ThingsCon Log (11 Sep 2017)

ThingsCon Amsterdam, Salons in Berlin, Copenhagen, Amsterdam & more EVENT UPDATES

COPENHAGEN ran their first ThingsCon Salon as part of Copenhagen Tech Festival. Here's a lovely first review of the event by none other than speaker Dr. Lachlan Urquart.

We also have Salons coming up in Berlin (28 Sept, with Lisa Gutermuth of Ranking Digital Rights), Amsterdam (4 Oct, theme "Intimate Technology") and Antwerp (24 Oct, the ThingsCon Saloon Comedy Special).

And then—mark this in your calendar!—the annual ThingsCon Amsterdam conference will happen 30 November and 1 December. With two full days of workshops and presentations, this will be our biggest event to date. (Details and sign-up.) Please note that there is a special ThingsCon Fan Ticket which comes with a limited edition t-shirt just for this event, and hence bragging rights! (It even happens to be extra discounted, so what are you waiting for?)

Keep an eye on for details.

We're on a mission to increase the footprint of the ThingsCon community, including 5 in the global South. Learn more about how it works and get in touch to start your local chapter, right now!


This week we have lots of trust-related pieces for you.

A Simple Design Flaw Makes It Astoundingly Easy To Hack Siri And Alexa. Chinese security researchers found that you can trigger voice-controlled digital assistants like Siri & co using voice at frequencies above human hearing. It's not clear if this could be deployed at range, and will likely be a quick and easy fix, but it's a good reminder that there are lots of new attack vectors in IoT that we need to consider.

465,000 Patients Need Software Updates for Their Hackable Pacemakers, FDA Says. Mostly, IoT security issues aren't a matter of life and death. Unless they are, like in this case. Luckily there's a quick recall underway, but it's not like this hadn't been discussed before. File under "just avoided the worst case scenario".

Researchers block ISPs from spying through your smart devices. A university team published a fascinating paper: "Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic." Turns out that by fingerprinting devices it's possible for ISPs to identify IoT products and user behavior based on the levels of traffic being generated. This works even if the devices are encrypted and even if you're using a VPN (even though that makes it harder). Not cool! But they might have figured out a way to protect users, at least in theory: "We find that certain common device combinations and user activity patterns minimize the ability of a VPN to obfuscate smart home traffic metadata." It seems possible to obfuscate through "traffic shaping", traffic rates are matched to scheduled amounts which then makes it harder to identify what's going on. Ah, welcome to the 21st century.

A trustworthy tech mark. Doteveryone's most excellent Laura James strikes again with an excellent blog post around how to address trust issues (or rather: issues of trustworthiness) with digital technologies: "Doteveryone has been thinking about a trustworthy tech mark to indicate responsible and trustworthy digital products and services, to enable people to make more informed choices when selecting technologies to buy or use. We’re exploring a mark (and the systems around it) that both provides evidence that products or services are trustworthy, and ideally also demonstrates competence and reliability (and honesty as far as possible)." Well worth reading! We also have a report coming up on trustmarks for the internet of things. More soon!

Shoutout: Connected Rights by Berlin-based journalist David Meyer is an excellent newsletter "about the collision between technology and people's rights" that also comes with a website. (Did we give a shoutout to this before? If so, it well deserves a second one!)

ThingsCon at Netzpolitik13 conference: At Netzpolitik13 conference, ThingsCon featured heavily in Peter Bihr's talk on IoT and inherent tensions regarding policy and regulations. Details, slides and the recorded talk (in German) are available here.

The Human Tech Report

We also have our own (second) newsletter: Our global community of experts keeps an eye out for responsible tech so you can have a quick-to-scan overview of what's noteworthy, smoothly delivered to your inbox once a month. To follow along, sign up now, and if you know of initiatives that should be included, please reach out to Max!


Underexposed: Our friends at SimplySecure bring their conference Underexposed to Berlin this fall. The theme this year: Deep Forgetting: Designing for Privacy in a World of Machine Learning. The preliminary program looks ace, with lots of friendly faces, allies and collaborators (including our very own Peter Bihr).

If you're in town, swing by and say hi!


Are you on Slack? Drop us a line with your email address and we'll be happy to see you in the ThingsCon backchannel on Slack ( And if you have community news (events, projects you're working on, resources you'd like to share, etc.) send them our way. And as always, for any news follow us on Twitter!

Have a fantastic week!

On behalf of the whole ThingsCon team,

Your scribe Peter

PS. Think a friend or colleague would enjoy this newsletter? Feel free to pass it on! 🙏