The SR4A book only talks about tracing someone via his or her access ID. But, what if you only know the person's commcode? Can you trace him or her knowing only the commcode? If so, what are the game mechanics for doing this?

Also, does the target of your trace need to be online for you to trace him or her? The Trace User action description says, "You trace an icon back to its originating node" (SR4A, 232). To have an icon implies that you are online, meaning this description implies that the target must be online.

There are no "hard rules" on this, but I would say that you can trace someone with their Commcode, but you would need to actually try to call them. If they are online, then you run the Trace after they pickup and if it completes you get their physical location. If they are not online, then your trace would lead you to their answering service's node.

If you had their Access ID, you can run a Trace anytime (online or not), and if they are not online you will get the last location where they were online. This is all subject to the whims of the GM, of course, as they may rule that a particularly "old" datatrail may not be able to be followed due to intermediate nodes clearing out their logs of previous Access ID's. This may be especially true of very high traffic nodes.

My understanding was that with the commcode you could attempt to hack the comm. If you succeed in hacking the comm, then you could run a trace. This would work without calling them at all. Of course this only gets you the location of the comm. If it is turned off, you get nothing. As above, if the commcode leads to an answering service you could get that.

Thank you for the replies. Thinking about it more after reading your replies, I'm guessing that Malachi is correct, in that you'd have to call the commcode first, then begin the trace once the other party answers. Otherwise, there's not much point in spoofing an access ID if you can always trace via only the commcode.

To hack the comm first, as Orcus suggests--wouldn't you need the access ID to find the commlink so that you could hack it?

If I give you my comm code, and that number goes straight to my comm link then the number alone should be enough. If some sort of number spoofing is going on, there are no mechanics to cover it. I would suppose that you would need to hack each nod the spoof is using, or otherwise follow the communications. I consider it as having to follow some common sense rules. If data can get to the phone, so can a hacker. My character never gives out a comm code direct to his phone. He uses a message service just to avoid this.

You need to hack the MSP providing the commcode.

Indeed.

Technomancers can use Sleuth Sprites with the Traceroute Power as well. (Unwired, p. 156-7)

I wonder, would you be able to trace a commcode like this if you were using Capture Wireless Signal?

For instance, your team needs to track someone down but can only find that person's girlfriend, and she doesn't know. Could they wait until she calls him or he calls her, capture the wireless signal then run a trace on it while the call is in progress?

And if it could work, would a similar approach be possible with the Intercept Traffic action over a wired system?

It is certainly possible. The easiest would be to hack the GF's comm. Wait for the phone call, and then run a trace on his icon when they connect. If her comm has his comm code, and you believe as I do that having the code is sufficient to run a trace, then as soon as his comm becomes active (ie not turned off) you could trace it. The first method will work whichever way you think it works.

Part of the way connections work, I turn on my comm. My comm connects to my service provider. My service provider knows both my comm code, and the access ID of the actual hardware. Someone attempts to call the comm code, and it is automatically routed to your physical comm link. All trivial, and occurring very quickly, seamlessly and behind the scenes.

The real trick, is that this works in both directions. The person calling you also has an MSP handling their end of the conversation. So while there is no direct wireless connection between the two (unless they are using radio connection methods) There is a path to be followed.

If they are directly connected to one another via wireless (not very common) then you could simply sniff the connection to find the other end.

I would say you can trace them so long as their comlink is turned on, and capable of picking up calls. If its running on hidden mode then perhaps not, but otherwise yes, as if the network can find them to deliver the notice someone is trying to get a hold of them, then you can find them too.

You can't trace someone by their commcode any more than you can trace a person in modern times through their e-mail address. Unwired talks about how MSPs give you multiple commcodes. This means that commcodes are something independent of a commlink (Confusing terms, I know). An access ID is more like someone's IP address, which tends to give more information about where they actually are, and is individual to a computer (Can be changed and spoofed and so on of course, but I'm talking general).

So yeah, tracking down someone via their commcode would be about as easy as tracking down sexxykitten69@yahoo.com (And who wouldn't want to track down a 42 year old overweight virgin living in his mom's basement (x.X?) )

Except phone calls are handled with data requests and involve no icons.

Ha ha ha

ok here is a test for you... Send an email to whitehouse.gov stating your intention to commit some sort of horribly illegal act and see how many hours (minutes perhaps) until someone one is knocking at your door. Tracking a valid commcode is perhaps non-trivial, but it is certainly possible. The method would be exactly the same as tracking someone@wherever.com. You hack into Wherever.com either through physical means (breaking and entering), social means (con and social engineering), or matrix/technical means (hacking MSP records is done today, and will continue in 2070). In 2070 gathering the data is extremely easy and relatively quick (again this is my take on things). We have played that it is possible to simply make a partial connection to the comm code (like pinging the IP address and checking to see if it is there), you then can attempt to hack the underlying comm. While I grant that not everyone sees these things the same as I and my group. You cannot say that anything like this is impossible.

Yeah, sure, it is possible to track down an e-mail address, especially by a body like the government, but if we combined my using a yahoo.com e-mail address, spoofing my IP address whenever I use the e-mail address, and of course providing bogus or wrong information, and then added on me using a public computer? That would be about the difficulty generally involved. A commcode isn't tied to a particular commlink, so you have to rely on getting the access ID from the MSP (which would be a task in and of itself in 2072). That then allows you to possibly find a particular commlink. If you're dealing with a runner, especially a hacker, then you'll likely run into the problem of disposable commlinks and/or spoofed access IDs. And most likely, the SIN that the MSP service is tied to is fake.

Now, if it is average joe sending this letter to the government, then yeah, they'll likely be tracked down. But if it is anyone who even remotely knows what they're doing, they'll never be found.

I'm leaning toward Karoline's interpretation. In your example, Orcus, I'm pretty sure that they track based on your IP address more so than the actual email address used. As Karoline pointed out, the real life equivalent of the datatrail is your IP address, which is how you get caught for downloading movies and music that you did not legally buy. It has nothing to do with your email address.

Ok a normal person with no government affiliation can do some of this, I grant the point that it is easier for a huge organization. Regardless the process is the same. Email goes to an authorized email server (or in 2070 through an MSP). The email server keeps records of when, where, and how this traffic occurred. You can obfuscate these activities somewhat, but you cannot completely hide them. Case in point, Kevin Mitnick, who toward the end of his criminal career was both knowledgeable and paranoid, yet he was tracked. He was tracked not by the FBI, who were basically incapable at that time, but by Nakamura, a private researcher looking to make a name for himself. Feel free to read Takedown if you want more details on Nakamuras personal life than anything relating to the capture of Mitnick.

Regardless, in 2070 almost any 2 bit hacker can get data from an MSP. If I know your comm code, I will be making a track test compared to your stealth or spoof. Depending on how good you are as to how difficult it will be for me to track you. If a GM thinks that it should be harder than that, he can come up with stats for hacking the MSP associated with the comm code and role play, or roll play the attempt. I think that time is saved by just assuming that if I have the code, and the comm is active, that is enough info to allow me to attempt a trace.

Oh dragon jesus, i really need to stay the hell out of threads vergin on RL hacking.



Hours would be at the absolute earliest, days is more like it and even the best methods can be defeated with basic countermeasures.

Hehe, I wasn't going to call him out on that.


Obfuscate somewhat? I could very very very very very easily reset the IP on my computer, then run my connection to yahoo through an anonymousation site. I would then create an e-mail address with totally bogus information. I would then use that e-mail address to send the e-mail, and never log on to it again, as well as clearing by browser history (Just to be safe, you know). I would then reset my IP again.

The only way that the government would be able to find me would be to first go into Yahoo and get them to release the IP address of the one who made the account. That would lead them to a random computer which was used to route my connection, which would fail to contain the IP I used. Even if it did, it would lead to an IP that no longer existed. In order to have any chance of tracking me down at that point, they would then have to contact -every- ISP out there and get them to run a check for anyone with the relevant IP at the appropriate time. They then might manage to find me (This would likely take weeks or months of legwork). And that of course is based on the assumption that I wasn't using a public computer in the first place, or was using my own and didn't have my stuff owned through a fake SIN.

So yeah, I think that is just a tiny bit of work for the government, and very much not within the means of joe hacker.


He was tracked via his e-mail address?


True, any 2 bit hacker can get data from an MSP, and any 2 bit hacker can also remove data from an MSP, as well as fake his own in the first place. Now, what you could do is use a comm-code to call the person, and if you can keep them on the line long enough, I'd imagine you could trace them much like a modern phone trace. But you can't just go "Locate 555-2464 now." Imagine the implications that would have for the world. Burglaries would be so freaking easy. You'd just trace random commcodes in the area until you found one belonging to a real nice house, then you'd wait for the person to leave (You'd always know if they were home or not thanks to being able to locate them 24/7 based on their commcode) and rob the place. Heck, you could even keep an eye on their current location to see if they suddenly stop or start moving or something to indicate that they got a warning the house was being broken into.

And lets not even get into stalkers.

Commcode -> MSP
MSP -> Commlink

Therefore, if you can
a) hack through the MSP
or
b) trace where the MSP sends your attempt to call the commcode to
then you can find access ID of the commlink.

(Well, unless that commlink isn't really the target commlink, just some innocent node that forwards the call to another commcode; you can route the call through several MSPs to make tracing it back rather hard. I don't see why you wouldn't.)

Uh, no. The whole spoofing IP address has a whole bunch of issues. Like it's a unidirectional connection, as the return packets can't get to you, as you are spoofing the return address. This assumes you can guess the initial TCP sequence, which isn't likely on a modern system. And that the network doesn't dropped spoofed packets, which any well run site will do per BCP 38/ RFC 2827.

And I've been peripherally involved in investigations involving the FBI and people sending email from public machines in libraries. It's not as safe an idea as people think.

That's what Spoofing Commands is all about.

Spoofing or changing your AccessID is like changing your MAC address (either do it in software, or in firmware) - just, in the case of SR, the MAC basiacally makes up the complete IPv6.

Spoofing your IP is like leaving a bogus number on someone's voicemail, but then wondering why they never call you back.....

Just hack another box and connect via that, don't try to be subtly clever.

Not really even slightly. Spoofing IPs is very possible, and is done all the time. It really isn't even remotely hard actually.

There are, as far as I can tell, three dimensions to this tracing question.
We can ask what the RAW says. We can then argue about the meaning of these very unclear words for the next millenia (yes, I mean the plural.)
We can attempt to ask what common sense says is likely to work. Without knowing the architecture of the service provides that accept and place phone calls, and with the known fact that the security architecture is very different form what we understand today (due to public key crypto being broken), trying to reason from real life or common sense seems very difficult.

This leaves us with what I think is the most important question. What will produce the best game play? Being able to trace an active conversation seems necessary in order to have tracing be a component of the game. But if commcodes can be traced, then it is much too easy for anyone to track down anyone else. Given that slow hacking almost always succeeds, one can unravel the chain, looking for people. The assumption is that since the players (and the target) need to be reachable, someone has their commcode. That someone can in turn be found. In fact, with some of the technomancer tricks, you don't even need to find the chain. Just do Info Sortiledge or other fancy resonsnace searches. If we declare that non-communicating commlinks can not be found in the real world, at least there is some protection. (Otherwise, any hacker with an implanted commlink is a walking timebomb. They have enough risks as it is.)
So I would tend say that for gameplay reasons you do not want commlink numbers that are not actively talking to be traceable. One can then decide on the reality model one wants to use to get that result.

Yours,
Joel M. Halpern

Karoline I know what your actually speaking of but your terminology is flawed.

Not using the same address twice is not the same as spoofing an address.

You're likely right. I'm bad with terminology.

And Joel has a good point. Forget about real world examples (How often does the game divert from that anyway?) and look at balance. If you can track someone down solely by their commcode, then you can find anyone anywhere at any time with virtually no effort, which is what I was getting at with my earlier post about burgling houses and stalkers. I'd imagine that even if a commlink which used a particular commcode was on, it would have to be actively using that code for it to work. Thus shady people get a special number that is closer to e-mail, and regular people get a number that is more like a phonenumber.

I agree with what Joel wrote. The game has plenty of unrealism--I'm thinking about the combat rules, specifically dealing with firearms--but the bottom line is that the game is playable despite some clear lack of realism. Since I forego certain degrees of realism with the combat rules, I'm also willing to forego a certain degree of realism when it comes to hacking, not that I know all that much about hacking, which is all the more reason for me not to cause my brain to explode by trying to figure out the realism or viability of tracing via commcode vs via access ID.

So, I'm also going to go with the idea that you can trace a commcode--but only if the commcode is currently in use. That is, only if the owner is making or receiving a call.

... and strangely, that is what "someone" said in the first post. Huh.

What, dodging bullets isn't realistic to you?

Dodging bullets--on foot and in a car--, the recoil rules, the DV and AP assigned to the various weapons, the amounts of ammo that each holds, silencers and sound suppressors being different...the list goes on. Don't get me started!

That's why smart people who commit illegal acts don't carry around a working cell phone while they do them today. Because if the authorities have your number they can contact your carrier and the carrier will provide them a very nice record of where you have been and when for the last 60 days that is accurate to a few miles to a few meters depending on the phone and tower tech. This is in addition to who called you and who you called and when. It's not going to get easier to be a stupid or chatty crook.

The cell phone analogy doesn't make sense. Cell phone are easily tracked by the company because towers have a certain range, so if you're on a certain tower you're within that range. With the wireless mesh network in 2070, this is not at all the case. In fact, any phone analogies to commcodes really don't fit well in general. With modern day POTS or cell phone technology, the routing of the call is basically entirely handled within a small number of companies. This lets them easily know where you are because they know where the call is being routed. With a wireless mesh network however, the system is more complex. Unlike modern day internet there really isn't a single company that controls any significant portion of the routing infrastructure in 2070 (Just by sheer numbers - the wireless mesh between random nodes constitutes a huge portion of the infrastructure). So for a MSP to actively have records of where you are at any point in time based on your commcode they'd have to constantly trace you. And, the fact is, they couldn't even do this because for a Shadowrunner that commcode is not going to consistently resolve to an access ID. The email analogy fits here - a particular email address is not going to consistently resolve to a given IP, instead its a service, registered under a particular identity, that is connected to by a client (which can connect from any IP) and then utilized that way. This is how commcodes work in SR.

You have User A, User B, MSP A, and MSP B. User A wants to make a call. He connects to his MSP and authenticates to his commcode, then sends a message basically saying he wants to call User B (More accurately the message consists of User B's commcode), MSP A then resolves it to MSP B and connects, MSP B figures out the access ID of User B and sends him a message and tada, connection. Now, for that last step to actually work (for MSP B to actually figure out User B's commcode), User B would have to have been logged in to MSP B's commcode service, which is exactly like any instant messaging service today. As a GM I would rule that you couldn't just outright trace an active call, but you could do it by hacking the MSP node in-between. Though I would probably rule that the Sleuth's traceroute power could do it directly. Now on the topic of tracing an inactive code I'm unsure. It would certainly involve hacking the MSP node, but the question becomes if the user is actually logged into his MSP, which may or may not be the case for a Shadowrunner. In any case, I would rule that hacking the MSP would allow you to get the last known access ID that authenticated as that commcode, and run standard trace rules from there. But just running trace right on a commcode? No.

Finally as an aside I would like to point out that its incredibly easy to send virtually untraceable email. Lets see, how about I take my laptop and walk into a random internet cafe, spoof my MAC address (for good measure), bounce my connection through a random proxy in China along with an anonymizing mesh network like TOR, send it out of an open mail relay and then bounce it through an anonymous remailer. To trace this email, a party would have to go to the remailer and get information on where the original email came from (Difficult in the first place), this would get them back to the mail relay. From the mail relay they would have the IP I connected by. Okay now they have to trace through TOR (This is virtually impossible on its own - read up on anonymizing mesh networks to figure out why. On a basic level it can be explained as nodes communicating in an anonymous mesh network don't actually know the IPs of any nodes they are communicating with), trace through that proxy in China, and, if they manage that, somehow go from a spoofed MAC address at a certain time in a certain internet cafe to an individual person. Have fun with that.

Sure, if you are not choosing receive calls that is pretty much like turning off your cell phone radio. Not exactly, but pretty much. If you are receiving calls then your carrier knows roughly where you are, within a few miles. Given that things like e911 laws never get more relaxed, they are likely to know where you are to a lot more accuracy than that.

And if someone has your comcode they know what carrier you use and can probably get them to disclose lots of interesting stuff. Like who you have called and been called by, where you where when you placed and received calls, etc.

There are experienced criminals, and there are chatty criminals. You find chatty experienced criminals in graveyards, prisons and jails.


It's hardly impossible to do a one-way message, but the fact that China actively filters TOR traffic makes it harder than it looks. Plus sending things you don't want disclosed through China is kind of like deciding to cut through the police station after pulling a robbery in the hope of losing the shop manager chasing you. Amazing things get sent through TOR but your approach is going to make it pretty hard to conduct a conversation. And that's part of the issue with the whole "I'm going to hidden mode on my commlink" while the game allows you to still make and get calls. If you have an active link running you are obvious to anyone around who knows what to look for.

The issue is that MSPs in 2070 don't, from what I've read, run towers like a conventional cell phone provider does. Its more akin to getting email service from Google or Yahoo. The MSP doesn't run the matrix infrastructure. Hence, unless they are, for some reason, wasting CPU cycles on running active traces on anyone that connects to them, they will not know, even generally, where you are due to the mesh nature of the matrix. The reason you can do geolocation on IPs today is because blocks are assigned to specific areas (Well, not exactly, technically they are assigned to different groups, but functionally it works out to be different areas), meaning just by having an IP and not doing any tracing you get a very general location. With cell phone towers you have the whole easy to tell which tower someone is using thing. But in a mesh network where access IDs are basically fluid? You're not going to go from an access ID to a physical location without running trace unless you control significant portions of the matrix infrastructure along the path and are able to figure out where exactly that data is getting routed. But again, from what I can see, MSPs in 2070 don't control that infrastructure, or at least not sufficiently significant portions of it.

(Pure speculation ahead)
Including geolocation into the formula of figuring how to make a connection between two nodes that could be anywhere in the world is probably a smart idea.
Replace cell towers with public access nodes (sponsored by MSPs) scattered across a city. Have every device on the network able to pass on data and you shrink the footprint of those public access nodes from the giant towers of today, down to something the size of a large trid screen. Have every device on the network able to know its location through GPS, and your location can be pinpointed by any group of devices you are connected through.
So if you want to recieve calls, the MSP know exactly where you are. (In the spirit of efficiency, your commlink simply tells the MSP where it is. And it only needs to update the MSP if it moves) By hacking the MSP, or getting a court order anyone could get that info. GL on the MSP hack, and better luck on the red tape.

Or you could call the commcode and run a trace. Your connection has already been established and authenticated, you are just pulling up a list of nodes your call is being placed through. Those nodes probably aren't changing very much, and by their nature, they are VERY HELPFUL in making connections.

The MSPs are no longer in charge of the infrastructure, which is why a legitimate trace program would be helpful in keeping the connections moving as quickly as possible.

What SR describes is a mobile ad hoc network (MANET), and it's really unclear how a large scale MANET could work, much less one that is several orders of magnitude larger then the current Internet. There has to be some sort of underlying structure, as it's simple insane to think that you could maintain a network with 50 billion nodes without a LOT of structure.

My understanding is that today several dozen nodes that are not connected to the outside is a pretty big MANET and it's where you start to have serious issues with connectivity. You can't realistically make many assumptions about how (or even whether) a huge MANET will work.

It's clear that there has to somehow be something that connects a node to a globally unique ID and allows traffic to very rapidly connect to the node in order to have voice and video calls work and I can't see how this wouldn't allow a sophisticated attacker to connect to the node. I would expect that the path this takes and and the connection itself would provide quite a lot of information on the nodes location, but that's all it is.

- The Precious pg. 224: Commcodes link to the Matrix Service Provider, your Commlink connects to the MSP.
- Unwired pg. 54: Communications are handled via Data Requests.
- The Precious pg. 232: Trace can be used on icons.

So you have to look up the MSP that gave out the commcode (get´s done automatically), and hack one of it´s nodes. Said node should contain a routing database, or be allowed to request routing data. You hopefully get at least one online accessID out of that request, and are guranteed to get one if the commlink is currently in use.

Doesn't Unwired talk about NeoNET having backbone cables through parts of the world? And other corps doing the same here and there? (PacRim communications, SK)

Sure. All that blurb about new and improved wireless Matrix 2.0 is just PR... and software upgrades.

Most of the infrastructure, including the former cellular net is still in use.