[penllawen]

Why can't the AR glasses read your brainwaves? We have (at least in 5e) lore establishing that things like glasses and wigs can incorporate trodes and therefore DNI.  "Just being able to read biometrics" is surely a step down in complexity than full DNI.

OK, switch from glasses to contact lenses. Now what?

And for that matter, why can't your commlink read your brainwaves even without benefit of a readout from something being physically worn on your head?  Who's to say that "in your pocket" is too far away for a fictional technology to read your brainwaves?

Hmmm. Maybe. But I see some issues.

Firstly, you're introducing yet another layer to an already cluttered stack. We've got AR and VR; we've got image link and DNI. Now you have this new thing for players to remember that sits between 'link and DNI. Maybe it doesn't matter much, if this is just pure fluff, but it's still a downside.

Secondly, the easier you make it to read these magical "brainwave patterns" - by letting simple devices read them at a distance - the more players are going to ask about man-in-the-middle attacks where they use some device to capture someone else's patterns and thus steal their persona. Which isn't something I think the players are being awkward about; I think it's a reasonable thing to ask. So I think this idea moves the fluff in the wrong direction. I think it's better to make it harder to authenticate, not easier.

[DigitalZombie]

@Penllawen As I liked your matrix rules- Im looking forward to see your SIN/Persona rules.

1. Statement: a persona is based on the unique brainwaves etc. Of a person.

1. Problem: you can easily use a metalink, with no trodes, DNI etc. You dont even need image links or AR gloves. You are now using your link as a mobile phone from 2020.  So how does that commlink scan your brainwaves, to create your Persona? 

Possible solution1 : it doesnt, if you want to use a commlink you MUST have DNI ( not RAW- but would explain the whole Persona thing better).

Possible solution 2; as soon as you press the "on' button the cheap 100 nuyen metalink registers your brainwaves through your electromagnetic field in your fingertips. As you use your phone in year 2020 mode it registers your brainwaves rhrough the electromagnetic field each time you scroll, presses like, texts someone etc. If someone else qhere to press the screen it would automagically know it wasnt you.

For 70nuyen more you can get trodes and the brainwave link would be even stronger.

I would go with 1 (or the unkown 3) as 2 sounds odd

[penllawen]

@Penllawen As I liked your matrix rules- Im looking forward to see your SIN/Persona rules.

https://paydata.org/setting/matrix_re_fluff/legal_matrix/#personas-your-commlink-as-the-keys-to-your-life

My SIN rules are still evolving and only partially written.

I would go with 1 (or the unkown 3) as 2 sounds odd

My pitch would be as the above link. tl;dr:

• Define "personas" as a digital shadow-self; you, in the Matrix. (Note this is distinct from the persona icon, the thing that you customise to look however you want. I think it's better to separate those terms. (Also, you can't customise your persona icon infinitely; IP law applies. If you want to persona to carry a Gucci bag, go to the Gucci host and pay for a legally licensed 3d model of one.))
• Personas initially boot up with no permissions at all.
• Personas contact various powerful hosts to say "hello, I am John. Please grant me the permissions to use John's car."
• The host does whatever checks it wants. If the user has DNI, these are some very difficult to fake challenge-response brainwave scans (basically, the host tells your DNI to poke your brain. Yes, that's scary sounding, on purpose.)
• If you lack DNI, you're back to using foolable stuff like retina scans and fingerprints. Your security is much worse. It sucks to be poor in Shadowrun. Get a datajack, loser. >> I believe this is the only major departure from RAW's mechanics.
• Higher security things, like the permissions for your car or your smartgun, will regularly re-scan your brainwave auth to confirm you are still you. This means stealing someone's persona when they use DNI isn't just a one-time hard thing, it's an ongoing process hard thing.
• If a persona every fails even one of these security checks, it hard locks out of everything at once - so if the Ford host is suddenly not sure you are you, you lose all your credentials to everything until you can reboot your commlink and sign back in. This is built into deep layers of Matrix protocols and is impossible to circumvent without hacking the hosts that run the permissions (which are typically very secure for most items). Yes, this sometimes misfires, and people sigh, and reboot. I like my tech to be at least as annoying and fallible in SR as it is in real life.
• If a persona ever appears on the Matrix twice - ie. a faked persona pops up and says "hey, I'm John" - the same hard lockout happens to both personas at once. "Personabombing" - making a crappy fake of someone's persona that does nothing but get them locked out a few seconds later - is a thing, albeit a thing that doesn't achieve much other than mild inconvenience.
• Similarly to users without DNI, users can also choose to download all their credentials onto their commlink and run entirely locally with no requirements to connect to any servers. Now all your stuff is only as secure as your commlink is ie. not much. Useful for people off-grid in the wilderness or intent on leaving no digital footprints at all, though.

[penllawen]

But when it comes to SIN verification the only thing it checks is the integrity of the SIN,
to make sure it is not a fake SIN. Nothing else.
And to bypass it you buy a fake SIN of a high enough rating. Nothing else.

I still reject this view, but let me rephrase the problem then.

When Wally Wageslave walks up to a security door, why doesn't the door check Wally's persona and say "yes, you are Wally, I will open for you"? If personas are hack-proof, this provides near-perfect security. Yet the game has handprint scanners and retina scanners etc etc etc. Why?

[0B]

But when it comes to SIN verification the only thing it checks is the integrity of the SIN,
to make sure it is not a fake SIN. Nothing else.
And to bypass it you buy a fake SIN of a high enough rating. Nothing else.

I still reject this view, but let me rephrase the problem then.

When Wally Wageslave walks up to a security door, why doesn't the door check Wally's persona and say "yes, you are Wally, I will open for you"? If personas are hack-proof, this provides near-perfect security. Yet the game has handprint scanners and retina scanners etc etc etc. Why?

The only thing that would make sense would be that persona authentication is handled by some central authentication authority (CA) on the Matrix that is not controlled by the corps or any user. The security doors rely on a list of acceptable personas, this list can be modified to give you access (Via marks, perhaps?)

I imagine it would work like this:
1. A person connects to the matrix using a device. The device uses the CA's public key to encrypt a message containing the person's brainwave data, timestamp, and device information. (Possibly also a OTP for extra security, sent from the CA to the person using the device's public key for encryption)
2. The CA decrypts this using its private key. It gives the device/person a persona.
3. Any marks/access a user has are dependent on who is running the system. When you connect to the matrix, you regain your marks by sending a message to the host/server. They verify your persona against their own whitelist of acceptable personas, then send you a mark. This may be a background task, IE, your device stores information on which systems you connect to, and on startup, they collect the marks again to send to your device. The verification uses your persona.
4. The reason that this isn't hack-proof is that the whitelist is not necessarily hackproof. External devices aren't verifying your brainwave data against the CA, they're verifying your persona ID against a whitelist. The persona ID is trusted completely, but the whitelist may have a flaw or could be modified.

The persona authentication system must be separate from other authentication systems for that to work. I would be somewhat concerned, TBH, if every system used your brainwave data to verify your identity.

[penllawen]

The only thing that would make sense would be that persona authentication is handled by some central authentication authority (CA) on the Matrix that is not controlled by the corps or any user.

An idea I quite like is that the corps don't completely trust GOD. GOD is (IIRC) made up of deputised staff from the members of the Corp Court. That means even if you're a mega, it's still 90% people who don't work for you. It'd be extremely high risk for a corp to use their staff in GOD to help them do a raid against a competitor, but the possibility - however slight in practice - will always be in the backs of wageslave's minds.

The persona ID is trusted completely, but the whitelist may have a flaw or could be modified.

But if the allowlist for "these personas can open this door" can be manipulated, why not the allowlists for "these personas can driver this car" or "shoot this gun"? We know that, per canon, while it is possible to "steal" the digital concept of ownership, it's a royal PITA, with that really long extended test.

If you made every corp facility security door open only to personas that had marks on them, every runner that used to be able to steal a keycard now has to hack the door instead. It's surely more secure, just because what used to be job of a thousand-nuyen keycard cloner can now only be done by 100k of cyberdeck. I can't see a way out of it in RAW. (I do have an answer that involves some small changes to RAW, though.)

I would be somewhat concerned, TBH, if every system used your brainwave data to verify your identity.

Oh, see, I quite like the dystopic aspect of "every secure thing in your life is digitally poking your brain many times a day just to see if you should have access to it."

[0B]

The only thing that would make sense would be that persona authentication is handled by some central authentication authority (CA) on the Matrix that is not controlled by the corps or any user.

An idea I quite like is that the corps don't completely trust GOD. GOD is (IIRC) made up of deputised staff from the members of the Corp Court. That means even if you're a mega, it's still 90% people who don't work for you. It'd be extremely high risk for a corp to use their staff in GOD to help them do a raid against a competitor, but the possibility - however slight in practice - will always be in the backs of wageslave's minds.

The persona ID is trusted completely, but the whitelist may have a flaw or could be modified.

But if the allowlist for "these personas can open this door" can be manipulated, why not the allowlists for "these personas can driver this car" or "shoot this gun"? We know that, per canon, while it is possible to "steal" the digital concept of ownership, it's a royal PITA, with that really long extended test.

Oh, I agree there. The only thing I can think of is that these systems happen to be "more secure," but personally I dislike that you need such a long time to take ownership of them.

If you made every corp facility security door open only to personas that had marks on them, every runner that used to be able to steal a keycard now has to hack the door instead. It's surely more secure, just because what used to be job of a thousand-nuyen keycard cloner can now only be done by 100k of cyberdeck. I can't see a way out of it in RAW. (I do have an answer that involves some small changes to RAW, though.)

I guess the other half of it is that there are still businesses running on XP and COBOL, so some security systems just aren't upgraded. Of course, that doesn't match with how secure facilities are in-canon.

I would be somewhat concerned, TBH, if every system used your brainwave data to verify your identity.

Oh, see, I quite like the dystopic aspect of "every secure thing in your life is digitally poking your brain many times a day just to see if you should have access to it."

It's not so much that, as it is "if this system has access to my brainwave data, then it can use it elsewhere to authenticate as me."

[Hobbes]

But when it comes to SIN verification the only thing it checks is the integrity of the SIN,
to make sure it is not a fake SIN. Nothing else.
And to bypass it you buy a fake SIN of a high enough rating. Nothing else.

I still reject this view, but let me rephrase the problem then.

When Wally Wageslave walks up to a security door, why doesn't the door check Wally's persona and say "yes, you are Wally, I will open for you"? If personas are hack-proof, this provides near-perfect security. Yet the game has handprint scanners and retina scanners etc etc etc. Why?

There needs to be a wall of no between PCs and the NPCs bank accounts.  Otherwise, why bother with Shadowrunning?  So, somewhere between a person, a persona, a commlink, a SIN, and a bank account, there is some arbitrarily unbreakable security.  The 5th and 6th edition choices are, IMO, the most playable version yet. 

If you let the Unhackable SIN be the ultimate form of ID, then PCs have far fewer choices for infiltration.  Social infiltration is impossible.  Smash and Grab becomes the de facto method of running.  If you and your table want to allow for some kind of SIN and/or Persona Spoofing and arbitrarily rule that Bank Accounts are somehow unhackable even with Persona and SIN spoofing, go for it.  Whatever works for your immersion.

But for the way 5th and 6th Vanilla are set up, SIN Scanners need to be a simple pass/fail.  And then the various Bio-metric Scanners and counter-measures come into play for everything else.

You're correct, if SINs and Personas are these perfectly unhackable/unspoofable then they should be the method every security checkpoint uses to validate IDs.  But they're not used that way for the same reason they're unhackable, arbitrary decision for desired game play options. 

[0B]

*snip*

There needs to be a wall of no between PCs and the NPCs bank accounts.  Otherwise, why bother with Shadowrunning?  So, somewhere between a person, a persona, a commlink, a SIN, and a bank account, there is some arbitrarily unbreakable security.  The 5th and 6th edition choices are, IMO, the most playable version yet. 

I'm not sure if I agree with the "wall of no." Banks today aren't perfectly unbreakable, but that doesn't mean they're getting cleared out. I think something like that should be incredibly difficult, but I disagree that it should be impossible. The reason you shadowrun is because going after a bank is incredibly risky, and there is very little chance if success. There could even be some internal zero-trust going on: being able to hack one account won't allow you to hack other accounts. And perhaps withdrawing a certain amount of credit at once will raise a flag, and will set security deckers on you to verify your identity, even if you are using proper credentials.

However, I do agree with your points about unimpenetrable ID- even if there are incredibly secure systems, some folks are still running on last decade's drek

[Xenon]

But players have wanted to steal personas, as this is a game often concerned with high-tech thievery, and stealing someone's digital identity is an obvious tactic.

You can't steal someone else's Astral Signature.
But you can impersonate it (with Flexible Signature Metamagic, SR5 p. 325-326).

You can't steal someone else's Matrix Persona.
But you can impersonate it (with Masquerade, Kill Code p. 40).

You can't steal someone else's legal citizenship.
But you can impersonate legal citizenship (with Fake SIN, SR5 p. 367)

You can't steal someone else's fingerprints.
But you can impersonate them (with a sleeve, SR5 p. 447)

You can't steal someone else's access.
But you can impersonate access (with illegal matrix actions, SR5 p. 237)

When Wally Wageslave walks up to a security door, why doesn't the door check Wally's persona and say "yes, you are Wally, I will open for you"?

Because Shadowrunners exists.

• Wally Wageslave does not have User or Admin access on the security network so he cannot control the door remotely and instead have to place his hand on the fingerprint scanner. Scanner will recognize Wally and the door will open.
• Penllawen the infiltrator use a sleeve with Wally's fingerprints on the fingerprint scanner. Scanner might recognize Wally in which case the door will open.
• Hobbs the spider's matrix persona have Admin access on the security network which the door is connected to. He just mentally command the door to open with a Minor action.
• Xenon the hacker physically connect to the universal access port of the door and use his cracking skills to illegally have his matrix persona spoof a command which might open the door.

...SIN Scanners need to be a simple pass/fail.  And then the various Bio-metric Scanners and counter-measures come into play for everything else.

Precisely!

[penllawen]

It's not so much that, as it is "if this system has access to my brainwave data, then it can use it elsewhere to authenticate as me."

Oh, I have an answer for this, but I didn't make it explicit above. Don't think of the "brainwave scan" as a passive thing. Think of it as a challenge/response. The host uses your DNI to provoke some transient state in your brain, then measures how it reacts to that state - like tossing a particularly size and shape rock into a pool, and observing the resultant ripples. No two hosts use the same rock, so your credentials are unique to each host. This is a desirable goal within the universe, so I'm comfortable with the idea it would be built this way.

For extra dystopic fun, this process might be fleetingly noticeable to the user. A burst of synthesia, the sudden unprovoked smell of fresh ground black pepper, a vivid unprovoked recall of a childhood memory - who knows?

As a footnote, I think this process would happen on a part of the commlink that is isolated from the rest of the device and is inaccessible to the Matrix - very similar to a modern-day TPM chip. Somewhere in there (this is where even I think you start handwaving) there's some crypto based on a private key you can't read out of the firmware. Even if you hack someone's commlink, you cannot extract via software alone the data you need to spoof their ID to this challenge/response process.

There needs to be a wall of no between PCs and the NPCs bank accounts.  Otherwise, why bother with Shadowrunning?  So, somewhere between a person, a persona, a commlink, a SIN, and a bank account, there is some arbitrarily unbreakable security.  The 5th and 6th edition choices are, IMO, the most playable version yet. 

Sure, of course. I can only apologise I have I not been clear about my objective. I want to leave the game mechanics unchanged, as far as I can, then expand the fluff to explain them.

My objective is not to allow PCs to steal personas. My primary objective is a personally satisfying reason why they can't. And if I can do that work, and share it, and at least one other person in the SR community finds it useful - well, that justifies the effort of sharing it. So that's my secondary objective.

When I ask "why can't PCs steal personas?", it's because I'm desiring to brainstorm ideas for the in-universe explanation as to why personas are inviolate, not because I seeking to find a way to make them vulnerable.

You're correct, if SINs and Personas are these perfectly unhackable/unspoofable then they should be the method every security checkpoint uses to validate IDs.  But they're not used that way for the same reason they're unhackable, arbitrary decision for desired game play options. 

I do have an idea here BTW (but I didn't want to lead with it because I didn't want to immediately shuttle the conversation down my own views.)

Re: security gates, I think it's quite reasonable that crudely spoofing someone's SIN (or their persona; the issues are very similar) might work briefly but not work long-term. So imagine I set my commlink to broadcast your SIN, which after all, is just a short string. Fine. But very shortly after that, some host somewhere is going to notice the duplication - that there's two different personas using the same SIN - and it'll start ringing alarm bells. Not long after that, any system using those SINs to do anything with will be alerted, and immediately start rejecting the SIN.

By "not long here" I'm thinking a few seconds.

So actually, you do have just about long enough to maybe get a security door open with your stolen SIN, but probably not do much of anything else. So that's why your corpsec doesn't use SIN verification; it can be cheated, just for a handful of seconds, and doors open faster than that. That's enough to give corpsec nightmares so they prefer their auth to live entirely inside their own architecture - so we're back to our beloved 80s keypads and swipecards.

As for stealing a bank account - it's one thing to steal an account and quite another to keep it. An awful lot of potential shenanigans can be headed off with "great, now you have a million nuyen... and now the bank's audit AIs have noticed.... and now they've reversed the transaction." These would be some of the beefiest computer systems on the planet and I'm pretty comfortable saying laundering stolen money out of their grasp before they notice is supremely difficult. Even if you shuffle the cash to a credstick and then attempt an onwards (anonymous) transfer, you can guard against that with an escrow window - say that funds loaded onto a credstick cannot be used for 60 seconds, and that is easily long enough for the AIs to notice the theft and claw it back.

[Hobbes]

Even if you shuffle the cash to a credstick and then attempt an onwards (anonymous) transfer, you can guard against that with an escrow window - say that funds loaded onto a credstick cannot be used for 60 seconds, and that is easily long enough for the AIs to notice the theft and claw it back.

I'm pretty sure laundering money in the sixth world could be a 600 page rule book by itself, that me and about six other people would read.  : ) 

[penllawen]

I'm pretty sure laundering money in the sixth world could be a 600 page rule book by itself, that me and about six other people would read.  : )

Well, I'd be one of the six!

But actually I don't think it's so complicated. I think the most thematically resonant answer to this is corrupt institutions. No need to go to elaborate lengths to launder money when nation-states are dramatically weakened and you can simply buy a banking corp with extraterritoriality and order it to not look too closely at your transactions. That happens today, so I don't think it's a stretch to say it's going to happen in Shadowrun.

This has an interesting side effect of squeezing mid-level criminals; somewhere between (say) a typical shadowrunner and crimelord is the middle ground where they make enough to be noticeable but not enough to buy controlling stakes in AA corps. This mirrors the disappearance of the middle class in the legal side of the Sixth World; you have an almost empty space between hordes of wageslaves barely getting by and the elite with more money than God. I like that parallel.

[penllawen]

When Wally Wageslave walks up to a security door, why doesn't the door check Wally's persona and say "yes, you are Wally, I will open for you"?

Because Shadowrunners exists.

This answer comes from the same weak-tea line of thinking as "...and then he woke up and it was all a dream", which was how I wrote stories when I was 12. I think we can do better.

[Xenon]

What I meant when I wrote "Because shadowrunners exists" was that infiltration and impersonation is a huge part of Shadowrun.

If SIN checks was not just used to validate if you are a legit citizen (as written) and instead also being used to validate that you are actually you (as you would like it to be) then you are in effect replacing the need for fingerprint scanners, voice recognition, keypads, DNA scanners, proximity RFID scanners etc. And if you no longer have any need of them you also no longer have any need for making your own sleeve, using voice modulators, sequencers, bath to preserve DNA samples, keycard copiers etc.

Both physical infiltration and social infiltration become impossible.

"I don't care if you look like Wally.. or that you sound like Wally.. Why? Because the SIN verification unit not only says you are a legit citizen it (now) also tell me that you are not Wally! Sound the alarm! Burn this SIN!"

The better solution is to follow the rules as they are written and simply treat the check as a binary "Are you a legit citizen? Yes/No"-check. And nothing more.

That way a physical and social infiltrator can fool the system by using a fake SIN (if it have a high enough rating). But to actually gain access they also need to making their own sleeve, using voice modulators, sequencers, bath to preserve DNA samples, keycard copiers etc. And in social encounters they need to use skills such as disguise, impersonation, etiquette, leadership etc.

This is the intent. And this is how the rules are written. And if works. Stop trying to "fix" it?