What is this?

As somebody who is in the Infosec/Cybersecurity industry, it is common knowledge that the laws relating to Hacking and Cybersecurity are laughably out-of-date, and as a result, it is technically prosecute somebody just for visiting a website and clicking a button.

In order to raise awareness about this issue, I decided to make this website to show everybody (including those not technically-savvy) just how riduclous the current laws are, and hopefully drive some change.

Legal Poll:

Is it illegal to access a completely open MongoDB database?

No username, no password, no auth at all. Is viewing the records illegal?

— pry0cc (@pry0cc) February 12, 2019


Wait, how is this illegal?

According to the Computer Misuse Act of 1990 in the UK, unauthorised access to computer material, punishable by 12 months' imprisonment (or 6 months in Scotland) and/or a fine. So viewing a page that is unauthorised (in the UK) is illegal. And especially clicking a button that it says not to click!

Why is this important?

It's important to understand where the lines are, is it illegal for a security researcher to stumble across a completely unsecured database? And then view the records in it? If so, why? Why is that any different to loading a web page? On a network level, it's a very similar process. That is why I am calling for the laws to be either updated, or clearly defined and classified


Do you have a following or are part of the press and want to further this cause? If so - share this page.