The largest European hacker camp this year was in the Netherlands — What Hackers Yearn (WHY) 2025 is the latest in the long-running series of four-yearly events from that country, and 2025 saw a move from the Flevoland site used by SHA2017 and MCH2021, back to just north of Alkmaar in Noord-Holland, where the OHM2013 event took place. WHY has found itself making the news in the Dutch technical media for all the wrong reasons over the last few days, after serious concerns were raised about the fire safety of its badge.
The concerns were raised from the RevSpace hackerspace in Leidschendam, and centre around the design of the battery power traces on the PCB between the battery holders and the power supply circuitry. Because the 18650 cells supplied with that badge lack any protection circuitry, bridging the power traces could be a fire risk.
In short: their report names the cell holders as having tags too large for their pads on the PCB, a too-tight gap between positive and negative battery traces, protected only by soldermask, and the inadequacy of the badge’s short circuit protection. In the event that metal shorted these battery tags, or wore through the soldermask, the batteries would be effectively shorted, and traces or components could get dangerously hot.
The WHY organizers have responded with a printed disclaimer leaflet warning against misuse of the cells, and added a last-minute epoxy coating to the boards to offer additional protection. Some people are 3D-printing cases, which should also help reduce the risk of short-circuiting due to foreign metal objects. Using an external powerbank with short-circuit protection instead of the cells would solve the problem as well. Meanwhile a group of hackers collecting aid for Ukraine are accepting the batteries as donations.
It’s understood that sometimes bugs find their way into any project, and in that an event badge is no exception. In this particular case, the original Dutch badge team resigned en masse at the start of the year following a disagreement with the WHY2025 organizers, so this badge has been a particularly hurried production. Either way, we are fortunate that the issue was spotted, and conference organizers took action before any regrettable incidents occurred.
“The group that brought the 18650 concerns to light has some overlap with the group that left the WHY2025 badge project”
No shock there and it seems much ado about very little. If my cellphone gets stabbed the battery might conflate in a giant fireball. If my car hits a wall I might die.
These are all fairly obvious things, just like bridging + and -, and wearing through soldermask to bridge connections…
with your mindset we would still have quicksilver thermometers and cars without safety belts…
a badge is, should, must be considered – and is a good exercise in doing – a product, with safety norms and good practices that apply.
If you hand things to kids, they should be safe.
These cells are specifically prohibited by the manufacturer from use as it has been used by Team:Badge / WHY2025
So, they ignored the warning by the manufacturer AND the additional research by members of the hacker scene.
They could have chosen to only power it through powerbank, completely removing the danger.
They chose to keep some of the danger there.
Meanwhile they are completely responsible for any form of danger/damage by this badge.
This is not something I make up, it has been completely nerded out by multiple people on camp.
Even with the extra information, it is still in their hands. Yes, these are obvious, but also avoidable dangers.
Thats the point. Every risk is avoidable. Then you get cancer.
Risk is part of life. You take minor risks daily, which is exactly what this is.
But you do you.
But your cellphone doesn’t have exposed PCB with leads unprotected by any current limiter and isn’t worn on a leash with some other metal objects banging on it all day.
My car is subject to some dude have asleep at the wheel or eating/shaving/screwing with his phone. So yeah I would say the same level of risk.
Been a while since I have been to a con, but the few badges I had had cases.
Using unprotected cells when you can obtain cells with built-in protection circuitry is a WTF of epic proportions though.
Especially when LFP 18650s exist.
Idk if I buy this. I recently ran my car into a wall and flipped over, and I didn’t die, nor did I even get hurt. Had to get a new car tho…
The investigation was done independently from Badge.Team in order to remain impartial. The team doing the investigation had a hard time to find dudes who know electronics and we’re separate from Badge.Team. Ironically they found 2 designers of the WHY2025 badge who were worried and helped.
More info via Juerd.
Regards,
Jelle Haandrikman / Treasurer Badge.Team
Thanks! I’ve updated the article to strike that section out.
“has some overlap with the group that left the WHY2025 badge project.”
Hi, I am the author of the analysis document and part of the group of people who found and reported the issues. I am neither part of Badge.Team (the team that left) nor Team:Badge (the current team). I am, however, part of the “orga” of the event itself.
In fact, I carefully avoided contacting anyone from Badge.Team during the past few weeks, to avoid exactly this. They only found out late in the disclosure timeline. Please remove this part of the article since it is just not true.
For commercial products, you’re supposed to put it in a case if you’re using cells without short circuit protection. But you’re also supposed to have a case for pouch cells regardless of protection circuitry, because puncturing a lithium pillow is often firey.
In the badge scene, I have seen more exceptions to these two rules than I have seen conformity. I’ve also seen a lot more conventional cells used than lithium, probably because people are afraid of the pitfalls.
I think it’s good that we are having this discussion, though, because I don’t think we have a consensus about what constitutes acceptable risk, and what the right safety precautions are for badges / hacks / prototypes.
Relevant standards for commercial stuff:
IEC 62133: Safety requirements for portable sealed secondary cells
UL 1642: Standard for Lithium Batteries
EN 62133: European standard for secondary cells and batteries
True. I view badges as the hacked together things they are. There will always be some level of risk as a result, and this is the same level as other battery powered things….dont short it.
heck Samsung had the Note 7’s exploding as an example of a huge company getting it really wrong…., and most of the people on here shaming the badge team likely buy and use dodgy products from aliexpress.
Risk free is not using or tinkering with electronics yet nobody here is gonna do that.
How about using protected 18650 cells?
Or DIY them with someting like this: https://de.aliexpress.com/item/32855964562.html (No fun without a spot welder, though…)
Maybe I’m a stick in the mud, but “Badge Life” is basically premeditated e-waste the moment you set foot out of an event. And yeah, that bothers me.
I do have a few badges as well. Haven’t touched them since I got them years ago. I did disconnect the batteries however.
E-waste is relative, as it’s unlikely anyone will throw away the badge, as even if it is not used it’s a keep sake. Furthermore, badge life is also about enabling thousands of hackers to to tinker with the latest and greatest chips. In this case, a new Espressif chip which isn’t widely available yet.
E-waste is relative… what does that even mean?
What might be a keepsake for now WILL be discarded eventually. Perhaps not by the person who bought it, but most certainly by the person who inherits it.
So, if you like it or not, each and every badge WILL be discarded whether you like it or not. It might take a few years to a few decades but eventually it goes into the trash. E-waste is not changing into non e-waste by putting it in a drawer for 2 decades before tossing it in the bin.
My biggest issue with calling badges premeditated e-waste is that it’s true for any electronic gadget you acquire. Yet, I never read the same argument when people purchases a new phone as soon as a newer model is available. Similarly, a vendor handing out dev boards isn’t considered premeditated e-waste, either. Just the way of getting hardware in the hands of potential customers.
A good badge provides a use long after the event. At the Dutch hackerspaces we still use the SHA2017 badges for displaying CO2 levels, weather forecasts, and train schedules. Of course, this is the exception and I rarely see MCH or CCC badges ‘in the wild’.
A way events already change is that badges are now less frequently available for all participants. You can now purchase the badge in advance at several events. I do have to admit that I have rarely used my badges. Several even left unopened. Yet every one of them is a piece of art which holds memories to the event.
This badge may have a few issues, but it’s a genuine effort to evade e-waste by making a useful computer after the event.
Aside from the (potential) fire hazard: If a badge requires two 18650 batteries, it might be a sign that feature creep got out of hand. What fraction of attendees is going to install and learn ESP IDF? While camping, and having fun with friends?
The badge for the 2024 Supercon was one of the simplest (admittedly, I was a bit disappointed when it was first revealed), but it allowed attendees of all skill levels to hack on it. It probably triggered more engagement than the epic badges from previous years combined, and likely for a fraction of the cost and heartburn.
It’s annoying how many 18650 holders are not long enough for protected cells. It doesn’t seem like it should be that difficult to put a bit of extra travel to the springs.
Shouldn’t a protected 18650 by definition be the same size as an unprotected one?
In the real world, protected cells are made by adding a thin PCB with a FET and some other small stuff to one of their ends.
You’d expect them to just protect a smaller cell in that case so the normal size is the same.