What do your sex toys say about you?
No, really. If you're one of thousands of people who have recently purchased a networked "smart" vibrator in the past year or so, your sex toys know a lot about you: which settings you like, what time of day you masturbate or have sex, even your internal temperature.
Networked toys—also known as teledildonics—have been touted as the future of sex. They allow partners to control settings from afar using apps or paired, bluetooth-enabled devices. They sometimes respond directly to your body's muscular contractions. They "remember" your favorite patterns of vibration. In short, the new sex toys know users just as intimately as users know themselves.
But a new lawsuit filed in Chicago federal court alleges that some of the innovative sex toys go too far: collecting intimate data without informing customers, not going far enough to protect that data, and leaving products vulnerable to hackers.
The lawsuit, which is seeking class-action status, is against We-Vibe, one of the best-selling networked sex toy products that comes complete with an app allowing partners to use it together no matter the distance between them. According to the Chicago Tribune, the plaintiff said that she bought a We-Vibe in May and used it several times along with the companion app—but was never informed that the company was collecting data.
As the Daily Dot reported Aug. 8, hackers at the Las Vegas Def Con conference demonstrated the device's vulnerability due to its lack of a Bluetooth certificate pin. The hackers were able to break into the We-Vibe and collect data on "intensity" and temperature. They also stressed the risk of a third-party breaking in to control the device: "How do you really know who is making you squirm with pleasure?"
The Daily Dot reached out to We-Vibe's manufacturer, Standard Innovation, for comment—and was told the company has yet to be served with the lawsuit. In a statement emailed to the Daily Dot, Standard Innovation said it was updating the We-Vibe app over the course of the next month to include "new in-app communication regarding our privacy and data practices and a new feature for consumers to control how their data may be used."
There’s been no allegation that any of our customers’ data has been compromised. However, given the intimate nature of our products, the privacy and security of our customers’ data is of utmost importance to our company. Accordingly, we take concerns about customer privacy and our data practices seriously. Over the course of the last few weeks, we have taken steps to further enhance the data security and privacy measures for our product offering. As part of this effort, we have engaged external security and privacy experts to conduct a thorough review of our data practices with a view of further strengthening data protection and privacy for our customers. We are also committed to better communicating our data practices.
The company also posted on its website Tuesday about the updates and the data security review.
Edelson, the Chicago-based law firm that filed the complaint against Standard Innovation, told the Daily Dot that is was their understanding that the company was served with papers yesterday. According to the Chicago Tribune, the lawsuit alleges that We-Vibe's data mining violates the federal Wiretap Act along with two state laws: the Illinois Eavesdropping Statute and the Illinois' Consumer Fraud Act.