A little more info on hacking a drone would be helpful, yes. In terms of your PAN, if you slave all of your wireless devices to your commlink (smartgun, cybereyes, whatever), a hacker would have to access your commlink before fiddling with your peripherals. Right? How is this different from a drone that's subscribed to a rigger's commlink? Why would a hacker be able to spoof a drone without going through a rigger's commlink, but not be able to hack the cybereyes of a street sam (when the eyes are slaved to his/her commlink)? Or am I off base here?

As for hacking commlinks, judging from some of the other replies, there seems to be some debate on whether or not commlinks have multiple levels of user rights. Seeing as how commlinks are pretty much everywhere, and PCs are almost required to carry them, a little more rules clarification would have been appreciated...

Finally, as for technomancers and datatrails, I guess that means a technomancer would have to project some sort of access ID? It's just hard for me to grasp the capabilities of the technomancers...

Thanks everyone for the replies. I hope they keep on coming...

There is a definite difference between spoofing command and hacking. Hacking a device gives you complete control while spoofing command only lets you give a agent/drone a new order. The main difference is that spoof command is just that, an order addressed to a device designed to receive orders. In the case of a device like a cybereye it is not an agent or drone designed for autonomous action, it’s just a piece of gear.

Gear can be hacked and given an edit command instead. If you want complete control of a drone then you could hack the targets commlink, gain access to the drone and edit its subscription list. Remember, if the target has a subscription list then the drone should have a subscription list as well – it must know who is allowed to access it. Once the subscription list is hacked you replace it with your own and you know control a drone/car/etc.

Remember, spoofing a command is not taking 100% control of a drone, it only gives it a standing order (until the real owner countermands it). If you hack the drones system and replace its subscription list then you have 100% control and basically owns the drone.

QUESTION
If you hack a commlink to gain access to a drone, do you have to make ANOTHER hacking test to bypass the Pilots own firewall as well? It stands to reason since the only thing hacking the commlink does is to give you POSSIBLE access to devices on its subscription list, and every piece of electronic gear can have IC and Agents.

Hacking a device like a smartlink can be done in 3 ways:

direct access: client devices (smart guns, coffee makers, drones) that do NOT have a subscription list can be hacked directly, as can host devices (i.e. comms and remote computers). clients have firewall/response ratings based on their default device type (usually 1-2).

Spoofed access: client devices with a subscription list can be accessed if you can make your comm appear to be the registered host device. This involves a matrix perception test of the host followed by use of the Spoof utility. This is the digital equivalent of putting a disguise on your Comm. The typical limitation is range; most small devices have Signal ratings of 0 or 1 with the exception of drones. The simplest thing to do is either a) replace the original host's entry in the subscription list with your Comm or b) delete the entire subscription list so anyone can access the device.

Indirect access:
You hack a comm that is either subscribed or in wireless range of the client device. Meaning if you see opposing security team of Abe, Ben, and Charlie you can hack Abe's Comm and use it as a repeater to then attack Ben & Charlie's systems. If you leave Abe's devices alone until the end he may not even realize he's the source of the attack.

Not sure I understand the technomancer question, but I would say they still leave some tracks when breaking into systems. They may not be entirely coherent tracks ("Why did the operating signature field get flagged 'Fudge Ripple'?!?") but there should still be signs of intrusion.

The rules for commlinks and multiple levels are completely up to you. It doesn't specify them in the rules as written, and, thus, it could vary from game to game. In my game, commlinks are considered standard electronic devices because ... well ... it's standard for people to have them and they're electronic devices. And because it makes it harder to hack them. Course, this works for and against the players because it's harder to hack other commlinks just as it's harder for me to hack theirs, but we discussed it and all agreed on it and, thus, it's the house rule.

However, I can also see the argument above that discussed the "standardness" of an electronic device in terms of its complexity, i.e. the more complex the device, the more likely that it is going to have multiple user levels. I don't personally subscribe to that style and, in fact, about the only thing that has multiple levels in my games are actual networked systems (i.e. security hosts). Any man-portable device as well as vehicles and drones are "standard" for me.

As for the technomancer question, they can't transmit any form of ID ... hell, any information ... without some form of storage unit. I've seen that storage unit be a credstick to a full commlink, but remember that technomancers have no offline storage capabilities without some form of storage device. But, to answer your question, yes, technomancers would have to transmit personal information in situations requiring it (i.e. government/corporate property) just like everyone else. In my game, the technomantic character goes so far as to have a fully functional commlink with agents and programs to try and fool people into thinking she's just a hacker and not a technomancer, but that's mostly just for style.

is this spelled out in the RAW somwhere or just something that people seems to agree is a "legal" use of the spoof program?

The RAW seems to indicate that to spoof something, it needs a Pilot attribute making it a drone or an agent (or an IC program ... nothing says fun like turning a systems IC on itself). Thus, spoofing commands to a toaster, which may not have a Pilot attribute, wouldn't work, but spoofing commands to that drone that's been following you around might.

Yes. If you don't break the encryption, you won't even KNOW if you've sent a legal command or ID.

I think the consensus is that the subscription list prevents the drone from talking to any other device so you have to use spoof just to get it to respond. This also goes for the smartlinks. And anyone with a brain sets their drones and smartlinks up with a subscription list.

The funny thing is that it may be easier to spoof than hack into a device, especially since it essentially gives you admin access to the drone.