The ethical route, ie “white hat”, is to contact the owners about the exploit with a fixed period disclosure. Ie, “fix this in 30-90 days, or we will publish our method”.

I'm not sure that is the ethical route when you're talking about disrupting the operations of a Nazi-led government.

[–] towerful@programming.dev 3 points 5 days ago (1 children)

Hmm, maybe I mean moral?
Like, there is a correct way to go about something regardless of context.
As opposed to doing something because of the context.

Any exploit should be notified to the software/platform maintainers with a proper disclosure timeline to ensure it gets fixed in a timely way.
That is the correct way.

Abusing the shit out of a poorly implemented nazi government is the moral thing to do, but would go against a white hat's ethics. Collectively a good thing to do, but not the correct thing to do as a white hat.

Are gray hats more ethically and morally true?
This is getting to deep for me.

[–] Ashelyn@lemmy.blahaj.zone 2 points 5 days ago

I guess you could consider someone who is staunchly whitehat with no exceptions to have a creed/code, where they consider the rules transcendent of any specific situation (e.g. nazi websites).