Can a sex toy spy on you?

A Canadian sex-toy maker has been accused of tracking data on the intimate habits of thousands of its customers.

The Ottawa-based company, Standard Innovation, has agreed a collective payout up to a total of C$4m (£2.4m) for users in the US, where the lawsuit was filed.

But where does that leave other sex-toy users?

Are there new forms of protection that people should now consider?

In Standard Innovation's case, an app was at the root of the problem.

The We-Connect app connected to its We-Vibe vibrator, and the data collected was sent back to the company, including details on temperatures, settings and usage.

A class-action lawsuit was filed in September 2016 by customers who alleged the company violated their privacy rights.

This week, the company agreed its payout for US customers who bought the product before 26 September last year.

Under the deal, those who used the We-Connect app will be paid up to C$10,000 each.

Customers who bought the toy, but did not activate the accompanying app, will receive up to US$199 each.

The settlement only applies to customers in the US, and Standard Innovation says it has since enhanced its privacy notice and app security.

According to Ann Summers, a British retail chain that specialises in sex toys, the market is becoming increasingly hi-tech.

"Our company has been around since the early 1970s," said spokeswoman Kyrsty Hazell-Page. "Back then, products didn't even vibrate. Then they moved from battery-powered to USB-charged, then came apps and now virtual reality is the next big thing."

The We-Connect app allowed users to control the device's intensity via their mobile phone.

It also enabled a user to allow another user to activate the product from afar via Bluetooth technology.

Standard Innovation said the data it collected was for market-research purposes, but some users felt violated, as the information is particularly personal.

The lawsuit also voiced concerns that the information could be linked to the email address they provided to the company.

The company has since said there has been no breach of our customers' personal information or data.

It says it has also changed its privacy practices, and says "data is used in aggregate and anonymous form that does not personally identify any individual".

At Ann Summers, Ms Hazell-Page said the industry was learning from the case: "We have to be really mindful as it is really important that we protect customers' safety and data in everything we do."

The retain chain, which sells We-Vibe products, said, "We are satisfied with the security changes undertaken by them in September".

Two hackers at Def Con, a US hacking convention, gave a talk at the August 2016 event called The Internet of Vibrating Things, in which they demonstrated how data is sent from the We-Vibe device to Standard Innovation.

The pair, who go by the names of Goldfisk and Follower, also showed how third parties could intercept the data, or even take control of the vibrator and commit what they called "potentially sexual assault".

"Cybersecurity issues are now in all area of life," said cybersecurity specialist Jessica Barker, who runs website Cyber.uk.

More and more products are being invented with internet compatibility, from light switches to fridges, creating what has called "the internet of things".

"In general, the more connect we are the more this opens us up to vulnerabilities, which all sorts of people could take advantage of," said Ms Barker.

In the US, parents have even been warned about the possibility of baby monitors being hacked.

New EU data-protection laws are expected to have an effect, as, from May 2018, companies could face huge fines if they misuse personal data or fail be transparent about its usage.

The law is designed to protect EU citizens but companies based outside the union will also have to comply if they are serving EU consumers.

Earlier this month, the Wikileaks website published allegations that the CIA had developed ways to listen in on smartphones and smart-TV microphones.

However, Ms Barker says intelligence agencies "do not have the resource or the will" to be monitoring the average person's sex life.

"What people need to be more concerned about is cybercrime," she said. "If a product can take video footage, this could be used to extort you. We have seen this already in what we call sextortion cases."

This is when a person consents to sending someone sexual images but the recipient turns out to be a fraudster, or possibly part of a criminal gang, who then threatens to release the footage unless they receive a payoff.

Clicking on a suspect file sent via email can also lead to malware infecting a computer, and could allow someone to hack into the machine's camera.

This is not a new crime. One of the most famous cases came in 2013, when Jared James Abrahams, a 20-year-old computer-science student from California, hacked and threatened two dozen women, including a winner of the Miss Teen USA beauty pageant. He was later sentenced to 18 months in prison.

Ms Barker recommends covering the camera lens on your laptop, either by using a sticker, a piece of tape or a widget sold for this purpose.

Even Facebook founder Mark Zuckerberg is thought to take this precautionary measure.

Kellyanne Conway, an advisor to US President Trump, was mocked earlier in the week for comments suggesting that microwaves could be used as cameras to spy on people.

"I'm not Inspector Gadget," she later told US news network CNN. "I don't believe people are using their microwave to spy on the Trump campaign. However, I am not in the job of having evidence."

Technology website Wired looked into the matter and concluded: "Microwave ovens are not an effective spy tool."

Wired referred specifically to the idea of microwaves as cameras. It said the microwave would have to have an outward-facing webcam built into its design before it could be taken over by outside forces.

There are no known microwaves with webcams on the market.

However, the idea has been mooted on online forum Reddit, where a user once asked, external if one could be created so that you could check on your dinner from a device in another room.