You DO realize that there are Rules for Crafting Fake SIN's in SR4, right? Their existence proves your statement to be false.

If it was extremely hard to hack SINs, it would cost a premium to get someone to do it.

Fake SINs as of SR5, are 2500 (IMG:style_emoticons/default/nuyen.gif) per rating. Which is, for comparison, the same price as a Rating 4 commlink or just under the book's recommended base reward for a shadowrun (3k (IMG:style_emoticons/default/nuyen.gif) + 100 (IMG:style_emoticons/default/nuyen.gif) per net hit on a Negotiate test). OR half a month's Middle lifestyle.

So not terribly expensive.

As several people have tried explaining to you multiple times, attaching something is completely different from having a searchable, constantly updated index, much less a publicly searchable one

And again: why does there have to be just one index?

Remember, as of 4.5, you can store the entire Library of Congress in your underpants. Storage memory is no longer a problem, so everybody and their dog can carry the entire Google index with them everywhere they go. And that's still assuming that search engines function exactly the same way in the future they do now-- that's not likely.

There are probably dozens or more search indexes out there. Admittedly, that's kind of true today-- Google is easily the biggest, but Bing and a few others are still out there. I think you were the one who said that memory space was an issue for such an index, but that will not be an issue.

Also, we're both kind of assuming the SR4 devs used the word index appropriately. It could be that since each SIN "indexes" everything, it actually carries every single known link from your SIN everywhere you go, as a database for anyone to look at. Or, it could be they just meant something more like "tagging", which basically identifies each and every thime your SIN is mentioned.


You'd get a lot more. Without invoking your credit report, I can still find your entire employment history and exact position currently (LinkedIn does that), your educational history (what schools you went to and when you graduated), the restaurants you frequent ("liked" on Facebook), the names of all your family members, and your favorite clothes (from searching your pictures). Finally, I can find your current location (Foursquare). So, I can track you to within a few meters.

On top of that, there are sites out there that allow anyone to check your criminal history. So, anyone can find out that you got in trouble for stealing a candy bar when you were six, and Officer Friendly came to give you a lecture. You can run someone's driving report, and locate every traffic or parking ticket they've ever received. If you correlate off that, you can predict roughly where someone will park each day. On top of that, since the future roads use electronic tolling and ticketing, you can track someone's bank account off it-- you basically have to leave a credit card on file to pay to use the roads, so that's traceable as well.

Those are just some basic things you can do today (mostly). And I didn't use the credit report example, which is disturbingly easy to get, and gives a heck of a lot more information.


Who said that it was?

In order for the Shadowrun economy to work, there needs to be a system to share information freely. The notion of hoarding consumer data is silly-- you don't want to make it hard for someone else to buy your products, so it doesn't make sense for them to make it hard to buy yours.

But, we do know that 2070 uses ultra-targeted advertising. Today, people run your credit report all the time, just so they know what credit cards to offer you. Shadowrun is the same way, except more so. So, when you walk into a store, your credit report and transaction history is run. Now, this information is still "protected", in that the store can't actually charge you for anything without your approval. But they can run your balance, and depending on what they find, either start sending you ads for high-ticket items or today's blue-light special.

There *is* security there, and a great deal of it. However, it's almost exclusively focused on transactions-- buying and selling things. That is protected. But in a world without privacy, your information is already out there. That's why it's easier to fake a SIN than hack an existing one.

Interesting idea. So, every time someone logs your SIN, they send you a little notice that they've done so, which you append to a log of SIN checks on your commlink. Then, in addition to broadcasting your SIN, you also broadcast your log of SIN checks, which records every time anyone has ever logged your SIN. I mean, it would work, as an alternative to creating a central database, but how is it better than the central database? At least the central database would be a little more tamper-proof, no?

In any case, since there's no mention of any such system, I'll continue asserting that you've produced no evidence that I'm wrong about my point 3 from post 129. In other words, you've still produced no evidence that there's any easy way to look at a SIN and figure out which databases contain information about that SIN.

Note that if there were, radical honesty would be the rule of the day. ("Hi honey, where have you been?" "Mommy, check his SIN log, he's been at the strip club, again." "Dammit John, we've talked about this!")


Oh? How do you think "tagging" works?


In 2015, if someone participates extensively in social media and sets their privacy settings as public as possible, you can gather a lot of information about them relatively easily. I agree with that.

This is relevant to shadowrunners in 2075 how exactly? Assuming there is something like Facebook and Foursquare in 2075, do you imagine that shadowrunners, or those they normally deal with, will be enthusiastic users of these services?

(A few side points: Foursquare doesn't share real time locations anymore, these services are generally not searchable through public search engines by default, and why would any corp citizen have a "LinkedIn" in 2075? Would Renraku even allow their employees to create one? Seems crazy.)


In 2015, most criminal policing is done by governments. These governments make an ongoing effort to make their activities public (in some ways at least).

In 2075, most criminal policing is done by private corporations. These private corporations explicitly, canonically, refuse to share data with each other. How much data do you think they'll just release to the public? Presumably there will be some public record of felony convictions (one would hope) but for anything less than that, I'm not seeing it.


You don't have to. Today, you make a toll account, then you can pay money into your toll account however you like, then that account is debited when you use a toll road. If you want, you can leave a credit card on file with them, which will be charged to refill your toll account when it gets low, but this is optional.

(This feeds into my broader point that your ideas about payment systems strike me as comprehensively unrealistic. Excessive information sharing is simply not necessary to set up automated payment systems.)


Cite?

At times, the US and the USSR traded grain for oil. How good were they about sharing information with each other freely?


Silly? If I make it easy for you to track the movements of my employees, you will use that information to kidnap them, blackmail them into turning against me, or assassinate them. Again, there is a cost-benefit analysis here. And again, in Shadowrun, from the evidence we have, these cost-benefit analyses have consistently resulted in, "Don't share data, it's not worth the risks."


Ultra-targeted? Can I get a cite on that? I've discussed, in my first post in this thread, how you can do tailored advertising with only my 1 and 2 (from post 129) being true. You don't need 3 and 4 for tailored ads.


Yes, the first statement here is true. Do you have any evidence to support the second statement?

If I'm a Renraku corporate citizen, am I even allowed to get loans from other corps? I would guess not, Renraku wouldn't want them having that leverage over me, would they? (Presumably this is one reason loan sharks do such booming business in 2075.) If Renraku is going to lend me money, do they need a public credit report? Couldn't they just have their staff accountants and psychologists look over my records and decide if loaning me money is a good idea? If Renraku does decide to lend me money, are they going to publish all the details of that little internal transaction for the world to see?

("Hm, several big loans to one of their top-flight engineers, he must be under some kind of stress. Flag him for further surveillance and possible bribery/blackmail.")


You've said this a few times. You've yet to provide any kind of textual evidence that this works they way you think it does. I think you're simply wrong about how this works.

Finally, with regards to lack of privacy, compare these two statements:
I don't have any privacy, Renraku knows absolutely everything about me.
I don't have any privacy, absolutely everyone knows absolutely everything about me.

The first is totally plausible in Shadowrun, it's consistent with existing Shadowrun fiction, and it's totally gameable.
The second is maybe plausible in Shadowrun, it's very inconsistent with existing Shadowrun fiction, and it's pretty much not gameable.

The issue is that many people are claiming that because there isn't one single central database for all you info, SINs cannot work the way I describe. The flaw there is assuming there must be a central database. You don't actually need one for this to work-- in fact, it might be more fitting to the panopticon idea that data is stored and backed up in many places at once.


Honestly, this thread grew so fast, I missed your post. I don't like to go point by point anyway, you're only allowed so many quotes per post. But, if you give me a moment, I believe your claim was:

The first problem is that you're assuming there must be a central database. That isn't the case.

Second, why is that necessary? If you get four hundred and twelve reports saying I bank at Renraku Mutual, does it matter if a few say something different? Remember, there's a huge amount of data on everyone out there, you're going to get a few anomalies. Today, search engines can filter out some anomalies; presumably 2070 AI's can do the same.



Well, remember that in some areas, you literally cannot have your privacy settings that high. You have to broadcast your identity to legally walk down the block, or you could face armed drones-- that's an example in the SR4.5 core book. So, a shadowrunner who wants to appear to be a normal everyday citizen will have to have a fake SIN that's openly broadcasting.

Yes, of course they would! At the very least, everyone would have their resumes posted online, so they could apply for positions within the company. Renraku employs millions upon millions of people, across the entire globe; how else will they pick staff for job openings? And since they use the same Matrix as everyone else to transfer data worldwide, it would be much easier to put this level of information on public nodes. Also, while it might make it easier for others to extract their employees, it also makes it easier for Renraku to extract someone else's employees. Part of the cost of doing business is making tradeoffs.

Quick question: how many people will seek out a totally different bank, just to make a special account for tolls?

Even if people do that (and they don't, people seldom make that many bank accounts today), you're making a huge leap to assume they'll use a different bank. More than likely, if your scenario actually happens on a regular basis, they'll make the other accounts with their regular bank. So, someone who locates your toll account can safely assume that you do all your banking there, and then a few more queries can easily reveal the existence of your other accounts.

On top of that, if you can get more information, you can track the credit card/auto refill account, which would reveal even more.


And the competition makes it easy for you to do the same to them. It's a level playing field, which is the assumption behind much of the shadowrun world, economy, and behind shadowrunning as a profession.

I've cited it before, but sure:


So, tailored advertising is not just a reality, it's commonplace.

Why loans? Let's start with a more common example.

Joe Renraku is on a company-approved field trip to Northgate Mall. He gets hungry, and stops at a Stuffer Shack, and orders a Nuke-it Burrito. Can he do so?

See, there's a few problems. First, I don't recall who owns Stuffer Shack, but I assume it isn't Renraku. So, in order to buy anything off Renraku property, there has to be some communication between Renraku and the Stuffer Shack company.

Even bigger than that? Nuke-It Burritos are one of Aztechnology's flagship brands. So, you can't actually buy one without giving money to one of Renraku's biggest competitors. That gives Aztechnology leverage over them, right?

That's why some sort of mutual communication is necessary for the Shadowrun economy. Even though each mega could issue their own currency, they have to have a medium for exchange between each other, for purchases big and small.


I've provided several, but I have been repeating myself. Here's one from SR5 that I haven't used before.

Because you can't prove one central database, you'll assume there are many? Can you prove those? You've yet to cite a single example of someone entering a SIN into a system and getting back a list of databases that contain that SIN.

I've got SIN 34567890, I want to know where he banks. Where, exactly, do I enter his SIN, and get 412 reports that he banks at Renraku mutual? This is my question. I've never mentioned conflicting reports, I want to know where you're getting this information in the first place.

What does "out there" mean? The fact that Renraku has excellent information on the movements and activities of their employees doesn't help me at all if Renraku refuses to give me that information when I ask, does it?


Ok, these two ideas are different, no?

• This is a high security area, you must broadcast your SIN at all times
• This is a high security area, you must broadcast your SIN at all times. Also, the logs of where you go and what you do while here will be published in real time to the public Matrix for all to see.

The first is something that's been talked about in Shadowrun. Has the second ever been?


Here's an idea. Rather than have their employees post their information somewhere public, instead, you have an internal only system, where Renraku supervisors can query a secure database that records:
- What jobs have been held by someone
- What their performance review scores have been in those jobs
- Notes from evaluations by company psychologists, as to leadership potential and emotional stability
- Scores from various aptitude tests administered at various points in their lives, back to when they were children
- Grades from Renraku and external educational programs, back to when they were children

No privacy. No information sharing. Just how I like it. Everything's locked down, you can only look at information on those of lower rank/grade than yourself. (No looking up information on your bosses, naturally.)

And as to the idea that they would put all this stuff up on "public nodes"? Whoa! What do you mean by "public nodes"? Do you just mean that they are accessible on the Matrix, or that they just let anyone in without any kind of security whatsoever? Because I'm not saying that these employee information databases can't be hacked, just that Renraku would try to make it a pain in the ass to do so.


"Memo: All Staff. We would like all of you to make LinkedIn accounts listing your employment information and qualifications, and set them to public. Yes, this will make many of you juicy targets for "acquisition" by our rivals. However, we hope that our rivals will see this initial act of generosity, and be so moved, that they decide to reciprocate, which will help us in our acquisitions."


When I say a "toll account", I didn't mean a new bank account. I meant an account with the toll processing company. You make this account with them when you get your toll tag transponder. You then pay money into this account however you like. You can go down to their offices and pay in the money in cash, if you like.

(Again, you just consistently have really weird ideas about payment systems.)

And yes, if you hack the toll company's payment servers, and someone chose to associate a credit card with their account, you can get their credit card info this way. Hopefully those servers would have a little security on them, no?



That quote would be super-relevant if anyone were arguing that tailored advertising didn't exist in Shadowrun.

Of course, I haven't noticed anyone arguing that. My position, which has been consistent from my first post in this thread, is that you can do tailored ads just fine with internal, not shared, consumer purchase history databases.


Processing transactions requires communication. How much communication? My position, consistent with what we've seen in the world and several examples I've provided, is that it requires very little. Your position is that it requires everyone to broadcast all their financial information at all times. Your position is simply untenable.



Tailored ads are fine. Look at my post 129. You can do tailored ads with just my 1 and 2, you don't need 3 and 4. You don't need information sharing of any kind.

Right. And thats my problem with SINs. Prior editions had them given out by megacorps of all types, not just nations.

Further still, on checking them, if their issued by corps and well as nations, its not always in the best interest in the corps to cooperate with a rival corp on security checks. Its never in say, Lone Star's best interest to cooperate and help Knight Errant in checking security. Or Horzion vs say Aaztechnology. That seems to be a bit lost here from what I see. Going through the cracks.

I've repeatedly provided the quote that shows that's exactly what a SIN is supposed to do-- it indexes and helps sort and collect information on you.

Second, considering you can do that nowadays by typing your name into Google, I don't think that's a valid argument.


2070 equivalent of Google. Remember, I can get all this information today, it just takes a while and involves some guesswork. A SIN removes a lot of that guesswork, and AI should handle about all the rest.


Quite often in SR4-onward, actually. Here's one from SR4.5:

So, not only is everything recorded and tracked, patterns are analyzed in real time, or at least close enough to send security forces if the computer thinks it's suspicious.


And when you have to work with someone from another corp? That happens all the time, too. Joint ventures are commonplace now, plus the fact that many times corps need to negotiate with each other.

And yes, I mean publicly accessible. They'd place a reasonable amount of security on it, although not super-heavy.


That would also link back to your bank account.

For example, let's say I have my phone bill set to auto pay. I put in my debit card information once, and it's stored securely; anyone looking at my statement would only see that I paid with a card ending in 6969. Of course, sometime's that's enough to track certain information on the card, like the type (Visa/MC/Discover) and sometimes even the bank that issued it.

But, to bring this back to Shadowrun, I'll cite Sr4.5 again:

So, datatrails are real, and that information follows you everywhere your SIN goes.


Straw man, or at least hyperbole.

I never said "all your financial information", I said a SIN makes looking it up very easy. That's very different.

Also, while you keep saying you have examples, I can't seem to find any of your page citations. I might have lost them in this thread, and I don't actually know how to link past posts, so do you mind linking me to the posts with all your page references?


\Not possible.

In order for tailored advertising to be even possible, you need detailed information on people. Like a personal shopping profile, assembled either by computer or by someone. Someone not only needs to track what you've bought in this store before, but what similar items you've bought in the past, so they can push you towards other things. For example, if you have an Android, there's no sense in trying to sell you iPhone accessories.

But, let's try a few more page references. Here's one from SR5:


So, ask yourself: what's required for that computer to target that ad to you?

First, it needs to know you bought a pair like it. You said that the store would track it, and that would be right... except that might not be the same store, or even a related one. So, something is tracking your purchases, and it follows you. Since everything is indexed to your SIN, it has to be tied to that somehow.

The next example is even trickier. Not only does the computer need to know you watched the previous trid, and have that information follow you to every similar theater, it somehow has to know that you liked it. How it does that is a matter of speculation, but more than likely it's by correlating other information-- how many social media posts you made about it, if you saw it more than once, that sort of thing. Today, that requires guesswork and a fine hand with data analysis; but in 2070, it'r a routine part of going to the mall.

Cheap attempt at sidetracking. The discussion is about your claim that there is a magical database which indexes every file and database containing a SIN. Whether there is just one copy of that magical DB or 50 is completely immaterial to the discussion


So after insisting that you are only preaching the literal gospel for five pages or so, you are now doubling down to "well, you can't disprove that maybe what the authors really meant -- although they didn't write it -- is what I want it to mean"

I'd say it looks like you realized that your position has become untenable, but instead of doing the smart thing and simply letting the issue rest, you're trying to derail the discussion away from your failed claims...

Yup. My point 2 from post 129. Not a point of disagreement.


Well, as I've tried to explain a couple times, Google isn't magic. They crawl the public parts of the web and index what they find. For you to say that something should be Google-able in 2075, you need to make the case that it will be recorded somewhere in a public part of the web. (Public here means open access with no security, just for clarity.)

So, where is there a public database that records all the bank accounts associated with each SIN? If there is no such database, you can't get this information with the equivalent of a Google search. (Note that today, you can't Google my name and get information about who I bank with.)


Yeah... That quote doesn't actually say that everything that's recorded is then shared with the general public, does it? I mean, if they detect a gunshot or a mob they call the cops, but that's totally different from saying that anyone who wants to is allowed to look through the cameras or listen in on the mics.


If necessary, limited access to the secure corp database can be granted on a case-by-case basis. Why throw the baby out with the bathwater? "Sometimes we might need to share some information? What the hell, that sounds hard, let's just openly publish all information all the time."


Ok, to me, these two statements contradict each other. What does it mean to have a publicly accessible database that has security on it? If I want to look at your employment records, am I allowed to, or not?


Not if I paid in cash, which is an option in 2015 (though, to be fair, perhaps not in 2075). If they hack the toll company, they can figure out how I paid, which might (possibly after a couple more hops) link to my bank account, that's true. This is not the same as saying that that information is easily accessible, or Google-able.


No one has a problem with your bank keeping a record of your transactions. That seems eminently reasonable, I'd be shocked if they didn't. Not really relevant to our conversation I don't think?


Ok, here's what you said in post 49: "By providing your SIN, you don't just give someone your address and phone number, you give them your entire credit history, every legal transaction you've ever done, all your medical records, the works." and "Anyway, not only does a SIN link to all your information, in some cases it's all you need to access that information (or money)."

My position is that you're wrong about this, and none of this stuff is necessary to set up the kinds of payment systems we see in Shadowrun.



Oh, I'm not citing to any pages in Shadowrun books, but, since all of your cites support my position at least as well as they support yours, I don't know that I really need to.

All I do is write up examples of non-crazy payment systems that are consistent with Shadowrun fiction and don't require your over-the-top information sharing. You can see my examples in post 100 (how to do Magic Fridge, tailored ads, walk in-walk out purchases), post 146 (how to run transactions generally), and post 155 (how toll roads work now).


Not possible? How about I explain some ways the system could work under my assumptions, then you try to tell me why the system couldn't work that way?

I explained tailored ads in my post 100. You claimed that my system wouldn't work, because obviously, Payless has to know what I've bought at Foot Locker. I asked a few times why you think that must be the case, you haven't given me an answer. Maybe I only get tailored ads from Foot Locker, but not from Payless? Is that inconsistent with the quote you've provided? Did it say that literally every single store has to be able to serve me tailored ads? (Even if every single store does want to serve me tailored ads, maybe they do it by just looking at my feet and giving me ads for similar shoes to whatever I'm currently wearing.)

Actually, working from that quote specifically, the ads don't have to be targeted by the stores at all. Maybe I have a "DealFinder" app on my commlink configured to record everything I buy. This information is then stored (relatively) securely and privately. My "DealFinder" app continually scans general offers posted by nearby stores, looking for deals on consumer products similar to what I've purchased in the past, and it notifies me about good finds. Bam, targeted ads without any store-side targeting.

The movie example could work similarly. Every time I watch a movie or a show, I rate it in "MediaRecommender", a local app on my commlink. This information is then stored (relatively) securely and privately. MediaRecommender then tells me about other shows and movies I might like, based on my taste profile. It also monitors what movies are playing at nearby theaters, and if it sees something it thinks I'll like (or knows that I rated highly) it points it out as described in the quote.

Actually, looking at the whole quote again, the first part seems really strongly consistent with my DealFinder and MediaRecommender ideas. They don't talk about the stores sending out super targeted info, they talk about the stores sending out general info about sales and movie times. Looks like me and the devs are on the same wavelength (IMG:style_emoticons/default/smile.gif)

I can comment on this one, at least...

Tolls in Colorado do not require any accounts whatsoever, whether Credit Card, or prepaid toll account (though you CAN choose to do so if you want).
IF I take a toll-road (and there are a few here), I receive a bill at the end of the month. This bill is attached to the License Plate of my Vehicle that is scanned. Since I have to have my car registered, they have my address, and then they send me a bill. There is absolutely no bank information transferred at the time of usage to legitimize this access of the toll road.

As for Data that is Public vs. Private, I am willing to bet that the amount of information that is private is far more than you are willing to believe. Case in point, I believe you mentioned LinkedIn. Well, that only gives hits if you actually have information on that service. Many don't. I know I don't. I just checked it... Of the 23 INTERNATIONAL Profiles that come up under my name, NONE of them are mine. So, even after 20 years in the same multinational company, I still do not show up on that search for that provider. Methinks that things are not like you believe.

Does this lead anywhere?

Well, I appreciate Cain's work assembling all these quotes about tailored ads and automated purchases and data trails and so on.

And, this thread is forcing me to think more carefully through how exactly payment systems etc. could work in the Shadowrun universe.

Finally, I'm getting some genuinely new ideas out of the exercise. My DealFinder and MediaRecommender apps are neat little bits of setting detail that I didn't have before this morning, for instance.

Ok, cool then. (IMG:style_emoticons/default/smile.gif)

First problem: there doesn't need to be "a" database. Today, people are perfectly capable of searching dozens of places and finding tons of information. It's time consuming, but since the SIN's stated purpose is to make this easier, that alone means it's not as hard as today.

Second, you don't need to find the bank accounts, at least not right at first. All you have to do is find a link that hints that they have an account with Renraku Mutual on the web. From there, you can send a query, and then confirm if they do have an account. More digging will eventually reveal their account number-- admittedly a little harder, but doable today.

Third, I've already listed several semi-public databases that carry all your bank accounts. In 2015, the big ones are called Experian, Trans-Union, and Equifax. Technically they're not public, but they're really really easy to access. (Harder to alter, though.) There's a ton of information on everyone there, and this information is basically shared freely by corporations today.

Fourth, Social Security Numbers and other sensitive information can be found by Google today. Okay, that was four years ago, but I don't see that it would be any different in 2070.



Ok, I'm going to try the credit report example again.

If you had a few pieces of key information on me, you could easily look at my credit report. From there,you could know or infer a great deal about me, and if you had enough time and resources, you could track down a lot more, by using what you learn as keywords and confirming data. So, the credit report is effectively "publicly accessible", in that it's not hard to look at. Same thing for my driving record, etc.

But, let's say some hacker wants to pull a prank on me, and tank my credit rating. Now, he's going to run into problems. Even though he can *look* at the data more-or-less freely, if he tries to change anything, he'll have to deal with some really nasty security plus multiple backups spread out over many different servers (and three AA megas).

Or, another example: your driving record is considered public information. Theoretically, anyone can look at it and see that they got a speeding ticket four years ago. However, even though they can see the ticket easily, trying to delete it from the system is a lot harder.

That's what I mean. Even though information is easy to look at, changing it or manipulating it is much harder.


Not today, no. But we're postulating 2070. With SINs, we know that all the information is linked together, and made easy for collection. So, that alone makes it easier. When you consider the rest of the technology increases, it becomes simple.


Isn't that exactly what SR5 says a SIN does?

My answer would have been "no." But that's why I stopped replying to anything [redacted clause].

Wait, I'm confused. We're talking here about what is accessible to search engines, right? Could you explain what you're getting at with this statement?


Whoa, not so fast there. SINs are better than names. That is not the same as saying that overall public search is better/more comprehensive in 2075 compared to 2015.

I mean, just looking at all the nifty stuff in the vehicles section of the Gear chapter, you might think that getting from Austin to San Antonio is a lot easier in 2075 than in 2015. But when you take into account the broader context (and new international borders) that isn't really the case, is it?

In much the same way that political balkanization makes some things harder in the physical world, organizational balkanization can do the same thing in the digital world.


Ok, so, if I'm understanding you correctly, the idea is that I Google your name, and I find a link that hints at who you bank with. What is this link that I find?


Whoa, how does this work? I just call up the bank and ask? Or, is this a "hack into the bank's servers" situation?


If I hack into the bank's servers, sure. How else do I get this info?


I don't even know if "credit reports" will be a thing in 2075, at least not for corporate citizens. Assuming they do exist, we have no idea how hard they'll be to access. Even if they do exist and they're easy to access, we have no idea what's going to be in them. So, forgive me if I'm a bit dubious when you assert so confidently what banking information exactly will be easy to get ahold of in 2075, based on your vague ideas about credit reports.


It's really easy to stop Google from crawling things you don't want them to index. Very rarely, website administrators mess up, and allow Google to crawl something that should never have been publicly accessible in the first place. It's... not exactly something you can rely on.


Ok, that makes sense. Everyone is allowed to read it, but only some are allowed to edit.

But, why would Renraku make their internal employee database publicly accessible for everyone to read? It just doesn't make sense to me.


You're postulating a search engine that uses crawlers that break into secure systems, index what they find there, and then add that data to a publicly accessible index. Such a thing is, I suppose, conceivable. It seems very unlikely, and without something more than your bare assertion, I don't see any reason to think that it is the norm in 2075.

Easy. A modern search engine has its own database, right? Updated constantly, but basically it runs on its own?

We're spoiled by Google, but there are far more search engines out there today. Each of them has their own database, and there are some search engines that basically just feed your keywords into all of them.

So, there is not likely to be one central database for every search engine in the world. There's probably billions of databases that network with each other, and cross-reference. Given that memory is unlimited, it's possible that each and every node and commlink has the equivalent of the entire Google engine contained within-- plus Bing, Yahoo, and who knows how many others.


The whole point of SINs is to index, link, and correlate data on you. So, if it can't do better than today, what's the point?

Let's go back to that quote again:


So, the listed purpose of the SIN, as of SR5, is to make it easy to track all your information. Thus, it *has* to be able to do better than we do today.


Today? There's a couple of ways. The first is, of course, your credit report. Another is any bill you've paid online. On the statement for my phone bill, they list the last four numbers of the debit card I used. That's not enough to hack my card, but it is enough to tell certain things: if it's a Visa, Master Card, or American Express, for starters. A little more digging can reveal what bank issued it. Also, you can track your spam-- if you're getting a ton of banking services offers from the same bank, that's a place to start looking.


Pretty much. Technically, some of it is social engineering, but you can just say: "I'm doing a background check on so-and-so. He said he had an account here, could you confirm that?" Since you're not asking for balances or other information, people are more likely to say yes. In Shadowrun, that would be handled by an automated system; and the SIm would make confirmation much easier.


It's harder today, but possible. Unfortunately, the Dumpshock mods frown on discussion of actual hacking techniques, so I have to stop here.

In 2070? Much much easier.

I'm using credit reports as an example of what's out there today. In Shadowrun, *everything* is out there. Every last transaction, every single thing you ever bought, was recorded and tracked somewhere. There is a "staggering" amount of information on every person, every day. So, to answer your question: all the information that goes into a credit report, plus lots more, is sitting on the Matrix somewhere in 2070.

Your next question is rather or not that data is sorted and collected somewhere, or at least organized in a fashion that makes it easy to sort. Well, that's what a SIN is for, so that answer is a yes as well.

The next question is, how easy are they to access? A great deal of it is a result of social media, and that's generally public or easy to access. The semi-private stuff can be fooled by pretending to be someone mildly authorized to look at it. Today, there are services that, for a small fee, basically look up stuff for you while using important-sounding URL's to convince people they're a legit entity. As long as they're only looking, and not actually trying to alter anything, security won't go off on them.

Does that answer your questions?


Some of the incidents in the article are a result of Google changing their search parameters. They don't tell people that sort of thing now, so I doubt that the zillions of search engines in 2070 would tell them.


Weren't you the one who referred to the Corporate Court earlier? There is something called the Business Accords, which includes standards for information sharing.

Beyond the fact that it's financially beneficial, it might be corp law.


Not at all.

The example was tracking you via paying a toll on the road. Grid Guide is technically secure, but it's also not hard to track people using it-- there's countless examples of that in Shadowrun fiction and adventures. Not to mention, if the toll is operated by a government, it's probably part of the public record, and anyone can look for it. I look, and see that John Smith paid his toll with account X. I can't [yet] tell exactly what account it is, but there's routing information-- information that tells the computer which bank was used. Add a SIN to this, and tracking that bank is really easy. You don't need to break into a secure anything.

As for adding it to a publicly accessible index? Let me repeat part of the earlier quote:


I don't need to add it to anything. The SIN does that for me. It'd be like how your computer sorts things alphabetically: it'll automatically sort information by SIN.

Oh, you meant multiple different search engines? I'm not sure how much that gets you, really.

Bing crawls basically the same stuff as Google, it just ranks relevance in a slightly different way. Yahoo isn't even really its own search engine, their back end is just Bing.

You can speculate that 2075 has lots of search engines that operate in very different ways, but this is mere speculation, and I think we can draw no useful conclusions about the kinds of things that might be gained by having these many (hypothetically different) search engines. People in 2075 probably assume that if something is visible to the general public, it gets crawled and indexed; the details of how exactly this happens don't seem terribly important.


Nah, the second statement here doesn't follow from the first, you're missing a ceteris paribus. Did you not like my Austin to San Antonio explanation? I thought it was pretty nice. How about another one?

In 2075, technology to detect and shield against harmful radiation is much better than what we have in 2015. Thus, it *has* to be the case that the average citizen in 2075 is exposed to much less harmful radiation than we are today.

See the flaw there?


A Google search is going to turn these things up?

No search engine that we've ever seen is going to have its web crawlers hack into secure servers (or engage in social engineering) to get data to incorporate into its public index. 2075 is different, sure, but this idea in particular strikes me as nonsensical in just about any context. This is something a neo-anarchist might attempt, but a megacorp? If you release an army of bots to do this, you're basically engaging in open war on the Matrix.


Big picture, let's try to separate a couple of distinct threads:
A. Given time and effort, and willingness to take serious risks and engage in illegal activities, a hacker can gather a great deal of information about you once they have your SIN. (No one objects to this idea.)

B. You in post 49: "By providing your SIN, you don't just give someone your address and phone number, you give them your entire credit history, every legal transaction you've ever done, all your medical records, the works." and "Anyway, not only does a SIN link to all your information, in some cases it's all you need to access that information (or money)."

If you want to defend B, you can't use arguments that merely defend A. Or, do you now feel that what you said in post 49 was mistaken?

As I recall, your ideas in that post were motivated by the underlying belief that this kind of information sharing is necessary to set up the payment systems we see in Shadowrun. Since I've now demonstrated that you were mistaken in this underlying belief, do you now feel less confident about your position in that post?


Yep, no disagreement here.


See above for my thoughts on this argument.


Social media stuff will be easy to access, and "semi-private stuff" won't be too hard to access? That statement strikes me as very nearly tautological.

In 2075, what information is going to be considered "semi-private"? How "semi" is the privacy involved in each case? These are the actually interesting questions, and you and I answer them very differently. If you want to be persuasive, you need to produce evidence or argument relevant to this particular inquiry.


I haven't mentioned the Corporate Court, no. I know nothing about any information sharing provisions in the Business Accords. If you have any quotes or bits of explanatory text on what's contained in them, that could be very enlightening!


Oh! This could also be very on point. Do you have quotes where people do this kind of thing? And here's the key question: When people want to access GridGuide information to track someone, do they have to hack into the GridGuide servers, or, are everyone's movements just publicly listed on the GridGuide page?


Ok, 2 things here. That first statement, about toll road users bank account information being in the public record, just isn't true. Second, do you really think governments are going to be operating tolling systems in 2075?


So, there are different ways you can interpret that quote. As far as I can tell, it supports my position, point 2 from post 129, but it doesn't really help answer the question posed in point 3.

You, apparently, disagree. I'm not sure why you think the way you do, but I can tell you that merely reposting the quote isn't going to do anything to convince me of your position. I assure you, I have read it, and thought about it carefully.

Not much, admittedly, but I want to kill the silly "One Database to Rule them All" concept.

For a SIN to work, we don't need to cross reference one single database. We could have one main one, or two, or twelve hundred. There's no need for one central index.


Point one: Honestly, I can't recall what that example is. This thread is far too long for that.

Point two: Non sequitur. The whole purpose of a SIN is to track, index, etc. all the data on you. The fluff even lists specific examples of how it works, and what it does. The descriptions are better than what a 2015 search engine can provide, and while they don't describe the upper limit, we do know there's lots more information out there in 2070 (a "staggering" amount on you is generated each day) and that it is organized efficiently.


Some of that will show up on a Google search. It's not impossible for a Google hacker to get social security numbers, for example. Your credit report itself won't turn up on a Google search, but legitimate places who can check it for you will. Tracking your statements, in 2015, does require social engineering; but not so much in 2070, where it requires permission. Once you have that? The rest of the data is just a matter of making educated guesses, at least today-- a SIN makes that easier, because there's a a unique link between all your data.


I have no idea how you connected the two, but I'll try and clarify.

Today, anyone willing to spend the effort (note: not take risks) can gather a great deal of information about you given a small amount of information. That's true, and I don't see anyone arguing with that. This is also true in 2070, only easier. All the information I listed that a SIN gives you in 2070, can be acquired on you today, *without* using a SIN.

That's what I'm basing all this on. Anyone who knows a few key things about me can not only steal my information, but sometimes even hack my identity. Yes, I've had it happen. I managed to keep their hands off my bank accounts-- they weren't able to spend my money-- but in order to keep them from reading my bank statements, I ultimately ended up changing banks.


The logic here is that post-Crash 2.0, the Shadowrun world went to a panopticon model, which means privacy is a thing of the past. All your information is out there and can be accessed under the right conditions, and the bar for entry is pretty low.

Now, I wasn't clear on this point before, and it caused a miscommunication: this is only the bar to view your information. Altering or editing that data is much harder. Any store can look at your bank balance, and target an ad to you based on that. They can't spend your money without your permission, though (although in some cases getting that permission can be too easy. Some stores don't ask to charge you, they assume if you walk out with something, that's permission enough to bill you).

It goes all the way back to SR1. The precise provisions are scattered all over the fiction and fluff, but among the things I know are in there is setting the global currency standard (nuyen) and mandating participation in the global SIN registry. Both of those were done as a direct result of the corporate court. There's also a minimum standard listed for information sharing, although they're vague on exactly what that is. If you're arguing that corps would share the dead minimum they can get away with, I'd agree; but I also think that unless you're fairly important to your corp, they're not going to go out of their way to maintain your privacy either.


Again, there are references to people doing just that all the way back in Sr1 fiction. It used to require a hack, but as of SR4, it's just part of your datatrail. Tracking down the exact page references was annoying, but the fact that Grid Guild records your access ID (and thus, your location) is in Arsenal; the fact that your datatrail can easily be used to find you is in SR4.5.


Bank account information most certainly will be. Going back to Sr3, the Grid Guide description made it clear that toll roads, parking meters, and even traffic tickets are automated: if you use any of them, they automatically charge you. You might argue that you can set up a separate account, which is technically true, but the money for that has to come from somewhere. As of 2070, certified cred is seldom used outside the shadows, so for the most part the toll accounts will be fed by your real accounts. You might be able to legally get away with using certified cred, but that'd be suspicious, and the whole point of using certified cred is to avoid attention.

Second: Absolutely. Bridges and roads-- all infrastructure, really-- is not highly profitable. All over the fiction is many examples of how the megas don't want to bother with these things, so they get governments to pay for it. In fact, some early (and not so early) shadowtalkers say this is the very reason why the Corporate Court lets national governments exist, it's more cost effective for them.



Okay, I might be misunderstanding your point. Your point 3 is that a SIN might not list specifically which databases hold your information. I'm not sure how that applies, because we do know (from the quote) that the SIN sorts your information. There does not need to be a central database, especially since Matrix 2.0 has automated search agents who can check hundreds of databases for you, and then sort that info, all in a few seconds.

I keep getting hung up here, because I thought I was being clear that you don't need one central database, and I thought I had explained it. We keep coming back to this point, which is confusing me. I think you agree that one single central database isn't needed, but you keep linking a statement that calls for it. Could I ask you to restate your point? I'm rather confused.

The whole purpose of a respirator is to clean the air you breathe, so it *has* to be the case that people are exposed to less atmospheric pollution in 2075 than they are today.
The whole purpose of mana barriers is to prevent intrusion by spirits, so it *has* to be the case that there are fewer problems with spiritual intruders in 2075 than there are today.

See, the second part, it doesn't follow from the first part. Any given piece of technology might help deal with some problem, but without addressing the wider context, you can't say whether the problem as a whole will be worse or better in 2075.

SINs help index data on people. 2075 has SINs. That doesn't mean that finding publicly available data on people is easier in 2075 than it is now. It also doesn't mean that getting access to secured data on people is easier in 2075 than it is now.

All of my posts in this thread have listed reasons why publicly available data might be lower quality and less comprehensive in 2075 than in 2015. (Quick recap: governments do much less, megas hate each other, megas hate publicly available resources that make people less dependent on them, megas are very possessive and controlling with their employees)

Secured data might be harder to get access to as well, if companies in 2075 are better about securing it. (Which they very well might be, since the rules and the stakes of the game have changed dramatically, and they now exist in perpetual Cold War conditions.)


So, when you said that a Google search could give you information about where someone banks, what you meant is that Google will point you to sites that allow you to check credit reports? You seem very hung up on credit reports. Do keep in mind that we don't know whether credit reports actually exist in 2075, we don't know what might be contained in them, and we don't know how hard they might be to access.


Is this based on anything? What does "requires permission" mean exactly?


That last sentence, how do you know that?


Identity theft is possible in 2015, yes.

I just don't understand how you go from that to: "By providing your SIN, you don't just give someone your address and phone number, you give them your entire credit history, every legal transaction you've ever done, all your medical records, the works." and "Anyway, not only does a SIN link to all your information, in some cases it's all you need to access that information (or money)."


"and the bar for entry is pretty low." -> Is it? Why do you think this is the case? This is the entire thrust of my question, so maybe spend a little more time on this idea.

Lots of information is "out there", sure. Look at my post 158 for my thoughts on "out there".


Why do you think this is the case?


I don't know much about SR4 or SR4.5, perhaps you could explain this "datatrail" to me? This is just publicly available data, that everyone is allowed to see and access?


I'm sorry, I've read this paragraph a couple times, I'm just not sure how any of it is responding to the section of my post that you quoted.

Again, you believe that bank account information for toll road users is currently a matter of public record, and as a result, it will likely also be in the public record (and easily accessible) in 2075?


For sure. Point 3 from my post 129 posits a publicly available central indexing database, where anyone who wants to can enter a SIN and get back a list of other databases that contain that SIN. So, for instance, I could go to this database and enter "SIN 34567890", and I would get back a list of 1517 databases that contain that SIN, including, among many others, the customer information database of the sex shop that 34567890 visited this morning, the database of the elementary school his daughter attends, and the database of his gastroenterologist. I suggest that some indexing database along these lines must exist in order for your position (as you articulated it in post 49) to be true.

You suggest that maybe there is no single central databases, but rather, lots of different databases that each have some part of this functionality. So, if I understand you correctly:

I could go to Indexing Database A, and enter "SIN 34567890" and I might get back a list of 312 databases that contain that SIN, including the customer information database of the sex shop.

I could then go to Indexing Database B, and enter "SIN 34567890" and I might get back a list of 753 databases that contain that SIN, including the database of the elementary school his daughter attends.

I could then go to Indexing Database C, and enter "SIN 34567890" and I might get back a list of 452 databases that contain that SIN, including the database of this guy's gastroenterologist.

Am I right, that this is what you mean when you suggest multiple different indexing databases, rather than one central indexing database?

If I am correctly understanding you, I agree that this would also make possible the situation you envision in post 49, I just don't see how your idea is meaningfully different from my point 3. There is no suggestion in the text of any kind of central indexing database. Similarly, there is no suggestion of any Indexing Database A, B, or C.

I thought this deserved a separate post.

You read an example in a SR book where someone walks into a store, picks up a book, and walks out with it, paying automatically.

Thinking about this example, you created a mental model of how this might work. Here's my best guess as to your mental model:
A. When you walk into the store, you are broadcasting your SIN
B. The store records this SIN, and looks up information on you based on your SIN, including bank account information
C. When you walk out with the book, the store contacts your bank, tells them your SIN, and withdraws money to pay for the book from your account

Based on this mental model, you concluded:
I. Given only a SIN, it must be possible to get access to someone's bank account information. So, there must be some public database linking SINs to bank accounts. Otherwise, how would the store do it?
II. Given only a SIN, it must be possible to withdraw (small amounts of) money from someone's bank account. Otherwise, how would the store do it?


By contrast, here's the mental model I've formed thinking about the same example:
A. At some point in the past, you installed the "Grab&Go" app on your commlink, in the process, you created a Grab&Go account. (This is like a PayPal account)
B. At some point after that, you transferred some money from your regular bank account to your new Grab&Go account.
C. As long as you have the app loaded, whenever you walk into a Grab&Go enabled store, your commlink handshakes with the store's transaction server.
D. When you pick up the book, your Grab&Go app updates your digital "shopping cart", which lets you know all that you're carrying and will be charged for if you walk out of the store.
E. As you walk out the door with the book, your Grab&Go app transfers payment for the book to the store's transaction server. (If your app failed to pay the store would automatically call security, naturally.)

Based on my mental model (which feels much more plausible to me) I don't see any reason to believe your conclusions I and II.

I gave you a similar explanation for tailored ads in my post 162. I gave some ideas along these lines in my first post in this thread, post 100.

Now, do you see why I'm so dubious when you make claims about what exactly a SIN *must* give you access to?