In both life and hacking, breaking out of conventional thinking is essential to finding new paths to success. Hackers are masters at non-conformity: hackers think independently, test absolutes, and reject norms. They see opportunities in the gaps, the places where others see only limits. In this blog, I’ll walk you through one aspect of the hacker trait of non-conformity: challenging assumptions. Then, I’ll give you some ideas on how to apply this critical mindset trait to anything in life.

Why Assumptions Matter

Assumptions are the beliefs that we hold about how things will work or how people will behave. We are often blind to assumptions.

Flawed assumptions are the soft underbelly to every system. Humans make assumptions about all kinds of things: what people will or won’t do, what is required, or how long it will take. By identifying and then challenging those assumptions, hackers find weaknesses in those systems.

This can be applied to anything in life. Where other people simply accept what they’re told and go about life without questioning things – you want to do the opposite. By refusing to blindly conform, you will find the loopholes, shortcuts, and overlooked assumptions that everyone else missed. Those reveal new pathways that enable you to achieve your goals bigger, better, or faster.

To examine this critical issue, let’s first explore a hacking story, and then talk about some tactics you can apply in order to be more non-conforming yourself.

Can dating be hacked?

If you’ve ever been on a dating app, you might wonder if your information is exposed in ways you didn’t intend. Our team of hackers asked the same question, and decided to research vulnerabilities in apps like Bumble and Hinge. (Brace yourself: if you thought dating was messy before, this story might make it worse).

After months of research, the findings were pretty interesting:

1. Attackers could change vote data: Want to be swiped right? With a little code manipulation, you could get a match even if someone swiped left.
2. Location triangulation: Was there someone who ghosted you? Attackers could use location data to figure out exactly where that person lives.
3. Free premium upgrades: Skip the payments and bypass the app’s premium version security to access extra features without paying.

So, why did these flaws exist? As with many vulnerabilities, the issues boiled down to flawed assumptions the app developers made about users and security. Here are a few of the biggest:

• Flawed Assumption 1: Registered users aren’t malicious – Many apps assume users will follow the rules, so they don’t include protections against malicious actions. We found that attackers could simply create free accounts, then target other users for sensitive data.
• Flawed Assumption 2: No one monitors backend data – When users swipe or interact with the app, information often leaks through app requests. An attacker could use basic hacking tools to capture this sensitive data during normal app interactions.
• Flawed Assumption 3: No one tries unlimited login attempts – Without limits, attackers can repeatedly try usernames and passwords until they gain access. A solution called rate limiting locks users after several failed attempts, but if developers assumed no one would try this, rate limiting might be missing. And because many people reuse passwords, attackers could then use these credentials on other sites, like banking or email services.

This story illustrates the power of challenging assumptions – because in so doing, you find the assumptions that are flawed. By identifying and questioning these “rules”, hackers uncover vulnerabilities that others overlook.

Here are a few ways you can apply this form of non-conformist thinking to anything in life.

Tactic #1: Test Absolutes

Hackers, like scientists, avoid absolute terms like “always” or “never” because there are usually exceptions. When something is universally stated, it often masks overlooked weaknesses ripe for exploitation.

Systems sometimes rely on absolute terms like “must,” which trigger hackers to ask whether that is always true in all cases. This probing frequently reveals flaws. Absolutes usually hide flawed assumptions, and finding exceptions can expose ways to exploit or bypass the system.

This applies to both technical systems and to life. Common absolutes include “always,” “never,” “must,” and “impossible.” Whenever you hear these, it’s an invitation to explore further.

To test absolutes, here are a few simple steps. First, look for edge cases, the extreme scenarios that systems may struggle to handle. Second, probe for flexibility, because rigid rules often break with unexpected input. Third, test in various contexts. If an absolute fails in any one context, it’s not absolute.

Tactic #2: Reject Norms

Challenging assumptions means questioning the accepted truths and beliefs that shape our decisions. This process encourages critical thinking, reveals biases, and helps overcome complacency, ultimately uncovering overlooked perspectives. It’s how hackers expose hidden flaws leading to major security breaches.

Taking it further, rejecting norms means actively choosing not to conform to societal expectations or traditional standards. It’s a powerful act of independence that enables you to define success on your own terms and innovate. As one hacker once said: “There’s the normal way to do things, and there’s the abnormal way. Start with the first, but definitely try the second.”

Hackers often embody this by defying appearance norms at conventions. Mohawks, bright hair, or utility kilts may be “unusual” at most conferences, but you see these all over hacker events like DEF CON. Hackers embrace their individuality without concern for conventional judgments.

To reject norms, follow these steps: First, identify the norm. Second, understand why it exists. Third, decide if rejecting it is safe and will empower your independent thinking. By daring to be different, you’ll uncover paths others overlook.

Tactic #3: Identify & Challenge Assumptions

Hackers excel by spotting assumptions and questioning their validity. Even valid assumptions often reveal weaknesses worth exploring. You can approach this in three steps.

First, identify assumptions. List what you assume to be true or false about your goal. Use questions like: How long will it take? Who needs to be involved? What will it cost? What do you consider impossible? These reveal your underlying assumptions.

Second, challenge assumptions. For each assumption you’ve identified, ask: What if this isn’t true? Could it be wrong? Are there exceptions? This step exposes potential flaws in your thinking.

Third, categorize Assumptions. Once you’ve challenged each, sort them into 3 groups: valid, flawed, and invalid. Valid assumptions hold up to scrutiny. Flawed assumptions are mostly true but have issues. Invalid assumptions are simply incorrect.

Once you’ve done all three of those steps, explore the flawed or invalid assumption to brainstorm new actions you can take based on what you’ve uncovered.

Summary & Call to Action:

These three tactics—testing absolutes, rejecting norms, and challenging assumptions—provide a roadmap to see the world like a hacker. By breaking away from rigid, conventional thinking, you open doors to new pathways and hidden opportunities. Remember, some of the most important discoveries come from daring to question the rules others blindly follow.

These concepts, along with many more, come from my upcoming book, Inner Hacker. If you’re ready to explore this mindset more deeply, join the waitlist at https://www.tedharrington.com/inner-hacker.

~~

Ted Harrington is the #1 bestselling author of Hackable, the Executive Partner at ISE, and co-founder of both Start VRM and IoT Village. Learn more at https://ise.io