Forum Thread: White-Hat Grey-Hat Boundary

Hey everyone.

So, this is a thing that I have been wondering for a while. Where white-hat ends and grey-hat begins?

For instance, imagine that your objective, while hacking, is to find criminals (drug-dealers, paedophiles, sex-offenders, you name it). Of course, if you are operating alone (i.e. without the help of the law) what you are doing is illegal, even if you are doing it for the right reasons. Is this white-hat, because illegal, or grey-hat? Because, for me, grey-hat is when you do it to gain something in return. In this cause, you are doing it for the greater good. Does anyone has an answer for this?

20 Responses

This is a very important question. Illegal doesn't necessarily mean black hat. For instance, many of the activities of anonymous are illegal, but for a greater good. In those cases, I consider it white hat hacking.

That would probably be listed under grey. If there's any illegality involved, it's immediately listed as grey or black.

That is the consensus definition, but I disagree.

Everyone has different views,
here's mine:

WhiteHat: a hacker who gets permission (or goes on bounty programs) to hack and find loopholes in a system and reports it to the company/owner of the system and suggests how to patch it before the 'other hats' find and exploit those loopholes.

GreyHat: a hacker who sometimes hacks for the good or bad deeds. In my opinion, they are the ones who are classified as the "gray area" between the two sides of the spectrum (white and black). In a way, I tend to think of them like this: "if a hacker hacks and steals money from a wealthy person, but then donates all of that money to a charity, sure, they did something bad, but they used what they stole and put it towards a good purpose (the charity)"

I hope this helps.

I believe "ethics" is the term you're looking for. Both white and grey have a sense of ethics. Black hats would have minimal to none.

I think we all agree, in some sense. However, and this worries me a lot (and this, of course, goes beyond the hacker world), some people see ethical = legal, which is not same thing. In that sense, I agree with occupytheweb. If you are working for the greater good, then you could consider yourself always as a white-hat, even if your doing illegal things. But, then again, there are different theories about what it is ethical and what it is not.

Personally, I just don't like the importance that some people give to the law. Not everyone lives in the same country and, therefore, what it is legal and what it is not may be different for different people. And, of course, I'm not talking about grey areas (pedophilia, murder, torture, etc) - I'm talking about freedom of speech, for instance, or the right to protest.

Legal and ethical are NOT equivalent.

Totally agree with you, if that wasn't clear :)

The thing with these "white hat VS black hat VS grey hat" discussions is that they aren't really facts, but rather opinions. I think even OTW has to admit that.

It is like good VS bad. To give you an idea:

  • The terrorists who attacked Belgium & France these past months believed what they were doing was right.
  • Bin Laden thought he was doing right by crashing jetliners in the twin towers (sorry if I offended my American brothers, but it has happened, and we must learn from it).
  • The NSA believes they are doing right by spying on their own citizens.
  • The US DoD believes they are doing good by invading other countries for "national safety".
  • The people who made up Operation Northwoods thought they were doing right.
  • Hitler thought he was doing good by creating the Holocaust.
  • The list goes on...

So, what does history have to do with black hats and grey hats? I dug up some events, ones from the past and ones from the present, to prove a point: Everyone, no matter the horrific things they have done, believe what they are/were doing was right. All humans believe what they are doing is right. The same applies to hackers! Black hats believe what they are doing is right. White hats believe what they are doing is right. Grey hats also believe what they are doing is right.

And this is why it is so hard to place border between what is white hat and what is black hats. EVERYONE will have a different vision on what a black hat and what a grey hat and what a white hat really is, because of our own personal opinions! There simply is no border between good and bad, or somewhere in the two. That is why you basically can't really ask someone else to answer this question for you. It basically comes down to this: answer this question for yourself.

But take note: like OTW said, ethical =/= legal! The borders of what is ethical and what is not isn't clearly defined, but the borders of legality are! Know the difference between the two, as this is VERY important!

I hope I didn't annoy you with my long rant, and I hope I helped.

I had to cut my comment in half to prevent AJAX errors :/.


Null Byte is a "white hat" community of hackers. That is the ONLY reason that this question is important.

Let's not be limited by some textbook definition. You are a white hat hacker if you are using your skills for a greater good or ethical purposes. Period.

With all due respect, but that is your definition of "white hat". There will be people who will disagree with you, and with me.


Disagreement is fine. I don't feel compelled to be bound by some textbook definition.

I agree that we shouldn't follow textbook definitions of things.


I used to think that there were probably 3 categories that we fit into, however, using blanket statements on social aspects never works out well.

With people there are far too many variables to take into consideration, and you will quite often come across outliers even when you do think you've got a formula or definition.

To be quite honest, I feel it all comes down to intent. With all of this in mind this becomes less of a 'textbook definition' kind of thing and falls into the realm of philosophy. Something, that I'm sure we can all agree on, is something hacking is deeply rooted within.

As OTW stated, if what you're doing with your knowledge is for the greater good, then you can be considered a white hat. If you use your knowledge for unethical reasons, then you can be considered a black hat. So for all intensive purposes, white or black hats, we're all grey hats until our actions define us as otherwise.

At the end of the day, legality does not necessarily translate to ethics, you have to take things in a case by case basis.

Just my take on it.


I wonder. Perhaps I should sometime write a post about it. Added to null byte to do list after my next installment on another series. Some problems, that's all.

As to your particular example, it is basically a grey hat activity, and you are essentially showcasing your skills.


Both OTW and myself have written about it, it's entirely up to you, but it's been covered. I feel that maybe it's a little redundant.


It is written, but I don't really agree with those. Both those posts have been written really well, but you don't even try to define what they actually mean. You combined many things in really casual definitions. And I don't agree with what OTW said.

Don't get me wrong, you are a smart guy, but my words are rather subjective based on your one specific post. Because chaos shall reign.


Like I said, it's entirely up to you. Just wanted to give you a heads up.


Share Your Thoughts

  • Hot
  • Active