like when someone accessed another person’s Nest cameras online), because convenience comes with risk — which means that we need good information if we’re going to make decisions for ourselves about what technologies we do or don’t want in our lives. And while many of us might not care if people see into our house even though they shouldn’t be able to (for example, through cheap indoor security cameras priced so low that sellers lose money on each sale), others do! They value privacy more than dirt-cheap surveillance capabilities that could turn into high-tech stalking weapons. What about you? Do you worry about your “smart” home turning against you? If yes, why?
Swooping up:
A smart toilet-camera system marketed as “end-to-end encrypted” turned out not to offer any protection after all, following a security researcher who found that it wouldn’t actually encrypt anything he tried throwing its way, using Wireshark packet capture screenshots.
The product, a bowl-mounted device that snaps photos of waste and analyzes them for insights about gut health, is encrypted in transit using standard web encryption technology, but allows the manufacturer to access user data on its servers — meaning it is not end-to-end encrypted in the cryptographic sense that privacy-conscious consumers expect. The device sells for $599 with a mandatory subscription that starts at $6.99 per month.
The Actual Meaning of End-to-End Encryption
End-to-end encryption (E2EE) is designed so that only the endpoints, or end-user devices — those originating the data and those supposedly receiving it — are able to read texts. Signal, iMessage and WhatsApp popularized this model of messaging. If a company’s servers have the ability to read or process content in plaintext, the content is not E2EE. Transport Layer Security (TLS), which underlies HTTPS, secures data as it travels between a device and server but does not prevent the server from accessing data. NIST’s guidance with regard to TLS is clear that it protects the channel, NOT data at rest.
That distinction isn’t academic. When a device is genuinely E2EE, not even a compromise of the provider’s infrastructure would typically reveal readable data. The Messaging Layer Security (MLS) standard at the IETF, which is focused on secure group messaging, also endorses this principle: Servers should be able to route ciphertext, but they should not have keys that allow them to decrypt it.
Security Researcher Flags Misleading Encryption Claim
Security researcher Simon Fondrie-Teitler examined the product documentation and determined that when the vendor used “end-to-end encryption,” it meant TLS and not actual E2EE. The company’s privacy policy says it can access customer images and analyses on its systems, which doesn’t jibe with a zero-knowledge, end-to-end setup.
The company has said its sensors aim only into the bowl, and that algorithms are trained on de-identified data. But if a provider is able to access not just photos, but the photo-derived metrics on its servers, it does hold the keys — both physical and metaphorical — to the most intimate content a consumer device can produce. For users who read “end-to-end encryption” as “the company can’t see my data,” the term as applied here is a step too far.
De-Identified Data Is Not the Same Thing as Safe
De-identification mitigates the risk, but not to zero. That supposedly anonymized datasets can be re-identified with the aid of a handful of links has been proven by researchers time and again. A widely cited Harvard study has demonstrated that ZIP code, birth date and gender probably get you the rest of the way to identifying someone, while recent research found that 90 percent of Americans could be pieced together with those three bits of information. Images of the bathroom and health indicators are very sensitive, but so too can even aggregate patterns give revealing context when correlated with device IDs, timestamps or location cues.
There’s also the model-training question. If a vendor uses customer data, de-identified or not, to train AI, buyers are entitled to easy-to-understand, opt-in choices and technical guarantees that raw content will never be shared. Both the Electronic Frontier Foundation and the International Association of Privacy Professionals are calling for companies to steer clear of blanket training claims, and provide a way for users to have granular controls, audits and deletion pathways.
Regulatory and Market Pressure Are Mounting
Misstating encryption could also attract regulatory scrutiny. The Federal Trade Commission has cautioned that false privacy and security statements may be unfair or deceptive acts in violation of Section 5. Within the EU, the GDPR requires transparent processing (including profiling and automated decisions) from a data protection by design perspective. California’s CPRA includes provisions about sensitive personal information and consumer control.
The market is unforgiving too. According to the Cisco Consumer Privacy Survey, 76% of consumers will not buy from a company they do not feel can protect their data. And the average cost of a breach has been ticking higher, as measured by IBM’s Cost of a Data Breach study, highlighting the financial stakes. The connected-camera industry has already been singed: Anker’s Eufy sparked outrage in response to an assertion from researchers that it had given users faulty notices and a set of practices, leading the company to update both its disclosures and some of its practices.
What Real Privacy Would Mean for This Device
A privacy-first design for a health camera would keep analysis local, encrypt content at the device with keys the provider does not hold, and synchronize only ciphertext to the cloud for backup or access from multiple devices. Think zero-knowledge architecture: client-computed keys, hardware-secured enclaves, audited crypto protocols. Apple’s HomeKit Secure Video provides a beacon on how to handle video processing locally and store footage in a way that keeps it out of reach of the platform operator.
On the governance front, providers should post a security white paper, submit to third-party audits, run a public bug bounty program, minimize retention, and ensure explicit opt-in with the ability for users to revoke it for AI training. Clear data maps, transparency reports, and field-level encryption for metadata (not just media) are important. If a product can’t be end-to-end encrypted because of the features it offers, marketing should say so straight up.
What Consumers Can Do Right Now to Protect Data
Read the privacy policy and security white paper, not just the landing page, if you’re considering a health-focused camera. Search for whether the company can access your content, how keys are managed, and if AI training is opt-in. Avoid sharing with the cloud, turn off any uploads you don’t need, and delete data often. And most of all, assume any “end-to-end encryption” claims should be taken with a grain of salt — at least unless the provider can demonstrate that it cannot decrypt your data even if someone compromises its servers.
You shouldn’t have to give up your privacy in the pursuit of smarter health insights. An exacting application of language has its place, as does an exacting application of engineering. Until they do align, consumers would be forgiven for thinking twice before hitting “buy.”
