Know what you are doing. Good intentions are necessary, but not sufficient.
If you don't know what you are doing, at least make absolutely sure the experiment can't escape the lab.
Beware of side effects. If you anger a botnet controller, chances are your whole house, if not your whole block, is getting DDoSed.
- Know how to give yourself an air of legitimacy: you may need it unexpectedly.
- Know the law, and don't break the ones that matter. Nobody cares if you have a high-flow showerhead. Everybody cares if you plant strobing GIFs on the web forum for the National Epilepsy Foundation.
- Don't pick fights. Best case, you are kicking some sad person who can barely send email, and you're a pathetic lowlife. Worst case, 25 refrigerators will show up at your house, you will be billed, and it will ruin your credit. Also, good luck opening the door with 25 refrigerators blocking it. Then it gets worse.
FINAL SAFETY TIP
Never trust skiddies.
This presentation is based on a talk by Susan Sons at the
2016 CACR Security Matters Summer Camp.
That talk is licensed CC-by-sa and available at http://slides.com/hedgemage/ethics-for-infosec-beginners-2016 .
Ethics For Infosec Beginners
By Susan Sons