So Bogert managed to touch on a lot of the stuff I was going to comment on but here's my continuation on your second point:


All of the information you listed is public, put up by choice by you. You chose to place your information, your preferences and your social networking. SIN doesn't automatically put that information up for grabs, though it might document some of it in the Global SIN registry. Now if you have a P2.0 account and list your SIN publicly on it, a lot more of that information is available. Granted I think P2.0 and the LA shadows in general are a horrible, horrible self parody of a situation, but it is what it is. I kinda get the same reaction whenever I see shadowslang use omae as 'friend.'

Where our approaches disagree is that you feel you can simply search the SIN number and get all sorts of information pop up, while I feel that you have to search specifically for that information and then cross reference to the SIN. The SIN would add an additional way to search for the information, but it's just a starting point, not an instant-lookup. If anything it'd be like looking up a research paper in academic circles: Yes I can search, find a title and an abstract of the document. I can confirm that the document exists, but to actually view it I need access legitimate or otherwise. So to take that example further, with a SIN I might be able to confirm that the person has a MagicFridge™ account (but really, doesn't everyone?), but I'd need to get into the MagicFridge™ databases in order to get any further information on that subject.

I think you've missed quite a few points I've made previously. Shadowrun is a game. It doesn't have to mirror reality in any way. It does, but it doesn't have to. You might have also seen where I stated 'Dreamed up for Shadowrun'. This constant need people have to make every new Shadowrun edition the future from our here and now rather than the previous editions of Shadowrun are quite frankly killing this game.

And regardless of that, Let's say my toon walks into a building with a camera and facial recognition software (/sigh). Explain to me how that doesn't immediately burn all my fake SINs? Even if they pass all the checks......... Of course I'm working on the assumption here that the fake SINS are part of a very real database so that they pass scrutiny. Maybe the rating 1 ones survive because they have the wrong picture?

I don't recall saying "everything in underwritten". I did say that the SIN indexes and links every piece of data about you on the Matrix, but that isn't an assumption, that's basically a direct quote from p263 of SR5. How that plays out does involve assumptions, but that is how it's supposed to work.

T tried to find the supporting rules for that table in the text, but they don't seem to ever reference that table-- it's there, but they don't actually make use of it. That's probably just poor editing and design, though. However, I can also see that the chart you're looking at might not be a listing on what various levels of SIN scans check. It could be that it's the level of information that a given rating of fake SIN can provide. That's consistent with what's listed above: a rating 1 fake SIN is, in the text, might give a ten foot troll the identity of a ten year old Nigerian girl, which means that SIN is only good for covering if you need an identity to walk across the street and buy a burrito.

I see where you get your point, but I also think it's possible that we're facing the poor editing issue again, with information that's confusingly labeled.


That's not quite true.

Right now, your most commonly used piece of ID is your driver's license. In the last week, I had to use it at my bank, at my college to verify enrollment, at 7-11 to buy beer, at a store for a major purchase-- heck, I even needed it to be allowed to walk into a bar. There's lots of people who can demand to see my ID on a regular basis. By your assumption, that means that since so many people have access to my driver's license, it can't be used to access anything more secure. Unfortunately, that's not true-- with my driver's license, there;s a lot of my stuff they can get a hold of.


According to the fluff, Foot Locker doesn't just get your purchases there. In 2070, they can access your entire purchase history, and target an ad based on your history of buying athletic shoes. And even if John Q Hacker can't access the Foot Locker database, there's other ways of getting that information. They might not be able to tell exactly how much I spent at Toys R Us, but they can tell I have a customer account there and Build a Bear, so it's not a huge leap to assume I have a young daughter.


I decided to check this. There's a site approved by the US government that you can use to access your credit reports online, so I decided to see what information they required, and what they had on me.

To get to my information, you really only needed my full name, address, SSN, and birthdate. Honestly, the captcha was harder than that.

As for the information itself? It listed all my student loans, the date they were issued, and what cities they were from. So, it wouldn't be hard to track down my educational history based on that. It didn't list bank account numbers, but it did list open and closed bank accounts. Also, it listed every credit check for the last two years. That doesn't "prove" I made a major purchase, but it does give a strong inference at to what I bought or did. For example, one of the entries says "tenant screening", so even though it's not directly linked to the date I moved, it's not a big assumption to conclude that it was connected to a move.


It's in SR4, let me dig it up....

So, every store she walks into had access to her personal shopping profile. On top of that, her commlink is only broadcasting her SIN, but it was enough for sleazy guy to read her social profile, and by default she was opt-in to random messaging. She can block individuals, but apparently the basic setting allows anyone to see her stuff, it wasn't just something she deliberately set up,.

Because that's exactly what the text says:

"My SIN is attached to every piece of information about me, but not every piece of information about me is attached to my SIN" ?

I fell like there can be two interpretations:

1. If I have your bank account, I don't necessarily have your SIN. We assume that with some decking you could pull it easily (or not-so-easily) enough, but it's not something that's accessible by default. However, on the flip side, if I have your SIN, I do have your banking information.
2. If I have your bank account, your SIN is associated with it and I can find your SIN. If I have your SIN, I can get your bank account.

In both cases, I don't see a case against Cain's argument: that if I have your SIN, I have you.

Er... neither of your interpretations is what I was writing out at all. System Identification numbers are tracked with associated data in a Global SIN Registry. Your Bank Account, a piece of Matrix Data Associated with you, is tied to your SIN. It says <insert SIN here> owns this bank account. The only people with direct access to that bank account should be You, People You've put on the "Okay to access this account" list, and the Bank. If a hacker gets access to said account, then yes, they now have your SIN and can find who owns the account. The SIN is attached to the information.

Now what if someone picks up my SIN broadcasted from my commlink as I walk around the mall? They go "MUAHAHAHAHAHA, I HAVE YOUR SIN, NOW I SHALL FIND OUT WHAT YOUR BANK ACCOUNT NUMBER IS!" So they go look up my SIN on the GSR and.... find out that hey it's a valid SIN number. If he's got access to the information inside the registry, then he might know biometric data, registered residence or place of employment. If I'm a corp citizen well, he's SOL unless he can snag that data from the corp in question. Further data searches may find public domain stuff where I've tied my SIN to like a couple of social networks, or personal ads, but none of my actual transaction histories are gonna be featured just because you know my SIN. My information is not attached to my SIN, my SIN is attached to it.

Could knowing my SIN be used to track down the information eventually? Almost certainly. But so could knowing my name. So sorta like 2, but not at all including the second half.

And here we come back to the central question of verisimilitude.

You don't have to run a game where verisimilitude matters. That's cool. You can have corps refusing to share any data because ... well, because you say so, and damn the reasons. Never mind that in the real world, they do, all the time, for excellent reasons. Sometimes even for money. You can have people refuse to employ verifiably, clearly valuable technical means to achieve clearly valuable goals ... because you say so.

It would be a hell of a lot easier for your view if you'd determined that you'd rather work out a milieu based on the Great Influenza Epidemic of 1918 was VITAS, and the Great Awakening happened at the opening of the Roaring Twenties. Now it's 1938, in the Shadows, there is no cyberware but these newfangled penicilliwhatsit thingies might just save you from the Troll Sickness. But of course, tonight you have to go into Chinatown, to broker a deal with the Tong leaders who, so rumour has it, have stashed a dragon away in a warehouse ... and what exactly is Comrade Stalin up to in central Asia?

Might even be an interesting game, but a lot of folks would miss their shiny chrome limbs.



Depends how many of them are available for scrutiny at that time.

If the building finds a high confidence match between multiple SINs, it probably flags the event and results in greater scrutiny, possibly even an audit. If the immediate deeper checks reveal a high probability that Knight Errant wants a word or fifteen with you, you might find yourself staring down the barrel of a Roomsweeper. Good luck out there!

In practical terms, it's a safe assumption that each venue that gives a damn about tracking people doesn't have total insight into all recorded information concerning all SINs, but has a decent overview of primary data sources. If it's the City of Seattle, they're a government agency, so they probably have first-line access to a lot of official sources, including truncated data available from every megacorp (to foster interoperability, of course). And if the City ever got a peek at, say, Mitsuhama's data, the City took a copy of that data. Because they aren't idiots and it all goes into their data warehouse/data lake/whatever the cool kids are calling it now.

So every setup, down to retailers who share customer data (or a subset thereof), has the capability and the motivation to perform at least first-line data mining on everyone who shows up as well as to pass on a subset of their information. To assume that they wouldn't is insane, and means that you're not playing in the Shadowrun environment of people, but .... retarded lizard-things which vaguely look like people but in no meaningful way act like them.

Furthermore, you may find it terribly sad that this capability was extrapolated into something possible in the 2070s, but early forms of biometrics were being studied even in the 1980s, and so were things like monitoring of personnel movements (usually in secure military environments). It's actually hard to posit any advance in computing power, let alone the magnificent, glorious, epoch-shifting ones depicted in the rulebooks, where full advantage for people-tracking wouldn't have been taken.

In fact, I'd go so far as to say that if you want them not to do it, I'd want a stellar, detailed, specific, carefully cross-referenced explanation of precisely why all these companies, big and small, and governments, big and small, decide miraculously not to exploit computers the better to exploit people.

Because they do. And they are. Now. Today. Around you.

Knowing your name would not lead me to your SIN, unless you had a name so unique that literally no one else with a SIN anywhere else in the world had the same one.



Depends on who they are, but even low level Stuffer Shacks get your basic purchasing info. It's not exactly under lock and key.



Eventually? Knowing your SIN makes tracking down your information almost trivial. When you're looking for information, one of the critical difficulties isn't just getting past whatever firewalls it's stashed behind, but knowing where to find it in the first place. If you know someone's SIN, you have the unique number that all of their personal information is tied to. Even if you need to access different databases (one for the UCAS, one for Renrakau, etc.) to get at all the information, it's essentially "tagged" (to use Cain's terminology) with your SIN, making it easy to find assuming you can get access to the system it's stored in. And the amount of cyber security in place to protect John Q. Public is...well, about as impressive as the physical security.

Source?

And this is the point where I disagree on a fundamental level.


Because the bolded sections are my point exactly. You know what you're looking for (data tagged with a specific SIN), but how exactly is that supposed to help you locate their bank account number? Are you gonna start at the top and hit the Zurich-Orbital host? Hack into the Pacific Prosperity Group's records? Sure you can hit the Stuffer Shack's transaction history but all that might give you is where to look next. When searching for information, simply knowing a SIN does not at all tell you "where to find it in the first place." It gives you a point to start your search but little else. All the other information has to be acquired through the appropriate legitimate or illegal channels. From systems you likely don't have immediate access to. Because while John Q Public's cybersecurity may be poor, but Megas care about the bottom line. And Financial information by definition impacts that bottom line.

You seem to be positing that the entity that owns the building/cameras in question has the ability to look up SINs quickly and easily, for all people that appear on camera, all day long, using nothing but the images from the cameras and some kind of automated facial recognition software. I don't think people in the Shadowrun universe have that capability.

(If they did, the requirement to broadcast your SIN would be a bit silly, wouldn't it? "Yes yes, we all already know who you are, we can see your face, can't we?")


A driver's license is a physical object. A SIN is a number. I don't think this analogy is apt.


Cite?


Why do they know you have a customer account at Toys R Us, just by looking at your SIN?


When I've done it they've asked me a bunch of additional questions. Which of the following was your address 3 years ago? Which of these is a make/model of car you owned 5 years ago? etc.


He's got student loans issued in New York City. So, let's hack into the servers of every college and university in New York, so we'll know where he went to school? Seems a bit baroque.


Her shopping profile with that store, or with every store she's ever been in? There's no evidence (in that quote anyway) that Payless would have any idea what she's bought at Foot Locker. Also, the guy read the info on her "commlink's social profile". That sounds like something the commlink is set to broadcast, or at least give out in response to a query. She chose to configure her commlink like that, that's on her. Nothing about SINs mentioned there that I saw.


So, my full name and date of birth are attached to just about every piece of information about me. They're on my elementary school disciplinary records, my dental records, everything. At the same time, if I gave you my full name and my date of birth, you wouldn't know anything about the time I got in trouble in 3rd grade English class, and you wouldn't know anything about the state of my teeth. You wouldn't even have a good way of figuring that stuff out. I just haven't seen anything that suggests that a SIN is fundamentally different.


Emphasis added. That's the problem part.

Johnny Catatonic slides into the Stuffer Shack facing on to Pioneer Square. Because he doesn't want a date with a Predator muzzle today he has his commlink broadcasting his real SIN, which is clean enough for soykaf.

Stuffer Shack's standard electronics package is on the job, mostly because it's a sealed unit so that the shaved monkeys who run the place don't screw with it. Within two seconds his macrobiometrics are oversampled, aggregated, measured and recorded along with his electronic footprint. This information is naturally shared as quickly as the Matrix will carry it with the corporate Stuffer Shack chain, running all the way up to the Great Pyramid. However, it also moves laterally. A Pioneer Square Marketing Coalition knows that Johnny is there, who he is (after all, SIN data is pretty public), what he looks like, what he's doing in Stuffer Shack, and they can all correlate that with their own records on him.

Three doors down the line, Pioneering Pants is a Renraku subsidiary. They shuffle this information dutifully upstairs, not in any way aware of the fact that Johnny's gait sends signals of substantial urgency through Renraku's electronic systems. Renraku's subsidiaries in the area go on high alert, looking for Johnny in the minutest detail. Sure enough, not a million years later he leaves the Stuffer Shack and enjoys a little of the thin Seattle sunshine with his soykaf in hand. A City of Seattle camera has plenty of time to observe him, so biometric details which are shared locally amp up the Renraku urgency. Renraku dispatches a subcontractor's street cleaning drone to amble along nearby and collect additional data - probably a biochemical personal signature - and confirm their match.

Johnny Catatonic strolls on down towards King Street, little knowing that his ill-considered tour through downtown Seattle has Red Samurai piling into a couple of vans less than ten miles away.

Personalized ads are based on your purchasing history. I can't give a page number off the top of my head but unless that bit of fluff got removed in a later printing, it's in there.

Run a credit report. This tells me who they bank with. That narrows my search to transactions from said bank. Now I look for transactions that are linked to that SIN. Again, some of this data isn't even private: it has to be made available to retailers so their displays can customize your personalized ads. How hard do you think it is to convince their automated process that you're actually a department store?

I'm really having trouble seeing why a megacorp would care if John Q. Public was the victim of identity theft or similar. What are they going to do, lodge a complaint with the Better Business Bureau?

Leaving aside the question of whether your example has more verisimilitude than normal Shadowrun fiction, nothing in it seems to hinge on SINs. The story would have worked out exactly the same in a world with just names, and no SINs, right? Not sure about how it's relevant to the thread topic.

OK, I admit I didn't spell it out quite as clearly as I might have, but the fact is that the analogy works just as well as if the only thing Renraku had on a suspected intruder was some element of an electronic signature, such as a broadcast SIN which went dark right outside a Renraku compound right before it was hit. Maybe the intruders were capable of evading or compromising or disabling the internal monitoring systems which may have picked out biometrics, but were sloppy when it came to management of electronics. Maybe they wanted to get through a high security area without being fingered for not having SINs being broadcast.

So when you break it all down, the SIN is one more metric which happens to have massive relevance for cross-referencing data. Renraku might use SIN activity to track movements without being in a position to necessarily fix on a given person's biology, or they might use it to determine that Johnny Catatonic recently changed his appearance (whether out of paranoia or cybernetic upgrades, perhaps) by a process of correlation of known habits, electronic presence, or what-have you. That was his new body with a new gait and new face becomes an effective AKA in their tracking database.

In the end, the SIN is just a detail. A useful, commonly available, generally understood detail. The databases don't all have to be shared - some sharing of ostensibly harmless information is enough.

Ok, so, if I understand you, now we're looking at a new hypothetical. Last night, Johnny got sloppy, and a fake SIN of his can be somehow linked to a run. Today, he's walking around downtown Seattle, using his real SIN, or a different fake, and somehow, Renraku uses the fake SIN to easily find real Johnny.

How do you picture that working exactly? What's the point of using fake SINs if they can easily be traced to real people?

Is this based your history on all purchases you've ever made ever? All purchases you've made on that SIN? or All purchases you've made on that SIN with that company? To me, the last is the most realistic, and since the company should keep their own records, the most feasible.

So again here is where I disagree fundamentally that "SIN-linked" data is by definition "easily obtainable."

I can think of many reasons why a finance-based subsidiary of a Megacorporation would want to compete for clientele, and many reasons why they wouldn't want to have a financial system that could be viewed or spun as inherently worse, weaker or easier to perform identity theft on. After all if you have a flaw in your system that allows such easy identity theft, why would anyone take it over the better alternative owned by a competing mega? They'd keep their system tight if for no other reason than to keep other Megas from being able to exploit similar weaknesses.

@Koekepan:
Your example and interpretation are predicated on the fact that the Sixth World has an ubiquitous automated network of shared biometric information, complete with software flags discerning enough to collate and sort relevant data without metahuman input. I don't find that particularly realistic since such widespread sharing of information would mean that information would be relatively easily intercepted and obtained by all sources, not just the corporations. The Megacorporations stand for many things but "Free Information" is not one of them. That's more the Neo-Anarchists' schtick. If that's the way your Shadowrun works, and you can work with it, more power to you, but I don't see that sort of "we are always watching everything and anything" reflected in the Shadowrun works that I've read.

The goal at this stage is to stay one step ahead in a game of cat and mouse. I forget the military slang for it (I'm not a veteran) but it's something like persec - i.e. personal information security.

The fake SIN can be used, for example, for an alibi. Let's say he didn't want to be hassled on the way to a run. He loads up a fresh fake SIN, and stays as far out of sight as he can in a stolen burner vehicle. As far as Renraku is concerned on the night of the run, someone in an unknown (or apparently innocent) vehicle, of no particular interest to them, wandered up and then went out of Matrix sight. Nothing in particular to worry about - happens all the time.

Renraku gets hit, their monitoring is compromised around the same time, they don't have good fixes on the biometrics of the invaders, and the invaders observed good information secrecy (effective radio silence and voice distortion during their raid, since they know full well all electronics can be hacked and all codes cracked) throughout. That fake SIN and the burner vehicle and the commlinks worn during the raid all turn into so much scrap, while Johnny Catatonic's real SIN was being safely paraded inside a shagging wagon which rocked back and forth to the sound of muffled ecstatic moans (Johnny has an ego and a reputation to protect) fifteen miles away.

As far as Renraku is concerned, they're frantically hunting Rudeboy Wallis, a globetrotting mercenary from the Caribbean League.

It's not that hard today. Armed with your SSN, real name, and birthdate, I can find your credit report. Your credit report lists everyone you bank with. Now that I know your bank, tracking your number is just a matter of time.

Now the real question isn't tracking your bank account number, it's actually *doing* anything with it. Last job I had, they had my Direct Deposit application in a file cabinet somewhere. Anyone could flip through it and copy it down. But even so, my employers couldn't take my number and withdraw money, they could only add it.


The key information on a drivers license is the number. In theory, if they want to verify if the other information is correct, they can just call in the number.


It's in my credit report. My credit report lists all credit inquiries and why they were made, so applying for credit cards at either is tracked on my report.


They didn't this time, the official site just asked me for my real name, DOB, SSN and address.

There are other sites out there, and some give a full credit score plus report, so that might explain the difference.


Today? Not immediately, no. It'd take a lot of time and effort to hunt down all your records, although it could be done if someone wanted to spend enough time doing it.

In 2070? A SIN indexes and links all that information, to make searching it easier. In fact, that's the whole stated purpose of a SIN. It's from a bit above that quote I keep using....



So, your SIN's entire purpose is to make correlating and tracking information on you easier. If you can track down my second grade report cards today, and correlate it with my dental records from last year (both of which are theoretically possible, although my second grade report cards are likely not on a computer, but rather inscribed on vellum ) , and do it all today... in Shadowrun, the SIN just makes it a whole lot easier.


Okay, I see a possible disconnect.

Right now, finding the bank you use isn't hard. Even tracking down your account number isn't that difficult.

However, just having your bank account number does not mean I have your bank account.

I've had my account number stolen before. It was annoying, but it was caught quickly. They couldn't withdraw money from the ATM without my debit card and PIN, they couldn't send money online without my password, and they couldn't be money from a branch because I have a rider that won't allow it unless I show my license. So, just having your information doesn't mean they control everything.

That said, in Shadowrun, getting that information is easy. Using is is much harder, though. I've always played it that there are tiers of access. Small purchases can be handled aoutomatically, without any extra verification. Like how Mcdonalds doesn't require a PIN for small debit card purchases. Slightly bigger purchases require your PIN or signature, even bigger ones might add a retinal scan, and major purchases might even require a genetic test.

But in all those cases, before you can do any of that, the vendor has to be able to access your account number, and verify that you have the funds.


In order for the Shadowrun economy to function, the megas have to have a minimum level of cooperation in many areas. They need to have a shared currency, a joint banking system, common data tracking standards, etc. It also has to be compatible with the remaining national government systems-- ideally, built by them, so the megas don't actually have to pay for the infrastructure.

So, if they have to accept a free system built by the lowest bidder, they will do so. Or if they have to share an easily exploitable system, then they can exploit the other megas just as easily, so a porous system would benefit them in the long run.

Cain, I'm finding your stance more reasonable now given some of the qualifiers you've listed but I still disagree that it is as simple in the Sixth world as an extrapolation of today's process is. Like I mentioned before, the entire megacorporate culture necessitates MORE borders than exist even today. Just look at North America, it's split between CalFree, Tir Tairngire, Salish-Sidhe, Tsimshian, UCAS, CAS, Aztlan, PCC, Sioux Nation, Athabascan Council… Not to mention that since present day there has been at least one instance of near complete mortality of internet databases. This doesn't even account for the different AA or AAA Megas that also have their own systems which means to me that information in the Sixth World is not necssarily as free as it is today, or would be if the current internets had unimpeded progress.

And as I mentioned earlier, this already exists. The primary unit of international trade in Shadowrun is the ¥(Nuyen) which was adopted by Japan in 2012. Control over the Nuyen was transferred to the Zurich-Orbital Gemeinschaft Bank in 2036, which is equally owned by all 10 AAA Megacorporations and overseen by the Corporate Court. In addition to regulating the buying power of the Nuyen, the Z-O bank also owns most of the debts owed by the Megas. The entire Zurich-Orbital Habitat is the "neutral ground" of the Megas. Wilhelmina Graff-Beloit lived out the rest of her life there because it was the only safe place left to conduct her vendetta against Lofwyr.

Sorry, missed this comment last time around.

I think you misunderstood some things. Corrections inline.



No. It doesn't have to be ubiquitous. In fact, I'm quite specific about it being very localised. It sure as hell isn't operational in Puyallup or Redmond, for example.

The software flags, in terms of biometric standards, already exist to some extent today - a useful extent, to be specific. Further addition of detail and standardisation of biometric characteristics is only reasonable to expect.

Collation and sorting is precisely what computers do very, very well. Given the jaw-droppingly, physics-violatingly generous assumptions around Matrix communications in 4th Ed (full sim over wireless? Pull the other one!) a few heads-ups between collaborating small businesses is completely on the cards. Hell, we have cooperative customer information sharing online and in physical locations today. This is nothing new, just improved automation and integration.



The government shares out a lot of that information today on a routine basis, for various purposes. Want to hire somebody? You can get right on a government website to determine their employment eligibility right now. That's just one example. Increasing integration with megacorps is only to be expected, because now they're governments too - just the way the US and Canada share all sorts of goodies.

Of course, it doesn't mean all records are always available everywhere, but in terms of simple loss prevention (theft) and loss prevention (arson) and loss prevention (vandalism) and loss prevention (people deciding their money is better in their account than the company's) there's every reason for enough information to be regularly available to make tracking people a snap, even if you don't know when their last colonoscopy was. Renraku doesn't care how Johnny Catatonic's polyps are doing. I know for a fact that we have substantial information sharing right now between two large corporations in my area - and that's just in terms of a comarketing strategy based on loyalty discount cards. Expecting this to happen less when the bar keeps lowering is ... well, how is the weather on your planet, spaceman?



Oh no. Not free information. No, sirree!

Highly remunerative information shared for mutual benefit in the interests of building a safe, harmonious, open and deeply profitable society. Probably open comarketing information will be held by a joint venture, which gives free access to some governments and some megas, and smaller corps pay exactly what the market will bear (in both money and data) for access to it.

You need to stop thinking of the megas as always hating each other everywhere at once. If they for one instant believe there's a profitable rationale for cooperation you couldn't stop them from doing it with all the anti-collusion laws at your disposal. And this makes commercial and social engineering sense.

How easy is it to get a "credit report" in 2075? I still haven't seen any convincing evidence that a SIN, alone, is enough. What information is on this hypothetical future credit report? Will it have the name of the bank you use? Assume it does, how exactly do you go from a bank name and a SIN to an account number? Do you hack the bank's servers? How easy is that?


So, at my dentist, when they store and later look up my patient file, they just use my SIN. It's easy, it's a unique identifier, it never changes, I'm broadcasting it when I walk in the door. Same story at my elementary school. Definitely easier, from an administrator's point of view, from indexing based on names. Names aren't unique, they change, sometimes people write their middle name(s) sometimes they omit them, etc.

Sure, SINs are used as indexes everywhere. Sure, they make things easier. But, if you want to find my dental records in 2075, it's still a royal pain in the ass, as far as I can tell.


Cite?


This entire construct is only necessary if you start from the idea that a SIN is like a bank account number, or credit card number. That idea strains credulity, and isn't well supported by the text, at least, not by the examples you've posted in this thread.

You're being absurdly, and apparently intentionally, obtuse here. What part of 'Storing, tracking, and correlating' all publicly available personal and financial information are you disputing? All I'm seeing here is bitching about how they don't explicitly list every detail ad nauseum, and therefore the ones you don't want to be on the list must not be.

Purchasing information, by its nature, includes the financial institution and account that the transaction was funded by. Hacking the bank is going to be difficult, but not impossibly so as SR4+ has established that by the RAW absolutely nothing is secure.

Well if your'e going to argue the absurdity of SR4's Matrix you won't get that much argument from me. Was never a huge fan thereof, which is why despite it's somewhat contrived nature I much favor 5e's take on it. That said, given that as far as I know the only proper AIs that exist in the SR world are accidental or Emerged beings, and that currently one of the problems with AI recognition is graphics in CAPTCHAs, understand why I'm a little bit skeptical on how well an automated non-AI system will be at flagging and identifying something without an absurd amount of false positive alerts. Without metahuman input and analysis I feel the feedback from a system that flags alerts would be clunky at best.
The two countries you cited are staunch allies and neighbors, who have over 100 years of cooperation, and over 2 decades of history being tied together economically through NAFTA. US-Russia relations might be a better example though relations have been somewhat better since the Cold War era. Or US-China relations, where China purposefully does not use a number of US companies in order to keep information sovereignty.


… I get where you're coming from, but I don't buy it in Shadowrun. Some other cyberpunk dystopian society, but not Shadowrun. I mean take the whole Credit Report example we've been throwing around: Immigrants to the US are required to re-establish their credit scores, regardless of what their employment was overseas. A major problem of many immigrants is the inability to apply for credit cards or mortgages because of a lack of credit history, due to that information not transferring across borders. How this translates in a world where corporations aren't dictated by a government, but are actually governments in and of themselves is anybody's guess.

Well, first of all, a SIN links together all the data on you. So instead of having to search a hundred different databases, all I need is your SIN. That's pretty much exactly what the SR5 book says it's used for, so at the very minimum, there's that.

If we extrapolate from today, anybody can run my credit report if they have my SSN, date of birth, and real name. In 2070, they wouldn't need all that, my SIN alone would work. And people run credit checks on you all the time, sometimes even without your knowledge. According to my current credit report, sleazy credit card companies have check my credit, presumably so they can send me scamlike credit card offers.

Anyway, though: today, if you read my credit report, it says what accounts I have open. So, if I were tracking down information on me, I could take the info I have and pose as either a bill collector or any employer conducting a background check. I run a check to "confirm the banking information", and in a second, I can confirm that my account is active, and possibly even get the account number.

In Shadowrun? It's even easier. People use their SIN to buy stuff all the time, which means it's closely linked to their banking info. Locating your accounts would be trivial. (To be fair: Like I said to ProfGast, actually doing anything useful with that info is trickier-- I probably couldn't spend your money at this level. But the information itself is easy to get.)


It's actually much easier.

Between megacorps and SIN's, a lot more information is accessible than before. Today, if I want to get your dental records, I can approach it in several ways. The easiest would be to track it through your insurance. So, first I need to find what insurance company you use. That's not hard, but it is time consuming, as I have to filter through their entire member list and figure out which is you. Then, I need to gain access-- difficult, but not impossible, especially if I'm only going to look at data. Being able to actually change things would require more access. Then, I just need to read the payment history, and that's that.

A SIN doesn't change it, but it does make it easier. Your SIN links to emergency medical information, so it'd include your insurance company-- if you're hurt and need medical help, they have to know who to bill. Once I know that, finding your records within the company is easy, since your SIN is a positive ID. Just run a patient record check using that, and your records pop right up.

See, here's the thing about medical and dental records. Current laws don't provide much privacy. Basically, anyone who provides you with medical care can request your records, so if you pose as another clinic, it's easy to get them. Also, your insurance company frequently gets copies of your medical records, so you can pose as them as well.


The SIN is the key to all that information. That *is* supported by the text-- the whole point of a SIN is to index and tag your information, to make info searching on you easier.

So, while the SIN itself might not be exactly the same as your bank account number, it does make getting to that number much easier. Remember, if you have my SSN, it's not too hard to find all that info on me, nowadays. Postulating SIN technology and a panopticon, it'd be even easier to locate all that.

Oh, that'd be easy.

I believe you were the one who pointed out that Z-O would be enforcing a universal banking standards for everyone. In order for that to work, they'd need a universal identity system, to prevent ID theft and other tricks. They don't need a perfect one, especially if the cost of perfection is too much, in comparison with a functional system. If settling with a few disgruntled consumers is less than the cost of fixing or improving the entire system, then they won't fix the system.

Cain, i'm starting to think we're arguing the same thing but with different magnitudes of possibility. By tweaking an assumption here, or an inference there a situation jumps between possible, plausible, and probable. Where our approaches differ is that you are looking at the problem as "This is how they say a SIN Works, but it couldn't possibly work out in the setting based on what I know" whereas my approach is more "The setting has SINs, and thus would have to make these assumptions to work properly."

They're not really reconcilable approaches since our basic assumptions are different, and I really don't see a way we'll convince the other to accept the others' assumption.

Can we get back to topic here?

This has devolved too much into a what-is-RAW-argument for my tastes.

I am really interested in alternate SIN rules.

The point should be what we want the SIN to be,
not what exactly it is,
at least as long as we are trying to talk about alternate rules.

Actually, I think we're closer to agreement.

We know what SINs do-- they basically work to link all your data together, to make searching easier. That's the quote I keep coming back to. I don't think you're really disagreeing with that.

I think we're differing on what the ramifications of that is.

My concept is based on an extrapolation on what's possible today. Privacy on the internet is really hard to achieve, and the internet isn't all-pervasive yet.

I might be wrong, but I think your argument is based on a continuation of today: privacy off the internet is still possible, and data sharing isn't standard.

And you know, maybe we can't resolve what the ramifications of future society will be, based on today's technology. However, I think it's a fun discussion, and if we can't nerd out and talk futurism on a computer network more sophisticated than anything else in human history, then what's the point?

Rest assured, this discussion is all in fun for me. If I come across as angry or arrogant, I apologize-- I honestly have no idea how to correct for that. But part of enjoying sci-fi-esque scenarios like Shadowrun is being able to geek over future culture, and I do enjoy that.

Bertramn. Based on your post here, what would you like the SIN (rules) to be like in SR? And how do you believe that they should interact with the setting world?

Cite?

So, stuff I think we agree on:
1. There are hundreds of different databases out there that contain information about you
2. Your SIN is used as the index in each of these individual databases, this makes things much easier on administrators

Stuff we disagree on:
3. If I have your SIN, is it easy for me to know which individual databases have information about you? Essentially, does there exist some central database, where I can put in a SIN, and it'll tell me, "That SIN is listed in 318 separate databases. Here is a list."

I don't think this is the case and I haven't seen any textual support for this idea.

4. If I have your SIN, and I know that information on you is contained in one particular database, is it very easy for me to get the information in that database? Essentially, if I know your SIN, and I know you have an account with the Renraku Financial Services Division, how hard is it for me to get access to the database of the Renraku Financial Services Division and get lots of detailed information about your account?

Does the RFSD just give this information out to anyone who asks, maybe for a small fee? Or, is it very easy and safe to hack into the servers of the RFSD to get access to the database? (Query: Could you pay RFSD extra to be a little less cavalier with your data, maybe by upgrading to a higher tier account?)

Anyway, I don't think that these things are easy to access, and I haven't seen any textual evidence that they are.



Now, if you believe 1 and 2, but not 3 and 4, I think the SIN system as written works just fine, and is totally gameable.

If you believe 1,2,3, and 4, that's going to have some implications for the game world that you're going to have to think through carefully. Cain's made some efforts in this direction.

Page 362 of SR5. Mind you, I didn't have to look it up, given that Cain already cited it on the last page.

Unless you think something made specifically for the purpose of tracking and correlating all information about a person somehow doesn't make it easy to...track and correlate information about a person.

That quote implies that me and Cain are both right about 1 and 2. It doesn't help us decide who's right about 3 and 4, does it?

3. If I have to go digging in 318 different databases and the SIN does not even tell me what they are, let alone that they exist, then the SIN isn't doing a very good job of tracking and correlating my information, now is it?

4. Remember, this is publicly available information. It's like your street address: it's generally kept private for the sake of your privacy, but as of 4th ed privacy is a thing of the past. Moreover, it has to be made available to corps on a regular basis so they can run their ads, make recommendations, authorize small purchases automatically, and so on. You're not going to bury public, regularly accessed information under a glacier of IC.

Well, it's a hell of a lot better than relying on a name as your major indexing piece of info, which is the status quo. So, adoption of SINs helps a lot, even if you don't create a central database that links to all other individual databases that mention a SIN.

If there is such a central database, why isn't it mentioned ever?


What information is public, and how easy "public" information is to access, might not be the same in 2075 as it is now. Much that was public has been privatized, balkanized, or simply lost.

What information exactly needs to be made available to who, when? Upthread, I've talked about how you can do tailored ads, and walk in-walk out purchases, in a world where 1 and 2 are true but 3 and 4 aren't. Were my examples flawed in some way?

Keep in mind, if 1,2,3, and 4 are all true, the world is a very different place from anything we've seen, in our world or in Shadowrun fiction.

Here's how it might work:
You see a guy walking towards you down the street. He's funny looking, somehow, and you become curious about him. He's broadcasting his SIN, as required by law. In the next 30 seconds, you discover:

• His name, address, age, employment, bank balances, policlub memberships, etc.
• His medical history
• Whether he's ever in his life been in a sex shop. If so, when, and what he bought there
• Whether he has any children, where they go to school, the route they travel to get there
• Where he was and what exactly he did on August 9, 2057, down to what he had for lunch that day

Now, if this kind of comprehensive, instantaneous search were easy, don't you think they might mention it in some of the setting fiction? Or have they, and I just missed it?

No, what is says there is exactly the opposite: Your SIN is attached to online documents as a kind of signature. That is a wholly different scenario from having a central index to everything ever stored, which can be looked up with your SIN as a key.


There are two charts, one for which information is included in a SIN and one for what is checked. The logical conclusion from these charts is that an R2 SIN can be faked by a simple Forgery test, since it does not need to include any external data and a low-level SIN check will not query for such data.

Which is why we use a WizFI enabled crystal ball

In relation to Bogert's points 1-4 above, I would personally have thought that the SIN is really a "key" that ID and unlocks your data on each of the 318 databases, if you do a search in them. The main issue is how many of those databases the checking system is going to be looking at (that's where the Rating of the checking system comes in), and more importantly, how many of them they are going to compare information between, in order to look for conflicting or missing data. The checking system already knows which databases it will look in and check the SIN against.

Now, while it's possible to find out pretty much everything about a person, if you have access to their SIN, only really high-end systems do serious cross checks against multiple databases. Particular systems are going to be checking for different types of information in different databases, thus a marketing system is going to be looking at your purchasing history, in order to ID your likely interests and price range. The payment system is going to be looking at your bank statement and likely also some biometrics, and likely some further stuff to increase the security. The systems that will pick up your SIN as you are walking down the street, is really mainly looking for the presence of a SIN with rudimentary information, unless you are going into some more highly secure areas, where the check is liable to be more thorough, though that check probably isn't going to be done by the "street SIN check system".

Most of these systems probably won't be gathering information about where and when you are going places, but various systems will be gathering relevant information about you, if you do something that is either related to interaction with some form of higher level security system, or something that is likely to be worth something in relation to being able to sell you something.

If I'm right, you can stroll down the street with just a Rating 1 SIN, and likely not experience much of a hassle, and your presence probably won't be registred on a permanent basis anywhere. If you go into a shop and buy something, you will probably need a better fake SIN, in order to be able to pay for something on it, but unless it's something of greater value, it's probably only going to be the store itself, and maybe the Corp. behind it, that will log your purchase for future reference. On the other hand, if you intend to go into a gated community, your SIN is probably going to be checked resonably well and logged for at least some period, but probably not on a permanent basis.

Basically, the SIN system is possible to work with within the game, even though you can get access to almost any important information about a person, if you have their SIN, and the ability to hack the various databases that store the different types of information.


Now, if this isn't the way that SINs work now, I would argue in favour of having it work that way, because then I believe that it will be both functional in a believable way, and possible to have, without making Running near impossible to do, without leaving behind a trail of logged SIN information.

Versimiltude also fails when cursory logic brings down a game system or makes it an accountancy nightmare.



I think you've missed the point I was trying to make. I'm not saying that you're broadcasting multiple SINS and hence compromising them, I'm saying that in a world with limitless processing power where facial recognition software is a thing, how do you broadcast any with biometric data without a SIN check getting multiple hits? I would think that a SIN that can't be cross-referenced is either worthless or the system in this high tech world are incredibly flawed.

And on the theme of national identity databases, why aren't there batch runs constantly cross-referencing the data to check for duplication. This is something I actually deal with constantly in real life. You don't have to look for exact matches but you could have tolerances for like items. That gives you a report that you can then audit. If dystopic governments need these systems so much then surely they run them even somewhat competently?



This can only work if the retail outlet or 90% of people who access SINS for any reason only take them at face value.

"Oh, these are the things that you've bought before Mr's "Deceased Cat"....... ahem, anyway here's your new AK97! Can we have our money now please?"



As I've said before: Realism/Shmealism.

If you have to have it then you have to work it through to it's logical conclusion: Shadowrunners can't exist. I mean they can't exist now right and we have crappy 2015 technology....... Wait, there aren't groups of shadow dwellers committing crimes with automatic weapons against corporations that we never hear about and getting away with it are there!?

No, what fails there is the game system and/or its milieu. If you can't explain your game's system or the play environment in such a fashion that the outcome you're proposing is at least, as a bare, pathetic minimum, vaguely internally consistent, then players aren't sure what game they're playing and GMs are forced to make arbitrary calls to support the purported environment. The centre of this whole discussion is quite simply what the implications of SINs are and how it could be improved (subtext: to make more sense). If verisimilitude, or simple internal consistency aren't issues, the the answer is easy:

Do whatever you feel like. Boxers on head optional.




Go back and look again at what I said: it's all another set of parallel data. Bear in mind that there's no law saying that you can't have one, ten, or ten thousand commlinks, and wear them on different days or all at the same time. OK, the laws of physics might preclude ten thousand at once, but what the hell since we're allowing for a bit density in terms of electromagnetic radiation which is at odds with fundamental physics, let's roll with it. The fact is that they could all broadcast different things, and those electronic identities themselves have meaning over and above (and beyond) the physical identity of the person who's wearing them. For example, just because some innocent eight year old moppet gets to wander around with a commlink doesn't mean that commlink isn't controlled by Johnny Catatonic and his merry band of neo-anarchist pranksters. The hell with the moppet - the commlink is what's at issue here, and if something ostensibly similar (depending on Johnny Catatonic's approach to cracking security) is seen on the belt of Bog the Trog, the level of concern experienced by the authorities has little bearing on where the signal is coming from, in (meta)human terms.



Sure. Lots of times .... except that we also know that by RAW, no computer is safe and no encryption is inviolate, mathematics and information theory be damned. We KNOW those databases are raped, thrown aside, and then raped again precisely because of the roaring trade in fake SINs. If they weren't, it couldn't exist. So all that auditing is more or less like trying to clean a cat's litter box which is in constant use by an army of cats. There's constantly a high percentage of crap in it. What's more, duplication is the least of your worries. There are outright fabricated insertions, modifications, falsifications .... it's a DBA's nightmare from hell.





As long as the nuyen counts, they don't give a spiky shit. Know why? For the same reason that a few guys using adblock don't really worry Google and Facebook. The vast majority of people coming through are sufficiently bought in and committed and open to the system as it's delivered to them that the general commercial purposes, at the storefront level, are supportable as common practice. As for looking for bad actors, the megacorps have the back office skills and facilities to do that, and the pull with the little guys to use them as a source of trolled data. Since it's a numbers game, and the megacorps have the numbers as well as perfectly legitimate, above-board, profit-driven means, motive and opportunity to gather all this data as well as share large percentages of it with each other, it's a cinch that they have plentiful data to do meaningful and useful mining of that data.




There kind of are, though on a small scale. They're doing it (mostly) in the relatively poorly policed shitholes where westerners don't poke their refined noses unless they're the paid thugs of the authorities. You don't tend to hear a lot about mercenary or rebel assaults on mines or oilfields unless for some reason they make big news - opportunistic piracy off the Horn of Africa was just the most telegenic of these. Usually you only get to hear about it in some breathless expose about forced labour in unregulated mines run by evil thugs, or wicked revolutionary ethnic cleansers attacking diamond mines to fund more wicked ethnic cleansing ... or you know, stuff like that. In the world of Shadowrun, we're presupposing a substantial expansion in the unmonitored, or poorly monitored parts of the world, combined with a massive and fanatical expansion of monitoring on small, densely populated, highly valuable zones.

So yes, shadowrunners (i.e. semi-professional mercenaries, criminals and violent lunatics who owe little, if any, allegiance to the organised crime structures we call national governments) do exist today, just not quite in the form and not quite in the style to which you're accustomed between the covers of the Shadowrun manuals. However, they tend not to strike heavily defended and monitored areas, and when they do they tend to get blown away with grim regularity because Shell, Anglo American and other large corporations do pay off local warlords for protection or even just outright hire teams of mercenaries with real training and real guns to unleash hell on the would-be assailants of gigantic corporations.

I'm hoping I'm not blowing your mind with all this - I would have thought that any fan of Shadowrun would have been aware of this. I recommend you find a copy of the book Dangerous Places. That illustrates some of the madness going on in the world. You can connect some of the dots from there.

Dang, you called my bluff!

Seriously though:


____
Edit:
Also, how does it make any sense to require SINs for people to buy stuff with their online transactions,
if the system still lists Credsticks in the gear section.
Is your only option with a credstick to put it into your online account?
Another relic from the pre-Crash 2.0 times. I mean sure, it is an easy means of payment for a Johnson, but he could just as well use a Bank account which he opened over a somehow encrypted line.
The only reason the Credsticks are still in the game is because they are cool, and they are Shadowrunny.
Before, they were means of identification, were they not? What are they now?

There's several mentions of a "Global SIN registry", but that's incidental to my concept.

Look, today, if I Google someone, I'm going to get information on them from likely hundreds of databases. A lot more, actually, depending on how common their name is and how many false positives I have to weed out. At the very least, the SIN will automatically eliminate all the false positives. I don't have to figure out which John Smith I'm looking for, the SIN does that for me.

Further, the SIN is supposed to help me sort and track all that information. So, if it doesn't do the same as a modern-day search engine, it's not very effective, and can't be the privacy-destroying thing it's supposed to be. So, to use the search engine concept: Google doesn't actually get its information from a central database, it uses tags to draw links from others. So you don't actually *need* a central database for a SIN to work, you just need a decent search system. Given what we know of Data Searching in 2070, that's not hard.


You don't need a central index; but as the quote posted upthread shows, that's exactly what a SIN is supposed to do. It's not a signature, it's more like a tag: a marker for search engines.


In a home game, I would do it that way. I actually go a bit simpler: I don't roll for casual SIN checks; so unless it's important, even a Rating 1 SIN will pass everyday checks. It's only when someone makes a serious check that you run the risk of being caught. Unfortunately, those serious checks can happen very often. I ran the Denver Missions, and there's SIN checks at every border crossing... and you cross at least two borders in damn near every module. And they're important, since most runs are on a timer. Even though they'll eventually let you go after harassing you and a small bribe, that delay can cost you the run.


I have a checking account. Now, it's called a checking account, because they originally allowed you to write checks. In fact, I can still order them. I don't, partly because hardly anybody accepts them, but also because there's lots of faster and safer ways to pay. But checks still exist, and they're still used heavily in some industries-- my landlord, for example, doesn't accept cash or card or online payments. So, once a month, I trudge to the bank and get a special check printed, just for them.

Originally, certified credsticks were compared to bearer bonds. That's technically true, but bearer bonds aren't something people usually deal with. The better example is a prepaid credit card, or a Visa/MC gift card. You can pay to have one made, you can spend off it (and in some cases, reload them), and you can use them online. Technically, they're untraceable, too-- once you buy one, you can say you "gave" it to someone else, or lost it, and nobody can prove it came from you.

Even though certified cred is a rarity in 2070, there might be legitimate uses for it. Buying things off the grid, or maybe they've got an archaic system, like my landlord.

What's in the Global SIN Registry? Looking to the SR5 corebook, here's what I find:

So, shortly after your birth, they have the SIN itself, and relevant biometric data associated with that SIN. After the SIN is created, it seems unlikely that much in the way of additions or edits would be allowed.


How does Google work? They have a set of bots, called spiders, that continually crawl the public web, following links from one page to another, indexing the data they find as they go. If a website owner wants to, they can easily deny access to Google's spiders, and many do. (For things they don't want easily found.)

Google uses the information from these spiders to build up, over time, an enormous index that allows them to quickly find the most heavily linked pages that are associated with any given search term. Then, when you Google a name, you are given a set of links to public pages that reference that name.

How would this work in 2075? Say MCT decides they want to index all the contents of the Matrix. What databases and hosts would the MCT spiders be given free access to? Banking information? Medical records? Customer profiles? I don't think so.


Two points here, first, a SIN isn't really comparable to a search engine, and it isn't meant to replace them. It's meant to replace your name. ("In the future, your name will probably be, like, a number, man.") From that perspective, it is vastly more useful and efficient than the status quo.

Second, you think that a world where my 1 and 2 are true, but 3 and 4 aren't, won't be sufficiently dystopian?

Imagine you work for Renraku. They pay you in scrip, so most of the shit you buy is sold by Renraku or a subsidiary. You bank with Renraku Financial Services. You live in Renraku housing.

Now, even assuming that Renraku doesn't play nice when it comes to sharing data, how much privacy do you think you have from your employers?

They know what you eat, what you buy, what you do in your free time. Everytime you eat a little snack cake, you get an email from HR informing you that you're accruing points towards an "unhealthiness" payroll penalty. Your boss has access to all your info, he uses it to figure out that you're having an affair, and he blackmails you into working even longer hours, doing stuff that isn't your job but that helps him personally.



Efficient search presupposes an existing database or index that can be searched. The question is, what would be in such a database or index? I can easily imagine that Matrix search in 2075 is often worse than Google in 2015. A lot of our Internet is public and freely available. When megacorps rule the world, I don't see any reason that that would be the case.

Are you serious? The GSR is the registry of SINs and their associated data, not a seach index


Dude, are you serious²

Google maintains a giant inverted index of all the pages their crawlers have found. Just to give you an idea of how big, they have a custom file system optimzed for block sizes (basically the smallest increment of data which can be stored) of 64 Megabytes, your standard harddisk operates at 4 Kilobytes.



The SIN is supposed to be a unique, lifelong and globally valid ID. It does that.

Also, you can have a surveillance shithole without taggind each citizen with a global number or even requiring them to carry ID, see Airstrip One...

There's ways of manipulating those links, though. They rate the results based on certain criteria, which is why some sites are more connected to certain names than others. For example, if you Google Shadowrun, you get the CG page right away. Dumpshock is older and has more links, but it doesn't appear till page 2.

Of course, there's an easy explanation for that. Google openly advertises its services, so it's not hard to put up stronger links to information you pay for.

But the point is, the SIN specifically says it indexes the data on you. It's designed to be search engine friendly, even without a central database.


They have to maintain a linked financial and data transfer system, though. If they want access to Renraku's public databases, they need to share theirs. Same with all that other information. And while being able to access your bank accounts would be restricted, simply verifying that you do have an active bank account would not-- you need that information to buy stuff, so if a MCT employee decides to buy a Renraku product, Renraku and MCT have to agree to share some information.


That's a modern system, though. In 2070, they talk tons about how powerful data searching is.

Second, there doesn't need to be just one. Each mega and second tier group probably has their own search system; and since they have to cooperate with each other to a degree, that would be open to each other. Right now, I can use Google, Bing, or several other search engines if I want to. There's also a few scam engines, that basically feed your keywords into a couple of them at once, and give you all their results. Presumably, 2070 data searching would be even more capable than that, especially with advanced AI Agents helping out.


Honestly? No, which is why I said it was incidental. Someone said there was no central SIN database-- well, there is, but it doesn't affect my claim in the slightest.


They also do some real-time searching. I'm not an expert, but today, it does happen, it's just that indexing is faster.

Of course, the SIN handles the indexing for you-- another direct quote, I believe-- and we have much faster and more powerful computers, with a special skill to help Data Search. So it's not unreasonable to assume that they've made some major strides.

versimilitude is subjective. You seem to need Shadowrun to be full of pointless systems and bookkeeping to feel real. Whatever floats your boat. I actually work with databases and I can tell you any data base that doesn't actually serve a purpose is pointless. In your world we seem to have a system where every retail store knows your transaction histories for all time and your breakfast rituals but can't find 2 like records, especially when said system can do facial recognition?

I don't know about you but that ruins my versimilitude.



Maybe it's my fault here but I would have thought that there's a massive obvious difference between duplicate records on a database and the same record being recorded in multiple real world places. I also think your assumption that you can have 10 devices broadcasting your SIN being legal is contrary to the whole point of SINS in an orwellian context but that's another discussion.

So anyway, you walk through a door. A camera generates facial recognition data, records your height and approximate weight and compares it to the SIN data which it then goes and finds your SIN. Assumption here: Anyone who's going to care about your SIN (I'm struggling to know who would besides corp and government facilities) will have read access to the database. One wonders if the system can only recall the info for the SIN provided than it's somewhat flawed. Take that from a business analyst, straight away I can see how it could be better. So it checks against your broadcast SIN and at the same time it runs the capture date against the database. With certain tags, such as ethnicity, sex and race it can cut the search down considerably. Assuming that your SINS are all reasonably accurate (To pass the initial check) then they would presumably come up in the search. Now you might say, well your SINs might vary data to avoid cross reference, which is true I guess if you can believe that Red-head trolls are able to convince Knight Errant that they're not blue haired elves........

What does the system do when it discovers multiple SINS for (probably) the same person. My guess is that it assumes you're Jason Bourne and tells the authorities.

So if this is not the case, and to be honest that's exactly how I want it to be, then it breaks versimilitude and logic.




Shadowrun has a couple of assumptions built into it. The first is that you can't hack credsticks. The 2nd is that it's extrememly hard to hack SINs. This is why there's no real mechanism to do so. They are basically deleted as part of the character's back story and they can only be bestowed by governments and corps. It basically takes an insider to add false records and they can only do so much (as much of it is credit history, etc that is hard and time consuming to falsify) which is why they can never be true SINS. This is why they are so expensive. At best right now a hacker can trick a scanner into getting false positives, but they can't create fake SINS by RAW.

If the database wasn't worth the hard-drive space it's printed on, they wouldn't have it and everyone would just have wallet IDs.



I was actually going to bring this up in the last post but I kind of figured "Nah, he's not going to compare Shadowrunners with a few douchebags in Africa guarding Cocoa fields with AK47s, there's just no way...."

Clearly I was wrong.

Nope. Don't need them. Do need "the world is full of godlike technology which violates the laws of physics as we know them" to enable "Uh, if the technology can see you, it can, like, totally connect like data to raise a flag, dude." Because godlike technology somehow equating to total incapability on the part of the machines and their keepers makes precious little sense - they wouldn't spend money on it if it didn't work.



Having spent my time paying my dues in the DBA trenches, I couldn't agree more! Absolutely, preach it, brother! If you have the database, you can presumably search it, perform correlations, retrieve data by listed criteria and so very much more. We're totally, 100%, unambiguously on the same page here. Can I hear an amen?




Mine too, if that's what I'd said. In fact, I said the opposite. I didn't say that it couldn't find like records. I'm saying that the content of the database is full of false information, corrupted information and what's more (if we want to get theoretical about it) the database as a whole isn't a single database, but a series of databases held by various entities, in a distributed fashion, with imperfect duplication of data among them. Can you audit the data? Sure, but since it's canon that the database is being constantly and repeatedly corrupted by external actors, the audits are necessarily imperfect in their outcomes.




Yes, I agree, there is a massive obvious difference between the two cases and I would not equate them.



Charities, policlubs, social groups, cooperatives ... the variety of nosy busybodies is as wide and deep as the ocean, if human nature is any guide.



You forget that this is a world in which all sorts of cosmetics, magical and mundane, plastic surgery and cybertechnology are real. Someone could walk into a location looking like a lumberjack with a limp, and walk out looking like a chrome Matt Damon. Or Charlize Theron, with enough money. New cyberlimb? Gait changes. Walked into a low coffee table? Gait changes. Shaved the beard, got some skin bleaching? Maybe a new set of cybereyes? Facial biometrics change. While dwarf-to-troll is improbable, the plausible swings in appearance are substantial. Add nanopaste, skinnable cyberskulls ... and all this is legal and normal. How many girls want to look like Suzie Sakura, or even Getlaidriel?



Again, the database doesn't have to perfectly correspond to reality to be useful. It's all about the false positives and negatives, and the consequences of each. It's about raising flags, not perfectly representing some ideal vision of reality. The more data they have, the more innacuracies and flaggable events they can find. In a sense, perfectly matching data is boring. It's one gigantic search for meaningful anomalies, which are then followed up by bruisers.



Actually, a lot of those are a step above what a street meat level team might look like. The tech is different, but the comparison is apt. If you want something a little more high end, consider some of the industrial espionage going on between the USA and China, via corporate proxies.

Yes, Google analyzes and ranks the relative importance of pages using their PageRank algorithm. If you want to read more about how it works, you can do so here. This isn't really relevant to our conversation though, I don't think?


I don't think I understand what you mean here.

I agree that a SIN acts as an index. In that regard, it's definitely superior to a name. But, the performance of search engines in 2075 will depend on more than the quality of the index used. It also depends on the quality and comprehensiveness of the information the search engines are able to crawl.

See, that link I posted earlier, that points to Wikipedia. A free, open, publicly available resource that adds enormous value to our Internet. It displaced similar systems that were closed off and proprietary, like Microsoft Encarta. Wikipedia is run by a tiny organization on a shoestring budget. Now, imagine if a small group of concerned citizens tried to make something similar in 2075, something that would be competing directly with an MCT commercial product. How long before a Yakuza strike team destroyed their servers, threatened their lives, or worse?

My position is that that publicly available data on the Matrix may, in many ways, be of inferior quality to the publicly available data available on our Internet in 2015. (In much the same way that the air and water of 2075 are generally of inferior quality to what we have today)


I don't understand what you mean here. MCT comes to Renraku, and explains their plan to index the Matrix. They ask Renraku for permission to access their "public database". What do you think is in Renraku's "public database"? If it's public, why do they have to ask?


"Hey, Wells Fargo, is John 'Cain' Smith a customer of yours? What's his account number? How much money is in his account? What's the security code he needs to provide to authorize purchases? Thanks, I'll keep that stuff on file until I need it."
vs.
"Hey, Wells Fargo, I've got an attempted purchase here, account number 123456, name on the account John 'Cain' Smith, purchase is for $250, security code is 0987. Are there sufficient funds in the account to cover the transaction? Thanks, running the transaction now."

So, if you were setting up a financial system, which of those is closer to how you might organize it?


In many ways, Shadowrun technology represents a significant advancement over what we can do now. In other ways, technological improvements have been merely marginal. (This latter is not surprising, the setting is essentially post-apocalyptic; plus, predicting technological advancements is generally quite difficult)

I'm not willing to take on faith that any given aspect of Shadowrun tech is a vast improvement over what we have now. I'll need to see some evidence that their search is, in fact, considerably superior to ours, to such a great extent that our modern ideas about how search engines function are simply obsolete and irrelevant.


Does MCT have some way of cataloging and indexing lots of information about their employees? Almost certainly. Do they share a lot of that information with Ares? Does the Yakuza share a lot of information with the Mafia?

When your opposition will kidnap your employees, blackmail them, or assassinate them, maybe it would be wise to be a little more tight-lipped about them, no?


Google Real-Time search was essentially a deal they had with Twitter where they would give you a feed of Twitter posts in with your search results. You could get the same functionality by having Twitter up in another tab.


You are free to assume what you like. Saying the a SIN acts as an index is all well and good (it falls under my point 2, from post 129), no one disagrees with that statement. You just seem to have somewhat confused ideas of what exactly that means.

I don't know what you mean about a skill for Data Search. (And the existence of such a skill wouldn't suggest to me that they're better at search than we are, quite the opposite in fact...)

Part of the problem with today's search engines is that you can't easily separate out false positives or close names. A SIN would do away with that.

Also, there's a ton of information about people in the "public databases" that tells a lot about you. Some of it is semi-private, like your credit report-- technically it's private, but it's disturbingly easy to get a hold of.

Others, though? I'll use my mom as an example. My mother is a bit of a throwback, she comes from the pre-pre internet era. She can use it, but she's also an even bigger privacy nut than I am-- she will not use social media like Facebook, she won't buy things online, and she won't fill out any form online unless she absolutely has to.

So, if I feed her name into Google, what can I get on her?

-- Accurate addresses and phone numbers for the last ten years. My mother has had an unlisted number since at least 1965, but it's there in an online phone book.

-- Her home and work emails.

-- Her place of employment. She's a department head, and shows up in their "Who are we?" page.

-- Her entire educational and work history. Her employers require people to maintain a LinkedIn profile. It's not actually that complete, it only lists her collegiate information and employment past 1979, but it's still mostly there.

-- Her husband's name. It's mentioned in passing on her employer's page. (I'm not mentioned by name, just that she has grown kids.)

-- Her home town.

Now, if I dig a bit more, there's things I can infer:

-- Her salary. I can prove she's a department head, so looking up the standard salary for her position is easy.

-- The car she drives.

-- Her places of employment before 1979. Some of them are listed as awards, or other experience in passing, but it can be discovered.

-- Her first husband's name, my father. She hasn't spoken to him since 1978, but they have the same last name still, and so if you search that far back, you can guess they were linked.

And that's my mother, the atavism. Let's stretch bit more, and postulate what else would be possible if she were more into social media and internet purchases:

-- Her family. Facebook sorts your relatives for you, so unless your privacy is set to block this, anybody can check your friends list and see which are relatives.

-- Her favorite movie genres and music groups.

-- Her political affiliations (many people "like" their favorite local and national politicans).

-- Pictures of her family.

-- Her age and birthdate.

And so much more. All that is available, right now, to anyone with Google, her name, and a few reasoned guesses. With Shadowrun computer power, and a SIN to help sort data, you could get even more information, *without* assuming a total panopticon.


Neither, actually. It'd be a totally automated system-- you wouldn't need to call and verify anything. You just send the minimum required identifying information ( the SIN) and get current data, without needing special permission.


Fair enough. This is an assumption, based on the following premises:

1. Computers on Shaowrun are significantly more advanced than modern ones. They can interface directly with the brain, they have effectively unlimited storage memory, and broadcast with enough bandwith to project a human consciousness.

2. Society in 2070 produces a "staggering" amount of information on people, presumably much more than what they do today. Since literally every step you take can be tracked, it's not a stretch to think there is a lot more. The stated purpose of a SIN is to help sort and manage all that information.

3. SR4 actually introduced Data Searching as its own skill. I believe SR5 took it back out. but it does still apparently take a different approach.


It depends. Having shared information with other companies is not just necessary, it's potentially profitable. And if the inconvenience or loss of life costs less than the gains of a shared system? They'll take the profit, every time.

And which way does the automated system use, then? Computers talk to each other too, you know, and not even the sentient ones.

I mean Christ, come on Cain.

Yes, this is true. No one is disputing this. As I've said, this is one of the reasons why a SIN is an improvement on a name.


Ok, so, to direct our inquiry, we'll look at things that are currently public and easy to find, and try to figure out whether these same things will be public and easy to find in 2075? Some of them probably will, I can imagine hot-shot employees making it onto corporate "About Us" pages or press releases, for instance. (But then again, maybe not, we don't want to put a target on their head, do we?)

Anyway, let's assume that if I search for more information on a SIN, I'm likely to get contact information for that person, maybe an address, maybe some basic employment information. If they participate in social media, maybe some of that as well (although much of that right now is either anonymous or walled off from search).

This is what we're worried about?


Sorry, perhaps I was unclear. The "phone call" is merely used for illustrative purposes. I'm trying to get at the difference between:

• Here's a SIN, give me all the information on this person's bank accounts with you, which I will store until needed
• I want to run a transaction, here are the transaction details, should I allow this transaction

The second does not require the first. The idea that banking information is just going to be passed around, willy nilly, with no security or protection whatsoever, is simply not necessary to set up a payments system.


Sure, it's possible that the benefits of data sharing will be worth the (very real and very serious) costs and risks involved in doing that kind of thing in 2075, where the megas are basically in a continual Cold War mindset. Canonically, the megas are terrible about sharing information with each other, so, it looks to me like they mostly made that cost/benefit analysis, and came down on the side of "loose lips sink ships".

I gotta take an hour or two this weekend to reread this thread,
because I have completely lost sight of where the lines are drawn in the sand, and where the trenches are dug.

Quick question:
How does the system know I have no SIN?
To be more specific:
How does the system know I exist?
Even more so if I am not using any electronic devices.

If I am employing Matrix devices, such as a Link, and I operate it in active mode, it makes sense that the system would know that I am not displaying a SIN.
However, if I am in private mode, the system needs to find me first, to know I am there,
and if I am not using a link at all, it can not find me through the matrix at all.

Are all scanners not only scanning displayed SINs, but also scanning for humanoids in infrared?

Are you by law required to own a Matrix Device, which displays your SIN in the matrix?
Or do Credsticks pose an alternative here?