What really is a "White Hat"

If you've spent anytime reading about Hackers and hacker methodology you've undoubtedly heard the phrase "White Hat Hacker". All too often we hear about XYZ hacker/group that finds unsecured data on the internet (Watchguard and Amazon S3 buckets are a notable example).


I'm going to come right out and say it: 90% of the time what you read about white hat hackers is wrong. Straight Wrong. Let's get one thing straight, there is only one thing that separates a white hat from a black hat; consent. It's really strange that in the year 2020 I have to write that consent matters, but it does.


Do you want to know what doesn't matter? Your intentions. I'll frequently read that White Hat hackers do things with good intentions and that's what makes them a white hat; but here's the thing. If you don't have permission then you have broken the law. It's that simple. It really is that simple.