Thanks! That was exactly my confusion.

Unless you're in an area that requires you to make it public, such as... well, most public places.

As for the Matrix search, any search for public information will be completed in one minute, maybe less, unless they critically fail.


Well, getting permission from him is easier than going to his insurance company, yes.


What they mean is, most people don't bother with extraordinary measures. If a shadowrunner wants to be extra-safe, that's an option, but it's also not standard. Which might make them stand out, something they should avoid.


That's rather a large leap to make. Citation, please?



All right, that I can work with. Why do you think that?

Also remember: there's effectively no difference between public information, and easy-to-get information. The reason I kept using credit reports is that they're an example of an easy to get data collection on a person.

Finally: with a SIN helping the search process, that makes the information very easy to locate, right? We know the whole purpose of the SIN is to help locate and store data, so that should make a difference.

Actually, I don't see any citations supporting your view.

What I do see is this: People can accept a mark if invited or tricked into it. So, let's say you walk into a store you've never been in before. As you walk in, your AR display shows a standard form, indicating you need to agree to their Terms and Conditions to enter. Most people will click "accept" without blinking, let alone reading the 400 pages of terms they require, or challenging the 2070 equivalent of tracking cookies they put on your commlink. Hm, wouldn't that be marks?


Quite a bit, actually. But sure, I'll go over it.

Let's say you like Nuke-it Burritos. You work for Megacorp X (which one doesn't matter, as long as it's not Aztech) and you routinely keep your fridge stocked with them. Now, who knows you like those burritos?

Well, for starters, your fridge does. Your fridge keeps a record of what you like, and when things are low, it orders them for you. In this example, the fridge is made by Renraku, not Mega X, but it doesn't matter too much-- the fridge knows, and it can either broadcast that info back to the parent corp, or just let invading deckers use a back door.

It uses your SIN to contact the store on your behalf, and order another sack of burritos. Now, in order to complete your order, Slaveway has to have not just your financial information, but your address, and the fact that you order burritos frequently. So, now not only does the store know, so does all of its affiliates, and their parent corp. As they pull it out of their warehouse, all the inventory systems know and store this information as well.

Now, it has to be delivered. That delivery company has to know what groceries they're delivering, if only to sign off on it when you get it. So, they know, as do all of their devices. Your address is logged into their cars, so they can get to your home. Their cars now have a permanent record of the fact you like burritos, and can report that back to their manufacturer (and everyone else on the road, logging a destination is part of Grid Guide).

Finally, when they arrive, the street cameras will record everything: the car, who they delivered to, and the fact they were struggling under 42 lbs of frozen burritos. So there's that trail as well.

Do you see how many devices record even the simplest transactions in 2070? And how many potential points of failure there are?


It makes it clear that every store is reading your "personal shopping profile". And that local hosts can require you to broadcast whatever information they want. Heck, if the mall is corp-owned, privacy laws don't even apply-- corporate extraterritoriality means the law is what they say it is.

So, there is no app for that. In order for your Grab n Go idea to work, every store would have to have access to it, which goes against your idea of corporate scheming. Alternately, each store could have their own app, but given the number of stores a person can walk past, that seems unwieldy.

The remaining options is that you either broadcast it yourself, or just broadcast your SIN and others look it up. These are basically the same thing, though. Either way, the information is out there and public.

This appears to be a cycle that needs to be broken.

In a number of cases, rules that say "may" are being interpreted as "can" or being inferred as "will". The terms "easy" and "public" are continually injected to make rules seem subscribe to a particular interpretation. Make your point and move the conversation forward, not into a circle. Things that you interpret clearly into one interpretation do not clearly interpret that way for others. In the end, these are all interpretations of rules about technologies in a made up world.

You seem very committed to the idea that anyone can take a SIN, and quickly and easily get the medical records associated with that SIN. So far, the only quote I've seen that mentioned medical records indicated the exact opposite. (Your quote suggests that this is confidential information that is dealt with in a secure way.)

Is there some other quote somewhere that better supports your view? I just don't understand why you are so committed to this idea.


Let's look at that quote again, shall we?

Is there anything in there that suggests that transmitting this data securely is unusual and noteworthy? The assumption is that that the data will be transmitted in an encrypted format. (Note, not broadcast in plaintext.) They also suggest additional security precautions that may be taken, without any hint (that I can see) that using these precautions marks you out as a dangerous, radical, non-conformist. Finally, I again must ask, if all this data is easily accessible for anyone, why would anyone ever bother with trying to transmit is securely?


Sorry, I meant to include a page number there, my bad. It is a direct quote, last thing on page 222 that's not a sidebar.

So, in 5e, hiding things on your commlink is perfectly normal and unexceptional, yeah?


Because the megas canonically hate each other and are terrible about sharing information with each other. You don't disagree with me on this, in your post 173, you stated that you thought corps would share the bare minimum they were required to by law. (Side note: I haven't seen any evidence that corps are required to share any information at all by law, aside from the fact that they have to register the SINs of newly born corporate citizens with the GSINR)

The world of 2075 is ruled by megas, megas don't share information, by all indications, they guard it jealously. So, seems to me that relatively little information is going to be public.


There's a huge difference between these two things. That difference is, "can search engines index this." In our world, (and in 2075, judging by the 5e rules for Matrix Search) any amount of protection, no matter how small, blocks search engine crawlers. (This makes sense, because, again, who's going to release an army of hacker/crawler bots onto the net to break into every system they can?)

See, I think, in 2075, the megas are actually going to be pretty serious about protecting data. The stakes are higher, the game has fundamentally changed. But even if you disagree with me on this, and imagine that they'll be as lax as corporations are in 2015, you have to keep in mind that any kind of protection at all makes data non-searchable.


Nah, because if someone gets a couple marks on your commlink, it's not just that they can trace your physical location wherever you go, they can also use it to start sending texts, not really the same as a browser cookie.

People don't ask you to accept marks, you invite them to mark you. It's a Matrix action that requires you to say who you're inviting, how many marks you're inviting them to place, and how long the invitation will stay open.

Plus, in any case, the mark section on 236 says that you only invite personas to mark you. Hosts aren't personas. Combined with the fact that they never mention having people invite marks from hosts, it's pretty clear cut that you're wrong on this I think.


Fridge knows, Employer knows, Aztech knows, cool. If you're paid in scrip, Employer probably owns your Fridge, so that's the same. Delivery is probably a subsidiary of Fridge or Aztech, vertical integration is the rule in 2075. I have no idea how you think GridGuide works, you're assuming that all cars broadcast destination address and all cargo at all times to all other cars? Cameras record whatever, but whatever video feeds they store aren't public and aren't associated with you in any easy to figure out way.

Once John Q. Hacker finds out where you live, he could hack the cameras on the street outside your house, look through the stored video, sure, but that's got nothing to do with SINs.


Does it? If you mean the Alex example, it says, "As she enters each store, her commlink displays a list of today’s specials (tailored to her personal purchasing profile)…"

You read that and you assume that each store must be accessing some kind of "personal purchasing profile" that she's always broadcasting, and sending her tailored lists of today's specials.

I read that and think that each store sends her a general list of today's specials, which her commlink then tailors to her personal purchasing profile, which is stored on her commlink.

See, in general, you assume that if any work is being done, it's being done server-side, and the commlink is basically a dumb transponder. If you instead think of a commlink as being a more advanced smartphone, these examples make a lot more sense.

And, I've demonstrated a few times that you can do tailored ads without information sharing at all, so it definitely doesn't require broadcasting your "personal shopping profile" at all times.


According to the quote you provided on this, sometimes in 4.x, people require you to broadcast certain "core information" while you're on their property. The example given is that you're required to broadcast your SIN when on UCAS federal territory.

You can hypothesize that other places might consider financial information "core information", and require you to broadcast it, but you haven't been able to point to any evidence that this is the case. The only example we've seen of sharing financial information requires the store to ask you for it, and then you transmit it to them securely. Finally, even you're right about how things worked in 4.x, apparently, things are considerably more locked down in 5e. The only mention of broadcasting anything, that I've seen, is that SINners are still required to broadcast their SIN.

With regards to Grab&Go, there are a couple possible ways it could work. Either each mega could have their own app, (that's not actually that many, right now I've got separate apps for Dominoes, Subway, Pizza Hut, Amazon, RedBox, 4 different financial institutions, PayPal, Apple Passbook… honestly, megas might mean fewer apps on my phone?) or they could consolidate on a few different providers. They hate each other, but there are limits. MCT runs GridGuide in Seattle (I think?), that doesn't mean that other corp employees refuse to use it.

Quote a few, actually. Let's look at one that straddles the line first:

Commlinks typically carry all of your personal data, replacing the
registered credsticks of old. Your ID, SIN, licenses, passport, medical
history, insurance data, educational diplomas, credit balance, and far
more can be securely stored on your commlink and instantly beamed
to whomever you want to send them.
Many people openly broadcast certain portions of their personal
data via their PAN for others to access. This is known as a public
profile, represented by an expandable AR tab or an info window that
opens when you select their icon in AR. This practice is used for
convenience and for consumer purposes—for example, your favorite
stores can access your purchasing history and wish lists as soon as you
walk in, and offer specials tailored specifically to you. Some data is
broadcast for social networking and gaming services, notifying you
if someone single with your same hobbies and interests is in the same
bar, or allowing you to engage random opponents in virtual battles or
board games.
Most users carefully control how much information they make
publicly available, but the law often requires certain core data be broadcast
in certain areas (SIN must be made available on UCAS federal
property and many corporate enclaves), or for certain data to be accessible
by security officers who attempt to access it with authorized security
codes. In high-security neighborhoods and traffic-heavy business
districts, it is common practice for police drones to scan the PANs of
random people on the street; those with something to hide are usually
assumed to be up to no good

So, we see a couple of things:

-- Yes, you can choose to not broadcast certain information.

-- Doing so might be illegal in many areas, and information must be turned over to anyone authorized to have it (which could mean the guy flipping your burgers).

-- Not doing so is, at the very least, suspicious. Police drones have the right to scan everyone, and harass anyone who isn't broadcasting the right information. ("Harass" is a euphamism, they can actually respond with lethal force if they want to. That's because if they think you're SINless, you have no civil rights.)


I went on to read the next part.

So where do you store all of the things you want to
keep? Pictures from your Aunt Edna’s wedding, credit
information, your SIN, every book and movie you’ve
bought, all the programs you might want to run—all of
it fits on your commlink (or cyberdeck if you prefer). In
fact, every device on the Matrix has a massive amount
of storage space, unthinkable amounts by early 21st
century standards. Your gamemaster might decide that
a device is too small or low-grade or a file so massively
large that a problem comes up, but such problems are
extremely rare. Even if it does, the entire world is wireless,
so you shouldn’t have trouble finding an alternate
storage location.

So, that shoots down your idea that all your personal data isn't collected somewhere, or even multiple somewheres, for easy access and reading. What you seem to be trying to prove is that because this data is theoretically "protected", it's significantly harder to get to. I'll get to that in a second.


Look up the Business Accords in Sr1. They detail a lot of that stuff.

You also have to consider the importance of data. Data must flow for the Shadowrun world to function. Everyday information is traded back and forth all the time between everyone, so they can't put a stopper on that. The book examples usually center around extraordinary information, like tracking a shadowrunner; and even then, they don't actually deny it unless they have a good reason. They'll drag their feet, but won't say no unless they can justify it.

Think about it: most of the money is held by a A-ranked or greater corp. What would happen if they all decided to drag their feet on everyday transactions? The economy would collapse, since one of the goals of the matrix was to prevent timing-based shenanigans. Specifically, I'm referring to the Nanosecond Buyout; there's several references to additional protections being put in place to prevent it from happening again.

First: You're assuming people have to break in. That's not the case at all, but I'll get to it in a second.

Second, the chart doesn't actually say that. What is says is this:
[pre]
General Knowledge or Public 1 1 minute
Limited Interest or Not Publicized 3 30 minutes
Hidden or Actively Hunted and Erased 6 12 hours[/pre]
So, while you're right about "protected"-- which is defined as held in a secure host-- information that is merely hidden or erased can still be found. So, data that is on your commlink, even if it's got "protection", can still be found under a Matrix search.

On top of that, even if the data is protected in a secured host, the Matrix search action still gives you the location of the host. There's still a trail you can follow.


You have to pass a piece of IC to enter the store. It's only job is to scan ID's and send you the Terms and Conditions. If you bother to read them, you might notice that they require you to accept "tracking cookies", and explain what they do in confusing legalese. You click "Accept", which automatically directs your commlink to accept three marks from the IC or other security bots. Most people wouldn't even notice.

Now, since *everything* is on your commlink, and storage is unlimited, they can easily download everything on you and move it to another server somewhere, presumably for analysis. Now, whenever your SIN is accessed by one of their stores, they all know your complete transaction history, and freely share it between all their affiliates.

What about between megas? Megas do a lot of business with one another, and there's a lot of routine transactions that happen every day. So, let's say one Renraku computer calls up a Mitsuhama computer, and says: "Hey, I've got an update on SIN 12345, trade you for an update on SIN 98765." The programs are capable of recognizing that this is a fair trade, and so they do it automatically, without any human input.

In fact, here's an example from SR5:
These companies have international
reach, and their centralized databases are everywhere
they are; do something in one jurisdiction and all the
others know about it. So stay out of the database. Give
them nothing—your name, your picture, your favorite
make of whiskey, anything—because some smart cop, or
smarter program, can use that anything to finger you.
The good part is that while law enforcement corps share
all data internally, it’s in their best interest to make their
rivals look as inept as possible—which means they never
tell each other anything. So as long as you know who’s
covering what turf, you can still find cracks to fall into.
But don’t get cocky. Law-enforcement contracts can
change hands in a blink; what’s Knight Errant territory
one day may be Lone Star the next. Meaning you may be
an unknown free agent one day and an actively sought
fugitive the next. And be aware that many sprawls have
multiple security companies in their borders—Knight Errant
may have the city contract while Lone Star covers
residential or maybe corporate compounds. Make sure
you know who’s patrolling which streets when.

So, if there's multiple corp cops with jurisdiction (which happens all the time) they might have to share their non-public, secure information.

As for the security question: security is only as good as your weakest link. So, if a smaller corp trades for your SIN information, they might put it somewhere with little to no security. Or worse, any corp might have a deal going with a data haven. Data havens store everything in basically public access, which then would be effectively public.


Actually, in order to buy something from another mega, you *must* use nuyen. It's technically illegal for corps to trade scrip. The employer may own your fridge, but they might not have made it-- each AAA has their field of specialty, and Renraku's isn't household appliances-- that's more Evo of Saeder Krupp.

As far as gridguide goes: you must broadcast a destination, otherwise Grid Guide can't help you. It'd be like trying to navigate today with GPS, only without typing in a destination. Your car has to broadcast its destination, and must store the inventory of your delivery in it, to track things. Remember, automated cars and delivery are real in 2070, so the only way the computer can track what was sent would be if it knew it in the first place. Camera feeds are public-- today, anyone can access them, to look at traffic conditions. With the advancement in technology, and the need for constant data, people would want that sort of information, all the time. Since it wouldn't cost the megas a thing (might even improve production, if their workers spend less time in traffic), they'd go for it.


Actually, I'm saying it makes no difference. The store knows your history, and tailors ads to your personal profile. It gets this information easily and painlessly, and you have no control over where it goes from these.


Actually, you haven't. You've cited lines in really long posts that take too long to read through. If you have an example, if you don't mind repeating it, it'd be appreciated.

However... look, this is a simple definition game. "Tailored" means customized to you. If they have no information on you, they can't tailor it. They have to get some information from somewhere, and they have to do it without any blatantly illegal hacking. Bottom line is, they get it.


First: Yes, there were several examples. Hospitals require everyone to broadcast medical information, for example.

Second, it's not just SINners. If you aren't broadcasting a SIN, the system assumes you're SINless, and therefore *have no civil rights*. They can gun you down while you're eating your Nuke-it burrito, and legally they['re in the right. Look at the paragraph after that quote I keep using for an example.

Third: it's not just the hospital that needs to keep your secure data, it's everyone who has a right to read it. Let's say you have a medical emergency, and are taken to the ER. Who has legitimate access to your medical information?

Obviously, the ambulance and the hospital will know; since most ambulances are run by Docwagon, an independent corp, they're not likely to be the same as the corp that runs the hospital. Possible, but not likely. Both of them will share the info with your insurance company-- even today, under HIPAA, they have that right. The hospital will also forward copies of everything they did to your doctors, clinics, and pharmacies. No one company can control every medication out there, so they have to send information on your treatment and prognosis to the drug companies, who will presumably use it to further medical research, but will also share it with their marketing department, so they know what drugs to convince you to buy.

I noticed you did not reference your quote. I find this quote from SR4A, pg 219

I then noticed your claim that went on to read the "next part", but this is a quote from SR5, pg 223. That is pretty disingenuous to misrepresent the continuity of the quotes.

Really? Did you not read my moderator post?