Trustable Technology Mark: Pre-Launch Notes

Please note: This is cross-posted from the blog.

We're in the final stages of launching the Trustable Technology Mark, ThingsCon's trustmark for IoT. Today I wanted to share some updates on where we stand, some of the decisions that led us here, and what's going to happen next.

But first things first: Special thanks to the ThingsCon community for the priceless input, to Mozilla Foundation for their support in the form of a Mozilla fellowship, to collaborators Jason Schultz (NYU Law) for his fantastic support by taking the legal lead in this endeavor, as well as to Peter Thomas (University of Dundee) for the excellent branding work.

Aiming higher

The Trustable Technology Mark is not a so-called baseline certification - it doesn't apply to all products and just weed out the really bad stuff, but rather aims to celebrate and highlight the really good stuff instead.

We consider the Trustable Technology Mark a badge of honor for those companies and their products that put users' rights and privacy first, and that go the extra mile to build responsible connected devices. In a field full of sketchy, insecure, and data hungry products, a hard-earned Trustmark is a unique selling point that raises these companies' profiles and allows consumers to make more informed choices when they vote with their feet (or rather, their money). Until now, there were not many external incentives to do the right thing. We hope to start a race to the top.

What is, and isn't, the Trustable Technology Mark?

The Trustmark is not a market surveillance mechanism that checks compliance with existing standards (the standards we needed for this do not yet exist at the level we need them). Instead, it serves to highlight the work of the companies that build outstandingly well-made products, where "well-made" equals respectful of privacy and user rights, committed to transparency, with excellent security standards. It's essentially a recognition of a company's commitment to a particularly strong commitment to responsible technology and transparency.

We chose a fairly holistic approach that touches on every level from product features to design processes and business models to legal commitments to guarantee certain user rights.

The process is built on a strong commitment to transparency. Concretely, it is modeled around information provided by the companies themselves in an extensive questionnaire that is then reviewed by a pool of experts from the ThingsCon network. Conversely, we do not independently assess the technology. This is an exercise in transparency, not a third party technology assessment.

Some notes on the process

The issues we look at are often not black or white but full of nuance. IoT is a field full of edge cases, as is privacy; combine both for the Trustmark and you get an idea of the complexity involved. Yet, in our testing we found that the review process is robust enough that even if there's some info missing or not 100% complete, cracks and gaps in the narrative that we receive from the companies become obvious quickly, and allow us to follow up and ask for clarification.

The process itself is as follows:

  • Company fills out the Trustable Technology Mark application & assessment form
  • Our experts review the answers and follow up for clarification if necessary.
    • If the follow up doesn't solve the issues, the Trustmark is not issued.
    • If the follow up solves the issues (i.e. the company provides missing information or changes something based on our feedback) then the Trustmark is issued.
  • The content of the assessment form is published on, along with a unique ID for the assessed product that the company can use in their communications.
  • Should there be a complain that sheds reasonable doubt on the Trustmark status of a product that currently carries the Trustmark, we'll follow up with the company to clarify and update the results as follows, and go back to is this allowed to use the Trustmark [Y/N].

Where are we today?

So where do we stand now, in late November 2018?

We're in the final stages of preparing for the launch in December at ThingsCon Rotterdam (6-7 Dec). We consider it a soft launch, a beta, so to speak. Once public, there will be things to amend, to fix, to adjust: This is a living, breathing project.

Concretely this means:

  • We froze the assessment form and set up the final version on ThingsCon's account as a Google Form. (Note: We're planning to move to a custom-built, non-Google hosted form as soon as possible. However, for purely pragmatic reasons this is what we'll start with while we're still gathering more feedback and learnings.)
  • We're setting up partnerships with academic and policy partners who are interested in weaving the Trustmark into their teaching and research.
  • We are identifying products that could pass the Trustable Technology Mark assessment. We expect there to be a small number initially, and that this number will grow dramatically over the next couple of years. After all, we intentionally set a very high bar in order to shape the market from the top to bottom rather than establishing a base line measurement. We want to best to shape the field, not the ones that are not-the-worst.

As part of that market shaping effort we identified that there is an essential educational aspect to our mission, and this is fully aligned with ThingsCon's overall mission: Even the companies that want to do the right thing can't always cover all the bases. So we aim to build a library of best practices and state of the art practices along the way so that if one company tries to work something out we could point them to others that have overcome a similar challenge, or maybe even get them in touch directly.

So that's where we are today. See you at the launch next week!

Peter Bihr
Presenting the Trustable Tech Mark at Magic Monday

During our recent workshop weekend at Torino’s Casa Jasmina, the experimental open source smart home of the future initiated by the team around ThingsCon alumni Bruce Sterling, Jasmina Tesanovic, and Davide Gomba, Michelle Thorne and I were invited to speak at Magic Monday, their local IoT meetup. It was a lovely home coming for us; 3 years ago, we happened to be the first “external” guests at Casa Jasmina right when it had been opened, and kicked off this very event series, too.

I shared an update of what’s been happening over the last 5 years of ThingsCon, and mostly did a deep dive into where we stand with the Trustable Tech mark initiative.

Trustable Tech Mark: Our Theory of Trust

When is it okay to trust a device? What makes a device and its manufacturers trustworthy? How do we evaluate trust for the Trustable Tech mark? Here's our theory of trust, our approach to the sometimes fuzzy concept of trust and trustworthiness.

Trust is a personal decision

First of all, it's important to keep in mind that trusting—or not trusting—is a highly personal decision. The Trustable Tech mark can only ever be one indicator that you might want to rely on, or not: Depending on the circumstances of your life, your mileage may vary.

That said, here's how we go about this.

Our trustmark aims to give the companies that go above and beyond to build trustworthy products a way to demonstrate that they do. That's already a pretty high bar to clear, given the state of the industry right now. So we rely on information provided by the makers of devices to evaluate trustworthiness:

The building blocks of trust

We ask a series of questions to establish credibility in 5 dimensions: Security, Transparency, Privacy & Data Practices, Stability, and Openness.

Screen Shot 2018-11-12 at 08.21.43.png

We believe that the first four of these dimensions are the foundational building blocks of trustworthiness: They aren't sufficient conditions but required ones. Without a strong commitment to security, transparency, data protection and stability (in the sense of designing for robustness and longevity), a connected device can never be trusted.

The fifth dimension, openness, plays a special role: In our view, openness is not a required condition, but openness is a strong indicator for trustworthiness. Concretely, when evaluating incoming applications we look for openness, and if the device is largely open we look at the rest of the application with an assumption of trustworthiness as opposed to an assumption of non-trustworthiness.

Let me explain.

Verification is stronger than trust. So if a device is open sourced, there are tools and mechanisms in place for researchers and the community to verify most of the device maker's claims. But in practice, many device makers aren't able to open source their devices. (There are many industry-related reasons for this, most notably that investors still vastly prefer protectable IP; we don't like that philosophically but it's a reality we decided to work with, and work around.)

So we recognize that open sourcing isn't an option for everyone, and decided that openness is not a required condition of qualifying for the trustmark. However, where openness isn't a given, applicants need to explain their choices and their strategies to ensure trustworthiness.

So does a device have to be open? No. If it's not open, we ask the manufacturer to provide more indepth explanations instead so our evaluators get the full picture.

How do we evaluate

Now, let's look at how we evaluate concretely (or are planning to, as of today; this might still change). Every incoming application is reviewed by our pool of experts. (More on that soon.) The type of information we ask companies to submit ranges from very concrete to slightly more abstract, from easily provable (like a link to a privacy policy document) to what are essentially value statements (like a commitment not ever to pursue legal action against security researchers or tinkerers). To some answers, a clear YES is required, others are optional and help our evaluators put things into context.

We plausibility check those answers: Do the linked documents exist and are they what the applicant claims? Are the answers consistent or mutually exclusive? And most importantly, does the substance of the answers provide a consistent narrative that's in line with our requirements? The last one is where the expertise of our expert reviewers comes into play: To an expert, a baloney answer will stand out right away and raise a flag. It all needs to add up to a consistent picture of best practices and trustworthiness.

Wherever there are inconsistencies or we see gaps, we follow up for clarification. The response, and the way the follow up is handled, gives us another qualitative bit of data to take into account: Is the company responsive? Are they cooperative or hostile? Do they demonstrate good will?

Not a perfect picture, but a pretty detailed one

Taken together, this won't ever give us 100% security that all answers are true, and will stay true. However, this way we have enough data points and input that a pretty detailed picture emerges. If we ever learn about (or suspect) non-compliance or foul play, we'll follow up, and reserve the right to revoke the certification. It's a pretty high touch approach, and we're confident that this will lead to high quality and consistency.

We expect that over time this system will grow more robust, and that we'll gather more insights. We'll keep adjusting the system as we go along, and evolve it accordingly. We'll also build a repository of best practices as we go along, so we'll be able to point new applicants to existing resources and best practices, too. In the end, we want this effort to shape the industry towards more trustworthiness. Education and open communications channels both have an important part to play.

Trustmark Progress Log for August 2018

What has been happening with the Trustable Technology mark, ThingsCon's IoT trustmark project? We are committed to developing this and learning out in the open. Learn more about this project on the ThingsCon IoT Trustmark page. You can read all other trustmark updates on the ThingsCon blog or over on the ThingsCon channel on Medium. This research is conducted as part of my Mozilla Fellowship.

Progress & activities

We're putting a human expert in the loop! After discussions with other orgs that have undertaken similar efforts, we are convinced we can check all incoming applications before they are approved. I had been in favor but so skeptical about the workload involved that I had proposed only checking ex-post. I now trust we found a way to make it work. This may not sound like it but is a big shift in the mental model: This way we add a layer of quality control, increase resilience and robustness, and increase the overall trustworthiness of our own processes. (A big deal if you're issuing trustmarks!) Maybe most importantly on the practical level, this allows us to have an open line of communications with all applicants that will allow us to ask for clarifications where needed, and to get a better feeling for the organizations and individuals who apply. We've updated the slide deck to reflect that change. A special thank you to Michael Weinberg of OSHWA for taking the time to share some priceless first-hand insights and experiences in community-driven certification.

The current overview presentation:


  • We hugely streamlined the process for the trustmark, specifically to reflect valuable input from OSHWA, Jason, and from various ThingsCon Salon participants.
  • We're testing the trustmark application with the first real companies to gather lots more of valuable feedback.
  • We're working on our "Theory of Trust", an explainer of how we approach the underlying assessment criteria, etc.

Upcoming events/appearances

We'll be talking Trustable Tech at Mozfest London (26-28 Oct 2018) and the annual ThingsCon Conference in Rotterdam (6-7 Dec 2018).

Next steps

  • Test application process with more real-world products.
  • Sign up more launch partners.
Report: The State of Responsible IoT 2018

A lot has happened since we published the first ThingsCon State of Responsible IoT report in 2017: Responsibility and ethics in tech have begun to enter mainstream conversations, and these conversations are having an effect. The media, tech companies, and policy makers all are rethinking the effect of technology on society.

The lines between the Internet of Things (IoT), algorithmic decision-making, Artificial Intelligence/Machine Learning (AI/ML), and data-driven services are all ever-more blurry. We can't discuss one without considering the others. That's not a bad thing, it just adds complexity. The 21st century one for black and white thinking: It's messy, complex, quickly evolving, and a time where simple answers won't do.

It is all the more important to consider the implications, to make sure that all the new data-driven systems we'll see deployed across our physical and digital environments work well—not just for the users but for all who are impacted.

Things have evolved and matured in big strides since our last State of Responsible IoT. This year's report reflects that evolution, as well as the enormous breadth and depth of the debate. We couldn't be happier with the result.

Some background as well as all the relevant links are available at or using the short URL The publication is available on Medium and as a PDF export.

This text is meant for sharing. The report is published by ThingsCon e.V. and licensed under Creative Commons (attribution/non-commercial/share-alike: CC BY-NC-SA). Images are provided by the author and used with permission. All rights lie with the individual authors. Please reference the author(s) when referencing any part of this report.

ThingsCon Salon Cologne (3 August): Presentations

On August 3rd, we held the summer edition of ThingsCon Salon Cologne with our two speakers Dries de Roeck (of Studio Dott, Antwerp) and Peter Bihr (of ThingsCon, Berlin).

Alas, the AV gods ate the videos, but you can find the presentations linked/embedded below:

Dries de Roeck

Click the image below to jump to Dries' presentation including a full transcript.

Peter Bihr

Peter's presentation is embedded below and also available on Slideshare. You can learn more about the Trustable Tech mark at

Peter Bihr
Trustmark Progress Log for June/July 2018

What has been happening with the Trustable Technology mark, ThingsCon's IoT trustmark project? We are committed to developing this and learning out in the open. Learn more about this project on the ThingsCon IoT Trustmark page. You can read all other trustmark updates on the ThingsCon blog or over on the ThingsCon channel on Medium. This research is conducted as part of my Mozilla Fellowship.

Progress & activities

Combined monthnotes for June and July since I've been traveling and took a little time off. Everything's back online now, so here goes:

I've been working on branding with Pete Thomas. We got a name, the Trustable Technology mark. The new website, once it's live, will be at (Currently it forwards to Visuals will also come soon. Thanks to Pete, we now also have a fancy new presentation template, like so:

In mid-July we had a ThingsCon Salon Berlin dedicated to the trustmark, together with fellow Mozfellow and NYU law prof Jason Schultz. Here's the video of our shared presentation:

Started outreach to potential launch partners as well as companies to test the prototype of our self-evaluation tool.

Thanks to a masters student at the Technical University in Dresden, we'll have some proper academic user research soon about the way a trustmark for IoT might influence user behavior around digital voice assistants.


I was very happy to be interviewed by Christoph Koch for the current issue (07/2018) of Brand Eins. We spoke about the Internet of Things (IoT), how it challenges the notion of ownership, and how we can know which products to trust. Featuring the Trustable Technology mark we've been working on!

Read it here (in German): "Wem gehört mein Auto?"

Upcoming events/appearances

Friday, 3 August, we'll be at ThingsCon Salon Cologne to discuss the Trustable Tech mark. In late October, Mozfest in London will feature a session or two about the trustmark. And at the big annual ThingsCon Conference (this time in Rotterdam!) we'll explore it at some more detail, too.

Next steps

  • Finalize trustmark criteria and gather more feedback.
  • Prototype the concrete self-evaluation tool, i.e. the online form at the center of the work.
  • Think about enforcement and governance of the trustmark over time.
Peter Bihrtrustmark
Trustmark Progress Log for May 2018

What has been happening with the ThingsCon trustmark project? We are committed to developing this and learning out in the open. Learn more about this project on the ThingsCon IoT Trustmark page. You can read all other trustmark updates on the ThingsCon blog or over on the ThingsCon channel on Medium. This research is conducted as part of my Mozilla Fellowship.

Progress & activities

  • Meetings and conversations with folks from Ranking Digital Rights, The Digital Standard, Doteveryone, #iotmark, Consumer Reports, University of Dresden and others to see where our work aligns and where there might be synergies. Looks like we're in the right place at the right time.
  • Started working with Pete Thomas (of University of Dundee & design studio Tom Pigeon) to develop a visual identity and a name for the trustmark.
  • Met with some ThingsCon allies to the ThingsCon Salon Antwerp to informally discuss collaborations, and started spreading the word there.
  • Setting up a trustmark-themed ThingsCon Salon Berlin for the summer with special guest & fellow MozFellow Jason Schultz of NYU.
  • Got myself a Google AIY Voice kit and a kit and started playing with them. Will get some other voice & AI kits for comparison to get a better understanding of how they'd fare regarding the trustmark criteria.
  • Started opening up the early draft/prototype stage checklist for the trustmark over on gdocs.
  • Updated the trustmark presentation (embedded below). Slowly but surely it's all coming together!

Upcoming events/appearances

  • As part of Dundee Design Festival, collaborators and fellow Mozilla fellows Jon Rogers and Julia Kloiber are hosting a workshop on voice & IoT including some trustmark goodness.(Details on the Dundee Design Festival site.)
  • In July, we'll dedicate a ThingsCon Salon Berlin to trust & tech & trustmarks with Jason Schultz of NYU, among others. More details soon, keep an eye on the events page.
  • I'll be passing through NYC in June with a few open slots in my calendar. If you're working on something relevant to this work, say hi!.

Next steps

  • Looks like we'll have some complementary academic research into how a trustmark might impact user behavior around voice assistants courtesy. More on that soon.
  • Flesh out the trustmark criteria and gather more feedback on the draft.
  • Continue working on visual identity and name for the trustmark, and with a legal expert to think through how we can make the trustmark pledge legally binding.
ThingsCon Log: Dancing drones, drug drones, deadly drones

Hi there! How are you today? 🌈


Last minute shout-out to ThingsCon Salon Antwerp that will take place TOMORROW (8 May). The theme: Ideation for IoT. The stellar speaker line-up includes Alexandra Deschamps-Sonsino, Anthony Liekens, Albrecht Kurze, Dries de Roeck and Harm van Beek—and I'm super happy to be MC'ing the evening.

Also this month we'll have ThingsCon Salon Eindhoven (17 May) is under the theme Make your home work for you and has a workshop, as well as talks by Tijmen Schep & VanBerlo & a soon-to-be-announced third speaker, pitches, and more.

Also, the videos from ThingsCon Salon Cologne (6 April) are up.


A quick note that we've started posting regular updates on our trustmark project for IoT right here on our blog in the /trustmark/ category.

There you'll find general updates, project progress, ways to get involved, and media appearances like our op-eds in Offscreen Magazine (print only) and Netzpiloten or a mention in Wall Street Journal (alas, paywalled).

We're also posting these updates over on the ThingsCon channel on Medium.


Are you on Slack? Drop us a line with your email address and we'll be happy to see you in the ThingsCon backchannel on Slack ( And as always, for any news follow us on Twitter.


Stacey Higginbotham is rethinking the smart home in 2018: "I feel like we’ve hit a wall. (...) I am officially changing my tune. For most people, the DIY smart home is not going to be something they easily and enthusiastically adopt, like, say, smartphones. (...) And I’m not going to call it a smart home, because basically what these vendors are going to offer is the convenient home. (...) We’re going to have to continue waiting for a home that truly reacts in an intuitive way to our needs and expectations."

Drones, drones, drones: Dancing drones. Drug drones. Deadly drones.

The Radical Frontier Of Inclusive Design. Great to see VR used for inclusive design for once.


The #iotmark initiative by Alexandra Deschamps-Sonsino and Usman Haque is going to have the next physical meetup in London soon (13 June). Sign up on Eventbrite.

Have a fantastic week!

On behalf of the whole ThingsCon team,

Your scribe Peter

PS. Think a friend or colleague would enjoy this newsletter? Feel free to pass it on! 🙏

Image: Reuters/CCTV