A few months ago I started writing a little narrative to explain the SR5 matrix. I wanted to achieve two goals:
1: Present it such that it contrasts with the SR4 matrix.
2: Present it in such a manner as to be approachable by both new players and long time Shadowrunners.

I also wanted to do it without mentioning dice or rules, rather present it to players for role-playing, not roll-playing.

I just dropped in on the Dumpshock Datahaven site.

Constructive criticism is appreciated. Please try to stay on topic.

NOTE: Several long time Shadowrun players who proof-read it said that they learned things they didn't even realize about the matrix in the 101 section. Regardless of any other feedback, I consider that the highest praise as it achieved my desired results... and for people who game at my table on a regular basis.

Nice read. Thanks for all the effort.

Gives me a good overview as I haven't got as far as the matrix rules for 5th Edition yet.

I wasn't 100% sure about marks, are these like ticks against you when you do something you shouldn't? Kinda like trigger points?

MARKs are a measure of security access. Since an opponent gets a MARK on you when you fail a sleaze attack, I understand how you could infer that. Rather, ticks against you for illegal matrix activity is your Grid Overwatch Score, a topic that I did not cover well.

By the time I got to the 301 section, I was running out of steam. It definitely has an incomplete feel to me. I had intended to, and still intend to, revisit 301 and flesh it out. I like concepts to be explainable. Something you can understand why it works like it does. When I explored certified cred, global grids, & running silent, amongst other concepts, I took creative liberties in definition so as to make it feel like the way it works is plausible. For this reason I think noise is the number one best concept in the SR5 matrix.

At some point, once 301 feels more complete, I intend to write 401: Technomancers. I will probably wait until after the matrix book comes out to do that though.

This is a nice file, it explains a couple of things in a way that's both plausible and usable in an RPG context.

The only thing where I'd like to see more of an explanation would be SR5 Ownership. How does it work? Is it account-based? Tied to a SIN? Tied to a certain brainwave pattern?

Now we come to the part as to why the 301 section did not get completed... I really dislike some of the concepts and top of the list is ownership. I understand the intent, but the execution is just something I can't wrap into anything I can wrap into a believable concept given how powerful it is. I welcome suggestions.

Oh dear. I have none, I kinda hoped you could come up with some. The problem is, in my view, that this just doesn't work out; either it is account based, so corps can register all their stuf to corp.com's account, but then there is no way this works as intended, with regards to safety, as accounts are easily spoofed ... or it is tied to biometric data, which is much harder to just spoof, but makes corp.com accounts really weird (are they all registered to the CEO's or a random corp employee's biometrics? Can you gain access to a high-ranking corper's biometrics by hacking an AR-enabled mug you snatched from the corp cafeteria?).

Maybe corp.com uses their database of biometrics for some sort of cloud-based (I hear you groan and apologize, but it's such a nicely vague buzzword) biometrics solution, taking random biometrics from lower ranking corpers for every corp.com ownership license.

And even then, how does ownership transfer work, and why is it so much more complicated to spoof it than legally transfer it? Why does it on the one hand need only some software settings changed for legal ownership transfer, but hardware hacks and changes for illegal transfer? I know, they want their matrix stuf just handwaived, but this just kinda breaks my suspense of disbelief hard, and I'm not even an IT person.

Personally I have been, in the past, allowed to work remotely with corporately owned hardware, as, I imagine, have quite a few folks round here.

I can't get my head around most of the IT things but maybe some anecdotal stuff will help improve the elasticity of your suspenders of disbelief?

so my laptop (corporate property) has 2 factor authentication, a soft key or pass-code and a a hardwired encryption device. one is useless without the other.

Should a data thief want access to my files she would need:
to guess my pass code & spoof or steal my hardware
OR
get my pass code from me & hack the corporate servers to duplicate/ replicate / replace somehow the existing hardware key with one of their own design.

when I hand my laptop back in the security server database is updated with the new users credentials, the hardware security chip is not changed, just re-assigned to the next wage-slave.

Ownership is maintained by the corp, but the end user has responsibility, seeing as his name is in the corp database as being allocated that equipment.

and the same protocol goes for iPhones today, it gets reported stolen? the next time it is activated the servers respond with a trace or kill command or both... hardwired into that device.
I guess you could say that APPLE CORP still own that iPhone, despite the end user having an account (SIM card & billing)

just grabbing a random employee from the cafeteria is NOT going to help you access anything other than the allocated items in his inventory.

------
How is it worded in the core rules ?

I attempted to do something similar. I posted it up on the /r/shadowrun wiki.

I ran out of steam while writing it and haven't revisited it in months. I wanted to get into hosts and offer some incharacter advice on how to set up good Matrix opposition. But ugh... there is just so much.

Even biometrics are being found to be less than secure, now in 2015. But the original dilemma remains: What is ownership tied to? With a SIN being "identity" in Shadowrun, surely it is a SIN.
I could imagine needing to change the serial number or VIN. That said, in this "everything is connected world", unless you get the VIN or serial of a device that was destroy to take the place of, now you have a device with a VIN/serial that fails a simple validity check with the manufacturer. That would be something that should set off warning bells in an extended check.
For better or worse, I am very deeply involved in IT both as a technical lead in the corporate arena and at the instructional level in academia. My understanding of how corporate IT systems, especially security systems, work in both the practical and theoretical spheres impact my suspension of disbelief. That said, I can usually find a theoretical was to explain how something *might* work in the future enough to enjoy the game. Certified Cred was a great exercise in thinking about how to deal with the possibility of fake copies, for example.
Mostly, but in this case the easiest thing to do is to exploit a vulnerability at a different level, a vulnerability that allows you to bypass it, or a hack that exploits a probability vulnerability.
Requiring a hardware toolkit implies that there is a hardware chip (or something). This still requires something for the ID on that hardware chip to match to. Anything it matches to can still be spoofed somehow. Given the rule that all encryption is irrevocable broken in Shadowrun, it cannot be something akin to certificate based authentication, which pretty much rules out anything token based.

I would link to that in my SR4 thread. Do you prefer that to the Data Haven or as direct link?

A legal tradition (which as it is not in the book is unavailable to PCs) wizard bonds all devices to their owners so to change it legally the wizard just needs to wave his hand. For a hacker to do it he has to manufacture some nice "evidence" to blackmail said wizard into doing it for him which is much more difficult. Problem solved.

Link to the datahaven. The filename will change as I add revisions.

EDIT: Or I could just change the name and update the menu to a generic name...

Ok. Rename complete. Saw a squirrel and got sidetracked.

We've been talking through various house rules for SR5 and ownership is taking a bit of our time tonight. Currently, we are looking at something like the following:

Ownership is a complicated thing in the SR5 matrix. It starts with the serial number/VIN burned into a hardware chip on the owned thing. It is complimented with manufacturer registration of a SIN for the thing's owner. In this "everything is connected to the matrix" world, it also includes software updates and recall notices from the manufacturer as well as "Where in the world am I?" free tracking service. There are three ways to illegally change ownership. Method #1: Replace the serial number chip with a chip that has a bogus serial number/VIN and disable all the phone home/update functionality. Method #2: Acquire a valid serial number/VIN from a destroyed thing of the same make/model and the legal right of transfer. Given the black market for this information, the serial number alone could cost nearly as much as a new model of the thing. Method #3: Issue an ownership change (under duress, spoof, or puppeteer) by the current owner. This latter method is subject to a subsequent dispute by the previous owner which in turn could lead to the burning of the receiving SIN and/or contacts, as well as legal action against the receiver.

You know, I don't think ownership is actually tied to SINs. I think it's this weird abstract account system. Like a super iCloud for Apple products, but using SR5's grids instead. Its probably anonymized and tied to a credit account, since that's the only thing the Corps really care about. So you can associate it with a credstick. This way it allows even the SINless to have access to devices. Despite the fact that the SINless aren't people, they are consumers. And you do want to sell them crap.

This way Shadowrunners can have multiple owner accounts, if they just by another credstick or bank account. Though, if its anonymous there isn't much of a reason. To need more then one account.

This sounds like it could be used to track people better than a SIN can. And it could very well, but SINs also give people rights. So the corps would be more than willing to give them ownership accounts, because it comes with no rights whatsoever.

There probably is some abstracted form of 2 step authentication, which also makes it harder to steal devices or falsely register devices to an owner.

Having a version history in the filename is great

I like it the way it is. So I can just direct link to it. but that's me

You know one of the thing I love about Linux? Symlinks. One more small update and the file is named Matrix-4to5v08.pdf with a symlink of Matrix-4to5.pdf. Both get the same file.

We had this very conversation as the night progressed. We didn't want to introduce a new mechanic into the game for identity as SIN is the defacto identity mechanic in the game.

You can't have a credit account without a SIN. That's why the SINless have to use scrip and certified cred.
So the problem really breaks down here in that governments should be issuing SINs to people and corporations should be demanding it.

I will also state that last night's discussion on SR5 house rules ended with SINs, fake SINs, and the fact that they should have gotten cheaper and more disposable, not more expensive. When I GM my SR4 game, the technomancer on the team is continually getting short term fake SINs for the team. Many times he buys SINs that are simply the product of identity theft. ergo: 37 year old Chinese female, deceased but not yet reported. 17 year old male, student, hiking in the Rockies for the next 36 hours. 25 year old Caucasian female, Horizon receptionist in Seattle, currently (and expected to be for 24 hours) in medically induced coma as Jane Doe. etc. We are working on writing rules for how that.

I've spun off conversations about House Rules on SINs to a dedicated thread. This will keep this thread focused on the fluff of the Matrix, rather than digressing into how to fix ownership and SINs.