What Is Trust by Design?

We’re asking manufacturers to include privacy and security in all stages of the design process for IoT devices.

With the growing number of consumer IoT devices in use around the world, consumers are becoming more and more concerned about their safety and security online. Find out more in our survey.

These unsecure products can put consumers, and even the Internet itself, at risk. Our research found that consumers expect privacy and security standards should be assured by manufacturers (81%) and championed by retailers (80%). In addition to our comprehensive IoT Trust Framework, we worked with Consumers International and Mozilla in setting minimum guidelines that all manufacturers should follow.

Here are the guidelines that manufacturers should reasonably be expected to satisfy for any IoT product:

  • Use encrypted communications
  • Automatic security updates, by default
  • Require a strong, unique password if a product uses a password
  • Active management of vulnerabilities throughout the product’s lifecycle
  • Easily understood privacy policy that clearly outlines collection and use of data and gives user control


Creating a safer and more trusted connected world requires a shared responsibility, including industry embracing security and privacy by design, and adopting responsible privacy practices. The Internet Society has many resources for manufacturers, retailers, policymakers and consumers.