Standard Innovations is found guilty of spying on its users. Image: Best Security Search.

Standard Innovation, a sex toy maker based in Ontario, Canada, has been found guilty of collecting user data without their consent. The company did this using their We-Vibe vibrators and We-Connect accompanying app for smartphones.

The controversial case was settled in court after months of legal battle with consumers displeased with the firm’s questionable privacy practices. This episode brings the debate of security in IoT devices to the table once again.

User protection and data privacy are some of the foundational pillars of net neutrality, a notion that is currently threatened by the new U.S. administration and its regulatory bodies. Ajit Pai’s FCC wants to kill guidelines that prevent companies from engaging in this kind of activity.

What happened with We-Vibe vibrators and users?

Last August, it became public knowledge the Ontario company Standard Innovation was collecting data from their users via the We-Connect mobile app and funneling it to their servers.

Hackers at Def-Con in Las Vegas exposed the vulnerabilities of the system around the same time a woman filed a lawsuit against the sex toy maker claiming it had broken consumer fraud and privacy laws.

Standard Innovation sells several personal massagers under the We-Vibe line, including the We-Vibe Rave, the We-Vibe Sync, and the We-Vibe Classic. These devices pair with a smartphone app to allow for a deeper interaction with a partner when using them.

Usage times, dates, patterns, and more were transmitted to the company’s servers in Canada along with personal emails used to create accounts for the mobile app.

What are the consequences of this episode?

As a result, Standard Innovation now has to pay close to $4 million in damages to settle the lawsuit, with a substantial part of that money going towards unsatisfied clients.

Around 300,000 have purchased one We-Vibe vibrator in the past, and over 100,000 have downloaded and used the app. If you did both, then you are eligible to get $10,000 in compensation for your privacy breach.

If you, however, bought only one of the products and didn’t use it with someone else virtually via the app, then you can get up to $199 for the trouble of potentially collecting and exposing your personal information.

Standard Innovation will have to make things clearer and they are allegedly updating their privacy policies and including an opt-out option for consumers who don’t want their data collected.

The ultimate question is if the company shared or sold the information gathered during its time operating on a legal loophole. If they did, then they could be found liable for even more charges and expect some hefty fines on top of an extra sentence.

Source: The Chicago Tribune