I know that you can have multiple commlinks and fake SINs. Also, I know that SINs (legal or fake) are connected to your commlink(s). I'm not sure if you can have more than one sin connected to a single commlink, but I know if you could, that would be a horrible tactical decision.
Anywho, I was wondering if you could have multiple commlinks on and connected to your image link at the same time. As well, would it be a bad idea (or is it possible) to have each commlink connected to your PAN? Or should you have a clean SIN connected to a commlink with your PAN connected to it? Or should you have a different PAN for each SIN?
Full Version: Commlinks and Image Link:
I view a SIN as a type of "profile" on your commlink. So, conceptually, you can have multiple SINs on the same commlink, just not all active at the same time. I don't know if there is a better way or not, to spread your SINs out...
I say that because a higher rated fake SIN is not contained solely on the commlink, it contains datarecords on a variety of SIN databases, so someone stealing your "active profile" on you comm, doesn't mean that you have lost your SIN. But it does give a hacker a good direction to hack those other databases and alter it...
That is at least, how I think of it. Its all just data and you protect the stuff that is important to you. If you are running with a bunch of SINs, you probably don't care and just pick up a new one the next time you get a chance.
I say that because a higher rated fake SIN is not contained solely on the commlink, it contains datarecords on a variety of SIN databases, so someone stealing your "active profile" on you comm, doesn't mean that you have lost your SIN. But it does give a hacker a good direction to hack those other databases and alter it...
That is at least, how I think of it. Its all just data and you protect the stuff that is important to you. If you are running with a bunch of SINs, you probably don't care and just pick up a new one the next time you get a chance.
i doubt that you could have multiple SINs "active" on your commlink simultaneously:: that would scream "HEY! IMMA CRIMINAL!" to sec systems or the star if they asked you for ID.
It's pretty clear that whoever wrote up that part of the book had never heard of the concept of "identity theft" or even vaguely though about what the "transmit your SIN" bit implied. Combined with the total lack of understanding on how cryptographic techniques are essential to any sort of electronic authentication process it doesn't exactly produce anything that even vaguely holds together under examination.
Essentially you can steal the SIN of some random guy walking down the street and have your comlink transmit their SIN. If they are not wanted you can do whatever you want, as there is no possible way to electronically verify that you are the real owner, or attempt to further authenticate that you look like the person with the SIN, or recognize there are 40 copies of that SIN strolling down different streets at the same time.
You may not be able to casually loot their bank account, but there isn't any way to keep you from robbing stuffer shack using their SIN on your commlink.
Does this make sense? Of course not, but the traditional Shadowrun approach of "Sell the Sizzle, not the steak" results in lots of things that don't hold together under even the most casual examination.
Essentially you can steal the SIN of some random guy walking down the street and have your comlink transmit their SIN. If they are not wanted you can do whatever you want, as there is no possible way to electronically verify that you are the real owner, or attempt to further authenticate that you look like the person with the SIN, or recognize there are 40 copies of that SIN strolling down different streets at the same time.
You may not be able to casually loot their bank account, but there isn't any way to keep you from robbing stuffer shack using their SIN on your commlink.
Does this make sense? Of course not, but the traditional Shadowrun approach of "Sell the Sizzle, not the steak" results in lots of things that don't hold together under even the most casual examination.
| QUOTE (kzt) |
| Essentially you can steal the SIN of some random guy walking down the street and have your comlink transmit their SIN. If they are not wanted you can do whatever you want, as there is no possible way to electronically verify that you are the real owner, or attempt to further authenticate that you look like the person with the SIN, or recognize there are 40 copies of that SIN strolling down different streets at the same time. |
Problem with your idea, is, the Star, or whoever, can essentially look at you, and pull the SIN you're broadcasting (remember, hidden mode isn't exactly illegal, but it's definitely antisocial, and will raise citizen and cop eyebrows alike), and immediately note that you're right in front of his Goddamned eyes, and also enjoying a Mai Tai on Bora Bora. Because any cop worth his salt who was even vaguely interested in you would run your SIN first thing.
These things tend to cause suspicion.
So sure, it's easy to rip some jerkhole's ID. But really, it's just going to get you in more trouble that's it's worth.
Get a fake SIN, based on a fictional person, and constantly broadcast from a throwaway commlink you bought at a flea market for ten nuyen. Until, of course, you're not supposed to be somewhere.
Wait, does that mean that if your SIN connected to a commlink is found out, that your commlink becomes useless and you need to toss it with the fake SIN?
| QUOTE (Geekkake) |
| Problem with your idea, is, the Star, or whoever, can essentially look at you, and pull the SIN you're broadcasting (remember, hidden mode isn't exactly illegal, but it's definitely antisocial, and will raise citizen and cop eyebrows alike), and immediately note that you're right in front of his Goddamned eyes, and also enjoying a Mai Tai on Bora Bora. Because any cop worth his salt who was even vaguely interested in you would run your SIN first thing. |
You're walking around in a designer chemsuit and a respirator, using a swiped Renraku SIN. The cop's going to casually tell that you don't match the SIN how? And somehow I doubt that Renraku will be giving the Star squat about their people and where they are. So unless he actually stops you on the street you are fine.
| QUOTE (Panda Bear) |
| Wait, does that mean that if your SIN connected to a commlink is found out, that your commlink becomes useless and you need to toss it with the fake SIN? |
I try not to think too much about real-world security in Shadowrun, but I've assumed that your SIN is encoded on a small chip like your 21st century GSM cell phone SIM card (which holds your ph# and is required for phone activation). So, swapping SINs in your commlink can be done by a pretty easy Hardware check (exchange chips) or a slightly harder Hacking check (edit the data on the installed chip). Maybe Unwired will cover this, but for now this is what I assume.
Of course, if you are found out and don't have a minute to spare to change out SINs, you might just want to toss the commlink and grab one that isn't compromised. Lots of 'runners tend to spread a number of fake SINs around on different commlinks for just this purpose.
If SINs include biometric data as they are said to then it would be fairly safe to say they include an image of the owner too one would imagine.
I agree though trying to think in real life terms isn't always a good idea, if in doubt use your intuition and don't overcomplicate things more than you are happy with. Perhaps these sort of questions would be good to ask your GM since different people will have varying views.
I agree though trying to think in real life terms isn't always a good idea, if in doubt use your intuition and don't overcomplicate things more than you are happy with. Perhaps these sort of questions would be good to ask your GM since different people will have varying views.
Well although I'm not going to get into whether or not its a good idea to do so, but yeah you can set up you PAN however you want provided that no one device goes over its subscription limit of System x2, and your standard image link has a ( Device Rating 3 ) so it can directly link up to six other devices. (However there isn't anything keeping you from daisy chaining your connections so in theory given the unlimited bandwidth of the Matrix 2.0 you should be able to have thousands of devices blasting into your image link all at once unless I've missed something.)
| QUOTE (Nocturne) |
| I've assumed that your SIN is encoded on a small chip like your 21st century GSM cell phone SIM card (which holds your ph# and is required for phone activation). So, swapping SINs in your commlink can be done by a pretty easy Hardware check (exchange chips) or a slightly harder Hacking check (edit the data on the installed chip). |
The Subscriber Identity Module card is actually a smart card containing a cryptographic processor that securely controls the cryptographic keys needed to access the network, encrypt calls and hence identify the user to the network (along with other useful data). As SR says that cryptography doesn't work, neither does the underlying concept behind the SIM.
You could still do it, but why bother having a little chip that contains an ID code that is essentially stored in clear text when you could just have it stored in the comlink itself? Or store multiple ID codes.
Okay. I don't understand why commlinks are so utterly confusing to me. Guns aren't. Magic isn't. Cyberware isn't. But commlinks confuse the shit out of me.
Using an adhesive microphone, can you talk secretly between allies on a mission without your commlinks being discovered? And without spending essence, how could I control my commlink with my mind? I know there isn't a mechanical difference between switching things on and off with your brain or your hand, but there's just something cool about using your brain to do it instead.
It also says your commlink is a camcorder? Where would that go?
Using an adhesive microphone, can you talk secretly between allies on a mission without your commlinks being discovered? And without spending essence, how could I control my commlink with my mind? I know there isn't a mechanical difference between switching things on and off with your brain or your hand, but there's just something cool about using your brain to do it instead.
It also says your commlink is a camcorder? Where would that go?
| QUOTE |
| Using an adhesive microphone, can you talk secretly between allies on a mission without your commlinks being discovered? |
No, the wireless link between teammember's commlinks can be discovered like any other wireless traffic.
| QUOTE |
| And without spending essence, how could I control my commlink with my mind? |
Check out the gear section on trodes and nanopaste trodes (electrode net, whatever they're called).
| QUOTE |
| It also says your commlink is a camcorder? Where would that go? |
Uh, right next to your 6 megapixel digital camera and mp3 player.
Buster has the right of it, using your commlinks to transmit wirelessly to each other can be discovered and tapped into, so make fragging sure that everyone on the team has a SOTA commlink and the best Encryption Program that money can buy. (Sure encryption is a joke in the Sixth World, but for on-the-run communications it should be good enough as long as no-one mentions anything that the corp wouldn't find out anyways.)
However keep in mind that unless you use hardwire connections or adapt all your gear to use skinlink, the corp can detect and discover your PAN as well.
As for controlling your gear with your mind, you need a sim module and either a trodenet or a datajack. Personally if you are going to have cyberware anyways I'd suggest that you buy a Betagrade Datajack and load it with as much ICE as it can handle and have all your cyber set up to only talk to the datajack through internal hardwires.
However remember that I'm of the opinion that everyone should get at least 1 Essense worth of cyber/bio implanted, just because it's so fragging more useful then being "pure".
However keep in mind that unless you use hardwire connections or adapt all your gear to use skinlink, the corp can detect and discover your PAN as well.
As for controlling your gear with your mind, you need a sim module and either a trodenet or a datajack. Personally if you are going to have cyberware anyways I'd suggest that you buy a Betagrade Datajack and load it with as much ICE as it can handle and have all your cyber set up to only talk to the datajack through internal hardwires.
However remember that I'm of the opinion that everyone should get at least 1 Essense worth of cyber/bio implanted, just because it's so fragging more useful then being "pure".
Well, I'm starting with 6 magic. So there's no cyberware being put into my body, no sir-ee.
Anywho, is skinlink then basically a commlink that is integrated into your body?
Anywho, is skinlink then basically a commlink that is integrated into your body?
SIN aren't raw data, there a hash that gets compared to multiple sources, hence why you can't simply copy or forge your own SIN.
Well personally if I were you I'd start out with ( Magic 5 ) and then burn one point of Essense for a starting value of ( Magic 4 ), because I've found that buying any of your stats up to the cap with BP tends to put a squeeze on other things and for the most part ( Magic 6 ) is just overkill anyways and Cybereyes ( Rating 3 ) along with a few other choice implants really will save your hoop far more then the ability to drop ( Force 12 ) magical tac-nukes.
Still to answer your question, all skinlink does is turn your skin into a virtual wire that you can use to connect with other skinlink adapted gear. Basically it adds 50
to the price of every piece of equipment that you want to be able to use it and would require a Decker to actually touch you or plant a skinlink => wireless RFID tag on your body in order to hack into your PAN without first going through an open wireless connection on your commlink.
So basically everyone who is the least bit security minded and who has the extra cash should skinlink adapt almost everything that he owns, including his betagrade datajack.
*Edit*
Also with the possible exception of a cyberware scanner, you can't detect the presence of a skinlinked PAN (With the exception of any wireless connection you have open on your commlink of course.) whereas a wireless PAN is always screaming it's presence to anyone who wants to listen.
Plus skinlink adapting a device doesn't actually remove the wireless link so if you really have to you can still turn wireless back on for whatever reason so it still leaves you with full options on the table.
*Edit 2.0*
However please don't misunderstand me, skinlink adaption is not cyberware and is not the same as a Touchlink Implant (Which is cyber, although I haven't quite figured out a mainstream use for it considering how easy it is just to simply dump simsense directly into your brain in the first place..).
Still to answer your question, all skinlink does is turn your skin into a virtual wire that you can use to connect with other skinlink adapted gear. Basically it adds 50
to the price of every piece of equipment that you want to be able to use it and would require a Decker to actually touch you or plant a skinlink => wireless RFID tag on your body in order to hack into your PAN without first going through an open wireless connection on your commlink.So basically everyone who is the least bit security minded and who has the extra cash should skinlink adapt almost everything that he owns, including his betagrade datajack.
*Edit*
Also with the possible exception of a cyberware scanner, you can't detect the presence of a skinlinked PAN (With the exception of any wireless connection you have open on your commlink of course.) whereas a wireless PAN is always screaming it's presence to anyone who wants to listen.
Plus skinlink adapting a device doesn't actually remove the wireless link so if you really have to you can still turn wireless back on for whatever reason so it still leaves you with full options on the table.
*Edit 2.0*
However please don't misunderstand me, skinlink adaption is not cyberware and is not the same as a Touchlink Implant (Which is cyber, although I haven't quite figured out a mainstream use for it considering how easy it is just to simply dump simsense directly into your brain in the first place..).
| QUOTE (bait) |
| SIN aren't raw data, there a hash that gets compared to multiple sources, hence why you can't simply copy or forge your own SIN. |
It's being digitally broadcast. You can precisely copy a digital signal. I'm now broadcasting precisely the thing as the original owner did. You don't have the owner in front of you, you have a recorded digital signal from down the street, from a figure wearing a chemsuit and respirator.
How do you verify that this is or isn't the genuine owner, or just another guy in a chemsuit and respirator pretending to be the owner?
Not to mention that checksums and hashes are all cryptographic techniques that are crackable by the most limited comlink running the cheapest decrypt program in under a minute.
| QUOTE (kzt) |
| It's being digitally broadcast. You can precisely copy a digital signal. I'm now broadcasting precisely the thing as the original owner did. You don't have the owner in front of you, you have a recorded digital signal from down the street, from a figure wearing a chemsuit and respirator. |
Keeping to the smartcard example: If you just copy the reply of a smartcard, the signature returned would not match to the query - you are missing the certificate stored in the smartcard... and you can't simlpy extract it, since microprocessor smartcards are write-only.
It doesn't matter if a SIN is a file or a smartcard, though - if you only monitor request and answer, you have to figure out what happend at the owner. Of course, as soon as you fire up Decrypt, this takes only a few turns.
It wouldn't be hard to steal someone's SIN if it's being broadcast, and the SIN watchers know that. The SIN hash itself is only a very tiny part of the security of a SIN, the datatrail around the SIN is where all the security lies. If you copied someone's SIN into your commlink and started using it, the SIN watchers would know it right away and flag you as a spoofer. That's why it's so freaking expensive to buy a forged SIN. The SIN forgers have to go to vast lengths to create a long data trail leading to the fake SIN. The section on fake SINs on page 258 is well written, it explains it better than I can.
Can be be more precise about exactly who are " the SIN watchers" and why they care?
| QUOTE (Buster) |
| If you copied someone's SIN into your commlink and started using it, the SIN watchers would know it right away and flag you as a spoofer. |
No. You just have to make sure you match up with the previous owner when asked for ID, and he doesn't need, nor use it anymore.
I don't think so. The only way a person "won't need or use" his SIN anymore is if he's dead. And in that case there's going to be a death certificate and a flag on his account. Even if you secretly geeked a guy and stole his SIN, there would be systems in place that would identify a change in spending patterns and travel patterns.
| QUOTE |
| Can be be more precise about exactly who are " the SIN watchers" and why they care? |
Obviously it will be banking systems, government agencies, and corporations and everyone else who uses SINs (which is everyone except criminals).
Even today in 2007, systems are in place that flag my credit card as possibly stolen if I travel more than a certain distance from my normal area or if I buy gas then try to buy something expensive. The heuristic is that a criminal will try to buy gas with a stolen credit card to see if it's been disabled yet, if not they go straight to Best Buy and load up the cart. By 2070, expert systems will be far more sophisticated than "buying gas then trying to buy something expensive = stolen credit card".
| QUOTE (Buster @ Jul 2 2007, 01:31 AM) |
| Even if you secretly geeked a guy and stole his SIN, there would be systems in place that would identify a change in spending patterns and travel patterns. |
So what? Who cares? If you freeze that SIN, it can't spend money anymore.
But that's the only thing interesting, so if the spending patterns change - change the advertising.
| QUOTE (Rotbart van Dainig @ Jul 1 2007, 06:53 PM) | ||
So what? Who cares? If you freeze that SIN, it can't spend money anymore. But that's the only thing interesting, so if the spending patterns change - change the advertising. |
I think you just rolled a critical glitch in your Reading Comprehension check.
Check out the page number in the book I listed earlier, I think it explains it better than I can.
In regards to the gas station thing, I've known a person who has gotten a call from his credit card company after using his card at the pump and then buying something expensive afterwards.
They were quite confused as to why.
They were quite confused as to why.
| QUOTE (Buster) |
| Obviously it will be banking systems, government agencies, and corporations and everyone else who uses SINs (which is everyone except criminals). Even today in 2007, systems are in place that flag my credit card as possibly stolen if I travel more than a certain distance from my normal area or if I buy gas then try to buy something expensive. The heuristic is that a criminal will try to buy gas with a stolen credit card to see if it's been disabled yet, if not they go straight to Best Buy and load up the cart. By 2070, expert systems will be far more sophisticated than "buying gas then trying to buy something expensive = stolen credit card". |
This makes sense, but give the increasable cheapness and availability of fake SINs I'd have to say that no, they don't. Otherwise a fake SIN wouldn't work unless you had a an actual daily travel and spending pattern.
Not that I'm not opposed to this, but it isn't exactly supported by the RAW. There are a lot of things about how the whole SIN idea doesn't logically hold together, but that's how it is.
Well I seem to recall reading somewhere in Third's Fluff that it was a really good idea to hire a Decker to forge activities on your SINs because there was no way that a typical runner would ever use his SIN as much as your average Jane.
Not sure if actual rules were provided or not but the fluff was there and logically the problem would have only gotten worse with Fourth's usage of SINs.
Not sure if actual rules were provided or not but the fluff was there and logically the problem would have only gotten worse with Fourth's usage of SINs.
Yeah, he'll just casually hack into the police databanks, various megacorps data centers and all the banks transaction systems to keep your spare SINs current. Every day. For 5 or so. After all, what's the worst that they could do to him? 
or so. After all, what's the worst that they could do to him?
Blow up his crowded apartment complex?
You're right, for that type of risk he'd have to charge no less then double your price. Well that or giving him his very own "lesbian stripper elf ninja".
You're right, for that type of risk he'd have to charge no less then double your price. Well that or giving him his very own "lesbian stripper elf ninja".
| QUOTE (Buster) | ||||
I think you just rolled a critical glitch in your Reading Comprehension check. |
Yeah, there's the problem - stop trying to think.
There is nothing preventing identity theft if no-one complains. And the fake SIN rules don't even touch this - they just state that you need a background for a solid forged identity. Newsflash.
Fake SINs are thousands of nuyen each, I wouldn't say they are cheap at all. But you guys are right if it all it takes is for you to hijack someone's SIN ID, then you'd be crazy to pay thousands of nuyen for a fake SIN.
I think page 260 explains what it takes to make a fake SIN perfectly, but if you guys think it's wrong and want to house rule something else, that's ok too.
I think page 260 explains what it takes to make a fake SIN perfectly, but if you guys think it's wrong and want to house rule something else, that's ok too.
There's really not a lot of chance to get the SIN off of a commlink. The SIN isn't broadcast as part of the profile, except in high security areas. The only time the SIN will be transmitted during daily life for most people is going to be when they purchase something, and then only with a low signal i.e. centimeter range. It's pretty easy to tell when someone is sniffing for it at that range. And each request has to be authorized by the user.
The only hope a hacker has at getting the SIN is to get the commlink and crack the encryption. And when someone loses a device with their personal information stored on it, they're going to tell someone, likely their bank, the cops, and their boss.
Even then, you have to match the rough physical description of the personal whose ID you stole.
The only hope a hacker has at getting the SIN is to get the commlink and crack the encryption. And when someone loses a device with their personal information stored on it, they're going to tell someone, likely their bank, the cops, and their boss.
Even then, you have to match the rough physical description of the personal whose ID you stole.
First off to the OP yes multiple things can work with your image link. And it isn't uncommon for runners to have a common everyday comlink broadcasting a fake sin and browsing the web and a second for secure stuff.
I allow players to copy another persons SIN, they're pretty easy to get by just hacking someones comlink. However they have to either look like the origional person or avoid any type of verification. Or they have to hack the verification systems. It isn't too unmanigable though.
But at any time someone could get suspicious. Not every time. Maybe the other person isn't transmitting their SIN at the moment. Even if they are maybe nobody notices. But if you do it a lot it's only a matter of time before you trip some flag or make someone suspicious. Usually because the other person is broadcasting at roughly the same time, or because you did something to get a check run on the SIN and you don't perfectly match the biometric info. The star(or corp the person belongs to) then calls the contact info associated with the SIN or checks the data trail to try and figure out which is which, or maybe sends out an agent over the matrix to check it out. And suddenly the runner can find themselves in unnecesary trouble.
It just isn't worth it most of the time.
It can be fun though. It alows for "lighter" LS scenes as LS loves catching identity theives but doesn't expect them to be full fledged runners and unless the PC does something stupid like kill a cop they aren't going to dedicate large amounts of resources to brining them down.
I allow players to copy another persons SIN, they're pretty easy to get by just hacking someones comlink. However they have to either look like the origional person or avoid any type of verification. Or they have to hack the verification systems. It isn't too unmanigable though.
But at any time someone could get suspicious. Not every time. Maybe the other person isn't transmitting their SIN at the moment. Even if they are maybe nobody notices. But if you do it a lot it's only a matter of time before you trip some flag or make someone suspicious. Usually because the other person is broadcasting at roughly the same time, or because you did something to get a check run on the SIN and you don't perfectly match the biometric info. The star(or corp the person belongs to) then calls the contact info associated with the SIN or checks the data trail to try and figure out which is which, or maybe sends out an agent over the matrix to check it out. And suddenly the runner can find themselves in unnecesary trouble.
It just isn't worth it most of the time.
It can be fun though. It alows for "lighter" LS scenes as LS loves catching identity theives but doesn't expect them to be full fledged runners and unless the PC does something stupid like kill a cop they aren't going to dedicate large amounts of resources to brining them down.
I would imagine that most devices would use Electronic FOB devices.
http://en.wikipedia.org/wiki/Key_fob
Sure you can get all the information that is available on someone's comm. device, but unless you can authenticate using the correct key it is useless.
Perhaps what your paying for when it comes to a fake SIN is not the information, but the software simulated algorithm which will pass these sort of checks.
http://en.wikipedia.org/wiki/Key_fob
Sure you can get all the information that is available on someone's comm. device, but unless you can authenticate using the correct key it is useless.
Perhaps what your paying for when it comes to a fake SIN is not the information, but the software simulated algorithm which will pass these sort of checks.
It's SR4. Encryption is pointless.
Unless you house rule it. I've been thinking of making it a 12 hour extended test as opposed to 1 combat turn. It won't stop them from breaking it, but it'll take them some time. As long as you have enough time and processing power you can crack it, but that's true of any form of encryption. 3 seconds is just too fast.
A FOB code isn't encryption. I guess it could be, but that isn't a good idea. You want something that spits out a pre-loaded random something associated with each transaction.
Also even in general encryption isn't worthless. It stalls people, and a high enough rating will keep the script kiddies out. (assuming you use a limit on number of rolls allowed for the extended test as suggested in the book.) But mostly it's the stalling. Very useful for keeping your skinlink from being hacked, and in a run can be critical. Also that obscure rule about IC getting involved in the encryption can be a big big deal. (personally I let IC roll matrix perception tests at each decrypt attempt, as the text really doesn't explain it at all, so I like that as much as anything)
Also even in general encryption isn't worthless. It stalls people, and a high enough rating will keep the script kiddies out. (assuming you use a limit on number of rolls allowed for the extended test as suggested in the book.) But mostly it's the stalling. Very useful for keeping your skinlink from being hacked, and in a run can be critical. Also that obscure rule about IC getting involved in the encryption can be a big big deal. (personally I let IC roll matrix perception tests at each decrypt attempt, as the text really doesn't explain it at all, so I like that as much as anything)
I agree with Sunnyside. Encryption does slow down the hacking time, but thats not really the idea behind FOB
Ebay currently uses one of these devices.
When you place an order it asks you for a "number" that your device is currently displaying. This number is changed every 30 seconds and is special to that device based upon some algorithm. This algorithm was set up at the time you got your device and thus Ebay knows what your special number is.
Now they do use the number from the previous 30 seconds and future 30 seconds to adjust for timing drift in the device, but the fact is that it is unlikely that anyone outside of you will be able to produce a valid number in the first couple of tries.
My feeling is that this is the sort of thing that is in your comm. It would not be broadcast and thus would have to be hacked to gain access.
Ebay currently uses one of these devices.
When you place an order it asks you for a "number" that your device is currently displaying. This number is changed every 30 seconds and is special to that device based upon some algorithm. This algorithm was set up at the time you got your device and thus Ebay knows what your special number is.
Now they do use the number from the previous 30 seconds and future 30 seconds to adjust for timing drift in the device, but the fact is that it is unlikely that anyone outside of you will be able to produce a valid number in the first couple of tries.
My feeling is that this is the sort of thing that is in your comm. It would not be broadcast and thus would have to be hacked to gain access.
I don't think that would work though, other than limiting which Joe Average you steal from. Stand outside a commlink store and wait for someone walking out with a low-grade model, then hack the snot out of them until you find out the full specs behind the SIN's authentication method. And if it's more hard-wired into the commlink, then your fake SIN requires a complementary commlink, or have all sorts of fun mugging people and breaking their commlinks for the chip inside; and if they try to report it stolen, then do the same to other people if you want to make their life a living hell.
Of course, one easy method could be that since the authentication system can keep track of when/where the SIN is verified, then flag any activity that simultaneously occurs in different locations (or too far apart in a short span of time). It could easily have cameras scan the user's face/retina/prints to verify the SIN when this flag pops up. Of course, if your goal is to hassle or stall someone, then things just got stupidly easier. And if you kill someone and then start using their SIN, you're still scott free from that security measure.
I'm having soo much trouble wrapping my head around this game and preventing rampant identity theft without creating a situation where any hacker can make someone's life a living hell by constantly reporting their SIN as stolen and thus locked until they get it reverified with the officials.
Of course, one easy method could be that since the authentication system can keep track of when/where the SIN is verified, then flag any activity that simultaneously occurs in different locations (or too far apart in a short span of time). It could easily have cameras scan the user's face/retina/prints to verify the SIN when this flag pops up. Of course, if your goal is to hassle or stall someone, then things just got stupidly easier. And if you kill someone and then start using their SIN, you're still scott free from that security measure.
I'm having soo much trouble wrapping my head around this game and preventing rampant identity theft without creating a situation where any hacker can make someone's life a living hell by constantly reporting their SIN as stolen and thus locked until they get it reverified with the officials.
| QUOTE (Ravor) |
| As for controlling your gear with your mind, you need a sim module and either a trodenet or a datajack. |
My understanding is that you only need the sim module if you want to do VR.
I believe that a simple Image Link and a data jack/trode net is all you need to do the control with your mind. (This is sufficient for AR, yes?)
A datajack or implanted commlink will definitely give you DNI, and I think a 'trode net will too. You only need a sim module if you want to use ASIST.
Hold it a bit folks.
Just because SIN information is stored on a commlink does not mean that it is installed on every commlink your character buys.
Like cellphones of today you can most likely buy off the shelf cellphones with no matrix subscription added. Whenever you want to access the matrix you spoof your connection to create a false connection to the matrix, one that in reality doesn’t connect to any existing SIN.
(see Black Commcode page 214 under Commcode section in SR4).
Just because SIN information is stored on a commlink does not mean that it is installed on every commlink your character buys.
Like cellphones of today you can most likely buy off the shelf cellphones with no matrix subscription added. Whenever you want to access the matrix you spoof your connection to create a false connection to the matrix, one that in reality doesn’t connect to any existing SIN.
(see Black Commcode page 214 under Commcode section in SR4).
I disagree, barring a clarification in AUG you need a sim-module in order to issue mental commands to your non-implanted gear.
| QUOTE (The Jopp) |
| Hold it a bit folks. Just because SIN information is stored on a commlink does not mean that it is installed on every commlink your character buys. Like cellphones of today you can most likely buy off the shelf cellphones with no matrix subscription added. Whenever you want to access the matrix you spoof your connection to create a false connection to the matrix, one that in reality doesn’t connect to any existing SIN. (see Black Commcode page 214 under Commcode section in SR4). |
I think they were talking about security checkpoints. Buildings, borders, secure neighborhoods, etc that demand constant ID checking or they send someone over to give you a hard time. In those environs, you want to expose your fake SIN on a generic commlink and hide your good commlink so you don't get hassled.
I've got Ravor's Back on hardware I/O angle
Trode:
"...enables the user to experience sim-sense, and are used with a sim module." - 318
sounds like trodes are jsut a sim-sense out-put device.
SimRig;
" Advanced version of the Trode net" + "...Records Sim-Sense experience data..." -318
Sounds like this is compound I/O device.
---
About the SINs though, it stands for System Identification Number. I'm thinking that it is litteraly that simple, you are required to broadcast or automatically provide nothing more than a number. This is then checked against your person. The rating of the reader measures the security of the Databases it checks this number against. If it worked any other way 20 hits or so spread out over some hacking, edit, and forgery tests would give you the data of a perfect SIN.
Now, regardless of how you think it works how effective a tactic would it be to hack a civy's comlink and load them up with your fake sin that someone is onto. Would that buy you even 5 minuets down town? could it buy you a couple days or more in the barrens? Would it work at all uWhat do you think? What kind of rolls are we looking at to pull this switch under Matrix Overwatch?
Trode:
"...enables the user to experience sim-sense, and are used with a sim module." - 318
sounds like trodes are jsut a sim-sense out-put device.
SimRig;
" Advanced version of the Trode net" + "...Records Sim-Sense experience data..." -318
Sounds like this is compound I/O device.
---
About the SINs though, it stands for System Identification Number. I'm thinking that it is litteraly that simple, you are required to broadcast or automatically provide nothing more than a number. This is then checked against your person. The rating of the reader measures the security of the Databases it checks this number against. If it worked any other way 20 hits or so spread out over some hacking, edit, and forgery tests would give you the data of a perfect SIN.
Now, regardless of how you think it works how effective a tactic would it be to hack a civy's comlink and load them up with your fake sin that someone is onto. Would that buy you even 5 minuets down town? could it buy you a couple days or more in the barrens? Would it work at all uWhat do you think? What kind of rolls are we looking at to pull this switch under Matrix Overwatch?
| QUOTE (WeaverMount) |
| About the SINs though, it stands for System Identification Number. I'm thinking that it is litteraly that simple, you are required to broadcast or automatically provide nothing more than a number. This is then checked against your person. The rating of the reader measures the security of the Databases it checks this number against. If it worked any other way 20 hits or so spread out over some hacking, edit, and forgery tests would give you the data of a perfect SIN. |
Your Commlink is going around announcing "121947214SHDSH17D" whatever.
The Authentications System takes that number, and queries against the <<Insert your favorite corp/national identity system here>> and gets a response.
The higher rating system sends more information.
1. So my handy dandy SIN checker grabs the SIN you claim to have from your commlink broadcast.
2. I send that number, Plus a varying amount of the following
- Picture my drone took
- Your 8 digit simple PIN you entered into my number pad
- Your answer to my question about where you work
- A sample of your blood
- A picture of your retinal patterns
- A fingerprint
- A voice print
- Your answer to the question about your favorite color etc...
- Anything else you can think of
(The higher the rating, the more information collected to verify against.
3. Your broadcast SIN, and all the independently and separately collected verifying information is sent to the also independent system.
4 The authentication service receives all the data, does a check, and returns the result.
5. My SIN Checking device tells me it's 95% confident you are who you say you are.
Note the Commlink only has to have the SIN, no other information on it.
Ummm yeah, what DireRadient said. FYI we have at least one actually SIN from Dunkelzahn's Will: 5T2G-8U6V-PK02
I would guess that any alphanumeric string of the the form ????-????-???? a "well-formed" SIN.
I would guess that any alphanumeric string of the the form ????-????-???? a "well-formed" SIN.
Identity checks also run the other way.
Collect all the identifying data
- Picture my drone took
- A sample of your blood
- A picture of your retinal patterns
- A fingerprint
- A voice print
- Chemical traces
- Anything else you can think of
Send to all the Identification Systems you have access to.
Get returned a list of possible matching SINs
Then you can check if the SIN in front of you matches the SIN on the list.
Note, this is why you can have multiple SINs with the same identifying data.
So you have two basic scenarios
SIN + Independent data --> Authenticator --> Yes|No
Independent data --> Authenticator --> List of possible SINs
The first is common, and available, but means your fake SIN often works.
The second is usually restricted to Law Enforcement since there are several issue with privacy in the amount and type of data you get in response. (But does explain why Runner X isn't always caught when seen on trideotape robbing the convenience store)
Collect all the identifying data
- Picture my drone took
- A sample of your blood
- A picture of your retinal patterns
- A fingerprint
- A voice print
- Chemical traces
- Anything else you can think of
Send to all the Identification Systems you have access to.
Get returned a list of possible matching SINs
Then you can check if the SIN in front of you matches the SIN on the list.
Note, this is why you can have multiple SINs with the same identifying data.
So you have two basic scenarios
SIN + Independent data --> Authenticator --> Yes|No
Independent data --> Authenticator --> List of possible SINs
The first is common, and available, but means your fake SIN often works.
The second is usually restricted to Law Enforcement since there are several issue with privacy in the amount and type of data you get in response. (But does explain why Runner X isn't always caught when seen on trideotape robbing the convenience store)
There has to be more to it than just sending a single SIN. If that were the case, anyone could broadcast themselves as whoever they wanted just by acquiring their SIN; something yours and everyone else's commlink should be picking up on a regular basis.
The latter point is the big "how the hell does it work?!" I mean, if everyone broadcasts who they are to everyone else, then everyone knows who everyone is and can easily counterfeit it. No?
The latter point is the big "how the hell does it work?!" I mean, if everyone broadcasts who they are to everyone else, then everyone knows who everyone is and can easily counterfeit it. No?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.