[michaelt]

Quite a few countries have laws from the 1980s that basically say "gaining unauthorised access to computer systems is a crime"

Which is of course a very expansive definition. Think you've found a leaked database credential and you test it before reporting, so as not to create a false alarm? That's illegal hacking. Almost any persistent XSS? That's illegal hacking. Access an admin panel by entering a default password? You guessed it, illegal hacking.

We might get the impression these laws don't exist, because they aren't enforced internationally or if the hacker can't be identified - so black-hat hacking, cryptolockers, tech support scams, giant data breaches and suchlike go completely unpunished. But a white-hat hacker who identifies themselves in hopes of getting their security report taken seriously might well get a visit from the cops.

[gonzo41]

In Australia the goto for dropping a legal hammer on a digital crime is "misuse of a carriage service" which is just a big lasso that puts crimes like fraud that happen on the internet into a simple basket so they can attach sentences as they see fit.

[nerdawson]

Both the first and third example you gave would strike me as crossing the line.

Without permission to test the security of a system, you shouldn't be trying credentials you've stumbled upon or defaults.

If you randomly try my front door and find that it's unlocked, don't expect me to be thanking you.

[drdaeman]

> If you randomly try my front door and find that it's unlocked, don't expect me to be thanking you.

Why? If someone tries my front door, doesn't go in but confirms that it is unlocked by opening it by an inch (=verifies the DB credentials but doesn't run any queries) without really peering into my private spaces, then privately reaches out with "hey, hey, your door is not locked - I haven't went in but I know it's unlocked, you may wanna look into this" then I imagine while that could be odd situation (e.g. depending on whenever one has a lawn), I would be grateful and not in the least bit offended.

Surely, I wouldn't be happy if I'd get an alarm that my door is suddenly open (IDS alert) and would react accordingly. But if my door is not locked and I'm not aware and someone responsibly discloses this - I don't see how that'd be an issue.

[throwaway744678]

A friend or a nice neighbor: why not. But a random stranger? I'd certainly be unhappy! Why would they even try to open the door in the first place?

[sodality2]

Better one who would let me know, than someone who would steal everything and sell it, no?

[KyeRussell]

Sure, but that doesn’t mean that I’d be thanking you.

These arguments about computer crime law are always the same, and people with your view always shoot themselves in the foot with analogies like this. This is not a pre-existing social expectation. If someone comes to my front door, tells me that it’s unlocked, and tells me that they were trying peoples front doors for the intellectual thrill, there is a 0% chance that I’m an reacting positively. I challenge you to find any material proportion of well-adjusted non-nerds that don’t agree with me.

[sodality2]

These analogies to the real world fall apart when you realize that cyberspace is filled with millions of people trying to "break into your house".. If you have an internet-connected service you need to expect people to attack it. Not so with a house.

Of course, you have every right to be upset that someone tried to do that to you. But it's clear they don't have bad intentions at least, because they let you know.

[nerdawson]

If somebody tried my door handle, I’m immediately going to assume malicious intent.

Start trying door handles in your neighbourhood and I can guarantee you’ll either be assaulted by an unhappy resident or arrested pretty quickly. It’s not acceptable behaviour however altruistic you believe it to be.