Posts in Trustmark
Presenting the Trustable Tech Mark at Magic Monday

During our recent workshop weekend at Torino’s Casa Jasmina, the experimental open source smart home of the future initiated by the team around ThingsCon alumni Bruce Sterling, Jasmina Tesanovic, and Davide Gomba, Michelle Thorne and I were invited to speak at Magic Monday, their local IoT meetup. It was a lovely home coming for us; 3 years ago, we happened to be the first “external” guests at Casa Jasmina right when it had been opened, and kicked off this very event series, too.

I shared an update of what’s been happening over the last 5 years of ThingsCon, and mostly did a deep dive into where we stand with the Trustable Tech mark initiative.

Trustable Tech Mark: Our Theory of Trust

When is it okay to trust a device? What makes a device and its manufacturers trustworthy? How do we evaluate trust for the Trustable Tech mark? Here's our theory of trust, our approach to the sometimes fuzzy concept of trust and trustworthiness.

Trust is a personal decision

First of all, it's important to keep in mind that trusting—or not trusting—is a highly personal decision. The Trustable Tech mark can only ever be one indicator that you might want to rely on, or not: Depending on the circumstances of your life, your mileage may vary.

That said, here's how we go about this.

Our trustmark aims to give the companies that go above and beyond to build trustworthy products a way to demonstrate that they do. That's already a pretty high bar to clear, given the state of the industry right now. So we rely on information provided by the makers of devices to evaluate trustworthiness:

The building blocks of trust

We ask a series of questions to establish credibility in 5 dimensions: Security, Transparency, Privacy & Data Practices, Stability, and Openness.

Screen Shot 2018-11-12 at 08.21.43.png

We believe that the first four of these dimensions are the foundational building blocks of trustworthiness: They aren't sufficient conditions but required ones. Without a strong commitment to security, transparency, data protection and stability (in the sense of designing for robustness and longevity), a connected device can never be trusted.

The fifth dimension, openness, plays a special role: In our view, openness is not a required condition, but openness is a strong indicator for trustworthiness. Concretely, when evaluating incoming applications we look for openness, and if the device is largely open we look at the rest of the application with an assumption of trustworthiness as opposed to an assumption of non-trustworthiness.

Let me explain.

Verification is stronger than trust. So if a device is open sourced, there are tools and mechanisms in place for researchers and the community to verify most of the device maker's claims. But in practice, many device makers aren't able to open source their devices. (There are many industry-related reasons for this, most notably that investors still vastly prefer protectable IP; we don't like that philosophically but it's a reality we decided to work with, and work around.)

So we recognize that open sourcing isn't an option for everyone, and decided that openness is not a required condition of qualifying for the trustmark. However, where openness isn't a given, applicants need to explain their choices and their strategies to ensure trustworthiness.

So does a device have to be open? No. If it's not open, we ask the manufacturer to provide more indepth explanations instead so our evaluators get the full picture.

How do we evaluate

Now, let's look at how we evaluate concretely (or are planning to, as of today; this might still change). Every incoming application is reviewed by our pool of experts. (More on that soon.) The type of information we ask companies to submit ranges from very concrete to slightly more abstract, from easily provable (like a link to a privacy policy document) to what are essentially value statements (like a commitment not ever to pursue legal action against security researchers or tinkerers). To some answers, a clear YES is required, others are optional and help our evaluators put things into context.

We plausibility check those answers: Do the linked documents exist and are they what the applicant claims? Are the answers consistent or mutually exclusive? And most importantly, does the substance of the answers provide a consistent narrative that's in line with our requirements? The last one is where the expertise of our expert reviewers comes into play: To an expert, a baloney answer will stand out right away and raise a flag. It all needs to add up to a consistent picture of best practices and trustworthiness.

Wherever there are inconsistencies or we see gaps, we follow up for clarification. The response, and the way the follow up is handled, gives us another qualitative bit of data to take into account: Is the company responsive? Are they cooperative or hostile? Do they demonstrate good will?

Not a perfect picture, but a pretty detailed one

Taken together, this won't ever give us 100% security that all answers are true, and will stay true. However, this way we have enough data points and input that a pretty detailed picture emerges. If we ever learn about (or suspect) non-compliance or foul play, we'll follow up, and reserve the right to revoke the certification. It's a pretty high touch approach, and we're confident that this will lead to high quality and consistency.

We expect that over time this system will grow more robust, and that we'll gather more insights. We'll keep adjusting the system as we go along, and evolve it accordingly. We'll also build a repository of best practices as we go along, so we'll be able to point new applicants to existing resources and best practices, too. In the end, we want this effort to shape the industry towards more trustworthiness. Education and open communications channels both have an important part to play.

Trustmark Progress Log for August 2018

What has been happening with the Trustable Technology mark, ThingsCon's IoT trustmark project? We are committed to developing this and learning out in the open. Learn more about this project on the ThingsCon IoT Trustmark page. You can read all other trustmark updates on the ThingsCon blog or over on the ThingsCon channel on Medium. This research is conducted as part of my Mozilla Fellowship.

Progress & activities

We're putting a human expert in the loop! After discussions with other orgs that have undertaken similar efforts, we are convinced we can check all incoming applications before they are approved. I had been in favor but so skeptical about the workload involved that I had proposed only checking ex-post. I now trust we found a way to make it work. This may not sound like it but is a big shift in the mental model: This way we add a layer of quality control, increase resilience and robustness, and increase the overall trustworthiness of our own processes. (A big deal if you're issuing trustmarks!) Maybe most importantly on the practical level, this allows us to have an open line of communications with all applicants that will allow us to ask for clarifications where needed, and to get a better feeling for the organizations and individuals who apply. We've updated the slide deck to reflect that change. A special thank you to Michael Weinberg of OSHWA for taking the time to share some priceless first-hand insights and experiences in community-driven certification.

The current overview presentation:


  • We hugely streamlined the process for the trustmark, specifically to reflect valuable input from OSHWA, Jason, and from various ThingsCon Salon participants.
  • We're testing the trustmark application with the first real companies to gather lots more of valuable feedback.
  • We're working on our "Theory of Trust", an explainer of how we approach the underlying assessment criteria, etc.

Upcoming events/appearances

We'll be talking Trustable Tech at Mozfest London (26-28 Oct 2018) and the annual ThingsCon Conference in Rotterdam (6-7 Dec 2018).

Next steps

  • Test application process with more real-world products.
  • Sign up more launch partners.
Trustmark Progress Log for May 2018

What has been happening with the ThingsCon trustmark project? We are committed to developing this and learning out in the open. Learn more about this project on the ThingsCon IoT Trustmark page. You can read all other trustmark updates on the ThingsCon blog or over on the ThingsCon channel on Medium. This research is conducted as part of my Mozilla Fellowship.

Progress & activities

  • Meetings and conversations with folks from Ranking Digital Rights, The Digital Standard, Doteveryone, #iotmark, Consumer Reports, University of Dresden and others to see where our work aligns and where there might be synergies. Looks like we're in the right place at the right time.
  • Started working with Pete Thomas (of University of Dundee & design studio Tom Pigeon) to develop a visual identity and a name for the trustmark.
  • Met with some ThingsCon allies to the ThingsCon Salon Antwerp to informally discuss collaborations, and started spreading the word there.
  • Setting up a trustmark-themed ThingsCon Salon Berlin for the summer with special guest & fellow MozFellow Jason Schultz of NYU.
  • Got myself a Google AIY Voice kit and a kit and started playing with them. Will get some other voice & AI kits for comparison to get a better understanding of how they'd fare regarding the trustmark criteria.
  • Started opening up the early draft/prototype stage checklist for the trustmark over on gdocs.
  • Updated the trustmark presentation (embedded below). Slowly but surely it's all coming together!

Upcoming events/appearances

  • As part of Dundee Design Festival, collaborators and fellow Mozilla fellows Jon Rogers and Julia Kloiber are hosting a workshop on voice & IoT including some trustmark goodness.(Details on the Dundee Design Festival site.)
  • In July, we'll dedicate a ThingsCon Salon Berlin to trust & tech & trustmarks with Jason Schultz of NYU, among others. More details soon, keep an eye on the events page.
  • I'll be passing through NYC in June with a few open slots in my calendar. If you're working on something relevant to this work, say hi!.

Next steps

  • Looks like we'll have some complementary academic research into how a trustmark might impact user behavior around voice assistants courtesy. More on that soon.
  • Flesh out the trustmark criteria and gather more feedback on the draft.
  • Continue working on visual identity and name for the trustmark, and with a legal expert to think through how we can make the trustmark pledge legally binding.
Trustmark Progress Log for April 2018

What has been happening with the ThingsCon trustmark project? We are committed to developing this and learning out in the open. Learn more about this project on the ThingsCon IoT Trustmark page. You can read all other trustmark updates on the ThingsCon blog or over on the ThingsCon channel on Medium. This research is conducted as part of my Mozilla Fellowship.


Progress & activities

  • Started work on the visual identity of the trustmark with Pete Thomas of University of Dundee & Tom Pigeon fame.
  • Started looking into legal requirements and options to make the trustmark pledge binding.
  • Lots of conversations with allied orgs to explore opportunities to collaborate and to align efforts where possible.
  • Been refining the trustmark dimensions, especially the wording to convey more concisely what each dimension means. A rare moment of excellent feedback from Twitter, no less! The one worth pointing out is that the category formerly known as sustainability (cfkas) is likely to be labeled stability. This conveys the intersection of reliability and longevity and resilience better.
  • Updating the trustmark presentation (I'll publish the updated version very soon) and first presented it at an internal Mozilla meeting.
  • Arranging the first round of feedback workshops to gather feedback on the trustmark, the first one at Antwerp.

Upcoming events/appearances

  • Feedback gathering workshop, May 8th in Antwerp, before the ThingsCon Salon. (Details TBD.) Ping me if you happen to be in town.
  • Trying to see if we can host something in NYC in June as I'll be passing through. Unclear as of yet!

Next steps

  • Find a snappy name for the trustmark project
  • Refine the partnership & participation pathways
  • Work out the questionnaire/checklist for evaluating each trustmark dimension
Trustmark featured by WSJ

We're happy that our Trustmark for IoT project is getting a lot of attention—despite it being very early days.

Just this week, we got two (and a half) mentions:

  • Mozilla's Internet Health Report mentioned our research as part of an IoT spotlight. (The trustmark work is supported by Mozilla through a fellowship.)
  • The Wall Street Journal's Jeff Stone interviewed me for the WSJ's Pro Cybersecurity newsletter (paywall): "IoT Security Push Includes New Mozilla-Funded Open Source Project"
  • And Bruce Sterling tagged my presentation on his blog.

Here are some relevant passages from the WSJ interview:

If organizations and individuals are going to work to ensure the next generation of connected devices is manufactured with cybersecurity and user privacy in mind, they are going to have to work together. Teamwork and transparency are two of the guiding principles of a new open-source project that aims to communicate the data practices of Internet of Things device-makers in an understandable way. The “Trustmark for IoT” project is funded by the Mozilla Foundation, a non-profit organization that leads the Mozilla software project and helped develop the Firefox web browser. “Trustmark for IoT” is in the very early stages, but is meant to establish a standard way in which consumers assess the risk associated with a connected device based on five dimensions: privacy and data practices, transparency, security, openness and sustainability, said Peter Bihr, the Mozilla fellow leading the initiative.


“We’re going to choose the most open model possible because this standard is absolutely something that will need to be peer-reviewed and change over time,” Mr. Bihr said of his own fellowship.

This is an aspect we haven't talked about much until now: At this stage I'm coordinating this effort somewhat centrally, but the goal is for this to be as decentralized and open as possible. This includes sharing our findings, learnings and failings openly so others can learn from them; Structuring the trustmark in a way that guarantees it to be free to use; And allowing for true peer review not just in the early stages but especially as the project matures.

We aim to make everything as open as possible, within reason: Having to move quickly means the approach will by necessity be a pragmatic one, and we'll have to work with that reality. That said, for every context we'll find the most appropriate way to open up what we draft here, from our presentations to documentation to research.

There are still lots and lots of questions, but we're also having ongoing conversations galore, and so far been seeing a lot of interest. We're just a step or two away from starting to formalize a little the way we can interface especially with larger organizations.

Until then, we hope that we can put the media attention to good use. If you're a journalist and wouldd like to discuss this, please get in touch.

Trustmark: Updates 04/2018

As you may already know, we're exploring a trustmark for IoT: A kind of consumer protection mark that empowers consumers to make more informed decision through better transparency of connected products and the practices that shape these products.

This work is done by Peter as part of a Mozilla Fellowship blog post about the fellowship and builds on a report we compiled for Mozilla in 2017 (Report: A Trustmark for IoT)

This is a work in progress. We will update our IoT Trustmark page regularly to collect and share our learnings (and failures!). Here are good starting points to dig deeper (most current up top):

We've been posting these updates over on the ThingsCon Medium channel. We'll make sure that they also are linked from here.

Peter joins the Mozilla Fellows Program

We're very happy to share that Peter Bihr is a Mozilla Fellow for 2018. Through this fellowship, Mozilla supports the creation of an open trustmark for IoT under the ThingsCon umbrella. (Learn more on our IoT trustmark page.)

This fellowship builds on the research we did in 2017 with Mozilla around the potential of a trustmark, and will try to put the insights from this research into action.

This fellowship will allow for the time and effort to draft a trustmark for IoT—what it validates, how it works, etc.—and gather support within the industry and community to prepare a launch. As part of this effort, we'll also be convening groups of ThingsCon experts for workshops, meetups, and discussions, also with support from Mozilla. Most importantly, we'll be sharing openly our learnings (and failings) here and over on Peter's blog. We thank Mozilla for this support.

Full disclosure: Peter's partner works for Mozilla.