You Could See This One Coming: Vibrator Company Sued for Tracking Usage

SETTLEMENT UPDATE: A Canadian sex-toy manufacturer, We-Vibe, has been ordered to pay out almost $3 million to customers who bought a “smart vibrator” that tracked owners’ usage without their knowledge. Each customer who used the associated app will be paid $7,433, and customers who bought the vibrator but never used the app can claim up to $147. READ MORE

___________________

For many years this blog has been raising awareness of the intimate nature of vulnerabilities that are created by connected devices on the Internet of Things (IoT) (hacking a toilet, hacking other devices). This latest about the We-Vibe sex toy is no surprise but, as explained below, the concern over shame hacking is no laughing matter.

• Read the Lawsuit Complaint
• Imagine the privacy concerns over these sex robots

Today’s Law 360 leads with an article about a recently filed privacy lawsuit: Vibrator Gets Too Intimate By Tracking Usage Info, Suit Says (paywall). According to the article,

The company behind a vibrator that can be controlled remotely using a smartphone app has been accused of privacy violations in an Illinois federal court suit contending the sex toy purveyor collects intimate information like when and on what settings the device is used.

The defining feature of Standard Innovation Corp.’s We-Vibe sex toy is an app that can control the device from near or far, letting a user change vibration modes from their phone or allow a far-flung partner to take the reins, according to a proposed class action filed earlier this month.

But, a consumer identified as N.P. alleges, Standard Innovation programmed the We-Connect app in a way that doesn’t vibe with the device’s intimate nature. With no warning to consumers, the app monitors and records how they use the device in real time, tracking ultra-personal details like the date and time of each use, the chosen vibration intensity and pattern, and the email addresses of users who registered with the app, the complaint contends.

Shame Hacking – The Real Concern

With the trend towards shame hacking that we have seen with the recent Brazzers Porn Site Hack, Ashley Madison Hack, and the Sony Executives Emails Hack, it is no surprise that people are concerned about data of this nature being collected without their knowledge. In shame hacking cases, when hackers obtain data they often try to monetize it by extorting payments from those who would otherwise wish to keep the data private.

With a device like this tracking the date and time of use, the intensity and pattern of how the vibrator was being used, and the email addresses of the users, just imagine the possibilities of how a hacker could use this information to extort users. Think beyond the embarrassment of it being made public that you even have the device.

Think back to the heightened level of shock when we learned of the timing of the Bill & Monica exploits that were taking place while he was on telephone calls … and imagine how similar “timeline” type information could be used against a company CEO who just so happened to be quietly listening in on a conference call at the same time this little device was in use …

That is why it is so important for consumers to understand how and what kind of data from their connected devices is being collected and how it could later be used — often times against them. As we move faster into the world of IoT, we must always be cognizant of the truism that for every great new innovation that makes our lives better, if it is “connected” that means it creates a data trail and that data is going somewhere and somebody will have access to it.