I just read through the entire Matrix section of SR5, along with the relevant part of the Gamemaster Advice section. I like what I see thus far, and I greatly appreciate the efforts the book goes through to create a sensible visualization for what the Matrix looks like. There are still several things I find to be unclear, however, and a common thread among them is that they involve Matrix Perception, what sees what in the Matrix. My puzzlement is separated into different parts below. They make references to three in-book examples: the Bank Heist and Renraku Sarariman in the Matrix section, and the Drone Battle in the Rigger section.
---
Seeing Files
In both the Bank Heist and the Renraku Sarariman, the hacker is apparently able to see files on a commlink without first having to get permission or illegally apply a mark. The Renraku Sarariman reasons that the "target" (whether that's the file or the commlink I'm not sure) wasn't running silent while the Bank Heist states that the waitress "hasn’t protected her commlink’s privacy." In addition, the text for the Matrix Perception action explains that one piece of information that can be obtained from a successful test is "any files [the target] may be carrying," although this point isn't shared in the red Matrix Perception box on p.235.
I spent hours thinking about how to interpret this, it seemed rather strange for everyone's commlink files to be listed for anyone to see. They ordinarily can't even protect themselves by running silent because, as stated in GM Advice, "law enforcement services require people to run their personal device in normal mode so their identity can be verified." That makes things rather awkward when I'm out in public with a few files in my commlink that happen to be labelled as "gratuitous porn." My confusion was cleared up, however, when I ctrl-f'd for "files" and found a very important bit in the initial fluff part of the Matrix section:
Most of what you keep on your commlink are files, this includes music, your SIN (fake or otherwise), licenses (also fake or otherwise), maps, email messages, your contact book, AROs, and so on. These files are visible to people who can see your commlink in the Matrix, so most people keep all of their files in a protected folder.
Before, I was thinking that the best method for privacy was to have the files themselves run silent, but after this revelation, I no longer think files can even run silent in the first place. As it says, the best way to hide your files from view is to put them in a "private" folder (which is a file itself) and then apply protection on that folder, requiring illegal action to peek inside.
With all this in mind, here's a procedure I've come up with for taking a file from someone's commlink:
- Make a Matrix Perception Test to spot the target commlink and see its top-level files. >100m distance from the target commlink or the target commlink running silent will require at least two net hits.
- Make a Brute Force Test or a Hack on the Fly Test to apply a mark on the target file.
- Make a Matrix Perception Test on the file to detect cracking-required protection or a Data Bomb. If you previously made a very successful Hack on the Fly Test, you might be able to get that information already.
- Make a Disarm Data Bomb Test if a Data Bomb is present.
- Make a Crack File Test if protection is present. Note that this is an Attack action, so a success will notify the file that it is under attack, and it will likely report to the commlink's owner, in turn.
- If you target file is a folder, make a Matrix Perception Test to see its file contents and select a new target file, returning to Step 2.
- Make an Edit File Test to create a copy of the file with you as the owner.
- Make an Edit File Test to delete the original file, if desired.
What do you think of this assessment? Does it match the rules?
---
Running Silent
This puzzlement mainly focuses on a single sentence concerning running silent that really throws me for a loop:
Note that if there are multiple silent running icons in the vicinity, you have to pick randomly which one you’re going to look at through the Opposed Test.
I find it reasonable to assume that when it comes to security personnel, they're likely to have all of their wireless devices running silent to defend against intruders, especially since everything except their commlinks are not penalized for doing so. So lets say a party of shadowrunners is duking it out with a bunch of them. The hacker suspects that the guards are using smartguns and would like to brick them. He first needs to find their hiding icons on the Matrix, so he makes a Matrix Perception Test to do a 100m sweep and confirms that there are indeed icons running silent within the vicinity. The only problem is that there's a lot of them! That's what happens when you're infiltrating a secret corporate complex. Now because of the rule quoted above, the hacker has to pick one of the running-silent icons at random and hope that it's a smartgun used by one of the guards. If there's a hundred icons running silent and three smartguns, it's very unlikely for the hacker to investigate the right target.
I imagine the way it should work is that the hacker ought to be able to specifically target an running-silent icon and try to reveal it with a Matrix Perception Test if he has an idea of what it is. In my example above, after making a general scan for running-silent presence, he should be able to guess that a specific one of the icons associates with a smartgun his party can see in meatspace, then proceed to target it with a Matrix Perception Test.
The one in-book example we have for detecting running-silent icons via Matrix Perception is the Drone Battle:
Spike performs a Matrix Perception actions, knowing that Driver’s RCC and his rotodrone are running silent within 100 meters. He makes a Computer + Intuition [Data Processing] roll, while Driver and his drone make their Logic + Sleaze rolls. Spike gets at least one net it on each icon, locating both devices. He can’t find the Optic-X or the LDSD-41 because they’re too far away.
Unfortunately, this doesn't provide the clarification I hoped to get because from I can tell, the RCC and rotodrones are the only two running-silent icons within the 100m vicinity, so all Spike had to do was two successive opposed Matrix Perception Tests to reveal both of them.
How do you think the rules for detecting running-silent icons work?
---
Sharing Spotting Information
On p.247, a point is made to say that a host and it's IC instantly share spotting information, but I could use a little clarification on what exactly that means. Obviously, when an IC or host spots a hidden (i.e., silent-running) persona, the entire collective will then instantly spot it, as well. Now lets say that the persona uses the Hide action (which only applies to one target icon) on one of the ICs or the host. Does this cause all of the ICs and the host to then all lose sight of the persona? Or does the action only work on that target and then becomes negated when instant spotting data is shared again by the others? The Bank Heist example appears to suggest the former. The hacker uses Hide on the bank host, causing the host and all of its ICs to lose sight on him. If that's so, then it seems to me that a host and its ICs effectively count as a single entity when it comes to things they're spotting (along with bearing marks).
A more important question, however, is how sharing spotting information works among personas. Say Persona A spots a hidden icon. Can it share that information to Persona B so that Persona B can see that icon, as well? Does this work instantly? Or does Persona B have to do a Matrix Perception Test to find the icon for itself? Assuming both Persona A and B can see the icon, what happens if the icon uses a Hide action on one of them? Does shared information negate the action from doing anything? The answer to these questions becomes especially crucial when it comes to a host (and its ICs) sharing spotting information with a security spider and vice versa.
---
Patrol ICs and Security Spiders on Patrol
When it comes to a hacker infiltrating a host, there are likely to be a couple of watchful icons to be wary of: the Patrol IC and the security spider. Both of them will be using the Matrix Perception action to seek out intruding personas, but a point of concern is just how often they should be doing such actions to achieve their end. Technically, a Patrol IC (or spider) can make a Matrix Perception Test every combat phase, meaning that it can likely do over 30 tests in a single minute. It's not like it has anything else to do, anyway. Obviously, this would be ridiculous for a GM to play out. A balance needs to be found between letting the hacker PC do what he wants to do and having the Patrol IC and security spider pose a threat by allowing them to do what they're suppose to do.
Furthermore, when a Patrol IC (or spider) actually sees a hacker, how exactly should it determine if the hacker is an intruder, especially if the host expects to have customers/guests/clients? Should it make a Matrix Perception Test on the hacker to look for illegal programs or an illegal last action?
Let us consider for a moment the other ways for a hacker to get caught besides through the solo efforts of a Patrol IC or spider:
- Host convergence
- Failing on a Sleeze action
- Succeeding on an Attack action
The last point is particularly puzzling because it doesn't instantly reveal the hacker and his intrusion, but prompts the Patrol IC (or spider) to look for him. In this case, how often should the Patrol IC do Matrix Perception Tests against the hacker? How long should it make tests against the hacker until it gives up and goes back to its normal routine? Overall, is solo Patrol IC/spider investigation worth simulating besides one or two Matrix Perception Tests, or is it enough just to have these other ways for the hacker to get caught?
I think this is mostly right but have 3 concerns, concerns which has bugged me from day 1 abuot the matrix 5e.
The first is the randomly analysing icons that are running silent - basically this breaks the game with enough hidden icons in any one area, and easily doable by anyone with a handful of "decoy" commlinks all running silent.
Secondly, the putting files in folders, and protecting the folders. If you can do this, couldnt you have 10 folders, all with protection, which will also break hacking... because it will take so long to get to the real info that your OS will be at 40 before then. That line you referenced about people keeping their files in a protected folder is very interesting. It is a shame there is not clear example of how that is supposed to work, they really need one - errata!
Thirdly, even the mechanic is that you have a "shared" and "not shared/protected" folders only, it bugs me that your commlink's firewall doesnt help you. At all. Any hacker can see your two folders, but has to crack the protected one to get more. In order to crack the folder your commlink's firewall is completely irrelevant. From memory the defender's dice pool is simply protection x2. That's just... dumb. Personally i greatly prefer a bit of 4e here - along the lines of you have shared and private folders on your commlink. Anyone can view the shared folder (like a standing invite to mark or something). To access the private folder however the person has to hack your commlink first. Firewall is therefore involved. Once they have a mark on your commlink, then the hacker can do the usual things marks let them do, attempt to crack protected files, and so on. I really hope there is an errata to files and the matrix, or some optional rules in the eventual matrix book that make this process more intuitive/sensible (even if it might take slightly longer, one extra dice roll?).