Candle 2.0 update - making the smart home more polite

People keep asking if Candle will be for sale someday. The answer is that we're certainly working in that direction. 

Thanks to funding from the SIDN fund we are able to explore situations in homes, and develop new examples of smart products as well as software. Through this work we aim to once again show that privacy friendly devices can be sexy and easy to use.

Currently Jesse Howard and Tijmen Schep are working on the next iteration of Candle. The goal is to redesigning the project from a more pragmatic and commercial viewpoint - to go from a "design experiment" to a "design study". This is taking us in a number of directions.

Fine grained control, even for commercial devices

For example, while the original Candle project created devices that have a lot of built-in privacy protecting features, we are now exploring how commercial devices could be 'tamed' as well. After all, not everybody enjoys working with electronics, no matter how easy we made the process.

This requires a shift in our approach. The original Candle devices all had privacy features built-in. No data would go in or out of the devices unless you allowed it, through very explicit toggle switches. However, commercially available devices don't (yet) offer this type of control. They - wrongly - assume users want to record everything all the time, and do with with as much detail as possible.

The pragmatic answer is to move some of these protections into the central controller's software instead. For example, through our work on the Zigbee2MQTT addon, you can now quickly and easily block incoming data transmission from all (supported) commercially available Zigbee devices. While this offers slightly less perfect control, the upside is that it's now possible to simply buy devices that we recommend. Of course Candle will continue to support the original Candle devices. 

Here you see Candle's interface for a popular commercially available temperature and humidy sensor from Xiaomi. It's very comparable to our own Candle Climate Sensor. Through control over the Zigbee software this device has gained a brand new "Data transmission" property. If you disable data transmission, the device's incoming data will simply be ignored until you re-enable it. Candle devices already have this feature, although Candle devices would actually stop transmitting data.  Here it would be more accurate to call the option "data reception", "mute" or "ignore" instead.

In the coming months the same step will be taken for additional addons that we have built. Bit-by-bit (pun intended) it will become easier to turn of the collection of data - turn off surveillance - in the home in a very flexible and granular way. It will be possible to say "don't record some types of data if we have friends over for dinner" or "don't be creepy if we have AirBNB guests". It enables the smart home to be more polite, and even less data-hungry.


Privacy levels or privacy scenarios for the entire home

We are also researching a central "privacy setting" for your entire home. Working on a suggestion from our sparring partners at Studio Sophisti, we imagined a knob that would allow you to centrally set all your devices to various levels between "record nothing" and "record everything". By working off of real-world scenario's, we're trying to imagine how this could and should work. Take this wild example: if you are logging moisture sensor in the bedroom, you will be able to see a clear peak (no pun intended) when people were having sex.

To avoid "data-faux-pas", a moisture sensor in the bedroom could be set to different modes.

- No data. Devices don't record anything, and this lack of recording is clearly communicated to everyone.
- Fake data. Devices generate fake data which looks plausible to the other members of the household.
- Blurred data. The sensor still records, but only an hourly average is recorded. Instead of a clear spike, the moisture sensor would show a slight elevation during that time period. This could also have gradations. Need more privacy? Make it two hours.
- Full data. The sensor records continously in 'high definition'.

While this sounds plausible for individual devices, working through the scenarios made us realize that having a few privacy levels might not work for the entire home. This is something we'll dive deeper into in a later blogpost.

There is more to share. We're also working on a privacy friendly smart doorbell, a piece of software that would make it easier to 'tame' smart home devices that use wifi, and... something else. But we'll reveal more about that later as well.


Work on Candle is made possible by the SIDN fund, as part of their "be the boss of your own data" call.