Who are the top white hat hackers

White Hat and Black Hat: Debate on racism about names for hackers

The controversial question of whether certain terms in the IT world are discriminatory is now also sparked by the hacker terms white hat and black hat. The latest debate was triggered by Google's Android security chief David Kleidermacher, who canceled his appearance at the US edition of the major Black Hat security conference. Kleidermacher justified this with the fact that the terms white hat and black hat should be replaced by other, less prejudiced words.

Just like the terms whitelist and blacklist, the hacker names would carry on the harmful cliché of good white and bad black, explained Kleidermacher. He also suggested speaking of "person-in-the-middle" attacks rather than man-in-the-middle in the future. Even if changing the language is only a small part of the fight against discrimination, it is still important and good to have the debate about it, emphasized Kleidermacher.

Good and bad, black and white

White hats are hackers who use their technical knowledge and skills constructively, uncover security gaps and help improve IT security. Black hat, on the other hand, is a term used for criminally acting hackers who, for example, commit theft or intentionally cause damage. The terms are mostly traced back to a convention in certain western films from the 20th century: Heroes wore white hats and the villains black.

This is exactly what countless votes against, reports the IT side Zdnet. According to the critics, there is simply no reference or even value statements to human skin color. Likewise, allegations of "virtue signaling" against clothing makers are loud, that is, the mere display of a moral attitude and an overreaction to the mere use of the word "black".

Apparel makers also received approval, but overall the dissenting voices in the security community predominate, estimates ZDnet the mood. The organizers of Black Hat had already declared their solidarity with the Black Lives Matter movement last month. An intention to rename their own fair to "Unethical Hacker" or something similar has not yet been revealed by the organizers.

Master and slave on the blacklist

The debate about technology terminology without presumed discrimination has been going on for a long time in numerous IT companies and developer communities. In the wake of the protests that flared up after the violent death of the African American George Floyd, the discussions have often gained pace and sharpness. The terms master and slave as well as blacklist and whitelist are seen as problematic.

Recently, for example, Twitter announced that it would replace these technical terms, which were perceived as sensitive, with others. The developer Regynald Augustin published a list of changes, including gender-neutral formulations, via Twitter. The version management platform GitHub had previously announced the search for alternative terms, and Google projects such as Chrome, Android and the Go programming language want to make the linguistic change. The debate has recently reached the Linux kernel development community - in the form of a patch proposal for documentation and coding style guidelines.

As early as 2014, for example, the Drupal developers initiated the departure from the master / slave terminology and replaced it with the terms primary and replica. Others followed suit - including the developers of the Python programming language, the Chromium open source browser project and the PostgreSQL and Redis database systems.

The wrong side of the story?

However, there are also examples of projects that decide not to change terminology. A vote by the steering committee of the Open SSL project, called OMC, was recently against replacing terms. The submitter of the relevant pull request, Akamai employee Rich Salz, then announced his departure from the project. The OMC would be on the wrong side of history, Salz justified his move.


Read comments (839) Go to homepage


Don't miss any news! Every morning the fresh news overview from heise online