The rush to put networked sensors and controllers into sex toys is grounded in foolish, convenient untruths, like the idea that the incredibly sensitive data generated by these systems can be anonymized and then analyzed for insights without exposing users to risk.
The sex tech industry has been a top-to-bottom series of farces and catastrophes. Who can forget the connected sex-toy that allowed for code-injection attacks on a robot you wrap around your genitals; the sex toy that secretly recorded and leaked audio of you having sex; the butt plugs that advertised their existence to passers-by within 30 meters of your home, the sex toy manufacturer that blew off security researcher warnings about its camera-equipped dildos' foundational insecurity?
Sarah Jamie Lewis (previously) a queer cyberpunk security researcher is gearing up for the big bang of shitty networked sex-toys, when the core teledildonics patents (now controlled by a notorious patent troll) expire next year, opening a floodgate for every dildo-maker with a system-on-a-chip and a regrettable overconfidence in their grasp of information security fundamentals.
Along with her is Brad Haines, proprietor of the Internet of Dongs clearinghouse for connected sex-toy security analysis.
Wired's profile of the security community's work on the internet of sex toys is a fascinating case-study in bad security and valiant efforts to remediate it.
People call their private parts private for a reason. And dataspills aren't the only risk here. "The vast majority of these devices have some sort of app that you can invite a person to control the device remotely, but that's an active step," says Brad Haines, a security researcher who under the name "RenderMan" founded Internet of Dongs, a website dedicated to analyzing sex tech security. "The problem is when you think it's just between two consenting people and a third person hijacks it. It's the same motion, same device, but the emotional implications of finding out it wasn't the person you gave permission to? That's when it gets weird."
More than weird. If it's illegal, it's probably just hacking. But intuitively, it feels like assault. Like philosophy and ethics, the law hasn't caught up to the technology.
These companies are new, or new to this game. "They're where the tech industry was 15 years ago. They haven't got a clue," Haines says. "It's not true malfeasance or maliciousness. It's genuinely naïve. They've always dealt with manually operated devices."
The Squishy Ethics of Sex With Robots [Adam Robots/Wired]