There has been a lot of hacking type questions posted recently in the forums. The subject of ethics and confidentiality came up and I thought I would ask what the members on here think. Most of the tools I cary with me could in fact be used for hacking. I guess in a way, they are. The difference in what I do and what the hacker does is that I have the consent of the person who owns the computer to use these tools. But, this brings us to a fine line. At what point do you break the confidentiality of your customer. A few examples: Last year I was working on my neighbors 14 year old daughters computer. She wanted me to back up all of her pics and and her vacation videos. She said the there were only 5-6 vacation vids in her documents folder. When I looked there were maybe 15 vids so i called and asked if she wanted them all and was told no, she only wanted the vacation vids, just delete the rest so I had to actually preview each one. In one of these she had friends over and was having a party, no parents around. Drinking and doing drugs. This one was easy, sense i have known her dad for years. Along those same lines but a little more extream case, what if while backing up a customers data on a machine you are about to do a reinstall on, you stumble on some kiddy porn? Do you report this? Or is all confidential? Where do you draw the line? Is it wrong to tell someone about a hacking tool?Or do you figure they will find it anyway givin enough time?

Well there is no confidentiality in legal terms when it comes to working on a PC unlike doctors. We are permitted and I believe encouraged to report anything we find illegal on someones PC. I personally would let anything minor slide like say a conversation log about getting drugs for personal use. I personally do not approve of thier use but this does not concern me if it is personal how ever if it was a major drug trafficing log then yes I would report. If I work on a kids computer and know the parents or the parents bring it in and it is a video of the child or thier friends doing heavy drinking and drug abuse I would inform the parents but not the law. If the kids PC has some mild porn I would just clean it off hope they learn better(ways of keeping it hidden :P). I don't think we should snoop but as has been shown in a video here in one of the articles a tech was snoopin for porn and found it. I have seen techs do this at a major retail and repair company. I believe that is wrong but people should know that when we are to back up files we may see something. I believe in respecting thier privacy to the extent we can while still able to preform our job. Its something to determine by the case as it comes up.

On the issue of providing our tools and help to others I am all for it but we do need to be cautious of people will ill intent. If we question properly about the purpose of their request we have a good chance to determine if they are honest about thier request. Most people with a limited understanding can be overwhelmed by the tools even some of the simpler ones. I want to help people but only those who need help and are not out to hurt others

what kind of tools are we considering "hacking" tools. I don't consider, for example, cclearner or any sort of spyware/adware/virus cleaning tool to be a hacking tool. Yes there are tools such as password reset and a boot cd might be considered one of these but thats somewhat far fetched. Hacking means gaining unauthorized access to a PC (at least thats my basic definition). Most of the tools I use do not breech this definition.

When a customer hands over a PC for you to repair, I would think that there is a unwritten assumption that you will do whatever in your power to fix their problem. They might not know the tools you use to do the job, but they know you did it. So if they forgot their admin ID and their able to get into it when your finished, then obviously you "hacked" their computer. I doubt they would care at that point.

As far as illegal content on someones PC, I agree with Blues. I wouldn't get a kid in trouble with the law because of some proof of underage drinking/booze/sex but you bet your ass I would tell the parents. If it were kiddy porn/drug trafficing/murder then yes, I would call the police. It really comes down to common sense. Whatever your gut tells you, thats what you should do (within moral reason of course).

I think we have a few basic problems on the site, nothing major. I agree several posters are asking vague and inappropriate questions for their perceived level of knowledge(IMHO). To this end I'd suggest a "private" forum for more trusted individuals to discuss that sort of problem.

As far as some of the other ethics issues, I do not search for pictures or movies on a computer (unless asked to). And I certainly do not copy any documents, pictures, movies etc from a customers computer, unless it is in the scope of the job. I would not want to "acquire" a bunch of porn only to find that there is child pornography in the mix, I would make turning in the person to any sort of law enforcement very very difficult. Now if I were to come across child pornography I'd contact the appropriate local or national organization I felt most comfortable with. DO NOT COPY ANYTHING ONTO YOUR MEDIA WITH OUT EXPLICIT WRITTEN PERMISSION FROM SAID AGENCY.

I do let the parents know about porn if I find it on minor's computers. If I find porn usage on an adult's machine I try to educate them about being careful online, like using sandboxie, firefox, firewall, AV & AS and keeping their machine patched and updated, etc.

I was reading an article earlier about geek squ. reporting kiddie porn pictures.
customer was arrested.

You have to set policy for yourself or your company. We have policy that certain things have to be reported. Other things can be ignored. Example would be kiddie porn, it has to be reported and we have policy in place to do so. But finding out the person whose computer you are working happens to smoke pot, that can be ignored (as long as they arent 14 year olds, then you tell the parents.) You don't want your customer base to think you are policing them. It isn't good for your business. So you really have to set a policy and enforce it.

As for the hacking tools. The definition of hacker and cracker getting blurred in popular media pisses me off. A hacker is not a bad person, a cracker is. But since the definitions have been so blurred now I guess we will go with the WRONG term hacker (read this (http://www.iwriteiam.nl/HackerDef.html) for the real definitions.) Anyways, Blues mentioned the idea of intent and that is indeed where I would take the discussion to. If you walk into a house with 4 computers and kids/family members who lose passwords and other such problems, teaching a parent (or one of the smarter kids,) how to crack the passwords to fix things isnt that bad. But if someone asks you how to do it so he can spy on someone (his ex for example,) that is not a good idea. Its all about the intent of the person asking.

Its all about the intent of the person asking.

Which is why this topic has such gray area. It's not cut and dry, to each his own.

I think most everyone has said roughly the same thing; you're right that not everyone will agree on all points 100%, but the general consensus seems to be use of some tools for legit reasons is fine, kiddie porn/major crime/felony type items should be reported to the authorities and so on and so forth. I carry a password reset CD on me and used it for valid reasons a hand full of times, but I'm not a cracker (happy greggh...lol). It's gotten both me and clients out of some jams.