On Wed, Jan 8, 2014 at 8:03 AM, Adam Back <adam@cypherspace.org> wrote:
... Independent security researcher can be risky. Get a legal signed doc from the people you audit people say (yeah like they're gonna give you one for an unsolicited investigation).
Weev was an independent security researcher after all, in a team even. Goatse security http://en.wikipedia.org/wiki/Goatse_Security. They did find some interesting and news worthy hacking stuff, even won awards from Tech Crunch seemingly.
my comment was in reference to the prosecution of a guy for merely calling himself a hacker, e.g.: https://plus.google.com/+AndreasSchou/posts/XBhgQ72UP83 "" ... accused of: threatening national security by open-sourcing a network visualization and whitelisting tool.... "" ... and ""hacker" admission on defendants website" !!! also, http://www.techdirt.com/articles/20131022/13260324972/govt-contractor-uses-c... http://nakedsecurity.sophos.com/2013/10/25/developers-computer-seized-becaus... the only reliable way to avoid retribution and arbitrary prosecution seems to be: stay off the radar! but this runs counter to the need, as you describe, for "brave canaries with squeaky clean reps". i am exploring a gambit for disclosure post-statute-of-limitations, but even this protection seems meager and risky.