Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy The Courts Idle

Woman Sues Sex Toy App For Secretly Capturing Sensitive Information (ctvnews.ca) 211

A woman in Chicago filed a class action lawsuit against the makers of a smartphone-enabled vibrator, alleging their devices "secretly collect and transmit 'highly sensitive' information." CTV News reports: The lawsuit, which was filed earlier this month in an Illinois court, explains that to fully operate the device, users download the We-Connect app on a smartphone, allowing them and their partners remote control over the Bluetooth-equipped vibrator's settings... The suit alleges that unbeknownst to its customers, Standard Innovation designed the We-Connect app to collect and record intimate and sensitive data on use of the vibrator, including the date and time of each use as well as vibration settings...

It also alleges the usage data and the user's personal email address was transmitted to the company's servers in Canada. The statement of claim alleges the company's conduct demonstrates "a wholesale disregard" for consumer privacy rights and violated a number of state and federal laws.

Slashdot reader BarbaraHudson argues that "It kind of has to share that information if it's going to be remotely controlled by someone else." But the woman's lawsuit claims she wouldn't have bought the device if she'd known that while using it, the manufacturer "would monitor, collect and transmit her usage information."
This discussion has been archived. No new comments can be posted.

Woman Sues Sex Toy App For Secretly Capturing Sensitive Information

Comments Filter:
  • Legal (Score:5, Informative)

    by Maxo-Texas ( 864189 ) on Sunday September 18, 2016 @09:49AM (#52911777)

    This is their web site legal.. which says they collect information.

    I'm betting their apps have a similar eula but I couldn't locate them (they may only be available while installing the app). I checked the user manuals and the eula is not in the manuals.

    http://we-vibe.com/legal [we-vibe.com]

    Standard Innovation® Corporation intends to build the user's trust and confidence in Internet and App use by promoting the use of fair information practices. Our privacy statement covers we-vibe.com, standardinnovation.com and the We-Vibe® mobile app.

    If you have questions or concerns regarding this statement, you should first contact us at our mailing address found on the Contact Us page or by emailing Customer Service at: customerservice@we-vibe.com.
    Privacy is Paramount to Us

    Standard Innovation Corporation understands the need for and is committed to all reasonable protection of our customersâ(TM) privacy. We will not share information about you with any third party other than the shipper you choose to deliver your goods ordered on our ecommerce site.
    Information Collection

    Distributor Orders and RMA's
    If you contact us, we may collect certain personally identifiable information from you. On our web-form you must provide contact information such as: name, shipping address, telephone number, email. This information is considered private and will not be divulged to third parties except the shipper if relevant.
    Links to Other Sites

    Standard Innovation Corporation is not responsible for the content or security of other sites that we link to.
    Sharing

    We do not share, rent, or sell your personally identifiable information with any third parties for marketing purposes.
    Customer Service

    If you register on our Website to have access to the "Media and Trade" section, we will send you a welcoming email to provide your password. If you register in the We-Vibe App and choose to receive news and offers we will send you a welcome email. In both cases you can unsubscribe at any time by clicking on the unsubscribe link provided in the footer of each email message.
    Agents

    We use an outside shipping company to fulfill orders. To the best of our knowledge, these companies do not retain, share, or use personally identifiable information for any other purposes.
    Legal Disclaimer

    We reserve the right to disclose your personally identifiable information if required to by law.
    Log Files

    Like most websites and apps, we gather "cookies" and certain other information automatically and store it in log files to maximize your website and app experience. We use this information in the aggregate and it will not be traced to an individual.
    Secure Transactions on our Website

    We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no Internet traffic is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
    Complete Shipping Discretion

    If we ship you any product(s), the package will be shipped as from Standard Innovation Corporation in a plain package with no mention of the We-Vibe or product inside. This assures complete discretion.
    Changes in this Privacy Statement

    If we decide to change our privacy statement, we will post changes here in the Legal section of the Website so that you are aware of what information has changed. We reserve the right to modify our privacy statement at any time, so please check back here.
    Contacting Us

    If you have any questions about this Privacy Policy, please contact us.

    --

    Any any case, this case will shake up the legal situation and set things vibrating!

    • Re:Legal (Score:5, Insightful)

      by Mitreya ( 579078 ) <mitreya.gmail@com> on Sunday September 18, 2016 @10:05AM (#52911831)
      This.

      If we decide to change our privacy statement, we will post changes here in the Legal section of the Website so that you are aware of what information has changed. We reserve the right to modify our privacy statement at any time, so please check back here.

      Maybe they already changed it to say "actually, all your base are belong to us". Is it really reasonable to ask users to compulsively check the agreement in case they changed it?

      Apple Developer's EULA requires our confirmation when rules change, but since they change every month or so and present you with 50 pages of new rules, only companies that have a room of of lawyers on retainer can possibly keep up.

      • Maybe they already changed it to say "actually, all your base are belong to us". Is it really reasonable to ask users to compulsively check the agreement in case they changed it?

        I would posulate that no, they won't change this statement, because doing so will open them up to a big legal problem. You can't EULA away after the fact changes in the EULA without notification. This is why when any terms change Facebook, Apple, Google, MS, etc all require you to acknowledge the new terms on login.

        Also a bit of Occams razor here. They are collecting anonymised information on how to best make people climax. This isn't marketable information as much as it is trade secrets. I'm not worried ab

    • by pesho ( 843750 )

      Any any case, this case will shake up the legal situation and set things vibrating!

      You can expect some tingling legal issues arousing in the near future that are sure to give us all satisfaction.

      • Any any case, this case will shake up the legal situation and set things vibrating!

        You can expect some tingling legal issues arousing in the near future that are sure to give us all satisfaction.

        All puns aside, I think the SCOTUS and U.S. Congress have shown a shocking degree of unwillingness in protecting the public from unscrupulous click-wrap EULA's and other onerous contracts. Nothing gives me particular hope that this will change in the near future. My guess is that it won't change until if/when some kind of revolution occurs which interrupts the influence corporations have over politics.

        • All puns aside, I think the SCOTUS and U.S. Congress have shown a shocking degree of unwillingness in protecting the public.

          FTFY. The willingness of the SCOTUS to endorse arbitration clauses is another example.

          • by alexo ( 9335 )

            All puns aside, I think the SCOTUS and U.S. Congress have shown a shocking degree of unwillingness in protecting the public.

            FTFY. The willingness of the SCOTUS to endorse arbitration clauses is another example.

            All puns aside, I think the the public have shown a shocking degree of unwillingness in funding the politicians.

  • > Standard Innovation designed the We-Connect app to collect and record intimate and sensitive data on use of the vibrator, including the date and time of each use as well as vibration settings...
    >
    > Slashdot reader BarbaraHudson argues that "It kind of has to share that information if it's going to be remotely controlled by someone else."

    Does it ?

    First of all, collecting and recording the information does not seem necessary for the app to work.

    Then, to enable an external user control over the devi

    • Programmers tend to be lazy. Getting two devices connected is hard with the piles of nat, putting everything through a 3rd node thats got a fixed IP makes things far easier.

      • by BarbaraHudson ( 3785311 ) <barbara.jane.hud ... minus physicist> on Sunday September 18, 2016 @11:18AM (#52912091) Journal
        It's not laziness. There's no way that you want to have to walk customers through the process - and imagine if their isp blocks inbound http requests? I'd say they're pretty much cock-blocked.
        • That falls under lazyness, creating a secure channel via a third party is not that hard.

          • Who says it's not encrypted? Nobody has bought one and monitored the traffic with Wireshark (or at least nobody who wants to admit they bought one).
      • by quenda ( 644621 )

        Getting two devices connected is hard with the piles of nat,

        Only in TCP.
        Using UDP you can punch right through her hole.

    • Yes. How do the two phones authenticate themselves to one another on the first use?

    • Yes, you are missing something. The app doesn't have a built in server, so it needs to use a remote server, same as every other app out there. You can't just "connect the two smartphones together" over the internet.
    • Ad-Hoc networking has been blackballed by pretty much every industry player. The only ad-hocs we get now are bastardized versions like Apple AirDrop, fully locked down.. It requires logging in from both parties and a check in by both parties to the Apple servers.
    • you just need to connect the two smartphones together

      Yeah and for free energy we just need to break the laws of physics. Remember the reason why centralised connections first showed up, because peer-to-peer stopped working when the world collectively screwed up the internet's end-to-end design basis.

      Just remember this. Next time you see someone saying IPv4 is good enough and we can just NAT the NATTING NAT NAT, punch them in the face.

      Then punch them again for me.

  • by PPH ( 736903 ) on Sunday September 18, 2016 @10:10AM (#52911851)

    In the event of a traffic accident, they will demand the records from the server to see if the driver was having an orgasm at the time.

    • Re: (Score:2, Offtopic)

      by iggymanz ( 596061 )

      it can also be used for defense, "the records show my client was in her home self-pleasuring and could not have been having an affair at Mr. Klinton's house during the time period in question. The fact the records show she was shouting Mr. Klinton's name after turning the intensity knob to 11 for the first time is immaterial"

    • I can't wait to see the road safety ads for this scenario.

    • Since when is having an orgasm illegal while driving? Care to cite some actual laws?

  • by Ukab the Great ( 87152 ) on Sunday September 18, 2016 @10:10AM (#52911853)

    is such a dick move.

  • tele-dil-donics tele...
  • She's doin' it at TEN! Ten guys, try to beat that.
  • by Morgon ( 27979 ) on Sunday September 18, 2016 @10:34AM (#52911951) Homepage

    We've talked about this before [slashdot.org]. On its face, collecting information about settings changes, time of use, and duration of use are not inherently sensitive.

    However, the issue (for me) is that it was later learned [slashdot.org] that these reports tie back to a username. Now, obviously a username is arguably non-PII by itself, but there are enough people putting in real information about themselves that it becomes a problem.

    Is it worth a lawsuit? Or more accurately, is this an instance where popular opinion of a manufacturer's "should have known better" will override their own stated ToS/Privacy policies?

    • Maybe it wasn't on the front page last time? I didn't see it. Then again, I don't compulsively check every hour on the hour, so I could have missed it, same as others.
      • by Morgon ( 27979 )

        It was on FP for me at the time; but in any case, it genuinely wasn't meant to be a dupe complaint. I was referencing the previous story for sake of discussion/lead-in to the ending questions.

  • by seniorcoder ( 586717 ) on Sunday September 18, 2016 @10:39AM (#52911971)
    No pair of communications devices "has to share that information".
    Data passed between my wireless mouse and my PC hopefully isn't sent to Logitech or Dell.
    Data passed between my phone and my bluetooth speaker hopefully isn't sent to Bose or Verizon.
    This data is sensitive enough that it should not be shared.
    • by Dutch Gun ( 899105 ) on Sunday September 18, 2016 @01:30PM (#52912687)

      How do you think two arbitrary mobile machines connect to each other on the internet (not just locally)? To connect two machines via the internet, you need to have known IP addresses to talk to, and these phones and devices can't act as internet servers, for a variety of technical reasons, listening for these connections. Anytime you communicate with anyone else in an apparent "peer to peer" fashion using smartphone apps, some central authority is needed to at least make the initial connection.

      The problem is that these companies often can't resist collecting all sorts of personal information, and don't know how to properly secure the data and communications channel (security is hard), and so it ultimately ends up as a privacy nightmare. IoT is a security disaster, but the public still hasn't caught on. There are going to be many cases such as this one over the next few years.

  • by jabberw0k ( 62554 ) on Sunday September 18, 2016 @11:27AM (#52912125) Homepage Journal
    Any nerd should know that if it's not under BSD, GPL, or another free license, and unless you can see the source code for everything, it's probably phoning home constantly. This is what Stallman and EFF warned us about with Treacherous Computing, and anyone who uses a so-called "smart" anything is a willing enabler. Dump these parasites now.
    • Dump these parasites now.

      Yeah! Dump all the people collecting all usage data. Don't provide any feedback for anything ever. Make sure these people have no idea how their products get used. They should just develop things blind.

      Now when you're done with your stupid case of Stallmanism maybe realise that the world isn't as black and white as you internet freedom fighters like everyone to believe and a company collecting usage stats for their own product development under a policy that states that no information is shared with 3rd par

      • by ffkom ( 3519199 )
        "of good benefit to their end user" ... are you trying to make a joke, are you a paid lobbyist, or just incredibly naive? You probably never worked for any company of significant size that offers "web services" or "IoT" of any kind. Because if you had, you'd know that the first three topics on the goal priority lists of such companies are (1) make a profit, (2) make more profit and (3) maximize profit. A topic "good benefit to their end user" either doesn't exist on that list, or might be somewhere like pri
      • by dbIII ( 701233 )

        Yeah! Dump all the people collecting all usage data. Don't provide any feedback for anything ever

        Sometimes it's incredibly fucking obvious that you don't need the data enough to offset the consequences of someone finding you have it.
        This is one of those times.

        See also keeping customers credit card details on file and just waiting for a rogue employee or a hack and those cards getting bled dry.
        If you no longer need the info and the consequences of having it can bite you on the arse then get rid of it.

        These

  • "Fire in the hole!!!"
  • "Sensitive"? Seriously? The jokes just write themselves.

  • A remote control doesn't need fucking logs, and it certainly doesn't need to phone home with them.
  • Women used cucumbers, and they didn't have to worry about sending private information to anyone...besides the neighbors, if they forgot to close the windows first.

  • Multicast is more appropriate for this type of data.
    Time to dust off RFC1112.

  • You'd think with multiple people involved in developing something like this that at least one person would spot the obvious impending shitstorm if it was found out they were recording this data.
    • by Goonie ( 8651 )
      You'd hope it, but there's plenty of evidence that sometimes people just don't think.

      Who would have thought that programming a car to lie to the US EPA was a good idea? Dozens of engineers at VW, apparently.

      • by dbIII ( 701233 )
        In the latter case add a lot of people at GM, who got away with it some years earlier, making the people at VW think they could as well.
        Having an application that sends info home neither has the same financial incentive nor the expectation that it would not matter if they got caught.
  • Sure, privacy...

    Is this toy any good? I mean like in "Xmas present for the SO".

    Appologies to RMS.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...