Thanks for pointing that out. I missed/forgot the subtle difference between "illicit" and "illegal" regarding OS accumulation over time.
So now it is safe to assume that there are (at least) three distinct modes:
- Illicit and illegal
- Illicit and legal
- Non-illicit and legal
I can't help but wonder: Based on what observations / indicators a host distinguishes between 2. and 3.? It appears a host must be able to make this distinction, since otherwise one of the following two conditions would hold:
- Legal matrix actions under illicit but legal access would be unopposed.
- Legal matrix actions under non-illicit and legal access would be opposed.
To my knowledge, a host still gets to oppose legal matrix actions in SR6 even after gaining access through a backdoor entry. Consequently, the first would not be the case. The latter is infeasible, since it would turn usability for normal, honest-to-whomever users to ash (even on moderately secure hosts). Having to continuously compete against a hosts firewall in normal day-to-day operations is simply impractical. So, assuming the illicit/non-illicit part can be inferred, why would a host not immediately revoke legal access of an illicit account?
Am I making a faulty assumption or am I missing something?