Trustmark Progress Log for May 2018

What has been happening with the ThingsCon trustmark project? We are committed to developing this and learning out in the open. Learn more about this project on the ThingsCon IoT Trustmark page. You can read all other trustmark updates on the ThingsCon blog or over on the ThingsCon channel on Medium. This research is conducted as part of my Mozilla Fellowship.

Progress & activities

  • Meetings and conversations with folks from Ranking Digital Rights, The Digital Standard, Doteveryone, #iotmark, Consumer Reports, University of Dresden and others to see where our work aligns and where there might be synergies. Looks like we're in the right place at the right time.
  • Started working with Pete Thomas (of University of Dundee & design studio Tom Pigeon) to develop a visual identity and a name for the trustmark.
  • Met with some ThingsCon allies to the ThingsCon Salon Antwerp to informally discuss collaborations, and started spreading the word there.
  • Setting up a trustmark-themed ThingsCon Salon Berlin for the summer with special guest & fellow MozFellow Jason Schultz of NYU.
  • Got myself a Google AIY Voice kit and a kit and started playing with them. Will get some other voice & AI kits for comparison to get a better understanding of how they'd fare regarding the trustmark criteria.
  • Started opening up the early draft/prototype stage checklist for the trustmark over on gdocs.
  • Updated the trustmark presentation (embedded below). Slowly but surely it's all coming together!

Upcoming events/appearances

  • As part of Dundee Design Festival, collaborators and fellow Mozilla fellows Jon Rogers and Julia Kloiber are hosting a workshop on voice & IoT including some trustmark goodness.(Details on the Dundee Design Festival site.)
  • In July, we'll dedicate a ThingsCon Salon Berlin to trust & tech & trustmarks with Jason Schultz of NYU, among others. More details soon, keep an eye on the events page.
  • I'll be passing through NYC in June with a few open slots in my calendar. If you're working on something relevant to this work, say hi!.

Next steps

  • Looks like we'll have some complementary academic research into how a trustmark might impact user behavior around voice assistants courtesy. More on that soon.
  • Flesh out the trustmark criteria and gather more feedback on the draft.
  • Continue working on visual identity and name for the trustmark, and with a legal expert to think through how we can make the trustmark pledge legally binding.
ThingsCon Log: Dancing drones, drug drones, deadly drones

Hi there! How are you today? 🌈


Last minute shout-out to ThingsCon Salon Antwerp that will take place TOMORROW (8 May). The theme: Ideation for IoT. The stellar speaker line-up includes Alexandra Deschamps-Sonsino, Anthony Liekens, Albrecht Kurze, Dries de Roeck and Harm van Beek—and I'm super happy to be MC'ing the evening.

Also this month we'll have ThingsCon Salon Eindhoven (17 May) is under the theme Make your home work for you and has a workshop, as well as talks by Tijmen Schep & VanBerlo & a soon-to-be-announced third speaker, pitches, and more.

Also, the videos from ThingsCon Salon Cologne (6 April) are up.


A quick note that we've started posting regular updates on our trustmark project for IoT right here on our blog in the /trustmark/ category.

There you'll find general updates, project progress, ways to get involved, and media appearances like our op-eds in Offscreen Magazine (print only) and Netzpiloten or a mention in Wall Street Journal (alas, paywalled).

We're also posting these updates over on the ThingsCon channel on Medium.


Are you on Slack? Drop us a line with your email address and we'll be happy to see you in the ThingsCon backchannel on Slack ( And as always, for any news follow us on Twitter.


Stacey Higginbotham is rethinking the smart home in 2018: "I feel like we’ve hit a wall. (...) I am officially changing my tune. For most people, the DIY smart home is not going to be something they easily and enthusiastically adopt, like, say, smartphones. (...) And I’m not going to call it a smart home, because basically what these vendors are going to offer is the convenient home. (...) We’re going to have to continue waiting for a home that truly reacts in an intuitive way to our needs and expectations."

Drones, drones, drones: Dancing drones. Drug drones. Deadly drones.

The Radical Frontier Of Inclusive Design. Great to see VR used for inclusive design for once.


The #iotmark initiative by Alexandra Deschamps-Sonsino and Usman Haque is going to have the next physical meetup in London soon (13 June). Sign up on Eventbrite.

Have a fantastic week!

On behalf of the whole ThingsCon team,

Your scribe Peter

PS. Think a friend or colleague would enjoy this newsletter? Feel free to pass it on! 🙏

Image: Reuters/CCTV

Trustmark Progress Log for April 2018

What has been happening with the ThingsCon trustmark project? We are committed to developing this and learning out in the open. Learn more about this project on the ThingsCon IoT Trustmark page. You can read all other trustmark updates on the ThingsCon blog or over on the ThingsCon channel on Medium. This research is conducted as part of my Mozilla Fellowship.


Progress & activities

  • Started work on the visual identity of the trustmark with Pete Thomas of University of Dundee & Tom Pigeon fame.
  • Started looking into legal requirements and options to make the trustmark pledge binding.
  • Lots of conversations with allied orgs to explore opportunities to collaborate and to align efforts where possible.
  • Been refining the trustmark dimensions, especially the wording to convey more concisely what each dimension means. A rare moment of excellent feedback from Twitter, no less! The one worth pointing out is that the category formerly known as sustainability (cfkas) is likely to be labeled stability. This conveys the intersection of reliability and longevity and resilience better.
  • Updating the trustmark presentation (I'll publish the updated version very soon) and first presented it at an internal Mozilla meeting.
  • Arranging the first round of feedback workshops to gather feedback on the trustmark, the first one at Antwerp.

Upcoming events/appearances

  • Feedback gathering workshop, May 8th in Antwerp, before the ThingsCon Salon. (Details TBD.) Ping me if you happen to be in town.
  • Trying to see if we can host something in NYC in June as I'll be passing through. Unclear as of yet!

Next steps

  • Find a snappy name for the trustmark project
  • Refine the partnership & participation pathways
  • Work out the questionnaire/checklist for evaluating each trustmark dimension
ThingsCon Salon Cologne (6 April 2018) Talks

The latest edition of the ThingsCon Salon in Cologne was all about Trust, Cities, and Data in the IoT. It featured to wonderful speakers, an interesting and diverse crowd, and lead of great discussions.

First off was Aline Shakti Franzke, an ethicist and philosophy’s specialized in philosophy of technology. She presented the Data Ethics Decision Aid, an interactive framework and tool for organizations to discover, discuss, and evaluate ethical challenges when dealing with user’s data, and provide quite a few telling insights on its application in the field of smart and connected cities.

After a great discussion around weighting cost and benefits of open and collective decision processes, we went on to the second talk of the night.

Joining us from Zurich we were extremely happy to have Thomas Amberg (@tamberg) with us, a long-time ThingsCon friend and supporter, and a core contributor to the #iotmark, an open certificate for connected products. Thomas shared the history of the #iotmark initiative and of course provide some deep insight into its criteria - from privacy, to security, openness, and reliability of connected services. It was an incredibly packed and very interesting dive into the challenges of making things connected and building businesses on top of that. You can find his slides right over here and watch the talk below.

We are grateful to the wonderful community that joined us, and of course our partner Denkwerk, who helped make this Salon come to life. The next ThignsCon Salon in Cologne will happen in late May, stay tuned and/or follow @jimmiehu to learn when and where exactly.

Simon Höher
ThingsCon Log: Smart Home Surveillance, Trustmarks, OMGDPR

Hi there! How are you today? 🌈


Short and sweet:


You know we're exploring a potential trustmark for IoT, and Mozilla supports this work through Peter Bihr's Mozilla IoT Fellowship. So we set up a trustmark project page on

The project is a work in progress and subject to frequent and ongoing change, and this page is the best starting point to follow these efforts and learn more.

Also, things are picking up some steam with a first (draft stage) slide deck, an interview with the WSJ's Jeff Stone, a shout out in Mozilla's Internet Health Report, and some upcoming workshops—the first one at ThingsCon Salon Antwerp (see above). Where can you find links and more on all of these things? That's right, you'll find everything on 👉 The Trustmark Page 👈.


Are you on Slack? Drop us a line with your email address and we'll be happy to see you in the ThingsCon backchannel on Slack ( And as always, for any news follow us on Twitter.


The House That Spied On Me (Gizmodo) is both entertaining and a little worrying/saddening:

I had to download 14 different apps to my phone to control everything, which meant creating an account for each one of those apps. (Yes, my coffeemaker has a log-in and a very long terms of service agreement.) After setting them up, I thought I’d be able to control all the devices by issuing voice commands to Alexa via the Echo—the smart speaker that we’ve been using for the last year as a glorified timer and music player— but this did not go as well as I had hoped. (...)

I thought the house would take care of me but instead everything in it now had the power to ask me to do things.

Speaking of problematic relationships with smart homes, David Meyer's Connected Rights newsletter has this to say about Chinese government plans to connect public space CCTV and smart home devices for their facial recognition capabilities:

According to Radio Free Asia, that includes a surveillance platform called Sharp Eyes that can "link up public surveillance cameras and those installed in smart devices in the home, to a nationwide network for viewing in real time by anyone who is given access."

We all know the old platform phrase "build it and they will come"—which of course was never true. However, alas, "build it and someone will find a way to abuse it" might be truer.


OMGDPR! In Berlin (21 April), Chris Adams hosts an unconference about the impact of GDPR. We'll be there.

Have a fantastic week!

On behalf of the whole ThingsCon team,

Your scribe Peter

PS. Think a friend or colleague would enjoy this newsletter? Feel free to pass it on! 🙏

Peter Bihr
Trustmark featured by WSJ

We're happy that our Trustmark for IoT project is getting a lot of attention—despite it being very early days.

Just this week, we got two (and a half) mentions:

  • Mozilla's Internet Health Report mentioned our research as part of an IoT spotlight. (The trustmark work is supported by Mozilla through a fellowship.)
  • The Wall Street Journal's Jeff Stone interviewed me for the WSJ's Pro Cybersecurity newsletter (paywall): "IoT Security Push Includes New Mozilla-Funded Open Source Project"
  • And Bruce Sterling tagged my presentation on his blog.

Here are some relevant passages from the WSJ interview:

If organizations and individuals are going to work to ensure the next generation of connected devices is manufactured with cybersecurity and user privacy in mind, they are going to have to work together. Teamwork and transparency are two of the guiding principles of a new open-source project that aims to communicate the data practices of Internet of Things device-makers in an understandable way. The “Trustmark for IoT” project is funded by the Mozilla Foundation, a non-profit organization that leads the Mozilla software project and helped develop the Firefox web browser. “Trustmark for IoT” is in the very early stages, but is meant to establish a standard way in which consumers assess the risk associated with a connected device based on five dimensions: privacy and data practices, transparency, security, openness and sustainability, said Peter Bihr, the Mozilla fellow leading the initiative.


“We’re going to choose the most open model possible because this standard is absolutely something that will need to be peer-reviewed and change over time,” Mr. Bihr said of his own fellowship.

This is an aspect we haven't talked about much until now: At this stage I'm coordinating this effort somewhat centrally, but the goal is for this to be as decentralized and open as possible. This includes sharing our findings, learnings and failings openly so others can learn from them; Structuring the trustmark in a way that guarantees it to be free to use; And allowing for true peer review not just in the early stages but especially as the project matures.

We aim to make everything as open as possible, within reason: Having to move quickly means the approach will by necessity be a pragmatic one, and we'll have to work with that reality. That said, for every context we'll find the most appropriate way to open up what we draft here, from our presentations to documentation to research.

There are still lots and lots of questions, but we're also having ongoing conversations galore, and so far been seeing a lot of interest. We're just a step or two away from starting to formalize a little the way we can interface especially with larger organizations.

Until then, we hope that we can put the media attention to good use. If you're a journalist and wouldd like to discuss this, please get in touch.

Trustmark: Updates 04/2018

As you may already know, we're exploring a trustmark for IoT: A kind of consumer protection mark that empowers consumers to make more informed decision through better transparency of connected products and the practices that shape these products.

This work is done by Peter as part of a Mozilla Fellowship blog post about the fellowship and builds on a report we compiled for Mozilla in 2017 (Report: A Trustmark for IoT)

This is a work in progress. We will update our IoT Trustmark page regularly to collect and share our learnings (and failures!). Here are good starting points to dig deeper (most current up top):

We've been posting these updates over on the ThingsCon Medium channel. We'll make sure that they also are linked from here.

ThingsCon Salon Berlin (4 April 2018) Presentations

We just had a ThingsCon Salon Berlin with two fantastic speakers: Cathleen Berger and Chris Adams. Both explored various aspects of GDPR and what it might mean for responsible IoT.

Cathleen Berger: Privacy & IoT

Cathleen Berger is currently leading Mozilla's engagement with Global Internet Fora. In this position, she is tasked with identifying emerging trends around privacy and security, digital inclusion and literacy, openness and decentralisation in order to remain aware and ahead of global tech policy developments. Moreover, she is participating as an expert in the Transatlantic Cyber Forum, looking in particular into encryption and government hacking. Prior to this, she worked within the International Cyber Policy Coordination Staff at the German Foreign Office where she was in charge of divising strategies for Internet Governance, promoting human rights and freedom online, as well as drafting policy concepts for capacity building and digital development.

Learn more: bio, twitter

Chris Adams: OMGDPR

Chris Adams is an environmentally focussed tech generalist, spending the last ten years working in tech startups, blue chip companies and government, as a user researcher, product manager, developer, sysadmin and UX-er. He runs Product Science, a small product development consultancy, and lives in Berlin. In 2017 he created the Planet Friendly Web Guide, to help people who build the web build greener digital products and services. Chris is the instigator of OMGDPR, a community-run, open space event in Berlin for practitioners who build digital products or services, to learn from each other about GDPR will affect their organisation, and by extension, how they work.

Learn more: website, twitter.

Our thanks to the speakers & to Mozilla Berlin for hosting us in their lovely office.

As always, you can find all our upcoming events on and by following us on Twitter (@thingscon).

Peter joins the Mozilla Fellows Program

We're very happy to share that Peter Bihr is a Mozilla Fellow for 2018. Through this fellowship, Mozilla supports the creation of an open trustmark for IoT under the ThingsCon umbrella. (Learn more on our IoT trustmark page.)

This fellowship builds on the research we did in 2017 with Mozilla around the potential of a trustmark, and will try to put the insights from this research into action.

This fellowship will allow for the time and effort to draft a trustmark for IoT—what it validates, how it works, etc.—and gather support within the industry and community to prepare a launch. As part of this effort, we'll also be convening groups of ThingsCon experts for workshops, meetups, and discussions, also with support from Mozilla. Most importantly, we'll be sharing openly our learnings (and failings) here and over on Peter's blog. We thank Mozilla for this support.

Full disclosure: Peter's partner works for Mozilla.

ThingsCon Log: Smart Home Insecurities

Hola Fellow Responsible Tech People,

We have a whole slew of ThingsCon Salons coming up in the next four weeks, plus some reading around IoT, security, and demanding better from tech.


There are, as of today, already more than 10 ThingsCon events scheduled for this week, with more coming online every week. This is going to be one great year for the ThingsCon community! Over the next four weeks, here's what will be going on:

  • ThingsCon Salon Berlin. 4 April 2018. With Cathleen Berger and Chris Adams. Organized by Peter Bihr
  • ThingsCon Salon Cologne. With Aline Shakti Franze and Thomas Amberg. 6 April 2018. Organized by Simon Höher & Max Krüger
  • ThingsCon Rotterdam Hackathon: Citythings. 10 April 2018. Organized by Stichting ThingsCon Amsterdam
  • ThingsCon Salon Antwerp Comedy Special. 20 April 2018. Comedy at Lebowski’s Comedy Club Antwerp (Berchem). Organized by Dries de Roeck.


Are you on Slack? Join our community backchannel on Slack in the footer. And as always, for any news follow us on Twitter.


What makes consumer IoT security so bad? Pen Test Partners have a very accessible write-up about why so many IoT devices are full of gaping security holes. None of this will surprise you if you've been in this space for a while, but it's a great reminder of the human and organizational aspects that make security such a contentious issue in the Internet of Things.

A simple reference model for connected products (PDF). Thomas Amberg (@tamberg) of Yaler fame drafted a simple reference model for more clearly discussion IoT infrastructure and connected products. Two thumbs up!

Amazon thinks it has a fix to Alexa’s terrifying laughing issue. "We put a 2-pizza team on it and they solutioneered the creepy laugh away." (Not an actual quote.)

Let’s Get Better at Demanding Better from Tech. I like a good, constructive rant, such as this reminder from Cory Doctorow.

Smart Home Security. xkcd nailing it, once more:

Have a fantastic week!

On behalf of the whole ThingsCon team,

Your scribe Peter

PS. Think a friend or colleague would enjoy this as a newsletter? Feel free to pass it on! 🙏

Peter Bihr