Long-distance lovers, rejoice! And despair. The recent expiration of a teledildonics patent means more sex toys will be able to connect remotely. But don’t go rushing in – security standards leave much to be desired, despite collecting the most sensitive of data.
Last week, US patent 6,368,268 expired. The patent described – complete with amusingly dry drawings – remote control of sex toys using digital computer networks. The patent was sold in 2015 to a litigious troll called Tzu Technologies, which sued a series of startups, leading the EFF to dub it stupid patent of the month.
Though plenty of companies coughed up to license the patent, the expiration will mark a major change in the industry, says Kyle Machulis, a sex-toy expert who runs Metafetish. "While this patent was ostensibly focused on remote sexual interaction, it was being used as a sledgehammer against any company that might possibly develop extensible sex hardware." For example, Comingle shut down after legal threats against its crowdfunded educational sex toy. “This isn’t an industry with a lot of money, so even the threat of a lawsuit was enough to cause companies to fold right then and there,” Machulis adds.
Jakub Konik, founder and CEO of Lovely, says his own startup’s product development was held back because of the patent. “We just decided that we do not have the money to do it and decided to wait,” he says. “The pricing was kind of a pain in the ass, to be honest.” Lovely is sending out an over-the-air update to older products to enable remote controls, and has a new toy set for release soon – expect plenty more to hit the market offering long-distance interaction.
While the coming flood of remote-controlled sex toys may be welcome, it raises security concerns. “If we start to see more devices on the market, I fear we will see a new wave of security and privacy issues,” says Sarah Jamie Lewis, an independent privacy and security researcher and executive director of the Open Privacy Research Society. “Most sex tech devices and associated software are awful from a privacy, and often security, perspective.” They collect too much sensitive data, such as who you’re having sex with, and aren’t doing enough to protect it, with Lewis noting plenty don’t even use basic security like TLS to encrypt communications.
Read more: Smart dildos and vibrators keep getting hacked – but Tor could be the answer to safer connected sex
Last year, Canadian sex toy maker We-Vibe was hit with a privacy class-action suit that led it to pay a settlement of £3 million, about £6,000 to each of its customers, after it was revealed the company’s connected vibrator collected sensitive user data, including when they were used, vibration settings, and more, linking it all to user email addresses.
On the security side, researchers have revealed connected sex toys are trivial to hack, making that data collection all the more problematic, but it’s not only hacked or leaked information that we need to worry about, warns Lewis. “One of my biggest concerns is if that infrastructure is compromised in a larger way then we could see attackers manipulating partner match ups, and people might be controlling devices that they don’t have the consent to control,” she says.
It’s a horrifying thought, and given such implications, sex tech could, and should, lead the wider technology industry with state-of-the-art privacy protections, Lewis says. That could include group key exchanges to create trusted setups for multiple partners, using cryptocurrencies to avoid financial censorship, and using pluggable transports to disguise network traffic, “to make all sex tech related network traffic look like regular traffic – or, maybe even better make all regular traffic look like sex-tech traffic.”
Lewis would also like to see metadata resistant protocols used to connect partners using such devices, rather than connecting via a company-owned server, the way sex toys and other smart tech are usually controlled. That would stop companies from collecting – and inevitably leaking – sensitive information, she says. Projects such as Metafetish are working on open-source drivers for common teledildonic products, she adds, but it remains difficult to set-up such a system yourself without some technical expertise.
But it shouldn’t be above the capabilities of sex-tech companies, many of whom have been waiting for the remote patent to expire and have had plenty of time to consider security and privacy best practice. MysteryVibe CEO Stephanie Alys says the company’s Crescendo vibrator has technically been able to handle long-distance controls, as the company paid to license the teledildonics patent. But the company has waited to release that feature, focusing on securing its server and infrastructure first. “We have been working out all the scenarios and user journeys to make sure they have security by design, and are as watertight as possible, rather than as an afterthought,” she says.
Konik says his own company kept a close eye on the We-Vibe incident in order to learn from their rival’s missteps. “We even looked at the court documents after the case was settled,” he says. “And we improved everything in our systems in order to prevent such things from happening.” He adds that the main mistake was WeVibe’s privacy policy, with Lovely aiming to collect as little data as possible to avoid such leaks. Indeed, alongside having the best security and privacy technologies, smart sex toy makers should have the most robust privacy policies. The less that’s collected, the less that can be abused, after all.
The sex-tech industry should resist the rush to release remote-control sex toys now the teledildonics patent is expired. “Just because the teledildonics patent will lift, it doesn’t mean this should be a free for all without any thought,” says Alys. “Now, as the patent lifts, we’re interested in exploring and innovating, but want to make sure we (and others) don’t rush into it just because it’s now more possible. It’s a time during which we should really experiment, test out functionalities, and be patient until the right sort of innovation is executed, rather than repeating the mistakes that have been made.”
This article was originally published by WIRED UK
