Alright, I had a question come up from one of my players during my last SR session. After about ten to fifteen minutes of discussion in the group, no one viewpoint had a definitive edge, so we went with the "GM says so" rule. Being a reasonable person, and not having much wireless knowledge beyond the books, I figured I would refer the topic to the community at large.

Situation is thus: Rigger is flying a fly spy drone into a GaiaFirst safehouse which is also an organic health food store. The rigger is in direct control-transmit mode. The fly is happily unobserved in the store area, and when an employee heads to the backroom, in goes the fly.

Now, being as this is an eco-terrorist safehouse, even if they're somewhat lowball, they have a very basic security package. Some cheap wards, and a cheap commlink hooked up to a very basic pilot program which scans for possible bugs etc, so that when they talk about their nefarious activities they have a little sens of safety.

The fly spy drone, still in direct-feed/control mode, begins observing the area and relaying what it sees back. The rigger then uses it it to deliberately identify employees, etc. This all takes about five or six minutes.

Using the EW (pilot) + scan rules, the security system rolls a scan-for-hidden test once a minute, against an extended threshold of 10 (lower than the 15 due to low human traffic and the fact that it can already pre-catalog the signatures of products and employees who are supposed to be there). Around the 5th minute, it beats the threshold, and the IC begin attempting to track the fly-node (which, in further review I played wrong...I gave the PC way too many bonuses and heads up for the track attempt). The rigger flies the fly to another pc, drops in his pocket, and then turns the fly off. The PC rapidly leaves the area.

The rigger was unpleasantly surprised by this, and wanted to know what good these mini and micro drones were for spying if they could be picked up by a cheap security system in 5 minutes. (And by RAW, that actually would have been 15 seconds)

Now, for the questions:

1) Are drones subject to scan for node checks? My initial answer is "yes, if they are transmitting or being directly transmitted to. If you want security, use limited-packet bursts. A.k.a you can issue new orders and collect data every now and again, but you can't receive or direct in 1:1 realtime. "

2) Is there any bonus for a smaller drone? My initial answer is "no, if the node is transmitting "loud" enough to be scanned, it can be scanned."

3) Would ECCM help the drone in any way? Initial answer is "no, it merely lets your burn through the ECM and prevent jamming, it doesn't help you hide."

4) Well, how can you actually hide a spy micro-drone then? Initial answer from my side was that you should probably try to put a stealth program on to disrupt the tracking, and that frankly, any real time wireless link is eventually going to be found when its mussing in an area that looks for such things. Use limited transmission, or put some sort of ID on the thing to make it look like it belongs.

Seems all ok to me. And yes: Rigger and their drones can be found in many places. There is even a building/area setup especially designed to provide tacnet and scan everything for intruders. You did all right (which you wrote here).

And that is the reason why you have good agents/sprites in your drones running silent and only burst out a data package every minute or so.

For one thing, there's no reason to track the drone. That's Trace User, and it's for following a connection back to the point of origin… and it's only accurate (for wireless) to like a 50 foot radius, IIRC?

There's no great reason to reduce the Threshold from 15 to 10. The book actually says 15+, meaning that it could be *harder* in a high traffic area, and that 15 is merely the minimum.

Upon detecting a hidden node (via full-area scan), you have no idea what it is, or where. At this point, you use Analyze Node (Matrix Perception test), which the drone can resist with Stealth; specifically, it'll be Computer + Analyze (slightly different for an Agent, which is what you describe) vs. Firewall + Stealth, and you can get one piece of info per net hit.

Presumably, one of those info-pieces might be 'is running a Pilot', although that's not one of the examples. At this point, you still don't get location info, but you can look into back-tracing the *rigger* via his control access (whether jumped in, RC, or just subscribed). Another option is to hack the drone, for various other purposes.

Now, a 'very basic commlink' running a 'very basic [Agent]' means only about Rating 1-2 to me, but maybe 3 (which is actually 'very median')? That's 3000+150+1250+800= 5200¥ (minimum, not at all unreasonable), to roll 6 dice. So, it'll take just 8-ish Combat Turns to find the Hidden drone node, and then it depends on how good the drone's FW+Stealth is. (I won't discuss TI-systems here, because they're expensive, but this is basically their raison d'être.)

Now, the Fly Spy is actually a Mini (not a Micro; I noticed you mentioned both), Pilot 3, Device Rating presumed 3. If the rigger just slapped in a Stealth 3, that's 6 dice vs. 6 dice for the Analyze, so it's a toss-up, and may take a while to get all the info desired. The rigger could also upgrade the Firewall (AFAIK, up to 6 freely), which would help. Using an Optimized Stealth 6 would help, too, and no expensive hardware 'wasted' on that little drone. If hacking the drone is an issue, the rigger can (IIRC) just slave the little guy back to himself, where his defenses should be badass.

Turning off and hiding is a great move, as well, but remember that the node's still there until the machine is actually off. AFAIK, there's no real option in the game to 'burst transmit' or anything, except the hard way: the drone switches its wireless *off* until pre-set intervals to hear commands and relay info. A reasonable house rule could also allow 'listen-only' mode, but (again, AFAIK) that's not in the RAW.

Other ideas… possibly, the drone could use a Spoofed Access ID or a Spoof Chip to pretend to be an expected node. Remember that scanning for nodes is the same as the list on your Wifi connection: nothing but IDs until you Analyze closer. It doesn't say 'Fly Spy' or even 'drone', and really not even signal strength. I noticed you mentioned 'low human traffic', but the security scan would also pick up basically anything in range, which could possibly include people outside, and other 'false positives'.

You could set a data bomb on the drone's node, which would slow down or harm something that tries to connect (if you're not Slaving it).

On the other hand, don't forget about *visual* detection. A Fly Spy is 'the size of a large insect', which honestly isn't that small. You (or a camera connected to an Agent) might just notice that, if the rigger isn't smart about where he flies (and when). If you spot a big bug (*and* a new hidden node?), then you can jump into action a bit faster.

So, to understand, that would basically go as follows:

Fly in shop.

Security pack scanning for nodes every 3 seconds goes to "detect node" with EW (pilot)+Scan. Eventually beats threshold. As said pack is only aiming in a certain area, the 50 feet wireless thing is already known. A new node is in the back-room, somewhere.

Goes to "analyze node", with opposed Computer(pilot) + Analyze vs hacking/firewall + stealth. Give or take 2-4 hits and the gig is probably up. The system now has the info to know to either back-track the fly to rigger or begin a hack attempt.

Back tracking then requires a trace attempt id and locate the rigger.

Sounds good. Don't forget that the Analyze phase can take a little bit (relatively speaking: it's Matrix-fast), before you even get to the 'trace/hack/do something' phase. Now, *that* part isn't easy by any means, and the rigger can probably be aware. I'd have to re-read the relevant rules.

I'd also like to point out, at this time, when a foreign/hostile node is detected a few things probably happen:

1) an Alert goes off against the node, giving the system +4 firewall vs it if it tries to do anything
2) IC or a hacker is scrambled to check it out - see the nodes ARC, or make a reasonable one up.
3) With even a basic agent around, hacking AND tracing at the same time isn't unfeasable
4) Unwired has rules for spotting traces. If someone starts one, you basically get to test perception against their stealth to see if you spot it or not. Its a little more in depth than that, but that's the basic gist of it.

All this is why a high firewall and stealth software is critical in a drone designed to, y'know, be stealthy.

I ruthenium polymer my FlySpys too, just for that little added extra.

Even better than wireless in certain situations is a laser link. Uses a non-visual spectrum, can't be picked up by wireless detectors, though you do need line of sight. I have my drones use their laser link whenever possible, and only drop back to wireless if they can't get a laser connection.



-k

That helps, but I feel like my drones are rarely (never) in LOS.

This is also why you buy your spy drones "non-standard wireless link" and directional antennae.

The former reduces detection thresholds by 1, the latter can give you the same working signal rating whilst reducing the actual signal rating by 2.

Or, you send a fibre-optic cable laying drone through the sewer utility pipes...

Basically, you'd have to be very naive to assume any bug doing real-time transmissions isn't going to be detected fairly quickly.

Better to have it fly in autonomously and record. If you need the data fast, have it record 30 second soundbites them send the signal in a short burst.

Or, hack your way into a device that's already present in the room...

This may work if the drone is within direct signal range of the rigger comlink, but i am unsure if slaving works across a matrix routed connection.

I think you handled the rules pretty well. It is hard to infiltrate with a drone using live connection. This is why having a higher Pilot and Fuzzy Logic is useful; the drone can operate in radio silence, giving fewer opportunities for detection.

I'm sure it does, hobgoblin. Slaving only means that the node forwards all connections to the Master; it uses a Subscription to do it, so there's your route. It won't stop detection, of course, just direct node-hacking.

One more thing to think about for those who actually use it is depleting dice pools on extended tests. A 6 DP with a threshold of 15 is highly unlikely to succeed.

-D

That's a really good point actually. No reason this test should be immune to the normal extended test rules

Well, most Extended tests *should* be immune to this crippling used-to-be-optional rule, but that's another discussion.

Having extra invisible fly-spies to act as daisy-chain nodes helps.

Standard operating procedure for my current rigger: Three cloaked fly-spies in orbit above the character's head, in combat they elevate above any cover in the area to provide reliable relay points for the laser link.

Indoors they can position themselves at ceiling height in intersections to provide "around the corner" relay points.

The flyspies also as an additional bonus fill out my TacNet, making sure I keep the network bonus all the time.




-k

Personally I liked the old optional rule of limiting it to a number of tries equal to your skill (or was it just a set limit of 4?). I means you don't have the annoying decaying pool to worry about, but it also means you don't have 'anyone can do anything given enough time' syndrome.

Some things *should* be doable with enough time, and it was nice when they let the GM decide that. But this thread is probably concerned with the RAW, so DMiller is of course right.

It's true, something should be doable, but some things just require a certain level of skill (or at least a good helping of luck).

and at that point it becomes a GM handwave...

True. I like the limited method with the GM having the option to remove it for something that should be eventually doable. A data search for example will eventually pull up something, even if you suck with it, but if you're bad with software, a highly complex program is simply going to be out of your reach unless you learn more about programming.

I think a hidden node search is of the same category. It's not like the node is evading, it's just that it takes some time to thoroughly search the whole area/RF space. It's really for the GM to decide each case. That's why there is a GM, and it's not bad to rely on that. The book should lay out the categories, roughly 'if the Test is simply something that takes enough time, no depleting pool', and the GM works within the clear rules. It could well be that *most* Extended Tests wouldn't satisfy that criterion, and that's fine.

Well, we don't really know how exactly the wireless tech works though. It might very well be something where you need a significantly advanced system to find a hidden node like that, or it might be something that simply takes time. Personally I like the advanced system model on this just because the takes time model increases corp security rather absurdly. I mean, your team can't use wireless communication, or drones, or a hacker while inside a corp facility, because they'll get found in a few seconds.

Oh, and from something earlier, I'm fairly sure you can use wireless tracing to pinpoint a person to within 3', not 50'.

There are some things to consider for trying to identify something broadcasting in a given space.

One, hidden nodes (nodes in general) are ubiquitous in the 2070's. Just searching for hidden nodes will find everything within signal range: the traffic lights and weather drones outside, the auto-taxi passing by (just consider all the traffic if you happened to be within a couple klicks from a major road), customers in your store if they have personal electronics (and who doesn't), the RFID's in the merchandise, the manager's business commlink in the building next door...you get the idea.

Now, finding something broadcasting within the enclosed space of a room or store or whatever is different, but still not necessarily easy given the proliferation of wireless signals. The air, unless it is in a remote/rural area, will literally be awash in signals. A drone in an urban area can almost hide in plain sight.

That said, using the extended test to search for a hidden node may very well be a good fascimile to finding a minidrone broadcasting in a store, if the security is set up to scan for transmitters (which I think you mentioned it was). Still, I wouldn't make it easier than 15, unless it truly was lacking in traffic.

Also, a minidrone fits in the palm of the hand. That's still big enough to be readily noticed, especially if it's flying. I notice when those darn moths get into the kitchen readily enough (though mostly because they're banging their mothy heads against the chandelier). I think minidrones get a -2 concealment to be noticed. As it likely doesn't have the stealthy autosoft (I forget the name), an observer would get a simple perception check (at -2 for concealment, possibly more for being distracted) to notice it entering/flying around.

Definitely ruthenium polymer them for better performance.

Actually, hidden nodes can be pretty rare. Most of your examples would not be in Hidden Mode.

Some of those may or may not be. Some cars may be running hidden, many won't be, sure. As for utility nodes, why would they be in passive/active? I can see a traffic light being active/passive to communicate with vehicles, but what about the node that coordinates an intersection of lights? That should only be talking to the lights themselves. Or vice versa - the lights are passive and the coordinator talks to nearby vehicles. Anyhow, I think the number of hidden nodes would be non-trivial in any given urban/sub-urban area.

And regardless, you'd still have to sort out those signals from all of the non-hidden traffic, anyhow. Making my point the same: it'd be somewhat difficult to spot a source inside a shop, unless the shop was specifically built to block out outside signals.

Right: passive is not hidden, and passive covers basically all your examples. Even if there are hidden 'utility' nodes, if any of those nodes are stationary, then they'd be known to the security system. It would instantly ignore them (which makes spoofing someone else's ID useful). It's true—and I'm pretty sure I said so earlier—that the Hidden Node search won't instantly give you a list of hostile spy drones. That's why the auto-scan also has to Analyze.

So: in many areas, hidden nodes are rare and/or discouraged. There *are* areas where that's not the case, but I'm assuming that the OP's store isn't one of them.

… No, you don't have to sort out Hidden nodes from non-hidden.

As a safehouse, the shop might indeed have wifi-blocking, but what the OP said is 'low traffic'.

I don't think IC is as smart as you think it is. This is something I've been thinking about, in terms of paranoid hacker fortresses, and as near as I can figure, to do what you had this IC do, you would need the following.

(1) An Agent (or Telematics) to sniff the area.
You had this, great. Per my understanding, however, all this gives you is knowledge of the node's existence and mode, a la "Node 10372346-Hidden"

(2) Depending on the amount of traffic, a data search of the info on local nodes you just gathered to identify any outliers.
I'd give you a bit of a pass on this one, since I easily buy that your IC would be designed to investigate hidden nodes, but if your rigger kept his drones in passive I think this is necessary, there's a constant influx of new data and you need some method to whittle that down to suspicious nodes, matching info against public databases for example.

(3) The IC then needs to analyze the node.
Pretty simple but remember, the Agent also either needs explicit instructions on what to consider dangerous (and it can only hold so much in it's tiny Agent brain) or it needs to make a judgement call.

(4) If hostile, Track & issue alert to the spider/hacker/anyone with AR
Again, simple but remember, 2 separate actions.

There are four real problems with having 1 IC doing this:

(1) That's a fairly complex series of actions and you're looking at a rating 3 or 4 IC at most. Try writing that out in command lines and you'll see how complicated it can get. Plus there's a pretty major judgment call the IC needs to make: is the target hostile? Put all that together and your IC is going to be making a lot of rolls to interpret its orders and with only 3-4 dice that's pretty risky.

(2) Besides the Agent itself, I'm counting Sniffer, Browse, Analyze, and Track as necessary programs, which is a pretty heavy load for a commlink. Sure, you could do without those programs but then you're just rolling rating (3-4 die) which means glitches are a serious concern, especially since it will be preforming these actions constantly. Heck, the IC may not be capable of hosting all those programs (I believe they're limited by rating)

(3) After all that, the IC is absolutely useless against hackers. You're already straining its little droid brain searching for intruding drones, no way it can also handle the task of analyzing and attacking intruding icons (besides, the command lines would be nuts), or doing all the other stuff IC usually does. Which means if you want any defense against hackers, you need another IC with it's own body of programs (Analyze, Blackout, maybe Armor and Attack), at which point this is way beyond a simple matrix defense, you either need a large cluster or a serious nexi to handle the processor load and all those programs are gonna add up.

(4) Even if your agent is smart enough and you computer powerful enough to do all this, it's still one agent. After you sniff, you need to data mine the results, which takes a few minutes, then analyze each suspicious icon, which takes a few minutes, then track a few false positives and issue alerts, which will take more time. Unless the drone showed up just as the Sniffer started it should have a few minutes of free time before the next Sniffer scan, then a couple minutes for Sniffer to find it, then a couple minutes while the agent gets around the analyzing it. You can make this faster but you need more agents, each specializing in one task and that's a lot more processing power.

The long and short of it is that just sniffing intruders takes resources, you need a pretty dedicated agent with the adaptability option and plenty of agents to even try it and to do it well requires a team of specialized agents and all they will do is scan nodes.

PS. This has been mostly a thought experiment for me so far. If I'm wrong on something please let me know so I can change it before I try it on the table.

Some points:

• There's basically no limit to what an Agent can hold in its brain.
• 'Notice hidden nodes, Analyze, report' is almost the simplest possible Agent script.
• Dealing with intruders is the literal raison d'être of IC (Intrustion Countermeasures). So far, this one has used Scan and Analyze, so it's hardly overloaded.
• It's usually more like 10 or 30 seconds to detect hidden nodes, not a couple of minutes.

I don't disagree that Agent rating, multiple Agents, processor limits, etc. are important factors, and the specifics of the OP's setup matter a lot. I do think you're overestimating the difficulties a little. Agents are getting 3 IPs, so that does allow them to multitask a little as well.

As for code complexity: this is the age where you can fabricate security footage in real time. The sort of decision-making you point at is trivial at that point. (Actually, it'd be trivial right now, for a security programmer.)