Shadowrun
Shadowrun Play => Rules and such => Topic started by: penllawen on <08-16-20/0355:25>
-
Per RAW, there appears to be no way to steal/spoof/dupe a persona. You cannot pretend to be anyone else on the Matrix.
Also per RAW, there's no mechanic to broadcast someone else's SIN, even though a SIN is just a string and it's quite public as most people are always broadcasting theirs. (Stepping beyond RAW, we can assume the SIN's stored biometrics and biographical information wouldn't match, but they don't match for a rating 1 fake SIN anyway.)
So we have two "unstealable"/"unhackable" technologies. Only person A's persona can broadcast person A's SIN.
Meanwhile, we regularly see corp facilities that have security doors secured with keypads, keycard scanners, or fingerprint/retina scanners -- all things the PCs can bypass or fool with advanced tech. (This, of course, is an important game element.)
Why aren't those doors secured with SIN scanners? The corp issued the SINs, so the corp certainly knows all the SIN information. And SIN broadcasts appear to be bulletproof. So if the door only opened on a command from a persona with a validated SIN belonging to someone who works for the corp and has access, the whole thing would be much more secure, right?
-
SIN scanners and SIN checks only pass/fail if its a valid SIN. Not is it Bob from Accounting's SIN.
Weather or not it's Bob from Accounting isn't the SIN databases problem, that's a you problem.
("you" as in that Site's problem)
-
SIN scanners and SIN checks only pass/fail if its a valid SIN. Not is it Bob from Accounting's SIN.
SR5 CRB pg 364 says a R5 SIN verification check has a "Full verification and consistency check; biometrics tested against sample." Rating 6 tests "multiple biometric samples." So it is testing if the person presenting the SIN has the same (say) fingerprints, retina print, and DNA as Bob from accounting.
-
Weather or not it's Bob from Accounting isn't the SIN databases problem, that's a you problem.
Furthermore, per pg 363
A SIN is issued by a country or extraterritorial corporation (AA or AAA rating) at the time a person becomes a citizen.... A set of biometric data including DNA, retinal scan, and fingerprints will also be taken and logged into the system, associated with the newly created SIN. All of this information is then registered with two master databases: one maintained by the country that issued the SIN...
So any extraterritorial corp has a complete database of DNA/retina/fingerprints of all employees who hold a corp SIN, which is presumably all bar the most junior of them. So Renraku surely can tell if it's Bob from Renraku Accounting's SIN.
-
The SIN verification system is just checking the integrity of the SIN and report if the person in front of you is a valid citizen or not. Just as Hobbes said. And just as the game mechanics say.
There are multiple things a SIN verification system can check.....
Verifying that the SIN have an accurate checksum
Verifying that data trail attached to the SIN is not fabricated
Verifying that there is no inconsistencies in the data trail by cross checking multiple databases
Verifying with a biometrics database that this SIN actually have logged samples
Verifying that vital statistics embedded in the SIN is matching logged samples
Verifying with multiple biometrics databases that this SIN have identical samples
But the SIN verification system does not run facial recognition.
It does not include a DNA scanner.
There is no fingerprint scanner.
There is no voice pattern recognition sensor.
There is no need for the subject to have disguise skill or take social tests during a SIN verification.
The SIN verification is just there to verify the integrity of the SIN to make sure it is not fake. That the character indeed is a legit citizen. Nothing more. Nothing less. And to bypass it you just get a fake SIN (any fake SIN will do, as long as the rating is high enough to fool the system).
The corporation probably have one in the public lobby (to make sure no SINless are entering).
Having said that.....
To find out that the character actually belong on a restricted floor (to stop infiltrators) the corporation use different security measurements. Such as facial recognition. Keypads. Proximity RFDI badges with corporate logo and photo of the employer. DNA scanners. Fingerprint scanners. etc etc.
And there are also plenty of rules on how an infiltrator get to bypass them.
-
But the SIN verification system does not run facial recognition.
It does not include a DNA scanner.
There is no fingerprint scanner.
There is no voice pattern recognition sensor.
But that's not what the book says:
SR5 CRB pg 364 says a R5 SIN verification check has a "Full verification and consistency check; biometrics tested against sample." Rating 6 tests "multiple biometric samples." So it is testing if the person presenting the SIN has the same (say) fingerprints, retina print, and DNA as Bob from accounting.
-
This is just more examples of database integrity checking.
You are (wrongly) assuming that a SIN verification unit is taking fingerprints and DNA from the subject (but if you read the game mechanics you can see that this is obviously not the case).
The biometrics that belong to the SIN (according to the GSINR) are verified against the samples that the corporation grabbed from the subject the day the SIN was issued.
SR5 p. 367 Issuing a SIN
A set of biometric data including DNA, retinal scan, and fingerprints will also be taken and logged into the system, associated with the newly created SIN.
If they match (well enough) then the SIN verification unit will be satisfied and it will report back with a green light to the SIN verification operator.
Edit;
If SIN verification would include facial recognition then disguise would be part of beating the verification. But this is not the case.
If SIN verification would include fingerprints then a fingerprint sleeve would be part of beating the verification. But this is not the case.
If SIN verification would include taking blood samples from the subject then preserved samples in an enzyme bath would be part of beating the verification. But this is not the case.
To check the integrity of the SIN only the rating of the fake SIN and the rating of the SIN verification system matters. Nothing else.
-
The biometrics that belong to the SIN (according to the GSINR) are verified against the samples that the corporation grabbed from the subject the day the SIN was issued.
I don't understand how you are contorting "biometrics tested against sample" to fit this. You think the two SIN databases are checked against each other? What does that achieve?
Why are those biometric samples gathered and stored in the GSINR and the corp SIN registry if they are never used to validate the SIN?
-
You think the two SIN databases are checked against each other? What does that achieve?
It is used to validate that the SIN is not fake (as far as the SIN verification unit can tell).
After all, to check that the SIN is not fake is the whole point of the SIN verification check.... ;)
Book is full of security devices you can use to prevent infiltrators.
Book is also full of ways to bypass said devices.
Because you are intended to infiltrate.
But when it comes to SIN verification the only thing it checks is the integrity of the SIN,
to make sure it is not a fake SIN. Nothing else.
And to bypass it you buy a fake SIN of a high enough rating. Nothing else.
-
It was like this in 5th Edition too. There are certain things you can't think about too much. How does a Commlink know you're you? How do Personas and SINs relate?
If you apply real world logic to these gamey sub-systems you'll make anything other than a smash and grab impossible.
You are, correct though, if a Commlink magically knows who you are and you can't use it to broadcast anything other than "Your" SIN, then you'd think that bio-metric data on the SIN could be used to validate who is walking around.
My counter point to that is that is that it should be possible to fool a cheap commlink and put up it's owner's Persona and SIN, except that leads to wiping out the bank accounts of every Commlink you can lift. So, Commlinks need to be magically able to stop that somehow, by game design fiat. And PCs need to be able to do something other than crash a dump truck through the front door.
It is 100% a gamey sub-system. There are absolutely ways to houserule around these issues to make the game world more believable if you want. I wish I had a better answer for you on this, but, it's a compromise that the game writers settled on to make it work. And it does work.
-
You are, correct though, if a Commlink magically knows who you are and you can't use it to broadcast anything other than "Your" SIN, then you'd think that bio-metric data on the SIN could be used to validate who is walking around.
It's what I think of as the "black box problem", as in "why don't they make the whole plane out of the stuff they make the flight recorder from?" Certain tech (most obviously credsticks) is approximately unhackable, yet the strongest encryption on the valuable R&D our PCs steal is not. Why? Why is a 5k nuyen credstick more secure than a billion nuyen project?
There are certain things you can't think about too much. How does a Commlink know you're you? How do Personas and SINs relate? ... If you apply real world logic to these gamey sub-systems you'll make anything other than a smash and grab impossible.
Oh, I don't think it's as desperate as all that. I think you can keep the rules approximately as-is and extend the in-universe explanations to fill in the gaps and inconsistencies. I am working on doing this for the whole of the Matrix, in fact. I already have an answer for persona theft / how commlinks know who you are, for example.
I have a draft answer for the SIN check thing too, although I wanted to see if I'd missed an explanation in strict RAW before writing my own.
-
In 5th edition your persona was YOU, no matter which burner phone you happened to be using at the time. Because your persona icon incorporates biometrics such as brainwaves, and etc.
Trying to impersonate a specific user is on one hand impossible. But on the other, if all you need to do is FOOL someone rather than have an impenetrable disguise (and let's face it, that's the reality in the physical world too, is it not?) you can still achieve that end via editing files on the perceiver's device/host.
-
In 5th edition your persona was YOU, no matter which burner phone you happened to be using at the time. Because your persona icon incorporates biometrics such as brainwaves, and etc.
Why can't I tie someone to a chair, put 'trodes on them, read their brainwaves, boot a commlink that I control but using their brainwaves for the biometrics, and use that to control their persona?
-
In 5th edition your persona was YOU, no matter which burner phone you happened to be using at the time. Because your persona icon incorporates biometrics such as brainwaves, and etc.
Why can't I tie someone to a chair, put 'trodes on them, read their brainwaves, boot a commlink that I control but using their brainwaves for the biometrics, and use that to control their persona?
Because there's no matrix action to force another Persona to take an action.
After that, it's all in-universe technobabble to justify meta positions.
EDIT: of course what you CAN do is hack into a host/device and edit the security logs to falsely indicate the schmuck you're framing did whatever it is you wanted to impersonate him for. And better still, you don't even need to tie him down and hook him up to a commlink to do it!
-
Because there's no matrix action to force another Persona to take an action.
After that, it's all in-universe technobabble to justify meta positions.
I find this reasoning very unsatisfying. The purpose of RPG rules is to simulate the in-universe situation. If something is possible in the fiction, it should be possible in the rules. The rules cannot be infinite, so when the fiction goes to places the rules do not, GMs should bridge over gaps by extending the existing rules logically and coherently. So if something shouldn't be possible in the rules, there should be a clear reason why it isn't possible in the fiction.
This isn't an obscure edge case. In a high-tech heist game, identity theft of personas is going to come up as something the players want to do. When my players want to do something that the rules don't cover but that should logically be possible, it's my job as GM to keep the game running.
If we use your "you can't do that because there's no explicit action for it" logic we can break the game in all sorts of ways. There's no action for sleeping. There's no action for eating.
There's no action for using a grapple fist to fly over your enemy's head while shooting down at them with a gun in your other hand. There's no action for sneaking up behind two goons then pushing them out of a window. There's no action for pulling a troll-sized pair of trousers down over a hostile anthrodrone's head. There's no action for lots of crazy cool things. Should we tell players their characters can't do these things either? Because when my players did these things, I let them do it, and I made up a dicepool and I made up a modifier, because the fiction demanded they be able to make an attempt. (They succeeded at all three.)
If we're only going to let players do things we already have rules for, we might as well play boardgames.
-
Straight up Mind Control works for a lot of this too.
"Yes I'm disputing the 10,000 Nuyen charge at Troggs'a'poppin. I was Mind Controlled I tell you!"
-
If we use your "you can't do that because there's no explicit action for it" logic we can break the game in all sorts of ways. There's no action for sleeping. There's no action for eating.
There's no action for using a grapple fist to fly over your enemy's head while shooting down at them with a gun in your other hand. There's no action for sneaking up behind two goons then pushing them out of a window. There's no action for pulling a troll-sized pair of trousers down over a hostile anthrodrone's head. There's no action for lots of crazy cool things. Should we tell players their characters can't do these things either? Because when my players did these things, I let them do it, and I made up a dicepool and I made up a modifier, because the fiction demanded they be able to make an attempt. (They succeeded at all three.)
If we're only going to let players do things we already have rules for, we might as well play boardgames.
You make some reasonable sounding points, but I'm going to call you out on a false equivalency.
Things like eating, how often one needs to visit the toilet, and pantsing-an-enemy all don't have rules, but that does NOT mean there's a parallel in making a matrix persona icon perform an action against its will. (note that sleeping... or rather the penalties for NOT sleeping, do have rules....)
The reason is: actions like eating, pooping, and pulling cloth over the optical sensors of some device are all physical actions that take place in a physical world that is modelled on the real and objective world. We can fairly make assumptions that because something is true and/or possible in the real world, it is therefore also true and/or possible in the fantasy world modeled on the real world.
Shadowrun's two other worlds, Astral and Matrix, do NOT have this working in their favor. The Matrix is not the TCP/IP protocol network we call the Internet. Hell, one might even infer from the Noise rules that the Matrix doesn't even comply with physics. One CANNOT imply that just because something is true about the Internet, it must therefore also be true about the Matrix. That parallel simply is no longer true in the way it is for the physical world(s). So in the case of the Matrix, you don't get to color outside the lines. (Ditto for the Astral). It works the way it says it works. That's the beginning, middle, AND the end of the rules argument. Now, sure some things might come up that aren't covered by the rules. A player might ask, "How do I set up my own host to coordinate the killbots, maglocks, and security cameras guarding my safehouse?" And, alas, there are no rules for that. Yet we know hosts HAVE to exist- corps and organized crime use them all the time, right? That's the kind of thing that's fair game for the GM to just start making rules up for.
OTOH, "how do I hijack someone else's persona" is asking to do something that the rules don't cover AND has no precedent. Now of course nothing's stopping you from coming up with house rules to do such a thing. I'm not even saying I think it's a bad idea to make up house rules to cover that. I'm only saying it's flatly not a concept that's possible under the rules.
-
I disagree with pretty much all of that.
The reason is: actions like eating, pooping, and pulling cloth over the optical sensors of some device are all physical actions that take place in a physical world that is modelled on the real and objective world. We can fairly make assumptions that because something is true and/or possible in the real world, it is therefore also true and/or possible in the fantasy world modeled on the real world.
That's true until it isn't. For example, I have a cyberarm that has +4 strength compared to my meatbod. I try to pick up something heavy, or pull myself up the side of a building, or break a door down. To what extent does my arm help me?
I am sitting at a table with my arms resting on the tabletop. My gun is in my holster. Someone is staring me down with a gun pointed right at me. In the real world, there's no way I can clear my gun from the holster and take a shot before I get shot myself. But in Shadowrun, I have wired reflexes, and my opponent does not. To what extent do my synthetic nerves give me an opportunity to outdraw them?
There's all sorts of ways that Shadowrun's physical situations get away from our real world and require judgment calls that are not, can not, be based on our experiences. It wouldn't be a very good fantasy game if that weren't true.
Shadowrun's two other worlds, Astral and Matrix, do NOT have this working in their favor.
And thus it is the job of the authors to create in all our minds a shared understanding that is internally coherent enough to give us the ability to reason about it intuitively.
Is that easy? No. But it's important.
And it's funny because you bring up magic. Shadowrun's magic system has been praised for thirty years because actually, it does exactly this -- establish a base of ground rules from which you can intuit behaviours that feel natural. This is not an impossible problem.
The Matrix is not the TCP/IP protocol network we call the Internet. Hell, one might even infer from the Noise rules that the Matrix doesn't even comply with physics. One CANNOT imply that just because something is true about the Internet, it must therefore also be true about the Matrix. That parallel simply is no longer true in the way it is for the physical world(s).
This is a total cop-out as well as a straw man argument. The Matrix doesn't need to resemble real-life computers, nor have I said anything like that. It just needs to make sense on its own terms, like Shadowrun's magic system does. And to do that, the in-game fiction has to align with the game mechanics. If something is mechanically impossible -- particularly something players are naturally going to want to do - that should be impossible in the fiction too.
So in the case of the Matrix, you don't get to color outside the lines. (Ditto for the Astral).
Then what would you say you are doing here:That being said, the question of physical spells and astral projection is a thorny one. One one hand, the spell only has to modify your brain, because your brain generates the mind/aura. On the other hand, the aura can't be touched by physical spells after it leaves the body and therefore it can't benefit from increase attribute.
RAW says nothing (that I am aware of) to address this issue directly. But what you did here was: you started with what RAW does say, and extended it to consider the problem. Now, you don't have a concrete answer. But you do have the basis to make a ruling, to explain that ruling to the rest of your table, and everyone nod and say "makes sense, cool."
Your own posting history has many more examples of this sort of thing. I could post quotes here all day.
All I want is for the matrix to make as much sense as the magic system does. I do not think that is too much too ask.
-
I disagree with pretty much all of that.
The reason is: actions like eating, pooping, and pulling cloth over the optical sensors of some device are all physical actions that take place in a physical world that is modelled on the real and objective world. We can fairly make assumptions that because something is true and/or possible in the real world, it is therefore also true and/or possible in the fantasy world modeled on the real world.
That's true until it isn't. For example, I have a cyberarm that has +4 strength compared to my meatbod. I try to pick up something heavy, or pull myself up the side of a building, or break a door down. To what extent does my arm help me?
I am sitting at a table with my arms resting on the tabletop. My gun is in my holster. Someone is staring me down with a gun pointed right at me. In the real world, there's no way I can clear my gun from the holster and take a shot before I get shot myself. But in Shadowrun, I have wired reflexes, and my opponent does not. To what extent do my synthetic nerves give me an opportunity to outdraw them?
There's all sorts of ways that Shadowrun's physical situations get away from our real world and require judgment calls that are not, can not, be based on our experiences. It wouldn't be a very good fantasy game if that weren't true.
The examples you give may not be translatable in a 1:1 ratio to real life experiences, but they're still rooted in real life. Having one arm massively stronger than the rest of your body, or having impossibly quick reflexes are situations that we CAN imagine and extrapolate upon if necessary when the rules don't address something.
Contrast this to the situation you mentioned: trying to hijack someone's matrix persona by (per your example) subduing them and forcibly making them log in to the matrix but then controlling what they do somehow via control of the commlink. I told you not only is there no matrix action that covers this or even anything categorically LIKE this. This is unlike the scenarios just listed above in that we're not even beginning our hypothetical context in a real world analogue. We have the Matrix rules. We have SOME fluff, but not very much this early in an edition. Hell, the "brainwave technobabble" may or may not even be correct anymore as that's from a prior edition. Things get retconned. Things get outright changed (Crash 2.0...). Until there's some indication that what you're suggesting is even possible, it's not a fair assumption to say that just because it can be imagined then it must be possible.
EDIT: that concluded a little more harshly than I intended. As I said upthread, if you want to house rule doing such a thing, great! It's just not a concept that's allowed for under the published rules.
Shadowrun's two other worlds, Astral and Matrix, do NOT have this working in their favor.
And thus it is the job of the authors to create in all our minds a shared understanding that is internally coherent enough to give us the ability to reason about it intuitively.
Is that easy? No. But it's important.
And it's funny because you bring up magic. Shadowrun's magic system has been praised for thirty years because actually, it does exactly this -- establish a base of ground rules from which you can intuit behaviours that feel natural. This is not an impossible problem.
And yet, if someone came up with some concept that was impossible under either the rules AND the fluff of this and prior editions, you wouldn't argue that it should still be possible, would you?
For example: A player familiar with D&D wants to create a perfect translation of a Ring of Three Wishes for Shadowrun. There are concepts here that just flatly are not allowed for under the lore and the rules. Even if you were to try, it runs up into all kinds of mechanical problems (how does a mundane even activate the ring? how are the effects of the "wish" sustained? etc etc) Sometimes what you want to do is just outside the scope of the rules. (looking at you, "hijacking someone else's Matrix Persona")
The Matrix is not the TCP/IP protocol network we call the Internet. Hell, one might even infer from the Noise rules that the Matrix doesn't even comply with physics. One CANNOT imply that just because something is true about the Internet, it must therefore also be true about the Matrix. That parallel simply is no longer true in the way it is for the physical world(s).
This is a total cop-out as well as a straw man argument. The Matrix doesn't need to resemble real-life computers, nor have I said anything like that. It just needs to make sense on its own terms, like Shadowrun's magic system does. And to do that, the in-game fiction has to align with the game mechanics. If something is mechanically impossible -- particularly something players are naturally going to want to do - that should be impossible in the fiction too.
I'd be careful wishing the Matrix were as coherent as the magic realm.... I'd say the better state is the reverse ;) For example: 6e forgot to say you can't just snipe people from astral space with manabolts. Obviously it's IMPLIED you can't since it's always been that way (even in the bad old days of bridging through an active focus), but they forgot to say it. So is 6e doing away with that age old rule? RAW, it's impossible to say thus far... even if the intent is "obvious".
Anyway, moving on:
So in the case of the Matrix, you don't get to color outside the lines. (Ditto for the Astral).
Then what would you say you are doing here:That being said, the question of physical spells and astral projection is a thorny one. One one hand, the spell only has to modify your brain, because your brain generates the mind/aura. On the other hand, the aura can't be touched by physical spells after it leaves the body and therefore it can't benefit from increase attribute.
RAW says nothing (that I am aware of) to address this issue directly. But what you did here was: you started with what RAW does say, and extended it to consider the problem. Now, you don't have a concrete answer. But you do have the basis to make a ruling, to explain that ruling to the rest of your table, and everyone nod and say "makes sense, cool."
Your own posting history has many more examples of this sort of thing. I could post quotes here all day.
Ok so let's deconstruct that.
You're referring to a post I made in another thread entirely. For context, that thread (or that tangent of that thread, as the case may have been...) is about the ambiguity IN THE MAGIC SYSTEM regarding whether physical spells can continue to affect an astrally projecting character, and if so, does the spell only affect the empty body or somehow "go with" the astral aura.
While the magic rules are full of holes, it does still say that Physical Spells only affect the Physical realm (pg. 131).
Ergo you cannot benefit from the spell AFTER you've begun projecting. However, if you're NOT projecting, you're in the physical realm (if you're a metahuman, which is the assumption here) and can therefore be affected by, say, an Increase Logic spell. So what happens if you subsequently project? You can't point to the relationship of the mind to the physical body (https://en.wikipedia.org/wiki/Mind%E2%80%93body_dualism) for any number of reasons. Of course foremost among them, and perhaps ironically this is exactly relevant to the conversation at hand rather than being an example of a case of inconsistency on my part, is that the rules simply don't establish that the pineal gland links your aura to your physical body.
So again, we're seeing a case of "toss out the 'real world', and go by what the rules say and don't say". Unfortunately in this case, the rules fail to adequately cover so the official answer is "GM decides." Of course that's not a suitable answer for SRM where you have multiple GMs, so SRM has a "for SRM purposes" answer for that particular issue.
All I want is for the matrix to make as much sense as the magic system does...
Between you and me: You make one of us :)
-
- I agree that you should be able to use things that are outside of the scope of the rules in SR (IE, impersonating someone's persona). Credential abuse and credential phishing are the top ways that hackers and even APTs get into systems, it's a little weird that someone cannot impersonate a persona within SR. I don't think the Matrix needs to replicate real life, but it does need to make sense.
- I disagree that biometrics are so easily fooled, re: scanning someone's brainwaves and replicating them.
If you want to fool biometrics, there are 3 ways you can do it:
- Fool the scanner (IE, use a picture of someone's face for facial recognition). I'll explain why I don't think this would work in a SR setting in a bit
- Intercept the encrypted/encoded biometrics data, and set up a program that just sends the data, pretending to be a scanner (A la "pass the hash (https://en.wikipedia.org/wiki/Pass_the_hash)"). This means that you don't need the biometrics, only what the biometrics looks like to the computer. This can be mitigated IRL, but is tricky. Shadowrun never really mentions running updates or patching software, so we might assume that the OS on commlinks and decks is bug-free at purchase. I highly doubt this, personally, but for now let's assume that either the encrypted data is secure (Might be padded with a timestamp, inaccessible to the local admin, etc), or that SR Matrix uses some spooky future-method that renders pass-the-hash obsolete.
- Exploit the credential management system. If you can't get it from the device asking to be authenticated, and you can't intercept it in transit, then you exploit whatever is giving the credentials. Again, we can assume that SR Matrix uses some spooky future-code that makes this impossible... but if this is the case, why doesn't everything use it? I digress. Let's just assume that whatever system that authenticates personas is well-designed, and possibly open-source, ensuring that any bugs that do pop up are found and squashed.
The reason I don't think fooling the scanner would work is because the Matrix is not fully understood by the people who use it. A lot of facial recognition technology is based on machine learning, I think it's reasonable to assume that SR uses this or a similar method. If this is the case, then the data points that persona verification is relying on may be unknown, or at minimum, are kept private to very few people. There would have to be a lot of data points, too, to compensate for changes in moods and well-being (Pregnancy and illness will change a retina scan, I think it'd be worse on a brain).
I don't think you'd have a high level of "collision" on this, either. Under lab conditions, retina scans cannot be fooled. Iris scans can, if you are able to get the iris code and reverse-engineer a match, but there's more data points in retina scans (I'll bet that it's mathematically possible, but not feasible. I digress). If brainwaves use even more data points than retina scans, or if the program stores the brainwave code in such a way that it cannot be reverse-engineered, then it is unlikely that someone would be able to copy it.
Given that e-ghosts and technomancers exist, but are not fully understood, we can assume that the computer programmers of SR do not fully understand how brains interact with the Matrix, and it's also reasonable to say that they might not understand how brains authenticate with the Matrix, either. "Security through obscurity" is a terrible philosophy, but in this case it might work.
So, in order for personas to be a 1 to 1 match to the user with no chance of someone stealing a persona:
- The methods used to transmit and store the "brainwave code" must be secure and impenetrable. This is technically possible: As of right now, I know of no way to get someone's SSH credentials using just PCAP (And you don't have the private key). However, it's always feasible that something has a design flaw. (you mean RC4 isn't a good idea in 2080?)
- In order to account for differences in someone's thoughts and behaviors from day to day, persona authentication either has to be using a large amount of data-points, or a large amount of variance tolerance. If it's the latter, then you're going to have a lot of people matching up to the same persona. We know this isn't the case, since nobody reports these issues under normal use of the matrix, so it must be the former. I think it would have to be an immense amount of data points to both account for variance and ensure that there isn't "collision," where two distinct brains authenticate to the same persona. With the amount of time people spend on the matrix, I would say that the authentication system probably tracks "drift" as well and updates itself. IE, someone with a developing brain tumor will have slightly different brain patterns on day 1 of the tumor than on day 2, but they will be greatly different between day 1 and day 100. If persona authentication tracks these changes over time, then it can keep up with predictable variance.
- The data-points used are unknown, AND/OR the brainwave code is transmitted/stored in such a way that it cannot be reverse-engineered.
Given all of this, I think it's possible for there to be personas that cannot be impersonated, even using real-world logic. I find it highly unlikely in any scenario that all software everywhere that uses personas is up to date with the latest patches, and that no manufacturer has taken any shortcuts by caching credentials. However, it is technically possible for this to be true.
There are quite a few paths where you could adjust things to make it possible, if that's what you want for your campaign. Perhaps low-quality commlinks cache the encoded/encrypted brainwave data, and you can use the cache to reverse-engineer a pattern that will create the same data. Or perhaps there are black market trodes that simulate the persona authentication system and can grab the necessary data points from someone's brain, and store them for later use.
-
In the 4e matrix book, they talk about Personas.... And how you buy them..
I wish I could find the section, or even remember it correctly (I have the book in DTF, and am away from them). But the section talks about buying Personas.
Basically Personas are just a digital "wrapper" for your actual mental presence. You can swap out your persona's look at any time you want by just buying and customizing a Persona program. (which were listed without a price, so not something overly important).
Tired of looking like a Molten Samurai? Buy the "Pretty Pink Panda" persona, slap a minigun to its back, and bam! New Persona!
BUT, that doesn't change the fact it is YOUR brain that is still sliding on the electron string... So that means that unless the matrix has fundamentally changed since 4e (and with 2 editions out,, that is possible), Then Matrix Security relies on something more then the color of your Persona... And it might be down to your brainwave pattern (which is unique to the individual) that acts as your Digital Passcode.
Further support for this, is the fact that ALL your info and passcodes are automatically transferred to whatever device you are using. THIS is pointed out both in the 4e CRB, and the matrix book, and carries over (in passing mention) in 5e CRB and 5e matrix book.. This implies that again, it is more then the digital persona (which is just an icon to interact with) going on when one logs into the matrix.
AS to why you can't copy and use someone's brain pattern... well.... lets just say, "invasion of the body snatchers". In the electronic ether of the matrix, you ARE that electronic brain pattern... you change that, you cease to be you, and you become him... every memory, every love, every fear, like, dislike.... you effectively mind wiped yourself :D
(Dystopian world... nothing good comes from Rabbit holes :P)
-
Perhaps think of your matrix persona as your on-line identity?
Your steam account. Or your xbox/microsoft account. Or your Blizzard account. Your gmail account. Your facebook account. But all merged into one single account which is used everywhere. It is used when visiting microsoft store. It has your steam wallet. Your games are tied to it. Progress in the games are tied to it. You receive your slack messages via it. You use it when checking your mail. Your drop-box. Your one-drive. When checking Jira tasks. When you do face time. When using a dating app. When buying an electronic device the matrix ownership will be tied to it.
And you can also at any time change or modify your profile picture. Your on-line avatar. The representation of 'you'. This is covered with the Change Icon Simple/Minor action (which doesn't require a test).
-
BUT, that doesn't change the fact it is YOUR brain that is still sliding on the electron string... So that means that unless the matrix has fundamentally changed since 4e (and with 2 editions out,, that is possible), Then Matrix Security relies on something more then the color of your Persona... And it might be down to your brainwave pattern (which is unique to the individual) that acts as your Digital Passcode.
What if I am using AR via image link to some glasses? My commlink can’t read my brain patterns now, but I still have a persona that has correct permissions over my gear.
-
Basically Personas are just a digital "wrapper" for your actual mental presence. You can swap out your persona's look at any time you want by just buying and customizing a Persona program. (which were listed without a price, so not something overly important).
Ah, I see- so it's a mistake to think of a persona as a credential in the first place. A persona isn't the same as a "user," in fact based on your description, it'd be more like a device, as weird as that sounds.
-
BUT, that doesn't change the fact it is YOUR brain that is still sliding on the electron string... So that means that unless the matrix has fundamentally changed since 4e (and with 2 editions out,, that is possible), Then Matrix Security relies on something more then the color of your Persona... And it might be down to your brainwave pattern (which is unique to the individual) that acts as your Digital Passcode.
What if I am using AR via image link to some glasses? My commlink can’t read my brain patterns now, but I still have a persona that has correct permissions over my gear.
Why can't the AR glasses read your brainwaves? We have (at least in 5e) lore establishing that things like glasses and wigs can incorporate trodes and therefore DNI. "Just being able to read biometrics" is surely a step down in complexity than full DNI.
And for that matter, why can't your commlink read your brainwaves even without benefit of a readout from something being physically worn on your head? Who's to say that "in your pocket" is too far away for a fictional technology to read your brainwaves?
-
BUT, that doesn't change the fact it is YOUR brain that is still sliding on the electron string... So that means that unless the matrix has fundamentally changed since 4e (and with 2 editions out,, that is possible), Then Matrix Security relies on something more then the color of your Persona... And it might be down to your brainwave pattern (which is unique to the individual) that acts as your Digital Passcode.
What if I am using AR via image link to some glasses? My commlink can’t read my brain patterns now, but I still have a persona that has correct permissions over my gear.
Why can't the AR glasses read your brainwaves? We have (at least in 5e) lore establishing that things like glasses and wigs can incorporate trodes and therefore DNI. "Just being able to read biometrics" is surely a step down in complexity than full DNI.
And for that matter, why can't your commlink read your brainwaves even without benefit of a readout from something being physically worn on your head? Who's to say that "in your pocket" is too far away for a fictional technology to read your brainwaves?
I think the physics might break down after a certain distance. There will be too much noise to measure something like that accurately enough to both perfectly authenticate (Match biometrics to the correct persona) and provide nonrepudiation (The biometrics can only come from this person). Consider how much care goes into avoiding interference with MRI machines, or how matches can be reverse-engineered for iris scans without being an "exact" match of the original iris.
Matrix chapter in SR5 also mentions that you don't need DNI for AR.
On the other hand, perhaps the commlink only requests the credential once? Some systems require continuous authentication (The "what you have" security models with USBs or smartcards you plug into a computer). Maybe you just tap your head with your commlink when you turn it on, and it reads it then? (Much like logging into a computer with a password)
If that's the case, though, then after authentication, anyone with physical access to the commlink will be able to use it as you (Like leaving a laptop screen open), but perhaps it'll timeout if it notices a change in temperature (IE, is no longer worn or in someone's pocket).
-
BUT, that doesn't change the fact it is YOUR brain that is still sliding on the electron string... So that means that unless the matrix has fundamentally changed since 4e (and with 2 editions out,, that is possible), Then Matrix Security relies on something more then the color of your Persona... And it might be down to your brainwave pattern (which is unique to the individual) that acts as your Digital Passcode.
What if I am using AR via image link to some glasses? My commlink can’t read my brain patterns now, but I still have a persona that has correct permissions over my gear.
Why can't the AR glasses read your brainwaves? We have (at least in 5e) lore establishing that things like glasses and wigs can incorporate trodes and therefore DNI. "Just being able to read biometrics" is surely a step down in complexity than full DNI.
And for that matter, why can't your commlink read your brainwaves even without benefit of a readout from something being physically worn on your head? Who's to say that "in your pocket" is too far away for a fictional technology to read your brainwaves?
I think the physics might break down after a certain distance. There will be too much noise to measure something like that accurately enough to both perfectly authenticate (Match biometrics to the correct persona) and provide nonrepudiation (The biometrics can only come from this person). Consider how much care goes into avoiding interference with MRI machines, or how matches can be reverse-engineered for iris scans without being an "exact" match of the original iris.
Matrix chapter in SR5 also mentions that you don't need DNI for AR.
On the other hand, perhaps the commlink only requests the credential once? Some systems require continuous authentication (The "what you have" security models with USBs or smartcards you plug into a computer). Maybe you just tap your head with your commlink when you turn it on, and it reads it then? (Much like logging into a computer with a password)
If that's the case, though, then after authentication, anyone with physical access to the commlink will be able to use it as you (Like leaving a laptop screen open), but perhaps it'll timeout if it notices a change in temperature (IE, is no longer worn or in someone's pocket).
The problem is, we just don't know what the "log in" process entails. Its never covered beyond the fact its a simple/free action.
But, its also clear that you always log in with your pass-codes and accesses intact, no matter what device you are using...
-
Yep, that goes back to the "you're you, even when using a burner phone" phenomenon.
-
The problem is, we just don't know what the "log in" process entails. Its never covered beyond the fact its a simple/free action.
But, its also clear that you always log in with your pass-codes and accesses intact, no matter what device you are using...
Yep, that goes back to the "you're you, even when using a burner phone" phenomenon.
Right.
...but (just like the concept of Magic, Astral Space and Binding) perhaps we don't need to know "how" its done, just accept that it "is" done ;-)
After all... even if the authors lived in 2080 and actually knew how it worked... and then time traveled back to explain it for us here on the forum... it would be similar to traveling back to 1970 and then try to explain the concept of OAuth... It would sound like pure fiction for the audience, in both cases.
-
...but (just like the concept of Magic, Astral Space and Binding) perhaps we don't need to know "how" its done, just accept that it "is" done ;-)
My comfort level with "it is what it is" handwaving comes down to how important it is to the game. In my experience, players have never needed more explanation of how magic works than the game supplies. But players have wanted to steal personas, as this is a game often concerned with high-tech thievery, and stealing someone's digital identity is an obvious tactic. I'm not telling you you should care; if you're comfortable with it, that's cool. But it bothers me.
-
Why can't the AR glasses read your brainwaves? We have (at least in 5e) lore establishing that things like glasses and wigs can incorporate trodes and therefore DNI. "Just being able to read biometrics" is surely a step down in complexity than full DNI.
OK, switch from glasses to contact lenses. Now what?
And for that matter, why can't your commlink read your brainwaves even without benefit of a readout from something being physically worn on your head? Who's to say that "in your pocket" is too far away for a fictional technology to read your brainwaves?
Hmmm. Maybe. But I see some issues.
Firstly, you're introducing yet another layer to an already cluttered stack. We've got AR and VR; we've got image link and DNI. Now you have this new thing for players to remember that sits between 'link and DNI. Maybe it doesn't matter much, if this is just pure fluff, but it's still a downside.
Secondly, the easier you make it to read these magical "brainwave patterns" - by letting simple devices read them at a distance - the more players are going to ask about man-in-the-middle attacks where they use some device to capture someone else's patterns and thus steal their persona. Which isn't something I think the players are being awkward about; I think it's a reasonable thing to ask. So I think this idea moves the fluff in the wrong direction. I think it's better to make it harder to authenticate, not easier.
-
@Penllawen As I liked your matrix rules- Im looking forward to see your SIN/Persona rules.
1. Statement: a persona is based on the unique brainwaves etc. Of a person.
1. Problem: you can easily use a metalink, with no trodes, DNI etc. You dont even need image links or AR gloves. You are now using your link as a mobile phone from 2020. So how does that commlink scan your brainwaves, to create your Persona?
Possible solution1 : it doesnt, if you want to use a commlink you MUST have DNI ( not RAW- but would explain the whole Persona thing better).
Possible solution 2; as soon as you press the "on' button the cheap 100 nuyen metalink registers your brainwaves through your electromagnetic field in your fingertips. As you use your phone in year 2020 mode it registers your brainwaves rhrough the electromagnetic field each time you scroll, presses like, texts someone etc. If someone else qhere to press the screen it would automagically know it wasnt you.
For 70nuyen more you can get trodes and the brainwave link would be even stronger.
I would go with 1 (or the unkown 3) as 2 sounds odd
-
@Penllawen As I liked your matrix rules- Im looking forward to see your SIN/Persona rules.
;)
https://paydata.org/setting/matrix_re_fluff/legal_matrix/#personas-your-commlink-as-the-keys-to-your-life
My SIN rules are still evolving and only partially written.
I would go with 1 (or the unkown 3) as 2 sounds odd
My pitch would be as the above link. tl;dr:
- Define "personas" as a digital shadow-self; you, in the Matrix. (Note this is distinct from the persona icon, the thing that you customise to look however you want. I think it's better to separate those terms. (Also, you can't customise your persona icon infinitely; IP law applies. If you want to persona to carry a Gucci bag, go to the Gucci host and pay for a legally licensed 3d model of one.))
- Personas initially boot up with no permissions at all.
- Personas contact various powerful hosts to say "hello, I am John. Please grant me the permissions to use John's car."
- The host does whatever checks it wants. If the user has DNI, these are some very difficult to fake challenge-response brainwave scans (basically, the host tells your DNI to poke your brain. Yes, that's scary sounding, on purpose.)
- If you lack DNI, you're back to using foolable stuff like retina scans and fingerprints. Your security is much worse. It sucks to be poor in Shadowrun. Get a datajack, loser. >> I believe this is the only major departure from RAW's mechanics.
- Higher security things, like the permissions for your car or your smartgun, will regularly re-scan your brainwave auth to confirm you are still you. This means stealing someone's persona when they use DNI isn't just a one-time hard thing, it's an ongoing process hard thing.
- If a persona every fails even one of these security checks, it hard locks out of everything at once - so if the Ford host is suddenly not sure you are you, you lose all your credentials to everything until you can reboot your commlink and sign back in. This is built into deep layers of Matrix protocols and is impossible to circumvent without hacking the hosts that run the permissions (which are typically very secure for most items). Yes, this sometimes misfires, and people sigh, and reboot. I like my tech to be at least as annoying and fallible in SR as it is in real life.
- If a persona ever appears on the Matrix twice - ie. a faked persona pops up and says "hey, I'm John" - the same hard lockout happens to both personas at once. "Personabombing" - making a crappy fake of someone's persona that does nothing but get them locked out a few seconds later - is a thing, albeit a thing that doesn't achieve much other than mild inconvenience.
- Similarly to users without DNI, users can also choose to download all their credentials onto their commlink and run entirely locally with no requirements to connect to any servers. Now all your stuff is only as secure as your commlink is ie. not much. Useful for people off-grid in the wilderness or intent on leaving no digital footprints at all, though.
-
But when it comes to SIN verification the only thing it checks is the integrity of the SIN,
to make sure it is not a fake SIN. Nothing else.
And to bypass it you buy a fake SIN of a high enough rating. Nothing else.
I still reject this view, but let me rephrase the problem then.
When Wally Wageslave walks up to a security door, why doesn't the door check Wally's persona and say "yes, you are Wally, I will open for you"? If personas are hack-proof, this provides near-perfect security. Yet the game has handprint scanners and retina scanners etc etc etc. Why?
-
But when it comes to SIN verification the only thing it checks is the integrity of the SIN,
to make sure it is not a fake SIN. Nothing else.
And to bypass it you buy a fake SIN of a high enough rating. Nothing else.
I still reject this view, but let me rephrase the problem then.
When Wally Wageslave walks up to a security door, why doesn't the door check Wally's persona and say "yes, you are Wally, I will open for you"? If personas are hack-proof, this provides near-perfect security. Yet the game has handprint scanners and retina scanners etc etc etc. Why?
The only thing that would make sense would be that persona authentication is handled by some central authentication authority (CA) on the Matrix that is not controlled by the corps or any user. The security doors rely on a list of acceptable personas, this list can be modified to give you access (Via marks, perhaps?)
I imagine it would work like this:
1. A person connects to the matrix using a device. The device uses the CA's public key to encrypt a message containing the person's brainwave data, timestamp, and device information. (Possibly also a OTP for extra security, sent from the CA to the person using the device's public key for encryption)
2. The CA decrypts this using its private key. It gives the device/person a persona.
3. Any marks/access a user has are dependent on who is running the system. When you connect to the matrix, you regain your marks by sending a message to the host/server. They verify your persona against their own whitelist of acceptable personas, then send you a mark. This may be a background task, IE, your device stores information on which systems you connect to, and on startup, they collect the marks again to send to your device. The verification uses your persona.
4. The reason that this isn't hack-proof is that the whitelist is not necessarily hackproof. External devices aren't verifying your brainwave data against the CA, they're verifying your persona ID against a whitelist. The persona ID is trusted completely, but the whitelist may have a flaw or could be modified.
The persona authentication system must be separate from other authentication systems for that to work. I would be somewhat concerned, TBH, if every system used your brainwave data to verify your identity.
-
The only thing that would make sense would be that persona authentication is handled by some central authentication authority (CA) on the Matrix that is not controlled by the corps or any user.
An idea I quite like is that the corps don't completely trust GOD. GOD is (IIRC) made up of deputised staff from the members of the Corp Court. That means even if you're a mega, it's still 90% people who don't work for you. It'd be extremely high risk for a corp to use their staff in GOD to help them do a raid against a competitor, but the possibility - however slight in practice - will always be in the backs of wageslave's minds.
The persona ID is trusted completely, but the whitelist may have a flaw or could be modified.
But if the allowlist for "these personas can open this door" can be manipulated, why not the allowlists for "these personas can driver this car" or "shoot this gun"? We know that, per canon, while it is possible to "steal" the digital concept of ownership, it's a royal PITA, with that really long extended test.
If you made every corp facility security door open only to personas that had marks on them, every runner that used to be able to steal a keycard now has to hack the door instead. It's surely more secure, just because what used to be job of a thousand-nuyen keycard cloner can now only be done by 100k of cyberdeck. I can't see a way out of it in RAW. (I do have an answer that involves some small changes to RAW, though.)
I would be somewhat concerned, TBH, if every system used your brainwave data to verify your identity.
Oh, see, I quite like the dystopic aspect of "every secure thing in your life is digitally poking your brain many times a day just to see if you should have access to it." :D
-
The only thing that would make sense would be that persona authentication is handled by some central authentication authority (CA) on the Matrix that is not controlled by the corps or any user.
An idea I quite like is that the corps don't completely trust GOD. GOD is (IIRC) made up of deputised staff from the members of the Corp Court. That means even if you're a mega, it's still 90% people who don't work for you. It'd be extremely high risk for a corp to use their staff in GOD to help them do a raid against a competitor, but the possibility - however slight in practice - will always be in the backs of wageslave's minds.
The persona ID is trusted completely, but the whitelist may have a flaw or could be modified.
But if the allowlist for "these personas can open this door" can be manipulated, why not the allowlists for "these personas can driver this car" or "shoot this gun"? We know that, per canon, while it is possible to "steal" the digital concept of ownership, it's a royal PITA, with that really long extended test.
Oh, I agree there. The only thing I can think of is that these systems happen to be "more secure," but personally I dislike that you need such a long time to take ownership of them.
If you made every corp facility security door open only to personas that had marks on them, every runner that used to be able to steal a keycard now has to hack the door instead. It's surely more secure, just because what used to be job of a thousand-nuyen keycard cloner can now only be done by 100k of cyberdeck. I can't see a way out of it in RAW. (I do have an answer that involves some small changes to RAW, though.)
I guess the other half of it is that there are still businesses running on XP and COBOL, so some security systems just aren't upgraded. Of course, that doesn't match with how secure facilities are in-canon.
I would be somewhat concerned, TBH, if every system used your brainwave data to verify your identity.
Oh, see, I quite like the dystopic aspect of "every secure thing in your life is digitally poking your brain many times a day just to see if you should have access to it." :D
It's not so much that, as it is "if this system has access to my brainwave data, then it can use it elsewhere to authenticate as me."
-
But when it comes to SIN verification the only thing it checks is the integrity of the SIN,
to make sure it is not a fake SIN. Nothing else.
And to bypass it you buy a fake SIN of a high enough rating. Nothing else.
I still reject this view, but let me rephrase the problem then.
When Wally Wageslave walks up to a security door, why doesn't the door check Wally's persona and say "yes, you are Wally, I will open for you"? If personas are hack-proof, this provides near-perfect security. Yet the game has handprint scanners and retina scanners etc etc etc. Why?
There needs to be a wall of no between PCs and the NPCs bank accounts. Otherwise, why bother with Shadowrunning? So, somewhere between a person, a persona, a commlink, a SIN, and a bank account, there is some arbitrarily unbreakable security. The 5th and 6th edition choices are, IMO, the most playable version yet.
If you let the Unhackable SIN be the ultimate form of ID, then PCs have far fewer choices for infiltration. Social infiltration is impossible. Smash and Grab becomes the de facto method of running. If you and your table want to allow for some kind of SIN and/or Persona Spoofing and arbitrarily rule that Bank Accounts are somehow unhackable even with Persona and SIN spoofing, go for it. Whatever works for your immersion.
But for the way 5th and 6th Vanilla are set up, SIN Scanners need to be a simple pass/fail. And then the various Bio-metric Scanners and counter-measures come into play for everything else.
You're correct, if SINs and Personas are these perfectly unhackable/unspoofable then they should be the method every security checkpoint uses to validate IDs. But they're not used that way for the same reason they're unhackable, arbitrary decision for desired game play options.
-
*snip*
There needs to be a wall of no between PCs and the NPCs bank accounts. Otherwise, why bother with Shadowrunning? So, somewhere between a person, a persona, a commlink, a SIN, and a bank account, there is some arbitrarily unbreakable security. The 5th and 6th edition choices are, IMO, the most playable version yet.
I'm not sure if I agree with the "wall of no." Banks today aren't perfectly unbreakable, but that doesn't mean they're getting cleared out. I think something like that should be incredibly difficult, but I disagree that it should be impossible. The reason you shadowrun is because going after a bank is incredibly risky, and there is very little chance if success. There could even be some internal zero-trust going on: being able to hack one account won't allow you to hack other accounts. And perhaps withdrawing a certain amount of credit at once will raise a flag, and will set security deckers on you to verify your identity, even if you are using proper credentials.
However, I do agree with your points about unimpenetrable ID- even if there are incredibly secure systems, some folks are still running on last decade's drek
-
But players have wanted to steal personas, as this is a game often concerned with high-tech thievery, and stealing someone's digital identity is an obvious tactic.
You can't steal someone else's Astral Signature.
But you can impersonate it (with Flexible Signature Metamagic, SR5 p. 325-326).
You can't steal someone else's Matrix Persona.
But you can impersonate it (with Masquerade, Kill Code p. 40).
You can't steal someone else's legal citizenship.
But you can impersonate legal citizenship (with Fake SIN, SR5 p. 367)
You can't steal someone else's fingerprints.
But you can impersonate them (with a sleeve, SR5 p. 447)
You can't steal someone else's access.
But you can impersonate access (with illegal matrix actions, SR5 p. 237)
When Wally Wageslave walks up to a security door, why doesn't the door check Wally's persona and say "yes, you are Wally, I will open for you"?
Because Shadowrunners exists.
- Wally Wageslave does not have User or Admin access on the security network so he cannot control the door remotely and instead have to place his hand on the fingerprint scanner. Scanner will recognize Wally and the door will open.
- Penllawen the infiltrator use a sleeve with Wally's fingerprints on the fingerprint scanner. Scanner might recognize Wally in which case the door will open.
- Hobbs the spider's matrix persona have Admin access on the security network which the door is connected to. He just mentally command the door to open with a Minor action.
- Xenon the hacker physically connect to the universal access port of the door and use his cracking skills to illegally have his matrix persona spoof a command which might open the door.
...SIN Scanners need to be a simple pass/fail. And then the various Bio-metric Scanners and counter-measures come into play for everything else.
Precisely!
-
It's not so much that, as it is "if this system has access to my brainwave data, then it can use it elsewhere to authenticate as me."
Oh, I have an answer for this, but I didn't make it explicit above. Don't think of the "brainwave scan" as a passive thing. Think of it as a challenge/response. The host uses your DNI to provoke some transient state in your brain, then measures how it reacts to that state - like tossing a particularly size and shape rock into a pool, and observing the resultant ripples. No two hosts use the same rock, so your credentials are unique to each host. This is a desirable goal within the universe, so I'm comfortable with the idea it would be built this way.
For extra dystopic fun, this process might be fleetingly noticeable to the user. A burst of synthesia, the sudden unprovoked smell of fresh ground black pepper, a vivid unprovoked recall of a childhood memory - who knows?
As a footnote, I think this process would happen on a part of the commlink that is isolated from the rest of the device and is inaccessible to the Matrix - very similar to a modern-day TPM chip. Somewhere in there (this is where even I think you start handwaving) there's some crypto based on a private key you can't read out of the firmware. Even if you hack someone's commlink, you cannot extract via software alone the data you need to spoof their ID to this challenge/response process.
There needs to be a wall of no between PCs and the NPCs bank accounts. Otherwise, why bother with Shadowrunning? So, somewhere between a person, a persona, a commlink, a SIN, and a bank account, there is some arbitrarily unbreakable security. The 5th and 6th edition choices are, IMO, the most playable version yet.
Sure, of course. I can only apologise I have I not been clear about my objective. I want to leave the game mechanics unchanged, as far as I can, then expand the fluff to explain them.
My objective is not to allow PCs to steal personas. My primary objective is a personally satisfying reason why they can't. And if I can do that work, and share it, and at least one other person in the SR community finds it useful - well, that justifies the effort of sharing it. So that's my secondary objective.
When I ask "why can't PCs steal personas?", it's because I'm desiring to brainstorm ideas for the in-universe explanation as to why personas are inviolate, not because I seeking to find a way to make them vulnerable.
You're correct, if SINs and Personas are these perfectly unhackable/unspoofable then they should be the method every security checkpoint uses to validate IDs. But they're not used that way for the same reason they're unhackable, arbitrary decision for desired game play options.
I do have an idea here BTW (but I didn't want to lead with it because I didn't want to immediately shuttle the conversation down my own views.)
Re: security gates, I think it's quite reasonable that crudely spoofing someone's SIN (or their persona; the issues are very similar) might work briefly but not work long-term. So imagine I set my commlink to broadcast your SIN, which after all, is just a short string. Fine. But very shortly after that, some host somewhere is going to notice the duplication - that there's two different personas using the same SIN - and it'll start ringing alarm bells. Not long after that, any system using those SINs to do anything with will be alerted, and immediately start rejecting the SIN.
By "not long here" I'm thinking a few seconds.
So actually, you do have just about long enough to maybe get a security door open with your stolen SIN, but probably not do much of anything else. So that's why your corpsec doesn't use SIN verification; it can be cheated, just for a handful of seconds, and doors open faster than that. That's enough to give corpsec nightmares so they prefer their auth to live entirely inside their own architecture - so we're back to our beloved 80s keypads and swipecards.
As for stealing a bank account - it's one thing to steal an account and quite another to keep it. An awful lot of potential shenanigans can be headed off with "great, now you have a million nuyen... and now the bank's audit AIs have noticed.... and now they've reversed the transaction." These would be some of the beefiest computer systems on the planet and I'm pretty comfortable saying laundering stolen money out of their grasp before they notice is supremely difficult. Even if you shuffle the cash to a credstick and then attempt an onwards (anonymous) transfer, you can guard against that with an escrow window - say that funds loaded onto a credstick cannot be used for 60 seconds, and that is easily long enough for the AIs to notice the theft and claw it back.
-
Even if you shuffle the cash to a credstick and then attempt an onwards (anonymous) transfer, you can guard against that with an escrow window - say that funds loaded onto a credstick cannot be used for 60 seconds, and that is easily long enough for the AIs to notice the theft and claw it back.
I'm pretty sure laundering money in the sixth world could be a 600 page rule book by itself, that me and about six other people would read. : )
-
I'm pretty sure laundering money in the sixth world could be a 600 page rule book by itself, that me and about six other people would read. : )
Well, I'd be one of the six!
But actually I don't think it's so complicated. I think the most thematically resonant answer to this is corrupt institutions. No need to go to elaborate lengths to launder money when nation-states are dramatically weakened and you can simply buy a banking corp with extraterritoriality and order it to not look too closely at your transactions. That happens today, so I don't think it's a stretch to say it's going to happen in Shadowrun.
This has an interesting side effect of squeezing mid-level criminals; somewhere between (say) a typical shadowrunner and crimelord is the middle ground where they make enough to be noticeable but not enough to buy controlling stakes in AA corps. This mirrors the disappearance of the middle class in the legal side of the Sixth World; you have an almost empty space between hordes of wageslaves barely getting by and the elite with more money than God. I like that parallel.
-
When Wally Wageslave walks up to a security door, why doesn't the door check Wally's persona and say "yes, you are Wally, I will open for you"?
Because Shadowrunners exists.
This answer comes from the same weak-tea line of thinking as "...and then he woke up and it was all a dream", which was how I wrote stories when I was 12. I think we can do better.
-
What I meant when I wrote "Because shadowrunners exists" was that infiltration and impersonation is a huge part of Shadowrun.
If SIN checks was not just used to validate if you are a legit citizen (as written) and instead also being used to validate that you are actually you (as you would like it to be) then you are in effect replacing the need for fingerprint scanners, voice recognition, keypads, DNA scanners, proximity RFID scanners etc. And if you no longer have any need of them you also no longer have any need for making your own sleeve, using voice modulators, sequencers, bath to preserve DNA samples, keycard copiers etc.
Both physical infiltration and social infiltration become impossible.
"I don't care if you look like Wally.. or that you sound like Wally.. Why? Because the SIN verification unit not only says you are a legit citizen it (now) also tell me that you are not Wally! Sound the alarm! Burn this SIN!"
The better solution is to follow the rules as they are written and simply treat the check as a binary "Are you a legit citizen? Yes/No"-check. And nothing more.
That way a physical and social infiltrator can fool the system by using a fake SIN (if it have a high enough rating). But to actually gain access they also need to making their own sleeve, using voice modulators, sequencers, bath to preserve DNA samples, keycard copiers etc. And in social encounters they need to use skills such as disguise, impersonation, etiquette, leadership etc.
This is the intent. And this is how the rules are written. And if works. Stop trying to "fix" it?
-
If SIN checks was not just used to validate if you are a legit citizen (as written) and instead also being used to validate that you are actually you (as you would like it to be)
...
This is the intent. And this is how the rules are written. And if works. Stop trying to "fix" it?
I've run out of ways to rephrase attempts to explain my goals, but you're still mis-stating them so I guess I still haven't made myself clear... I am formally giving up.
-
You can't steal someone else's fingerprints.
But you can impersonate them (with a sleeve, SR5 p. 447)
Sure you can, there's even a knife in the gear section that'll let you do so. As long as the finger's fresh enough to still fool biometrics into being alive, you can do this.
"Rule Zero: Shadowrunners Exist" is a good gamemastering policy for ensuring players have a smooth game, but is largely irrelevant if you're just looking for information about the setting. There are plenty of things in play that are not in the fiction, and vice versa. RAW doesn't always account for rule zero, either.
This is the intent. And this is how the rules are written. And if works. Stop trying to "fix" it?
Not everyone plays RAI/RAW (And sometimes it's impossible to do both). Not everyone interprets RAI/RAW the same way.
Not everyone has to play the same way you do.
-
We really need a new Lone Star book... (as that book covered some of this)
Since you are moving in the area of actual Security and Systems, I'll share some expertise....
Security and Business operate at polar opposites.
Businesses are about efficiency. Speed of action to complete a task in the shortest period of time, so you can compete as many tasks as possible. Be that assembling an item, filing a report, or generating data... The faster you can complete a task and move on to the next task, the more revenue you generate.
Security is about slowing down movement and access to and through your facility. There is no security system in the world that can keep people out if they really want in... all a Security system can do is slow them down, and alert you to the attempt to break in. (Hence the old addum of "A lock keeps an honest man, honest")
The biggest flaw in any security system is always the end user, and the more obtrusive a system, the move likely it is going to be disabled by the very users of said system! This is why Security systems are set up in at choke points, entrances, and portals.
Now for Shadowrun, its important to look at the big picture, and not just the Facility... (you'll see why, this comes up in RL security too)
First off, its important to realize that Shadowrun and our World are different in many fundimental ways... The FIRST difference is that this (Shadowrun) is a failed Dystopian Society, barely hanging on. And with that Dystopia, has come some fundamental shifts and changes to society.
When you look at any City in Shadowrun, its easiest to think of them as a paper target of concentric rings... With the closest you get to the center, the more valuable to area.
Security in Shadowrun was/is (since they have not bothered to put out a new security book in 4 editions... I am going to assume it stayed the same) divided into Zones.... from best to worst, they are:
AAA
AA
A
B
C
Z
The outer ring of our city paper target would be the "zed Zone"...
Z Zones are areas where there is NO law enforcement of any type. Don't bother calling the Police, they are NOT coming, (Nor are they going to even answer!). And when they DO come to a Z Zone, they show up in citymasters, Armed in heavy security armor, packing fully automatic weapons... And they don't shout "Freeze! Police!"- they just shart shooting...
Z Zones genereally are absent of all the "little things" that make life worth living.. like clean water, electricity, Matrix, food... Sane people.... Its where the truely lost of society end up (before being turned into Ghoul or Devil Rat food)
Police response time: NEVER
The Deep Redmond Barrens are a Z zone...
C Zones are areas that the very poor working class usually inhabit. They are Slums by the very definition of the rules. But, at least they have water and electricity (even if it is rationed).
Police patrol the areas,usually in packs of squad cars, and are usually armed in medium to heavy armor. The police will respond to calls in a C zone, but the response time usually means they are there after the fact.... and time allotted to solving the crime will be very limited. ("I really would like to continue this investigation into your B&E, but your 15 minutes of investigation time is over..")
Police response time: 30 to 60 Minutes.
B zones are where all the lower to middle class yuppies live. Usually nice lower to middle class apartments to condos, with supporting businesses for the masses of wageslaves....
B zones are regularly patrolled by police and drones. and will respond to calls in an "efficient" amount of time.
Police response time: 5 to 10 minutes...
A Zones are where we start seeing the wealthy live and their supporting businesses. Nice clean streets, well kept homes and businesses are the hallmark of A zones.
Police respond to calls quickly and with great zeal! (they know who butters their bread... and they start living HERE!)
Police response times. 1 to 5 minutes.
AA Zones are where you are likely to find the VERY wealthy and some "AA" and "AAA" rated Corp headquarters.... This area is like an A zone... But even better..... Police and drones are all over the area, keeping tabs on every they can...
Police Response times. 1 to 3 minutes.
AAA Zones are the very heart of a city... The Financial districts, were the REAL power players live, work and play... here the police do not fuck around, They are out in force with smiles on their faces, and always take the side of the person in the most expensive clothing....
Police response times: 30 seconds to 2 minutes.
SO, now that we know the zones... lets talk about how they interact....
Which is to say, they don't.
AS one travels from the outside edge of the circle to the center, you encounter increasing levels of layered security, all designed to keep the undesirables out of one zone and in an other zone!
In a Zed Zone, you will never encounter a SIN scanner, or a vending machine... or a police officer! There are no services to speak of,nor any above board commerce. (No electricity makes it hard to run credstick reader... and the fact NO ONE will deliver supplies to you makes running a store difficult!).
And to be honest, if a massive fire was to raze the entire area, the rest of the city would probably throw a party!
Moving about in a Zed Zone is risky, as the over inhabitants are likely to jump you, just because you are a meal, or have more then they do... Getting into a Zed Zone is easy, as no one cares if you enter...
Moving OUT of a Zed Zone, well that will be trickier... IF you have a vehicle, you can just drive out. (and since you have a vehicle, you shouldn't be in a z zone to start with!) walking out is possible too.. into a "C" Zone.... But if there is a direct path to a better area, you can believe that it wil be walled off, and guarded with a check point filled with very nice, very heavily armed guards that ask one question only... "SIN Please".... Heaven help you if you don't have one.
C Zones are where you are going to encounter your first lines of real security....
The Simple, Humble, SIN scanner.
Really, first line of protection for the "Haves" of the city against the "have nots". AS the Simple SIN scanner keeps the SINless away... at least in theory. While automated vending machines selling everything from recycled paper clothing (yes, that is actually a thing!) to low grade electronics are everywhere, you need a SIN to purchase anything from them... Or a fake SIN. Sure the scanners are going to be the lowest rating possible, (after all, no one really cares beyond the simple question of "can you afford this?", the scanner is just going to check to see if you have money...And the banks don't care about the $50 theft if spoofed)
Travel around the zone is going to be public transit, or personal vehicle... (just don't rely on GridGuide! it shorts out a lot).. which means more SIN checks... (need a bus ticket, that means a SIN check... even if a low rating one) or a SIN (had to buy that car somewhere, and the license...)
Leaving a C zone is tricky... going lower is easy... Moving up into a B zone is going to be met with a checkpoint, be that a toll booth, or actual security....
Moving into a A or higher? Well that is definitely going to be a check point, with a live guard.... and many guns. Can't have the unwashed masses mucking up the clean streets.
B zones means even more SIN checks, although usually hidden behind the wall of commerce, as every shop will have a SIN scanner to match the goods they are selling. AR and VR overlays are going to be everywhere, which means constant commlink pings.... (and tracking!). Drones will monitor traffic (and drivers!).... Cameras... Camera EVERYWHERE.
A Zones are always check pointed with live guards. which means you will be stopped and asked questions. Also, this is the point where SIN broadcast is starting to become mandatory. And also serves as an easy way of Police monitoring. IF someone isn't displaying a SIN, you question and fine them. (after all, they are breakling the LAW, and don't belong here, as displaying a SIN in these areas is like a flashy sports car, you WANT everyone to know who you are, and where you work! You're IMPORTANT dammnit!)
Police drones are all over every block, making sure the Yuppies are not bothered by the "working class".....
AA Zones are like A zones... only worse.
BUT, its AAA zones that are cat's ass....
"A Cop on every block" is not an understatement for AAA zones. And that is not even covering the constant Drone presence. From near constant SIN checks from every device know to man, all trying to sell you something ("HELLO MR. PATTERSON!!! Why be like every other man at the top? Dress to impress and intimidate with the latest in Zoe/Armate fashion! starting at only $15,000!")
To security drones scanning your SIN and making sure you have a reason to be there. (Why is a plumber walking down the street??? He has no business here! Does he have a work order?? For where? Why?)
Hell, the drones even have acoustic sensors designed to recognize, locate, and triangulate gun shots!!
IF there is a way to prevent even a single "Choosen One" from interacting with the "inferior". its taken.. Right down to "escorting" an undesirable out of the zone... and into a meat wagon... Broken legs means they don't come back quickly!
So why do I bring this up now?
Because for that Worker to arrive at his International corporation worksite (Remember, only AA and above issue their own SINs) he has had to pass through hundreds to thousands of SIN checks, and has had his progress tracked and logged by every camera, vending machine, and traffic light from the moment he left his door to the time he arrived that the facility. Often times passing through both passive and active security choke points.
The next issue is the time it takes to run a SIN check. Obviously the time it takes is dependent on the level of the check. from the lore, we know that a rating 1 check is also instant, but it only going to catch the weakest of fakes. We also know that a deep scan (rating 6+) can take hours (in the case of an arrest).
So, if we assume it takes just 5 seconds to do a "decent" check. (say, rating 3?) well, are you starting to see the problem? No?
Its 7 am, and B shift is getting ready to start their work day, All 2000 of them. So they line up, and queue in to the SIN check... and just under 3 hours later (10,000 seconds of SIN scans) the last worker has logged in... sure you can speed that up by having multiple scanners, but then you still have the bottle neck of the portal entrance. Which means more entrances.. which is a security flaw (and a structural flaw!!)
If an employee has to undergo say 30 checks a day as they move about the facility, that is 150 seconds a day, 320 days a year, is over a hour of lost production PER worker PER year. Or, Millions of lost man hours a year...
However, a pass/fail fob, it can be scanned while walking through an archway, and is instantaneous (well, ok... about half a second). You sill have the chokepoint of the portal, but that's the cost of a secure facility.
The other issue with security that everyone forgets, is that 99% of the time, its not about keeping people out, its about keeping unauthorized people away for safety.
Jane from accounting has no business in the transformer room, and her being there is a hazard. not only for her (electrocution) but for the entire building. (the human body goes from "mostly water" to "roman candle" in about 3 seconds when exposed to 3000+ amps....) So, put a maintenance FOB on the door, and Jane doesn't burn the building down with everyone inside!
FOB/key pass systems are easy to set up, are quick to use, hard to bypass (for the typical person), and are efficient.
Security systems that present an overly complex list of requirements generally end up getting shortcut by the very users they are meant to protect. Which leads to the defeat of the system by the very users of the system.
an NDA prevents me from giving too many details, but this is a RL example from a factory of their security, and how their own workers defeated it.
When you approached the building, you had to go through a check gate and push a button.. that button would flash RED or GREEN, if flash green go forward. If flash RED: drug test.
Next, as you go to the building you were greeted with three sets of doors, at the first door, you required a Fob to open. The next Door required a thumb print
, and depending on your thumb print, you either got access to Production, or to Operation.
Now, the workers would just WALK around the button station (no one used it that worked there, only contractors, EVEN THOUGH they were supposed to!), Then ONE person would fob the door, and everyone would file in... ONE person from Ops would thumb in, and everyone for OPs would file through the door, while someone from Production would do the same and the Producers would file in...
Which TOTALLY defeats the purpose of the door fob and thumb scanner! Not to mention the random drug checker...
This was a system that cost millions of dollars to set up and install, hundreds of thousand of dollars to run, and the very users of the system defeated it through impatience.
The more checks and impediments you put in place, the more likely it is that the workers themselves will defeat the system.
A Fob on every door? Start leaving doors propped open...
A passcode required for every computer operation? Same passcode used through out the entire system.
There is an old saying...
"The race is on between the Universe and Engineers. Engineers to build better idiot proof systems, and the Universe in making better Idiots. The Universe is winning"
The same could be said about security systems. The more you try to secure a facility, the more likely you are opening security flaws in your systems through operator indifference. Which means you have to invest more to security operations (from alarms, to live security). Which in turn means you have also increased your chances of operational indifference (as you now have more people interacting with the system).... to the point that you end up spending so much on security, as to render the facility non-profitable.
Most efficient security systems make due with a combination of passive and active security, as well as the local situation. Cameras are a great passive system as they can be mounted just about anywhere, require no interaction on the part of the user, and can operate 24 hours a days.
Check point systems (card readers, FOBs, scanners) are only used to secure areas from both hazards (like machine rooms, and electrical rooms) from the unqualified, and sensitive data (IP, records, operations, etc). and are mostly there to keep employees that don't belong there, out.
A Hard point (active security) is usually only used at a portal entrance, and is usually set up in such a way as to allow the most rapid, yet efficient check of personnel possible, and often make use of additional technology. (Millimetre wave form scanners for full body searches, MAD scanners, etc)
In the case of Shadowrun. Corps also use location. Locating your facility deep inside an high rated security zone provides you with FREE security in the form of Police that patrol the zone, and act as your first line of defense. (And this is where your SIN check comes in... HUNDREDS to THOUSANDS of them... as the employee goes to work).
you don't need an active security guard to walk the floors of your building if you are located in a "AAA" zone, as anyone who approached said building has already been challenged by the police a few dozen times both actively and passively...
Also, the point has to be made that not every Corp facility needs security of any great quality or quantity.... only buildings with operational and IP property would warrant complex systems of security.
After all, how many people are going to break into a Soy processing facility? Does Aztlan really need a $40 million dollar system, with hundreds of thousands of dollars of overhead to protect $1.99 soy cakes?
however, that might be a small investment to protect your IP office...
-
You can't steal someone else's fingerprints.
But you can impersonate them (with a sleeve, SR5 p. 447)
Sure you can, there's even a knife in the gear section that'll let you do so. As long as the finger's fresh enough to still fool biometrics into being alive, you can do this.
Sadly, that doesn't work well on high end systems....
It's the conductive charge of the finger that activates the reader and fires the camera that reads the print... Body temperature is not (usually) a factor.
And severed body parts don't generate a conductive field, as that requires the movement of hemoglobin...
(food for thought before you get any wild, messy ideas)
-
@Reaver: We introduced extra security restrictions to a web portal, and now we're getting feature requests for slackening the restrictions in certain spots because it suddenly takes way too much effort to perform what used to be a few clicks.
-
@Reaver: We introduced extra security restrictions to a web portal, and now we're getting feature requests for slackening the restrictions in certain spots because it suddenly takes way too much effort to perform what used to be a few clicks.
Pretty much my point :D
.
More 'security' usually means 'more delay'.... and heaven help you if you hold up a person's valuable seconds :P
Trust me, i have spent countless hours talking to bean counters and suits all about 'the need for better security'.... and talked to the actual boots on the ground.... HUGE disconnect.
Suits and bean counters "we need FOBs! And passcards!! Cameras! Roving patrols!
Boots on the ground: "we are 150km away from the nearest town, on a mountain, accessible by a single service road... why not just put a guard shack at the turn in? Maybe a FOB gate, and cameras?"
I price out both options, present both options to the bean counters and suits.
Sit back, watch the blood bath, and deal with whoever won the Boardroom Battle Royal...
-
Fortunately, we have a decent solution in the making: Grabbing extra rights real quick leaves a big papertrail, plus you can only do so if you could have seized the permanent rights anyway. But yeah, you really have to weigh security to usability...
-
"Rule Zero: Shadowrunners Exist" is a good gamemastering policy for ensuring players have a smooth game, but is largely irrelevant if you're just looking for information about the setting. There are plenty of things in play that are not in the fiction, and vice versa. RAW doesn't always account for rule zero, either.
Yes. Thank you.
I would go a stage further than this. Why do we need a rule that says "no, [X] can't be true, because Shadowrunners exist"? A rule which is invoked so frequently that in SR communities you can just mutter "rule zero" and everyone will know what you mean? Does D&D have a "rule zero: heroes exist"?
The fact we need an explicit rule to invoke when some aspect of the setting implies Shadowrunners can't exist is a bug, not a feature. Every time we find ourselves leaning on rule zero, we should take a step back, look at whatever piece of the game we are handwaving around, and ask ourselves: why is this here if it doesn't support the game's premise?
If Shadowrun was the best version of itself, rule zero wouldn't be needed, because nothing in the setting would imply Shadowrunners didn't exist. The fiction would align with the mechanics, and both would align with the premise.
I'm not saying handwaving isn't a useful technique; I don't think we should drive ourselves mad writing a perfect fictional setting down to the atomic level. Rule zero will always be around, if only implicit and unspoken. But every time we invoke it, we should be concious of the fact it's nothing to be proud of. Rule zero is a compromise, not an achievement. Clearly, other people in this thread have a higher rule zero tolerance level than I do, and that's fine. There is no right and wrong level of that, it is just different tastes.
-
Businesses are about efficiency. Speed of action to complete a task in the shortest period of time, so you can compete as many tasks as possible. Be that assembling an item, filing a report, or generating data... The faster you can complete a task and move on to the next task, the more revenue you generate.
This, for me, is a lynchpin of the setting. Corps are forever penny-wise and pound-foolish; there's always some VP trying to make themselves look good by cutting corners on security so they can plump up their quarterly numbers. And our 'runners gethired when the competition gets wind of the holes in security. In the wake of the run, the VP ends up demoted/fired/executed (delete as appropriate for the corp in question.) But there's always more VPs, and they're always short-sighted in the same way, because the corps may be powerful but they're also a monoculture that's incapable of thinking outside the boxes it puts people in.
Also, the point has to be made that not every Corp facility needs security of any great quality or quantity.... only buildings with operational and IP property would warrant complex systems of security.
Absolutely, although by extension, the PCs are rarely interested (but not never...) in the less secure places.
-
It seem as if you think of SIN as a passport or identification papers, complete with photo, length, weight etc. With this mindset you will constantly run into situations where the rules are not aligned. And this is why I think you are desperately trying to find ways to "fix" the rules (so they fit this mindset of yours).
But this does not seem to be what a SIN in shadowrun is used for. A SIN in shadowrun seem to be used as proof that you are a legit citizen. A SIN verification seem to be there to make sure your SIN is not fake. With this mindset instead you will never run into situations where the rules are not aligned.
Rather than accepting this you seem to keep challenging this.
You keep asking WHY it doesn't work as you imagine it.
Reaver just gave you a perfectly fine reason from a fluff point of view why a SIN verification work the way they do. And I gave you a perfectly fine reason from a game mechanical point of view.
Still... you seem to be be on this crusade on rewriting both the fluff in crunch until it fit your way of thinking. And you don't seem to stop anytime soon ;-)
So, let's do just that.
Let us assume that your SIN verification now still check the integrity of the SIN (is it fake yes/no), but in addition to this it now also check who you really are (operator will see your name is Wally your age is 42 and there will be a photo and your length and weight will be on display as well as your nationality and your employer and the verification unit itself will no longer just check the integrity of the system identification number - it will also include support for voice recognition, facial recognition, fingerprint scanning, palmprint scanning and DNA scanning) and that you actually belong (the system will know if you are authorized to enter the checkpoint/restricted area or not).
Now having a SIN is actually your identity rather than just proof that you are a legit citizen and SIN verification actually work the way you seem to be picturing it.
We can now pretty much replace all security devices with a SIN verification unit (since it support voice recognition, facial recognition, fingerprint scanning, palmprint scanning and DNA scanning etc).
But this also mean that whenever anyone use a fake SIN they also need to disguise themselves to fool the facial recognition and match the photo connected to the fake SIN they are currently using. They need a sleeve with matching fingerprints (or several sleeves, one for each fake SIN they own). And matching DNA samples. And a voice modulator.
And what about infiltration?
You need to change the rules so that it is now support different ways to duplicate, fake, borrow and/or temporarily steal someone else's SIN (and risks / consequences of using someone else's SIN). And when walking through a SIN verification you not only need a random fake SIN, you now need a copy of the SIN of the target you are impersonating and you also need to disguise yourself to fool the facial recognition by matching the mark. You need a sleeve with the mark's fingerprints. And DNA samples. And sound samples of your mark for your voice modulator.
Or... you know... you just use Reaver's explanation why a SIN verification will just check that you are a legit citizen (and if you need to fake being a legit citizen you just get a fake SIN, no need for disguise or any of that other stuff) and if you are impersonating someone else and a corporation need to verify that You are actually You and that You actually Belong the corporation would use other security devices (such as separate voice recognition-, facial recognition-, fingerprint-, palmprint- or DNA- scanners.... that an infiltrator would beat with voice modulator, disguise, sleeve, DNA samples etc in accordance to regular rules).
-
I swear to god, this is my last attempt to explain myself. If this doesn't work, I concede defeat.
But this does not seem to be what a SIN in shadowrun is used for. A SIN in shadowrun seem to be used as proof that you are a legit citizen. A SIN verification seem to be there to make sure your SIN is not fake. With this mindset instead you will never run into situations where the rules are not aligned.
If this is true, there's no reason for a SIN to have biometrics (by which I mean DNA samples, fingerprint scans, and/or retina scans) associated with it. Yet we know that they do. And there's no reason for fake SINs to have those. Yet we know that they do.
SR5 pg 363/4:
"A set of biometric data including DNA, retinal scan, and fingerprints will also be taken and logged into the system, associated with the newly created SIN. All of this information is then registered with two master databases: one maintained by the country that issued the SIN, and the Global SIN Registry (GSINR) controlled by the Corporate Court. These datastores are among the most secure on the planet, with multiple off-line backups for each"
"The amount of time and care taken in creating a fake SIN is represented by its Rating. A low Rating SIN consists of only the most basic information—such as the SIN number itself. Related information such as biometric data will likely be missing or obviously false if checked (“Hey, this is the DNA of a chicken ...”). Biometric data associated with a high-Rating SIN will be from a real person with the same sex and nationality as the purchaser with (if the extra fee is paid) matching organic samples available (blood, skin cells, hair—just don’t ask where they came from)."
Fake SIN rating 5: "Good fit; all statistics match; valid biometrics for another person (with samples); some supporting data and history)"
Fake SIN rating 6: "Alternate life; all statistics match; valid biometrics with samples; complete and entirely believable history"
SIN verification R5: "Full verification and consistency check; biometrics tested against sample"
SIN verification R6: "All possible verification; multiple biometric samples must match; random supporting data verified externally"
If, as you keep insisting, SIN verification never, at any level, involves gathering biometrics from the person carrying the SIN and checking they match the ones on file, then none of the above makes any sense. It's all entirely superfluous. There's no point gathering biometrics if they're never checked against anything. There's no point faking biometrics if they're never checked against anything.
I'm not "asking WHY it doesn't work as (I) imagine it", I'm asking why it doesn't work the way it says it works.
-
You have a lot more patience than me Penllawen, I will say that much.
It is crystal clear that a SIN is both a means of determining that the holder is a legal citizen, as well as a means of determining that the holder is the legal citizen the SIN claims they are, as your last post points out in language that cannot be contested with anything resembling logic.
If that logic is too much for someone at this point just leave them to their own devices bro lol, it's not worth the headache.
-
- A low rated fake SIN will not have DNA logged in the DNA database at all.
- A medium rated fake SIN will some DNA logged in the DNA database, but it might be chicken DNA, and there will be no sample DNA in the sample database.
- A high rated fake SIN Will have DNA logged in the DNA database from a real person and matching sample DNA from the same person in the sample database.
- A low rated SIN verification will not check if the SIN have DNA logged in the DNA database and will also not check if the SIN have sample DNA in the sample database
- A medium rated SIN verification will check that the SIN have DNA logged in the DNA database but it will not check that the SIN have sample DNA in the sample database
- A high rated SIN verification will check if the SIN have a real person's DNA logged in the DNA database and cross reference this with samples of the DNA in the sample database
If you have a low rated fake SIN with no DNA logged in the DNA database then it will probably be burned when a medium rated SIN verification finds out that there is no DNA logged for this SIN in the DNA database.
If you have a medium rated fake SIN with chicken DNA logged in the DNA database then it will probably be burned when a high rated SIN verification finds out that the DNA logged for this SIN is not from a real person.
All this is cross referencing of the various databases is abstracted into a Simple Device Rating x 2 Test with a threshold equal to the rating of the fake SIN (SR5 p. 367).
There is no mentioning about a disguise test here. Or that you need to use a sleeve. Or that you need to have fake sample DNA at hand or any of the things you are implying.
Can the DNA on file be used in some way other than a simple SIN verification?
Yes, probably.
For example.... Perhaps if you get arrested?
Or perhaps if an investigation is cross-referencing blood samples from a crime scene?
But is the SIN verification unit at Stuffer Shack drawing blood and checking that against logged samples in the sample database? No, it isn't!
Fake SIN rating 6: "Alternate life; all statistics match; valid biometrics with samples; complete and entirely believable history"
This SIN have your biometrics logged in the DNA database.
And it also have samples from your body logged in the sample database.
Very much like a legit SIN.
SR5 p. 367 Issuing a SIN
A set of biometric data including DNA, retinal scan, and fingerprints will also be taken and logged into the system, associated with the newly created SIN.
"with samples" as they say here is NOT a set of samples you get in a bag to show for SIN verification units. Its your DNA. Why would YOU need samples of your own body? ;-)
-
Right,
So I did a little research into the SINs....
The first make their appearance in 2e, and the language around SINs hasn't really changed that much... (its been a basic copy-pasta for the last 4 editions, but with words moved around, things taken out, and things added in...
BUT:
There is some pieces of info that have been lost, deleted, omitted or forgotten over the editions. This is especially true with the jump in 4e, the wireless matrix, and the way the new rules system worked, and how they omitted this.
Originally, SINs were tied to Credsticks, and Credsticks came with a rating, That rating not only determined how much you load onto a credstick, BUT also determined the level of the scanner needed to read a credstick... WHICH IN TURN, dictated the level of SIN you also needed to fool the scanner!
Using a rating 1 SIN with a rating 1 credstick was fine, BUT you where limited to the max funds of a rating 1 credstick (which was around $500...)
If you tried to use say a rating 6 credstick, well you had to defeat a rating 6 SIN check... (so make sure you have a good SIN!)
ALSO snipped from the rules, was how the GSINR is run. As of 2047, SINs are controlled at 2 master points (the GSINR, and the original Country) with multiple backs ups everywhere. And their use, protocols for checks, record keeping and accessibility are dictated by the Corporate Court...
But WHY System Identification Numbers?
Why use this? what is it for? why have all this info if they are not going to check this shit for "security" as you say?
Because its NOT about security. Its about population and expenditure control.
Governments are limited in their revenue streams to a few major sources. The chief among them are Taxes and Royalties. However, governments also have huge expendatures. From the Civil Services, to infrastructure, to debits of yesteryear....
In shadowrun, Several court decisions have destroyed countries' ability to generate said Tax and Royalties from biggest payers.. Corporations. (and eventually, their Citizens).
But, that did nothing for the expenses of Government, as those remained unchanged. In the end, Governments were left with (some speculate) as much as a 60% lost in revenue, while a 0% reduction in expenditures. This collapse pretty quickly when the money runs out... (I have seen this first hand.. Mali, Pakistan, Greece, Spain)
The UCAS (the original creators of SINs in 2036) came up with an evil, yet brilliant idea. "If there are less citizens, there is less capital expenditures!".... And, not only that, but if you can control who is a citizen and who is not, you can control and manipulate the ebbs and flows of politics and reshape the country!
So, what does "Citizen" mean?? WELL... that's a contentious issue :P Especially right now in the world :D But, being a citizen of a country gives you some rights, and responsibilities....
Rights
Freedom to express yourself.
Freedom to worship as you wish.
Right to a prompt, fair trial by jury.
Right to vote in elections for public officials.
Right to apply for federal employment requiring U.S. citizenship.
Right to run for elected office.
Freedom to pursue “life, liberty, and the pursuit of happiness.”
(taken right from the US immigration website)
Lots of big words, and ideas that boil down to "you get to live your life as you choose".... But what happens when they are taken away?
You lose your right to ask for aid from the city and the government. You lose your right to shape the country through the power of your vote. You can't own property, you can't get a job, no healthcare, no social security, no old age.....
Take the SIN to the next bureaucratic level.. (Everyone who is born is issued a SIN. Thus, if you don't have a SIN, you where never born. Thus you don't exist.) Throw in a collapse of the economy, Social upheaval, and abandonment of rights, and you have all the marking of a Genocide in the waiting... And now a target, the SINless.
By redefining what constitutes a "citizen", Governments are free to play fast and loose with their grants of funds to the local level, as many of those grants are determined by population. As well as the services that have to be provided, and thus control the costs of said services.
Corporations got in of the Gig of SINs for much the same reason as Countries.. Expenditure control. Being an extraterritorial entity is all well and good... and comes with some amazing benefits! like not having to pay taxes, or obey a countries laws! But it also comes with some pretty hefty responsibility as well. You can offset some of those costs by extending SINs to your workers (and thus gain the ability to tax them as well!) but you have to provide something to people as well if they are going to switch nationalities...
But again, Corps get to write their own rules... And job descriptions.. like how Renraku has "Pharma consultants, Relaxation Managers, and Comfort Specialists"... Really fancy names for "Drug Dealer, Pimp, Prostitute"...
And with those Rules... comes the ability to REVOKE SINs... which they do. ("Hey Jon! happy retirement day! 30 years in janitorial, and hallways have never been cleaner! IT was a great pleasure working with you. Oh, make sure you are off the Corp ground and out of your house by noon tomorrow. That housing was only for Employees and citizens... and you SIN has been cancelled....")
YES but that doesn't answer WHY they don't use SINs for security!
Yes it does. But not in the way you want to....
SINs don't behave that way because the Corporate Court doesn't want the to behave that way, as there is no advantage to the corps for them to act that way, and the increase in expenditures for the increase in SIN checks just open a fucking door, are frankly, asinine.
YES but SINs are hack proof!!! we could have Total INVULNERABLE SECURITY!!!!!
And that is an advantage to the Corporate Court how?
No, seriously. How is that an advantage to the Corporate Court? Its an advantage to the individual AA and AAA megacorps (of which there are dozens!)... But it offers no advantage to the Big 10 of the Corporate Court.
Industrial Espionage is business that ALL corporations play at, and the target of said Espionage is other Corporations....
By hoisting the costs of security checks to the GSINR just increases the expense of the CC, while raising the security of their competitors for a minimal (or worse, a REBATE!) cost to the Corporations. (If the cost of a private system of FOBs costs $1 million a year to run, but all the GSINR invoices for the "SIN system" you want is $200,000... WIN FOR THE COMPANY!).
So, Why do it?
By Forcing a Company to pay for their own security systems, you are denying them resources that they could have spent on R&D on their new project... A Project they may allow them to unseat a member of the CC!! But, how would you know THIS if you can't infiltrate their facility?
*****
Sadly, it looks like this is an confusion caused by the change to the wireless matrix, and the poor matrix planning that went into 4e....
(I mean really.... under 4e rules, a lobotomized potato can be a master hacker... just needs the cash to buy the program and the 'link.... how did they think that was going to work out??)
-
SR5 p. 367 Issuing a SIN
A set of biometric data including DNA, retinal scan, and fingerprints will also be taken and logged into the system, associated with the newly created SIN.
"with samples" as they say here is NOT a set of samples you get in a bag to show for SIN verification units. Its your DNA. Why would YOU need samples of your own body? ;-)
You might not be giving them a bag, but fake fingerprints are possible (https://threatpost.com/fake-fingerprints-bypass-scanners-3d-printing/154535/) at this point. This video (https://www.youtube.com/watch?v=j1b_DmZO9X0) shows how you can copy fingerprints using supplies from a craft store. Presumably someone could develop a method with materials that don't look as obvious as craft store glue.
Retinal scans are error-prone: they're too precise. Being pregnant, having the flu, and aging will all change your scans. So, even if your retinal scans don't match what's on the SIN, if the other data matches up then you will be in business.
As for DNA- that depends on how they're getting it. If it's a blood sample, you're going to have a hard time passing fake information. If it's a cheek swab, people are already faking that (https://www.sciencedaily.com/releases/2008/04/080410131603.htm) today.
It troubles me when people think of biometrics as impenetrable: they're either easily fooled, can match up to many different people, or are so precise that they return "false negatives" a lot just due to human growth.
Granted, this is all with modern biometrics. But if we accept that biometric technology will improve, we must also accept that countermeasures to this technology will improve.
By hoisting the costs of security checks to the GSINR just increases the expense of the CC, while raising the security of their competitors for a minimal (or worse, a REBATE!) cost to the Corporations. (If the cost of a private system of FOBs costs $1 million a year to run, but all the GSINR invoices for the "SIN system" you want is $200,000... WIN FOR THE COMPANY!).
So, Why do it?
By Forcing a Company to pay for their own security systems, you are denying them resources that they could have spent on R&D on their new project... A Project they may allow them to unseat a member of the CC!! But, how would you know THIS if you can't infiltrate their facility?
Reaver makes a good point, but I would posit that even if the front door is just a simple keypad, the door to the room holding that secret squirrel extra-special hot sauce R&D project might make use of full biometric security. At that point, it's a question of- is it cheaper to maintain our own biometrics database? Or to pay an invoice for someone else providing the service?
-
I think the issue here is what type of check is happening...
And the rules from 4/5e are not really clear here.
Basically what is supposed to happen is the level of the check is related to the size of the purchase, much like it is in real life....
Consider the last few (big and small) purchases I have made recently
A Pizza ($25)
A Computer ($2100)
A Pistol ($550)
A condo ($540,000)
For the Pizza, I just presented my bank card, entered my PIN, and boom done... no issue...
This is a basically a raiting 1 SIN scan... It is a small purchase, there is no need for valuable information to be exchanged. I just provide a bank account number (the card) and the PIN to the account, and the bank is happy...
When I bought the Computer I put it on my Visa card. I simply showed my card, the dealer swipes it, I entered the PIN for the card (because the purchase was over $1000).... and away I go.
This is basically a rating 2 scan... Why? Because to get the Credit Card, I had to provide Visa with my financial information to prove I could cover my purchases before they would issue my a card, They also put a purchase limit of the card, that IF a purchase over a set amount was made, a PIN was required... (at my asking, I've had credit card fraud in the past)
When I bought the Pistol, I paid cash. But I still had to present my FAL/PAL license, my driver's license, and submit to a criminal background check.... (again)
This is probably close to a rating 4 scan, as I had to provide multiple sources of reference, And those references themselves had requirements to be met before they could be issued as well...
When I bought the Condo, I got a 5 year mortgage and paid 15% down. However, I had to submit 5 years of financial data to the mortgage company, along with my Social security number, bank account statements, a letter from my bank, my driver's license, and my current residence....
This is probably a rating 5 scan by Shadowrun standards, as I had to give multiple verified, 3rd party reports to get approval for the condo mortgage.
As the value of the purchases went up, or as other laws came into play (Canadian gun laws), more and more stringent checks were placed on my purchases.... Mostly has the "responsibility" and consequence of the purchase went up....
The same is supposed to be true in Shadowrun.... They just left all this out when they cut out credsticks....
-
an other thing to consider with the GSINR doing the checks for security is the delay (as I mentioned before) in processing the infomation for a random door check, VS what you are actually asking the system for.
Yes the GSINR knows who is who and who they work for... but they is pretty much it...
Yes, Toby Hooper is an employee of Neo-net, yes he is a Bioinformatics specialist (as determined by his educational credentials), and yes hi lives at 12-1001 Nowhere St. (as by his rental agreement).
But what is NOT stored in those records is that Toby Hooper has access to Room #131 and Room #454 AND floor 4 of the Neo-net Seattle hasting and Bloor St building... Or any other buildings and rooms that he may have access to....
AND, If you are Neo-Net, do you really want the (probably) hundreds of people who are making and editing SIN entries to know this? Especially when you HAVE TO (as per SIN protocols dictated by the CC) Share ALL this info with EVERY GSINR database?
sounds like a prime extraction target list for every corp with access to the GSINR... which is every member of the CC...
"We need to step up our game in Medical Technology... Who does Shiawaise have working at their Washington medical Labs???? Hmmm... Lilly Bunto... PhD, working in the advanced cellular repair labs by her access codes... lives alone... at 132-9867 45th street... Perfect, send a "recruiting team" to hire her..."
-
ALSO snipped from the rules, was how the GSINR is run. As of 2047, SINs are controlled at 2 master points (the GSINR, and the original Country) with multiple backs ups everywhere. And their use, protocols for checks, record keeping and accessibility are dictated by the Corporate Court... ...
SINs don't behave that way because the Corporate Court doesn't want the to behave that way, as there is no advantage to the corps for them to act that way, and the increase in expenditures for the increase in SIN checks just open a fucking door, are frankly, asinine.
...
And that is an advantage to the Corporate Court how?
No, seriously. How is that an advantage to the Corporate Court? Its an advantage to the individual AA and AAA megacorps (of which there are dozens!)... But it offers no advantage to the Big 10 of the Corporate Court.
Industrial Espionage is business that ALL corporations play at, and the target of said Espionage is other Corporations....
By hoisting the costs of security checks to the GSINR just increases the expense of the CC, while raising the security of their competitors for a minimal (or worse, a REBATE!) cost to the Corporations. (If the cost of a private system of FOBs costs $1 million a year to run, but all the GSINR invoices for the "SIN system" you want is $200,000... WIN FOR THE COMPANY!).
None of the stuff about the GSINR or the Corp Court applies, as far as I can see. As you mentioned further up the quote above, all the SIN information is also held by the issuing corp, and I am specifically talking about AA/AAA corps and their employees here. So all that data can be at their fingertips, if they want it to be.
Let us return to Wally Wageslave, a faithful Renraku worker bee. Wally arrives at work, shuffles in through the lobby and elevator, grabs a soykaf, and goes through the Ultra Mega Security Checkpoint (UMSC) to go work on his Double Secret Valuable Project. Wally has, of course, a commlink with a persona that is broadcasting his Renraku-issued corp SIN.
Let's consider two scenarios for the UMSC.
Scenario A: Wally presses his thumb against a scanner. It takes the print, digitises it, hashes it, compares it to a list of allowed people that is stored on the UMSC (or on the host it is connected to, if you prefer). Wally's thumb is on the "you're cool" list. In he goes.
Scenario B: As Wally walks up, the UMSC examines his persona and records his SIN. Wally presses his thumb against a scanner. It takes the print, digitises it, hashes it, and sends it off to the Renraku SIN database. The SIN database checks the print matches and returns a yes; the SIN is valid and this print matches the records for the SIN. The UMSC checks Wally's SIN is on its "you're cool" list, and lets him in.
Scenario B is very bad for the game. It makes Shadowrunner's lives annoyingly hard (unless maybe you're running something ultra-black-trenchcoat, I guess, then you might enjoy this. I wouldn't.)
But I cannot see any in-game reason why Renraku aren't doing Scenario B. It can't reasonably take any longer to carry out the check; it's still just a thumbprint scanner and a database check. It's way more secure. It doesn't cost any more. It doesn't expose Renraku to any risks that I can see.
Sadly, it looks like this is an confusion caused by the change to the wireless matrix, and the poor matrix planning that went into 4e....
It 100% flows from the decision to have ubiquitous personas with SIN broadcasts, yes, I agree. From there, you have to make personas/SINs hack proof, or PCs start stealing bank accounts. But now you have an unhackable form of ID controlled by the corps that they can use to validate their workers, which causes knock-on problems that I believe are still unresolved.
-
So I did a little research into the SINs....
Thanks for looking into this.
Yes, I am fully aware of the fact that different editions treat SIN differently. All text from all my posts are based upon how SR5 (specifically) treat fake SINs.
For example, in SR5 you don't need a SIN to have a high+ lifestyle. You can rent an apartment without having a SIN (but I think that perhaps you should need one). Your apartment will not be "burned" if your SIN is burned (but I think that perhaps it should, and in SRM I think it is - at least in 6th edition).
In 5th edition they only have certified credsticks (which are cash on hand that belong to the holder). This doesn't require a SIN (but it require that you have matrix access to the financial institute that certified the stick if you transfer money to or from the stick -- it is possible to forge certified cresticks with any amount of money that will show up when checking the balance, but as soon as you try to transfer money it will be obvious that you are trying to scam). In previous editions they also have credsticks that were linked to your bank-account (which required a SIN, as you described).
In 5th edition everything is wireless and you can still have a bank-account (or Credit Account as it is called in 5th) and it does, typically, still require a SIN (just that you don't get a physical object associated with the account, all transactions are handled via virtual transactions). Oh, and licenses require a SIN as well. Credit Accounts and Licenses are burned when your fake SIN is burned. But nothing else.... you are still the owner of all your electronic devices and firearms etc. Even if you bought them legally, which typically require validating your SIN (fake or otherwise).
Then there are a lot of public activities (public transportation, visiting libraries and museums, shopping, taking a taxi etc) that typically require that you have a SIN, but it doesn't seem to matter which SIN you use or if you use a fake SIN or not (at least as long as the SIN verification believe you are a legit citizen). And there is also a criminal black market that often supplies many of the same services without requiring a SIN and that accept certified credsticks as payment.
Also, to continue my previous post....
If SIN verification units draw blood each time they checked if the SIN is fake or not then there should be a game mechanic that would automatically burn fake SINs if you failed to provide matching DNA. There is no such game mechanic. Which seem to suggest (at least to me) that blood is not drawn while doing SIN verification.
If SIN verification instead just cross reference various financial transactions and checking the existence of various biometric data and cross referencing that the same data is stored in both the national and the central registry database etc (to see if the integrity of the SIN is high enough to be considered a legit SIN) then it would make sense that the game mechanic is based upon the rating of the SIN verification unit and the rating of the fake SIN. And this is exactly what the existing game mechanics are doing(!)
You might not be giving them a bag, but fake fingerprints are possible (https://threatpost.com/fake-fingerprints-bypass-scanners-3d-printing/154535/) at this point. This video (https://www.youtube.com/watch?v=j1b_DmZO9X0) shows how you can copy fingerprints using ...
Shadowrun have extensive rules on how to beat different sensors and scanners.
remove case and tampering with the works (p. 363)
maglock passkeys (p. 448)
keycard copier (p. 447)
use prints of an authorized user (p. 364)
cellular glove molder (p. 447)
retinal duplication (p. 453)
using a recording (p. 364)
voice modulator (p. 452)
DNA enzyme bath (p. 364)
prosthetic makeup and biosculpting (p. 364)
etc.
etc.
This is not the issue.
What I mean is that high rated fake SINs that come "with samples" does not come with samples that YOU are supposed to show to a SIN verification unit. Instead they come with a "set of biometric data including DNA, retinal scan, and fingerprints" logged in on-line databases. Fake SINs that have this level of detail make the fake SIN seem very real. It is very hard to distinguish fake SIN of this level from a real SIN. Fake SINs of this rating will probably pass an integrity test even from a very high rated SIN verification unit.
What I mean is that the SIN verification unit is asking for your SIN (not your fingerprints!). And then it check the integrity of that SIN (not that your fingerprints are tied to the SIN, but rather that if the SIN have complete financial records as well as logged fingerprints on-line then the integrity of the SIN is very high and odds are the SIN is not fake). If it pass the check then the SIN verification unit will report that the SIN is not fake and the the subject is a legit citizen.
Scenario B is very bad for the game. It makes Shadowrunner's lives annoyingly hard (unless maybe you're running something ultra-black-trenchcoat, I guess, then you might enjoy this. I wouldn't.)
Agreed!
But I cannot see any in-game reason why Renraku aren't doing Scenario B.
If you want it to work this way then that is also possible.
Check my previous post for suggestions on how to resolve it (perhaps it would fit in your matrix rewrite?)
(I would not recommend it though)
-
None of the stuff about the GSINR or the Corp Court applies, as far as I can see. As you mentioned further up the quote above, all the SIN information is also held by the issuing corp, and I am specifically talking about AA/AAA corps and their employees here. So all that data can be at their fingertips, if they want it to be.
Sadly it does apply. GSINR is controlled by the corporate Court. They dictate what is stored on the SIN, how it is stored, what is included in the SIN and what is omitted. While Renraku may maintain their own SIN registry, they still have to comply with the standards set by the corporate court, or risk losing access to the GSINR and be solely reliant on their own network.
And considering the topographic framework of the interconnected Matrix, and the vast role that SINs play in commerce in the 2070s+, that is not feasible.
Think of it like the Google/Apple Store Terms of Service. You can use their Store fronts to sell and buy anyone peoducts, but if you break the TOS, you are removed... SAme thing here. If you don't comply to the GSINR, you lose access to it... And that is not something any one can afford.
The two major other reasons are Time and Security.
Time
We have no idea how long it takes to run a informatics search in the GSINR. All that we do know is that the higher the rating of the scanner, the better the scan, and the longer it takes. We know that running a "deep scan" at a police station (rating 6+) takes hours.
So, does asking for a finger print informatics return take 1 second? Or 1 hour?
If its a second, great...
If its 30 seconds... that's a LOT of lost productivity over the course of a year when you factor in everyone....
If its 1 minute... well... now your system is fallen apart as no one is going to use it on the ground level and will be defeated by the users.
("Don't let that fucking door close!!! I am not standing here for a gawddamn minute while 'IT' figures out I'm me! I have to Piss NOW!!!")
This is something we just can't answer. But we can guess at that its "longer than near instant"
Security
The GSINR undergoes BILLIONS of additions, edits, changes, corrections, and modification every second, as ownership and currency exchanges hands around the world. Which means the Renraku database also undergoes BILLIONS of additions, edits, changes, corrections, and modifications every second as it keeps as current as it can tot he changing wealth and infrastructure of the world.
THAT is not secure.
Add to the fact, that the Registry is also under the direct control of separate entity (the CC), who have ownership level control over the system. The Grey and Black markets that seem to have access to the registry to the level of being able to inact ownership level control (Rating 6 fake SINs)...
Its looking more and more like the vaunted "security" of the GSINR is not so great.... (OR, that event eh best system has holes...)
So basically, we have several dozen players (the CC, AA/AAA Corps, National Governments, Grey/Black market players) all who can "play" with the registry. (And the thousands of people this actually works out to be. Bureaucracy is a wonderful thing.)
How is that sounding more secure then a privately maintained card reader/Fob/bio scan?
you have the building you want protected. So you install an in house server(host) to handle the security devices. you have one point (ok, in the matrix world not so much) of entry for information (the in house server/host). All checks are handled on a simple Pass/fail between the device and the host, instead of relying on the device, to the GSINR to the host.
Now, you only have a single host to protect your security system, and thus one place to look when a breach happens, instead of relying on a correct response from a known (security wise) compromised datastore and then relying on said compromised datastore to begin recovery.
In short,
From a security stand point, there are too many "fingers in the Pie" to rely on the GSINR as a security tool for the efficiency of daily security, as there are too many who could make catastrophic changes on a whim...
<Anyone else remember Big D's Will?>
the other question I have for you however....
"What happens when the GSINR returns a false negative?"
They happen... Most thumb scanners won't read the thumbs of people "who actually work for a living" :D (by that, I mean most people in construction, yard workers, factory workers. Because we work with our hands on a daily basis with rough abrasive surfaces, our finger prints get worn right off, or get calloused over.)
-
None of the stuff about the GSINR or the Corp Court applies, as far as I can see. As you mentioned further up the quote above, all the SIN information is also held by the issuing corp, and I am specifically talking about AA/AAA corps and their employees here. So all that data can be at their fingertips, if they want it to be.
Sadly it does apply. GSINR is controlled by the corporate Court. They dictate what is stored on the SIN, how it is stored, what is included in the SIN and what is omitted. While Renraku may maintain their own SIN registry, they still have to comply with the standards set by the corporate court, or risk losing access to the GSINR and be solely reliant on their own network.
I disagree.
SR5 pg 363, emphasis mine:
"A SIN is issued by a country or extraterritorial corporation (AA or AAA rating) at the time a person becomes a citizen. This is generally when a person is born “legally” in that country somewhere—a hospital, clinic, or maybe even at home with the assistance of a Renraku DulaDroneTM. A new SIN will be issued in the case of a change in citizenship. The SIN itself is a string of characters generated using some of the person’s vital statistics fed into an incredibly complicated mathematical algorithm. This guarantees that no two SINs will ever be the same. However, this means that anyone with access to the proper software, like law enforcement agents and other government officials, can know several things just by looking at the SIN: your name, birth date, place of birth, and nation that issued the SIN. A set of biometric data including DNA, retinal scan, and fingerprints will also be taken and logged into the system, associated with the newly created SIN. All of this information is then registered with two master databases: one maintained by the country that issued the SIN, and the Global SIN Registry (GSINR) controlled by the Corporate Court. These datastores are among the most secure on the planet, with multiple off-line backups for each."
If Renraku wants to answer the question "do these set of fingerprints match up with the ones recorded for this Renraku-issued SIN", it can do so via its own database, as it is the SIN issuer in question. It doesn't need to go anywhere near the GSINR. It doesn't need to ask the GSINR anything; hell, it doesn't even need to run the check on the GSINR if it doesn't want to. It can't do this for a UCAS SIN or an Ares SIN or a French SIN - but it can do it for a Renraku one, because it is itself the source of truth for all the information for Renraku issued SINs.
Hell, if Renraku wanted to gather some additional piece of biometrics - let's say a palmprint for the sake of argument - and store that in its SIN database, there's nothing stopping it from doing that either. Why would the GSINR care one way or the other?
Also note that biometric information isn't "stored in the SIN", as you suggest. It is stored alongside it, associated with it.
-
Other than turning a blind eye to this, what is the fix? Seems like there needs to be a fundamental change to the SIN system so they aren't that hard to hack so hard and change the associated information to and that hacking them isn't the door to all their assets.
-
Also note that biometric information isn't "stored in the SIN", as you suggest. It is stored alongside it, associated with it.
Now the system is most insecure.
All I have to do, is change the associated data entry to mine...
Now, because its not "on the SIN". only associated, My bio-informatics can get me into the Renraku facility, and when I present 'Wally's' (Faked) SIN but with MY actual bioinformatics (due to the association to my medical data), I'm in like Flynn!
What's that?
I Can't do that as a shadowrunner?
You're right, I can't. BUT I can pay a black market specialist to do it, as they "do it all the time" (Rating 5 and 6 FAKE sins remember?)
-
Other than turning a blind eye to this, what is the fix? Seems like there needs to be a fundamental change to the SIN system so they aren't that hard to hack so hard and change the associated information to and that hacking them isn't the door to all their assets.
My best attempt so far was a few pages back. I think it's still pretty scruffy and definitely over-complex, and I certainly don't love it, but it's the best I've got so far that doesn't break the setting in any way I can find:
- Define "personas" as a digital shadow-self; you, in the Matrix. (Note this is distinct from the persona icon, the thing that you customise to look however you want. I think it's better to separate those terms. (Also, you can't customise your persona icon infinitely; IP law applies. If you want to persona to carry a Gucci bag, go to the Gucci host and pay for a legally licensed 3d model of one.))
- Personas initially boot up with no permissions at all.
- Personas contact various powerful hosts to say "hello, I am John. Please grant me the permissions to use John's car."
- The host does whatever checks it wants. If the user has DNI, these are some very difficult to fake challenge-response brainwave scans (basically, the host tells your DNI to poke your brain. Yes, that's scary sounding, on purpose.)
- If you lack DNI, you're back to using foolable stuff like retina scans and fingerprints. Your security is much worse. It sucks to be poor in Shadowrun. Get a datajack, loser. >> I believe this is the only major departure from RAW's mechanics.
- Higher security things, like the permissions for your car or your smartgun, will regularly re-scan your brainwave auth to confirm you are still you. This means stealing someone's persona when they use DNI isn't just a one-time hard thing, it's an ongoing process hard thing.
- If a persona every fails even one of these security checks, it hard locks out of everything at once - so if the Ford host is suddenly not sure you are you, you lose all your credentials to everything until you can reboot your commlink and sign back in. This is built into deep layers of Matrix protocols and is impossible to circumvent without hacking the hosts that run the permissions (which are typically very secure for most items). Yes, this sometimes misfires, and people sigh, and reboot. I like my tech to be at least as annoying and fallible in SR as it is in real life.
- If a persona ever appears on the Matrix twice - ie. a faked persona pops up and says "hey, I'm John" - the same hard lockout happens to both personas at once. "Personabombing" - making a crappy fake of someone's persona that does nothing but get them locked out a few seconds later - is a thing, albeit a thing that doesn't achieve much other than mild inconvenience.
- Similarly to users without DNI, users can also choose to download all their credentials onto their commlink and run entirely locally with no requirements to connect to any servers. Now all your stuff is only as secure as your commlink is ie. not much. Useful for people off-grid in the wilderness or intent on leaving no digital footprints at all, though.
Plus
It's not so much that, as it is "if this system has access to my brainwave data, then it can use it elsewhere to authenticate as me."
Oh, I have an answer for this, but I didn't make it explicit above. Don't think of the "brainwave scan" as a passive thing. Think of it as a challenge/response. The host uses your DNI to provoke some transient state in your brain, then measures how it reacts to that state - like tossing a particularly size and shape rock into a pool, and observing the resultant ripples. No two hosts use the same rock, so your credentials are unique to each host. This is a desirable goal within the universe, so I'm comfortable with the idea it would be built this way.
For extra dystopic fun, this process might be fleetingly noticeable to the user. A burst of synthesia, the sudden unprovoked smell of fresh ground black pepper, a vivid unprovoked recall of a childhood memory - who knows?
And
You're correct, if SINs and Personas are these perfectly unhackable/unspoofable then they should be the method every security checkpoint uses to validate IDs. But they're not used that way for the same reason they're unhackable, arbitrary decision for desired game play options.
I do have an idea here BTW (but I didn't want to lead with it because I didn't want to immediately shuttle the conversation down my own views.)
Re: security gates, I think it's quite reasonable that crudely spoofing someone's SIN (or their persona; the issues are very similar) might work briefly but not work long-term. So imagine I set my commlink to broadcast your SIN, which after all, is just a short string. Fine. But very shortly after that, some host somewhere is going to notice the duplication - that there's two different personas using the same SIN - and it'll start ringing alarm bells. Not long after that, any system using those SINs to do anything with will be alerted, and immediately start rejecting the SIN.
By "not long here" I'm thinking a few seconds.
So actually, you do have just about long enough to maybe get a security door open with your stolen SIN, but probably not do much of anything else. So that's why your corpsec doesn't use SIN verification; it can be cheated, just for a handful of seconds, and doors open faster than that. That's enough to give corpsec nightmares so they prefer their auth to live entirely inside their own architecture - so we're back to our beloved 80s keypads and swipecards.
-
Also note that biometric information isn't "stored in the SIN", as you suggest. It is stored alongside it, associated with it.
Now the system is most insecure.
All I have to do, is change the associated data entry to mine...
..
You're right, I can't. BUT I can pay a black market specialist to do it, as they "do it all the time" (Rating 5 and 6 FAKE sins remember?)
Oh yes, this is certainly another way in which the setting is broken. It can't decide how secure the SIN databases are. One second they're the most secure on the planet; the next, you can sneak false data into them for a measly few k-nuyen.
-
Other than turning a blind eye to this, what is the fix? Seems like there needs to be a fundamental change to the SIN system so they aren't that hard to hack so hard and change the associated information to and that hacking them isn't the door to all their assets.
That depends.
What do you think the SIN is supposed to do?
If its just a collection of your identity and used as "tool of citizenship" like it is supposed to be. it works fine.
The moment you try to make it the "Be all and end all" of personal information and collection,
It breaks down pretty fast.
Hell, we can't even agree on who or how the GSINR is administered....
-
That depends.
What do you think the SIN is supposed to do?
If its just a collection of your identity and used as "tool of citizenship" like it is supposed to be. it works fine.
The moment you try to make it the "Be all and end all" of personal information and collection,
It breaks down pretty fast.
I think this is the wrong way of looking at it.
The way I see it: the setting describes SINs as being capable of being the be-all-and-end-all of bulletproof identification, because it makes personas and their SIN broadcasts unhackable. Now I agree that this makes the game break down. But that's not because I tried to make them that way. The system did that to itself, as I believe I have demonstrated with repeated quotes from the 5e CRB.
-
I think it's important to recognize the distinction between Personas and SINs. They are very much not the same thing.
We know SINs are hackable (admittedly, only by NPCs). Any idea you have rooted in identity theft? That's probably SIN-related when you start putting it in game terms.
Your Matrix Persona is independent of any SIN(s) you happen to to be broadcasting. Which is a good thing for Shadowrunners, since they tend to change their SIN as often as their clothing (or more often, in the case of Street and Squatter lifestyles...)
The two are not interchangeable concepts.
-
That depends.
What do you think the SIN is supposed to do?
If its just a collection of your identity and used as "tool of citizenship" like it is supposed to be. it works fine.
The moment you try to make it the "Be all and end all" of personal information and collection,
It breaks down pretty fast.
I think this is the wrong way of looking at it.
The way I see it: the setting describes SINs as being capable of being the be-all-and-end-all of bulletproof identification, because it makes personas and their SIN broadcasts unhackable. Now I agree that this makes the game break down. But that's not because I tried to make them that way. The system did that to itself, as I believe I have demonstrated with repeated quotes from the 5e CRB.
But that's the issue.
They never before 4e (and then 5e), made SINs into this "Super uber, unhack able, admanatine fortress of solitude....
in fact, they point out all the time that they are not unhackable by the very existence of FAKE SINs right from the get go... (its just the Player can't hack them)
The impact of the SIN, while large, was mitigated by the separation of "Person" and "asset"....
Under the old SIN/Credstick system, one could not be a "Person", yet still have assets. And, one could be a "Person" yet not have assets.
in short, Your money and possessions were not tied to a digital constructed architecture which in turn linked you to a digital identity....
THIS is where the major cracks in the system got introduced, when they did an edition and rules re-work of the matrix to fit in the "wireless Topography", and "digitize" the world and "simplify" the system....
Now, I not touching the Persona and Matrix issue with an 11 foot pole..
IMHO throw the entire fucking thing in the fucking fire where it deserves, as the unworkable poorly thought out fan fiction crap that it is....
Which prety much sums up my feelings of 4e matrix as whole... (and carries over to 5 and 6e as well, just because its based off the unworkable shit stain that was 4e matrix rules... No offense to the current writers... One can not polish a turd.)
And really, THIS is the heart of your problem Penllawen...
Not SINs...
Not Personas...
The Matrix and its rules.
There are too many fiat reasons for the whys and hows, and not enough structure.
So basically,
SINs don't work that way, and Personas don't work that way.
Why? Because Fiat.
-
I think it's important to recognize the distinction between Personas and SINs. They are very much not the same thing....
The two are not interchangeable concepts.
Yes, that's true. Where I have conflated them above, I have done so only for brevity, on the basis they have very similar unhackable-for-game-reason superpowers. (With the exception of the very specific carveout for fake SIN creation.)
-
Footnote to this thread: I've written something that attempts to explain the narrative issues I was exploring, hopefully without requiring any changes to the mechanics.
https://paydata.org/setting/matrix_re_fluff/sins/
And
https://paydata.org/setting/matrix_re_fluff/personas/