Not so long ago, in the cybersecurity community, there was talk about deprecating the terms “blacklist” and “whitelist.” Where one list contains domain names marked as bad, “blacklist,” and the other list with domain names marked as good, “whitelist.”
The UK decided to get rid of the terms due to racial stereotyping (ZDNet) since bad was associated with black, and good was associated with white. Google Chrome’s recent efforts also took action to refrain from using such terms. Additionally, back in August 2019, Mozilla Toolkit pushed a change to swap those terms for another.
Now “denylist” and “allowlist” have been used in place of “blacklist” and “whitelist” – making it more clear. The “denylist” blocks those domains listed from interacting with their network, whereas the “allowlist,” formerly “whitelist,” blocks everything but the list of domains.
We tend to use terms all the time due to it being standard in our domain without thinking twice about it.
Moreover, due to the Black Lives Matter movement, it made me look at another term we use in the cyber domain, “blackhat,” “whitehat,” and “greyhat” hackers. Similar to “blacklist” and “whitelist,” “blackhat” is associated with bad hackers and “whitehat” with good hackers. These terms, however, are from western films, where the cowboys wore a black hat if a villain or a white hat if a hero.
“Blackhat” and “whitehat” have no racial origins, but could it/is it offensive? Should we use a different term, and if so, what should we use in place of “blackhat,” “whitehat,” and “greyhat” hackers?
Hitesh Gohil
How about using positiveHat and negativeHat or badHat?