It’s not a mistake if it sounds obvious. Rief states that the more well-known brands tend to stick to higher quality standards and do their best. However, it was your own standards. “But there are many cheap products produced in China because no one’s stopping you.” While the ISO standards won’t stop subpar toys from being made, they provide high-end sexy toy manufacturers with a way of distinguishing their products from the rest. The majority of this growing market is supplied to cheap “white-label” manufacturers that either build simple gear for multiple retailers or contract to make toys for small businesses.
Jen Caltrider is the Mozilla Foundation’s lead for its cybersecurity reviews program Privacy not Included. Jen says that white-label manufacturers aren’t subject to standards and this can be seen with sex toys too. ISO and other standards-setting organisations don’t have the power of law or government regulation, but testing companies may provide certifications. These standards make it easier for manufacturers and suppliers to reach an agreement on safety and quality levels. They also allow them to communicate to the public that they are following the standards.
The emphasis on fit and finishing meant that cybersecurity was left out of the decision-making process. “They discussed it but it wasn’t included specifically because it was complicated and generally covered under local regulations,” Rief said. For example, something like the General Data Protection Regulation in Europe might address privacy concerns. Ironically, this is because We-Vibe, a WOW Tech subsidiary agreed to a $3.75million settlement in class action lawsuit alleging that its vibrator connected app collected and retained user data without their consent. Caltrider from Mozilla says We-Vibe has improved its security since then. “We had this suit and tried to learn from it,” Rief said. “We now have our own app team and agencies that hack the app.”
It is possible that privacy and security are not a top priority for many sex toys buyers. Carol Queen, staff sexologist at Good Vibrations and a long-time supplier of toys, says that although it is impossible to know for certain that all companies making or distributing toys will take this seriously, I believe they will. Regardless of how much emphasis these stores place on safety, let’s just say that their customers tend to value price and design. Queen states, “The people who don’t care likely will not continue to care.” While sex toys may be illegal in certain countries, some countries also criminalize sexual behaviors that could be tracked by devices. Many people are already aware that smart speakers and phones collect personal information; sex toy products here.
The Fast Forward Newsletter will show you what’s next in tech
Sign up to receive the most recent news on artificial intelligence, self-driving vehicles, and transformed cities.
However, people need to care more. Major businesses, such as We-Vibe and Lovense are already following security norms, including strong passwords and encryption. Sometimes, smaller companies don’t follow these rules. It’s also a hot topic for privacy-conscious people. Caltrider claims that Mozilla’s privacy project, which reviews hundreds of products, receives more traffic to its sexual toy write-ups website than any other device.
Privacy is not the only concern. Consider the new standards’ indirect reference to vibration. Haines states that a manufacturer might specify the motor that they want to generate low-frequency vibrations. Then, they set a software limit so that the app could only tell the device to increase the speed to 50 percent. However, that doesn’t mean that the chipset can’t be commanded to increase its speed to 100 percent. That would make a user very nervous. Haines adds that they account for a certain draw when designing the device. If you give lithium ion batteries too much draw, they can catch fire. No one wants to see their sex toys being controlled by someone who isn’t authorized. This could be a violation at the minimum and an assault. Security provisions must account for all types of consent.
These risks are not just hypothetical. A British cybersecurity company discovered that the Cellmate Chastity Cag, an app-controlled metal enclosure that locks around someone’s penis, used Bluetooth to lock and unlock it. However, the company Qiui, Guangdong, stored data such as location and a unique device identification on its servers. Security researchers warned that hackers could alter the control to prevent the device’s unlocking. At this point, bolt cutters and angle grinders would be required. Although the company updated the app, a previous version of the API was still online. A hacker apparently tried to exploit the vulnerability and demanded that customers in chastity cages pay for it. It’s unclear if anyone was wearing their Cellmate at the time of the lockdown. To be fair, new ISO standards state that all locking devices must have a way to unlock them manually.
Engineers who depend on standards such as the ISO put out may also see a reason to keep these kinds of issues separate from those specific to sex toys hardware. Perhaps battery standards should be applied to all connected, rechargeable devices. Broader internet-of-thing regulations could combine cybersecurity . It’s evident that the functions and uses of sex toys have changed. People are more creative. It will be necessary to adapt the rules.