“Tease and please with custom vibes you create. Turn on your lover when you connect and play together from anywhere in the world,” an advertisement for the app stated. “Build excitement with secure in-app voice, chat and video.”
Using a feature called “connect lover,” users could exchange texts, control their partner’s device, or engage in videochat. When users would begin using this feature, they would be prompted to “create a secure connection between your smartphones.” However, it turns out that the connection was never actually secure.
Last August, during the DefCon hacker conference in Las Vegas, a presenter hacked a We-Vibe vibrator. While the device was only hackable from a very short distance, as the computer must be within bluetooth range to control it, the prospect was still alarming to users.
According to the lawsuit, manufacturer Standard Innovation, “fails to notify or warn customers that We-Connect monitors and records, in real time, how they use the device. Nor does defendant disclose that it transmits the collected private usage information to its servers in Canada.”
According to the lawsuit, the company obtains information such as the “date and time of each use, the vibration intensity level selected by the user, (and) the vibration mode or pattern selected by the user.” Seeing as the app requires users to provide their email address upon registering, the complaint notes that they could easily “link the usage information to specific customer accounts.”
The lawsuit was filed in September, and in October Standard Innovation made an effort to safeguard users by no longer requiring name, email, phone number, or other identifying information, to the use the app.
The company has now met with the complainants for a full day mediation hearing, and have agreed to prepare settlement papers that are due to the court by January 27. Details of the potential settlement have not been made public.
