Popular Sex Toy Caught Sending Intimate Data To Manufacturer

In a world where thermostats, and smart locks can be hacked, and companies covertly record information, why should sex toys remain unaffected. Fusion is reporting that the We-Vibe 4 Plus, a popular vibrator sends a range of intimate data to its manufacturer. The sex toy uses a smartphone app, which lets a use control the vibration among other things. From the report: When the device is in use, the We-Vibe 4 Plus uses its internet connectivity to regularly send information back to its manufacturer, Standard Innovations Corporation. It sends the device's temperature every minute, and lets the manufacturer know each time a user changes the device's vibration level. The company could easily figure out some seriously intimate personal information like when you get off, how long it takes, and with what combinations of vibes. This was revealed on Friday at hacker conference Defcon in Las Vegas by two security researchers, who wish to be called only by their handles @gOldfisk and @rancidbacon. The two examined the app's code and the information being sent by the device over Bluetooth. In a statement sent by email, Standard Innovation Corporation's president Frank Ferrari confirmed that the company collects this information. [...]

This already happens

[Major+Blud]

" seriously intimate personal information like when you get off, how long it take"

Most Slashdotters already have information like this collected by their ISP ;-)

Re:This already happens

information like this

Having a list of the pr0n sites you dorks browse is nothing like a time graph of a woman's intimate alone time.

Data is not just data. There is a difference between storing someones email address and storing their private sex tapes. At some point you have to stop putting easy blame on the users and start seriously asking the companies storing this: what the fuck made you think it was OK to store that.

If you were a company selling sex toys to women (inb4 SJW/MRA bullshit), what the fuck are you doing storing this shit. And I know why btw. Because some autistic nerd in development, or beady eyed marketer, mouth breathed that they needed "research dnata" and that they just could. You gave the keys to your companies reputation with its customers so some socially maladjusted coder or psychopathic MBA and they crashed in on a data bender through the information superhighway.

Dear companies. STOP. STORING. DATA. You don't need all this shit.

Re:This already happens

Or, maybe if they saw a common enough trend in the speed/intensity vibrations, they could make some automatic programs that could be run so that women could go through the cycle without having to make manual adjustments, just sit back and enjoy it?

Re:This already happens

[HumanWiki]

Also, if you think something like:

[0:00 to 0:34] Level 1, Speed 4
[0:34 to 1:17] Level 2, Speed 6
[1:17 to 2:01] Level 4, Speed 2
[2:01 to 3:45] Level 6, Speed 7

..is hot, then you're an idiot.

Actually, it's you that is the idiot.

Take a pornographic image of any kind and strip it down to the data layer (that means open it in a text editor of choice) and look at all that garbage text.

If you think that "s(:Ú÷Sòoè/$QÓ4dr£'XåÒúZúsUjÏpáåìa±‘2à¥n úÜê–¦G÷ájç4Íï`Ý^în&ä\ð}.Fú?x¥P. øòzóæ|w;¥Jt/6VÑTUýõ$mHôÿ ]}uóæ|/3àj½óTá`ümØ{*.?@8ÕG3àiå{üæò(#ÿ ñãWQÄÀ—€|åyð£ÎWÀü+‘\]r{25½öBÆaúvç+Ìø'3à~EX©5—ßÝ(ÊÆÛ]" is hot, then you're an idiot...

It's not the data in the raw that's the issue, but what the data in the raw represents.

Re:This already happens

It's not the data in the raw that's the issue, but what the data in the raw represents.

Imagine if a child used a sex toy like this. All those sensor readings could be considered cp!

Re:This already happens

[omnichad]

If you think that "s(:Ú÷Sòoè/$QÓ4dr£'XåÒúZúsUjÏpáåìa±‘2à¥n úÜê–¦G÷ájç4Íï`Ý^în&ä\ð}.Fú?x¥P. øòzóæ|w;¥Jt/6VÑTUýõ$mHôÿ ]}uóæ|/3àj½óTá`ümØ{*.?@8ÕG3àiå{üæò(#ÿ ñãWQÄÀ—€|åyð£ÎWÀü+‘\]r{25½öBÆaúvç+Ìø'3à~EX©5—ßÝ(ÊÆÛ]" is hot, then you're an idiot...

Until you get used to it. All I see now is blonde, brunette, redhead.

Re:This already happens

If you think that "s(:Ú÷Sòoè/$QÓ4dr£'XåÒúZúsUjÏpáåìa±‘2à¥n úÜê–¦G÷ájç4Íï`Ý^în&ä\ð}.Fú?x¥P. øòzóæ|w;¥Jt/6VÑTUýõ$mHôÿ ]}uóæ|/3àj½óTá`ümØ{*.?@8ÕG3àiå{üæò(#ÿ ñãWQÄÀ—€|åyð£ÎWÀü+‘\]r{25½öBÆaúvç+Ìø'3à~EX©5—ßÝ(ÊÆÛ]" is hot, then you're an idiot...

Being a "t(:ÛøSøoø/$QÔ4dr£'XåÔúZøsUjÔpáåìa‘2à¥n úÜê–¦G÷ájç4Íï`Ý^în&ä\ð}.Fú?x¥P. øòzóæ|w;¥Jt/6VÑTUýõ$mHôÿ ]}uóæ|/3àj½óTá`ümØ{*.?@8ÔG3àiå{üæò(#ÿ ñãWQÄÀ—€|åyð£ÎWÀü+‘\]r{25½öBÆaúvç+Ìø'3à~EX©5—ßÝ(ËÇÜ]" man, I agree 100%

Re:This already happens

[Aighearach]

The vast majority of people are going to be creeped out because "somebody is watching them" but have basically no emotional response at all to "data is being recorded." If you phrase it as, "personal information being recorded for later playback" then you'll get a rise out of a lot more of them. But you're not going to get comprehension if you say "data connection." Data, that means it is just impersonal numbers, right?

Re:This already happens

[speedplane]

If you think that "s(:Ú÷Sòoè/$QÓ4dr£'XåÒúZúsUjÏpáåìa±‘2à¥n úÜê–¦G÷ájç4Íï`Ý^în&ä\ð}.Fú?x¥P. øòzóæ|w;¥Jt/6VÑTUýõ$mHôÿ ]}uóæ|/3àj½óTá`ümØ{*.?@8ÕG3àiå{üæò(#ÿ ñãWQÄÀ—€|åyð£ÎWÀü+‘\]r{25½öBÆaúvç+Ìø'3à~EX©5—ßÝ(ÊÆÛ]" is hot, then you're an idiot...

Until you get used to it. All I see now is blonde, brunette, redhead.

Dude! You mistook that upper case "I" for a lowercase "l"... that chick has a dong.

Marketing is a four-letter word

[Scutter]

Is nothing sacred anymore? Are we really nothing more than market research tools and products to be sold to the highest bidder anymore? Look, if you give me something for free, I don't think it's necessarily unreasonable to ask for something in return (provided you disclose that you're collecting that data). But if I'm paying for it, then please just stop. I'm the customer, not the product.

Re:Marketing is a four-letter word

[JustAnotherOldGuy]

Is nothing sacred anymore?

In a word, "no".

I'm the customer, not the product.

In this case, you're both.

Re:Marketing is a four-letter word

[parkinglot777]

Look, if you give me something for free, I don't think it's necessarily unreasonable to ask for something in return (provided you disclose that you're collecting that data). But if I'm paying for it, then please just stop. I'm the customer, not the product.

If the product can be connected to a toy-controlling smart-phone app, which should be owned from the company, then there might be some sort ToS that requires you to click "I Agree" before you can use the app. Most people don't read that kind of thing anyway, so they may agree to let the company collect data. This is typical way of getting consent from consumers without them really know what they are doing.

Re:Marketing is a four-letter word

Are we really nothing more than market research tools and products to be sold to the highest bidder anymore?

No, we're not, and it's our own damn fault. People are flocking to anything that promises them anything in return for their data. Privacy is a non-issue. Even close friends to whom I explained the technology and how it's used against them don't take the slightest precautions. People who should know better practice full on data exhibitionism. This war is lost. Too many old geeks have defected, and the new generation grew up with this stuff, so it's normal to them. Welcome to the Panopticon. Used to be a prison, now it's your home.

Re:Marketing is a four-letter word

[funwithBSD]

Sing with me!

The internet is for porn! The internet is for porn!

Porn porn porn... and Marketing!

Re:Marketing is a four-letter word

[eyenot]

Personally, I feel that if your genitals are this enormous gateway straight into to your soul and that you're always, always and forever vulnerable about your own sexuality to such as extent that it needs to be hidden by default, then the problem's not with society the problem's with you.

Re:Marketing is a four-letter word

[Shadow+IT+Ninja]

Right, this is an item which you pay for. People defending all this invasion of privacy often say that the point is to get things for free. In practice, however, I have found that free things are more likely to respect your privacy. This is especially true of software. Take, for example, Android apps for GPS navigation. Garmin Navigon costs $49 (last I looked) which is expensive for an Android app. It wants access to all kinds of things which don't seem necessary for it's function. They have an excuse for access to the camera. It's to tell you if you are driving in the correct lane. I don't know what their excuse is for needing access to your contacts list. In contrast, the free app, Mapfactor Navigator, only asks for access to the things you would expect and it has a much better privacy policy.

Re:Marketing is a four-letter word

[AthanasiusKircher]

Is nothing sacred anymore?

In a word, "no".

It's funny -- when I read about this, my first thought was "This is appalling." But my second thought was, "Gee, is this really that bad compared to the amount of privacy invasion we're faced with almost continuously these days?"

Unless you run a half-dozen browser plug-ins (and few people do), your every move online is likely being tracked by dozens of companies. Unless you're careful to turn off various features on your phone, tablet, etc. your location is likely being tracked by dozens of apps.

In the grand scheme of things, this may be one of the most "private" acts, but it's also potentially one of the least worrying in terms of what companies could do with the data. The common cookies/trackers, apps, etc. that most users have running continuously are frankly much more worrying in terms of how much corporations could invade your life, use the data in nefarious ways, etc.

On the other hand -- it might take something like this to actually get consumers to wake up and realize the dangers of all of the more common tracking going on. Perhaps when some hacker manages to get into the data from these devices and publishes some Congresswoman's vibrator use data, there might finally be a public outcry to have a serious public discussion on privacy issues and tracking without a clear "opt-in".

Re:Marketing is a four-letter word

[Aighearach]

My first thought was, for a lot of people this is a feature because future models will be better at getting them off.

But if you read Dan Savage, you might be skeptical that it will help their sex lives.

If they disclose it, I don't see why it is a problem. I wouldn't want to use it, but a lot of people would. Especially if they offer free software upgrades for people who share their data.

The general case is scarier to me. My banking data or my political activities seem more in need of protection than masturbation details. The only people in the world who care about this data are people who sell devices to aid the activity. Whereas with my banking data, it is not only people who sell banking services that might want to steal it!

Re:Marketing is a four-letter word

[thegarbz]

Yes typical "it has access to information so it must be bad" mindset. Man how did we ever survive when we used computers with software that didn't run in a sandbox and had permissions for everything ... but I digress.

I find the paid apps have far more features, as such those features request more information. Sensor data? For more accurate dead reckoning when you lose GPS. Contact list? So it can pull up your stored addresses in your phone, ... you know something that would be pretty damn useful in a GPS app. SMS? Yeah they must be reading my private messages, nothing to do with the emergency feature that lets you send your location to a recipient (from your contact list) with a push of a button.
Worth noting also is that this is a German company which falls under some of the strictest user privacy laws in the world.

Anyway back on topic: Sex toys. Why would a manufacturer need information about such sex toys, to sell for marketing? Yeah right. More like improve the product, ensure it can't overheat in unanticipated ... loads, identify the best vibration pattern to bring the most people to orgasm instead of the dumb arse pattern cycling of typical toys. If sharing this makes the bedroom even more fun when the next version comes out then hell sign me up!

It seems of late the people who complain most about data collection are also the same ones who complain that companies don't understand what customers want.

Re:Marketing is a four-letter word

[PyroMosh]

Actually, no. It doesn't work like that at all.

In most places, there are basically two types of written contracts that the law recognizes:

Negotiated - What you're thinking about, where you and another party have the ability to negotiate, haggle, and come to a consensus.

Contracts of Adhesion - This includes ELUAs, the contract between you and your electric company, etc. These *are* non-negotiable, take-it-or-leave-it contracts.

Seems unfair, doesn't it? There is a bright side.

Contracts of Adhesion are generally held to a higher standard than Negotiable contracts. If there's ambiguous wording, or a typo, or whatever, it doesn't matter, the courts take that literally, and the company or entity that wrote the contract is held responsible.

Basically, if in doubt with a Contract of Adhesion, the law will side with the party that had no choice. I'm simplifying things here, but that's the general spirit of the difference.

We use these contracts every day. No major provider of services would be able to do business without them. Public utilities, airlines, software vendors, schools, telcos, ISPs all use these types of contracts.

Dell is not going to negotiate with you on the terms of their wifi driver. Verizon isn't going to negotiate their TOU. Those things just aren't going to happen, despite how your mind extrapolated that "all contracts are the same!" when you learned about negotiated contracts.

But I *do* like how you spouted off like you knew exactly what you were talking about, despite not knowing very basic things about contract law. Well done.

Asking for a friend

[swb]

Do they have the smartphone-enabled model that lets you control the vibration functionality from a *remote* smartphone, so you can further bridge the phone sex gap?

I'm asking for a friend.

Re:Asking for a friend

[Razed+By+TV]

You would be talking about OhMiBod. See also the website chaturbate (sex cam chat, often coupled with the OhMiBod vibrator.)

Pentesting

Brings a whole new meaning to pentesting doesn't it?

Re: Editing

It's hard to type properly with only one hand

"more transparency for our customers."

[sehlat]

Which way is the transparency?

To the customer, by making it plain Big Brother is watching their orgasms?

To the company, as in "OK. Delilah in Kansas City likes Echo Mode at 5.7Hz. Why don't we start offering pre-customized models which have all the user's preferences pre-programmed? For a fee, of course."

when you get off and stuff

"The company could easily figure out some seriously intimate personal information like when you get off, how long it takes, and with what combinations of vibes."

sure, then they sell your data to your health insurance company, employers, the goverment so they all know about your sexual activities and perceived health. takes longer than a few minutes for you to get off? that will earn you an interesting chat with your manager the next moring.

"Steve, we've noticed you recently have been sexually quite active. We are pleased it works out for you. However we're really concerned about the decline in your performance, sexually. I look at my statistics sheet here, and it says you usually took just 1.5 minutes, which is very good. It releases stress but it doesn't impact your productivity that much. So that's a good thing. However, for almost 2 weeks now, we see that it takes you 5, sometimes 10 minutes to get off. I have to tell you, we don't like this development. You have to look into this. If you can't improve it, we will ban you from any sexual activities in the future and treat you with a stress relexant. Am I clear?"

brave new world

You joke but..

If you can get over the fact it's about sex, it's actually a pretty good collection of metrics to collect when you're looking to get the best performance out of your product.

They'll take that data and use it to improve future products to better get you off /with science/

Also could provide pretty good data for legit scientific study - It can be hard to get funding to study taboo subjects.

Of course, this all needs to be clearly stated in a privacy policy and data should be anonymized.. That's the real fuck-up here.

Re:You joke but..

I used to dismiss the "rape culture" allegations, but clearly a lot of people seem to not understand the concept of consent.

Re:You joke but..

[Bruinwar]

Never joke about marketing. Anonymized data will somehow become non-anonymized once they see money being left on the table.

This just in

[Opportunist]

Sex toy makers are dicks.

EDITORS

[JustAnotherOldGuy]

Hire some.

That summary is so poorly written that it borders on editorial malpractice.

Re:EDITORS

[TheGratefulNet]

give the editors a break. they had to type this summary with only 1 hand!

Yes they do

[SuperKendall]

Not sure if it's this one, but the device I read about is connected to the women's smartphone, but it also linked to a "partners" phone so they can activate it at will.

The good news is...

[StandardCell]

...this security issue will affect very few /.ers...

Not understanding the issue

[Morgon]

Okay, so they capture completely non-personally-identifiable information... so?

They log how often the user changes vibration settings. This seems like clear product improvement data. Remove lesser-used settings and utilize the information on how frequently the settings are changed to create an auto-program that mimics that alternation.
They capture the temperature. This seems like possible safety data, if nothing else.

If it activated the microphone to record the ambient "noise", you'd have a clear case of 'catching' someone sending data. Does it send the phone's device ID? I didn't see it in the summary. So I'm genuinely not seeing what's inherently wrong with wanting to understand how products are used and could improve, especially in the burgeoning sexual-health industry.

Re:Not understanding the issue

[gurps_npc]

The real problem with your philosophy is that so much of that information is secretly personably identifiable.

It is like the extra data a browser gives - things like versions, addons, etc. There is enough variability that you can determine the exact person.

It may not be good enough in a court of law, but it is good enough for a private investigator.

Re:Not understanding the issue

[jenningsthecat]

Does it send the phone's device ID? I didn't see it in the summary.

The article also doesn't even mention the topic of personally identifiable information. That fact alone speaks volumes about the question, given that TFA quotes a rather lengthy statement from the company president, who didn't once take the opportunity to say that the device doesn't collect personally identifiable data.

So I'm genuinely not seeing what's inherently wrong with wanting to understand how products are used and could improve, especially in the burgeoning sexual-health industry.

Please note that "wanting to understand how products are used and could improve" is neither the ethical nor the logical equivalent of collecting private, intimate, real-time data without anywhere informing the purchaser that this is happening. Also, even if the data collected isn't personally identifiable now, it could become so later, and there are plenty of precedents for this.

Another note: when the president of the company says "our policy does disclose that we may collect data", that refers to their website policy; it IS NOT disclosed when the app is downloaded, according to TFA.

Do you see now "what's inherently wrong" with this picture?

Re:Not understanding the issue

[AmiMoJo]

Non-personally identifying data rarely is non-personally identifying. Also, they failed to mention it in their privacy policy, which means they probably broke the law in many EU countries where it is mandatory when data is collected this way.

It's okay if they ask and have an opt-in button, but just doing it on the sly is underhanded and wrong.

Re:Not understanding the issue

>Okay, so they capture completely non-personally-identifiable information... so?

Is nothing sacred to you? So non-personal info gets sent but it relates to personal (very personal) moments. Moments where users would prefer to be 'left alone'. Will the desire of companies to 'customize everything' in order to 'take care of us better than we can ourselves' really get some play in the world of personal moments? Next in: toilets note our wiping techniques in order to better offer us robotic wipers in the future. But hey, our usernames & other PII is not transmitted so we will CERTAINLY be ok with the snooping, and not feel self-conscious, nervous, intruded upon, or anything like that during one of mankinds' most historical private moments... where we really need to feel relaxed.

* companies should get a study group like any other researcher, and not rely on spying metrics. I'm certain there will be volunteers for this. *
You must be a real joy at parties. No, really! A developer's statistical, spreadsheet, and algorithmic party for sure! Regular human relationship & fun parties with actual ladies... probably not so much.

Better orgasms through mathmatics.

[Dutchmaan]

On the upside, it could be used to create a custom profile on what REALLY gets the person off. I imagine a vibrator that "learns" would be a welcome asset to a lot of women out there.

Re:Better orgasms through mathmatics.

[Megane]

Now all they need to do is combine it with the technology from Clippy the Paperclip.

It looks like you're trying to get an orgasm. Would you like some help with that?

Wait for it...

[CaptainOfSpray]

Newsreader: in the latest IT scandal, Standard Initrode Corp has admitted that its Autobanger sex toys have been remotely hijacked by a variant of the Stuxnet virus. The effect of the hijacking is to cause the device to repeatedly apply the user's favorite settings, until the user becomes unresponsive. Last week's revelations by Federal investigators that a number of unexplained deaths among Congressmen and -women were caused by unexpected heart attacks may be related.

Need to upgrade my virus protection

[paiute]

Great - now I have to worry about man-in-the-middle attacks in the bedroom too?

Okay ...

[fahrbot-bot]

(a) This is the creepiest thing I've read all week.
(b) When can I control the smartphone from the vibrator?

Re: Editing

[johnsnails]

Somewhat obligatory. https://i.imgur.com/End1a.jpg