The way this goes in the digital space, people expect to break into my "house," see if they can get into my safe, snoop around in my wife's/daughter's nightstands, steal some of their underwear as a CTF exercise, help themselves to my liquor on the way out, then send me an invoice for their time while also demanding the right (or threatening) to publish everything they found on their blog. Unsolicited "security research" is a shakedown desperate to legitimize itself. Unlawful search/"fruit of the poisoned tree" exists to keep the cops from doing this to you, but it's totally acceptable for self-appointed "researchers" to do to anybody else I guess.
"Ethical hacking" is notifying the owner/authorities there's a potential problem at an address, seeing if they want your help in investigating, and working with them in that capacity-- proceeding to investigate only with explicit direction. Even if their incompetence or negligence in response affects you personally, that's not a cue to break a window and run your own investigation while collecting leverage you can use to shame them into compliance. That shit is just espionage masquerading as concern trolling.
You can say "that's not what I mean by ethical hacking", but that doesn't matter, because that's what the term of art itself does mean.
If you want to live in a little rhetorical bubble where terms of art mean what you think they should mean, that's fine. I think it's worth being aware that, to practitioners, that's not what the terms mean, and that people familiar with the field generally won't care about your idiosyncratic definitions.
But the companies that brand themselves as selling "ethical" penetration testing, and sell certifications for "ethical hacking" would very much like you to lump other companies and other security researchers who are operated legally into the same mental bucket as criminals by implicitly painting them as "unethical".
