Forum Thread: White-Hat Grey-Hat Boundary

Hey everyone.

So, this is a thing that I have been wondering for a while. Where white-hat ends and grey-hat begins?

For instance, imagine that your objective, while hacking, is to find criminals (drug-dealers, paedophiles, sex-offenders, you name it). Of course, if you are operating alone (i.e. without the help of the law) what you are doing is illegal, even if you are doing it for the right reasons. Is this white-hat, because illegal, or grey-hat? Because, for me, grey-hat is when you do it to gain something in return. In this cause, you are doing it for the greater good. Does anyone has an answer for this?

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

14 Responses

This is a very important question. Illegal doesn't necessarily mean black hat. For instance, many of the activities of anonymous are illegal, but for a greater good. In those cases, I consider it white hat hacking.

That would probably be listed under grey. If there's any illegality involved, it's immediately listed as grey or black.

That is the consensus definition, but I disagree.

Everyone has different views,
here's mine:

WhiteHat: a hacker who gets permission (or goes on bounty programs) to hack and find loopholes in a system and reports it to the company/owner of the system and suggests how to patch it before the 'other hats' find and exploit those loopholes.

GreyHat: a hacker who sometimes hacks for the good or bad deeds. In my opinion, they are the ones who are classified as the "gray area" between the two sides of the spectrum (white and black). In a way, I tend to think of them like this: "if a hacker hacks and steals money from a wealthy person, but then donates all of that money to a charity, sure, they did something bad, but they used what they stole and put it towards a good purpose (the charity)"

I hope this helps.

I believe "ethics" is the term you're looking for. Both white and grey have a sense of ethics. Black hats would have minimal to none.

I think we all agree, in some sense. However, and this worries me a lot (and this, of course, goes beyond the hacker world), some people see ethical = legal, which is not same thing. In that sense, I agree with occupytheweb. If you are working for the greater good, then you could consider yourself always as a white-hat, even if your doing illegal things. But, then again, there are different theories about what it is ethical and what it is not.

Personally, I just don't like the importance that some people give to the law. Not everyone lives in the same country and, therefore, what it is legal and what it is not may be different for different people. And, of course, I'm not talking about grey areas (pedophilia, murder, torture, etc) - I'm talking about freedom of speech, for instance, or the right to protest.

Legal and ethical are NOT equivalent.

Totally agree with you, if that wasn't clear :)

Null Byte is a "white hat" community of hackers. That is the ONLY reason that this question is important.

Let's not be limited by some textbook definition. You are a white hat hacker if you are using your skills for a greater good or ethical purposes. Period.

I used to think that there were probably 3 categories that we fit into, however, using blanket statements on social aspects never works out well.

With people there are far too many variables to take into consideration, and you will quite often come across outliers even when you do think you've got a formula or definition.

To be quite honest, I feel it all comes down to intent. With all of this in mind this becomes less of a 'textbook definition' kind of thing and falls into the realm of philosophy. Something, that I'm sure we can all agree on, is something hacking is deeply rooted within.

As OTW stated, if what you're doing with your knowledge is for the greater good, then you can be considered a white hat. If you use your knowledge for unethical reasons, then you can be considered a black hat. So for all intensive purposes, white or black hats, we're all grey hats until our actions define us as otherwise.

At the end of the day, legality does not necessarily translate to ethics, you have to take things in a case by case basis.

Just my take on it.


I wonder. Perhaps I should sometime write a post about it. Added to null byte to do list after my next installment on another series. Some problems, that's all.

As to your particular example, it is basically a grey hat activity, and you are essentially showcasing your skills.


Both OTW and myself have written about it, it's entirely up to you, but it's been covered. I feel that maybe it's a little redundant.


It is written, but I don't really agree with those. Both those posts have been written really well, but you don't even try to define what they actually mean. You combined many things in really casual definitions. And I don't agree with what OTW said.

Don't get me wrong, you are a smart guy, but my words are rather subjective based on your one specific post. Because chaos shall reign.


Like I said, it's entirely up to you. Just wanted to give you a heads up.


Share Your Thoughts

  • Hot
  • Active