Oniondildonics: Securing Sex Toys Using Privacy-Preserving Protocols

Introduction

A few weekends ago at least 5 people who follow me on Twitter connected to my vibrator through the Tor network. After connecting they were able to issue commands to my vibrator and cause it to vibrate or switch off. They were also able to read the battery indicator.

I even had a few journalists connecting to my vibrator.

Why Did You Do This?

I believe that technology should be consensual by default, and there is a very clear example of a set of technology that really should be consensual by default but that isn't - sex tech.

All sex tech devices currently on the market that feature remote interaction rely on communication mediated by a server. This server is almost exclusively owned and operated by the manufacture of the device (or related associates).

This server has direct access to the content of play sessions between partners, and even if manufactures took steps to provide end to end encryption for this content (they often don't) the servers would still be able to derive metadata of sessions e.g. which partners engaged in remote sex, when for how long etc.

I don't want corporations knowing who my sexual partners are and so I wanted to demonstrate that such an architecture was not necessary, and that these devices can be consensual by default.

I have long been a fan of the ricochet protocol - a peer to peer, metadata-resistant messaging protocol based on tor onion services. So I set out to prototype a remote sex architecture using Ricochet.

Architecture

Overall communicating with a vibrator over Tor is pretty simple...



Practically all connected sex toys on the market today use bluetooth LE to connect to a remote control or a phone application.

I first reverse engineered this protocol which allowed me to talk to my vibrator.

The device is connected via bluetooth to a computer running a program using the oniondildonics library. This program also creates a Tor hidden service running a ricochet server.

The ricochet protocol has a number of steps which we will outline here for reference and future discussion:

  • Authentication - During this step the client is asked to prove its identity by completing a cryptographic proof using its public key.
  • Authorization - Once authenticated, if the client is known then the server may accept/reject the client based on its identity. If the client is not known then the server may wait for a contact request or simply reject the client.
  • Messaging - Once Authorized the client and the server may setup communication channels within the ricochet protocol and send messages to each other.

This architecture has a number of benefits when it comes to enforcing & protecting consent.

For example, by setting the contact manager to only allow partners with specific ricochet identities to connect, they can lock down and ignore any new contact requests, ensuring that only people who they have pre-authorized and who have access to specific ricochet keys can participate in play sessions.

Another possibility is generate a new ricochet identity for a one-time play sessions - once the session is over the ricochet identity can no longer be used to control the toy. This is a very useful properties for those who like or need to engage in remote sex in a public or semi-public context e.g. those on cam sites - and ensures that they do not have to provide any long term public identifiers.

All connections & messages are encrypted from end-to-end and the metadata resistance of onion services mean that there are no service providers in a position to spy on or record sexual activity between partners. The only people who know they are involved an an intimate activity are the people who are in it.

Future Work

As sex tech improves it may be possible to eliminate the bluetooth the connection entirely and integrate the ricochet connection within the device itself.

The code is online, and is a very rough outline of this experiment; there are plenty of opportunities for improvement, including implementing the contact management & long term play relationships discussed above.

Overall, I hope this experiment inspires more people to come up with novel ways of using onion services and the ricochet protocol as well looking for ways to make our world more private & consensual by default.

Note: This research could not exist without our supporters, and we hope we can continue to deliver new insights, research and technology in the future. To help us do so, please support us