What you said is correct, that is what needs to happen (society and law needs to move out of the dark ages), and the only way for that to happen is brave canaries with squeaky clean reps, and sharp lawyers to blaze the path. My version was just to say be aware of the risks, that you would take by even putting your name to a hack, with any disclosure at all. If you dont want to be a canary. Possibly would be advisable to use a laywer for some anonmyity insulation to even sell a hack to one of the disclosure service pimping sites. (They probably are selling them to the NSA/Orwell 2.0 crew so taking their money is probably dirty money.) Independent security researcher can be risky. Get a legal signed doc from the people you audit people say (yeah like they're gonna give you one for an unsolicited investigation). Weev was an independent security researcher after all, in a team even. Goatse security http://en.wikipedia.org/wiki/Goatse_Security. They did find some interesting and news worthy hacking stuff, even won awards from Tech Crunch seemingly. Adam On Tue, Jan 07, 2014 at 11:29:58PM +0100, rysiek wrote:
Hi there,
/me has his monthly "let's reclaim the word 'hacker'" drive
Dnia wtorek, 7 stycznia 2014 23:15:52 Adam Back pisze:
On Tue, Jan 07, 2014 at 01:48:59PM -0800, coderman wrote:
Yes, annoying though that may be to those of us who were called hackers before that became a bad thing. But we're outnumbered thousands-to-one, and we're just not going to win that language war.
use the term "independent security researcher",
your legal counsel will thank you!
A cryptographically secure pseudonym would probably work even better. Weev didnt actually do anything wrong that I could see, by any sane interpretation of even something as egregious as CFAA and he's serving 41 months. A lawyer is a last resort, step #1 is not identifying yourself even for non-malicous research I suspect.
I draw different conclusion here -- people do not understand hackers (in the original, non-pejorative meaning of the term), and hence are afraid of anything "hacker-y". Weev went to jail not because he did something illegal, but because the jury was convinced he's an "evil hacker", and that they need to "send a signal".
If we keep moving back, at some point we'll have nowhere to go.
So instead, we should get people to understand and not be afraid. Show the value to the society (and there is a lot of value in hacking!), and always make clear distinction between hacking (which both Aaron and Weev had done quite a bit of, and I am not referring to their court cases and alleged transgressions) and committing crimes by means of a computer network or electronic device.
As an added bonus, once we get to a point where everybody understands that crime is a crime, regardless of tools used in connection with it, we might finally get some *sane* laws around that topic -- instead of laws that make one get a smaller sentence if they steal stuff with a crowbar instead of downloading it via Teh Tubes.
-- Pozdr rysiek