New Sex Toy Standards Let Some Sensitive Details Slide

It's not a mistake if it sounds obvious. Although the bigger brands are more well-known, they tend to stick to quality and do their best. But it was standards that you set for yourself, Rief states. There are many cheap products made in China, and nobody is stopping them. However, the ISO standards give high-end sex toys makers an opportunity to differentiate their products from the rest. The majority of the market's growing demand is supplied to white-label, cheap manufacturers that either make quick-and-dirty equipment for multiple retailers or contract to create toys for small businesses.
White-label manufacturers are not subject to any standards. This is also true for sex toys. Jen Caltrider is the Mozilla Foundation's cybersecurity review program Privacy Not Included. ISO and other standards-setting organisations don't have the power of law or government regulation, but testing companies may provide certifications. These standards make it easier for manufacturers and other stakeholders to reach an agreement on safety and quality levels. They also allow them to communicate to the public that they are following the standards.

The emphasis on fit and finish meant that cybersecurity was left out of the entire process. It was discussed, but not because it is complicated or generally covered under local regulations, Rief states. For privacy concerns, something like the European General Data Protection Regulation could be a solution. Ironically, this is because We-Vibe, a WOW Tech subsidiary, agreed to a $3.75million settlement in a class-action lawsuit in 2017. This was in response to claims that its vibrator-connected application collected and stored user data without their consent. Mozilla's Caltrider claims that We-Vibe has improved its security since then. Rief said that we had to deal with this lawsuit and learned from it. Today, we have our own app team and agencies that hack the app.

It is possible that privacy and security are not a top priority for many sex toys buyers. Although I don't know for certain that all toys companies will take this seriously, I believe they will. Carol Queen, a staff sexologist at Good Vibrations and a long-time supplier of the same, said that she believes that they will. Regardless of how much emphasis these stores place on safety, let's just say that their customers tend to value design and price more than material safety. Queen states that those who don't care will likely continue to care. While sex toys may be illegal in certain countries, some countries also criminalize sexual behaviors that could be tracked by devices. Many people are already aware that smart speakers and phones collect personal information; sex toys may be no exception.

People should be more concerned. Major businesses, such as We-Vibe and Lovense are already following encryption and requiring strong passwords. Sometimes, smaller companies don't. It's a very hot topic for privacy-conscious people. Caltrider claims that Mozilla's privacy project, which reviews hundreds of products, receives more traffic than any other type of device to its sex-toy write ups.

Digital control and external communication are a new game.

Privacy is not the only concern. The new standards make a vague reference to vibration. Haines states that a manufacturer might specify the motor that they want to generate low-frequency vibrations. To make it more efficient, they set a software limit so that the app can only tell the device to increase the speed to 50 percent. However, that doesn't mean the chipset can't be commanded to go to 100 percent. Haines says that when designing the device they account for a certain draw from the battery. If you give lithium ion batteries too much draw, they can catch fire. No one wants to have their sex toys controlled by someone who has not consented to a violation of the law, or even an assault. Security provisions must account for consent of all kinds.

These risks are not just imaginary. A British cybersecurity company discovered that the Cellmate Chastity Cagean app controlled metal enclosure that locks around a person's penisused Bluetooth used to lock and unlock the device. However, it stored data such as location, time, and an unique device identifier on Qiui servers in Guangdong. Security researchers warned that hackers could alter the control to prevent the device unlocking. At this point, bolt cutters and angle grinders would be required. Although the company updated the app, a copy of the API was left online by a hacker who reportedly attempted to exploit the vulnerability. He demanded that customers in chastity cages pay before they could be released. It is not clear if anyone was wearing their Cellmate at the time of the lockdown. To be fair, new ISO standards state that locking devices must have a way to unlock them manually.

Engineers who depend on standards such as the ISO put out may also see a reason to keep these kinds of issues separate from those specific to sex toys hardware. Perhaps battery standards should be applied to all connected, rechargeable devices. Cybersecurity could be addressed by broader internet of things regulations. It is clear that the functions and uses of sex toys have changed. People are more creative. It will be necessary to adapt the rules.

Here are more great WIRED stories