Help - Search - Members - Calendar
Full Version: SINs
Dumpshock Forums > Discussion > Shadowrun
Pages: 1, 2, 3, 4, 5
Redjack
In the thread, Redjack's Matrix Primer, we started discussing SINs. The original context is in regards to the ownership mechanic. This thread is to discuss house rules for SINs.
QUOTE (SR5 @ pg366)
Modern society in 2075 produces a staggering amount of information every second of every day: where you are, what you buy, and what you do. With the system producing all of these pieces of information, there needs to be an easy way to store, track, and correlate it. All of that information needs to be associated with a person somehow. Thatís where the SIN comes in. A SIN is issued to a person a birth, and stays with them (baring exceptional circumstances) for the rest of their life. A SIN identifies a person in the global information system and is attached to every piece of information associated with them in the Matrix. No aspect of modern or legal life can function without a SIN. Those who donít have one canít get a job, canít buy food, canít even walk down the street.
So the problem really breaks down here in that governments should be issuing SINs to people and corporations should be demanding it.

When I GM my SR4 game, the technomancer on the team is continually getting short term fake SINs for the team. Many times he buys SINs that are simply the product of identity theft. ergo: 37 year old Chinese female, deceased but not yet reported. 17 year old male, student, hiking in the Rockies for the next 36 hours. 25 year old Caucasian female, Horizon receptionist in Seattle, currently (and expected to be for 24 hours) in medically induced coma as Jane Doe. etc. We are working on writing rules for how that.

Even a person with a criminal SIN is a step above the SINless and there is a hidden perk for the corporation or nation who issues the SIN:
QUOTE (SR5 @ pg84)
He is also required to pay a fiteen percent tax on his gross income to the entity that issued his Criminal SIN.
Sendaz
So should there be a dual rating on Fake SINs perhaps?

The first stat is the overall rating of the SIN and how well it stands up to scrutiny (like it does now)

The second stat could be for how long the 'shelf life' of the Fake SIN lasts before the system definitely catches on that someone is double dipping with the SIN and shuts it down.
If you do not want it stopping the SIN full stop, it could also act as an interval of time before the first stat rating degrades.
So if it's a 'burn' Fake Sin with an Rating 5 but an interval of 1 day, the next day it's a 4, third day down to a 3 and so on.

So this could act as a cost modifier on the cost for a fake as you wouldn't pay as much for something that is only good for 24 hours as you would for one that can hold up potentially for months.
Redjack
One of the places where this really matters is the ownership mechanic and that you can't buy anything without a SIN. There is, of course, a larger question as to whether or not there needs to be any changes?

Corporations will still sell defects, knockoffs, and even excess product to the black market. When they do so and don't establish ownership, they have no responsibility of warranty, software updates, etc. This then infers that the ownership mechanic needs an adjustment to simply state that there is a lot of stuff in the barrens that simply has no owner... and never did.

I had kicked around the idea of a new type of SIN, let's call it a Consumer SIN. Tied to no nations or corporation. Issued directly by the Corporate Court to allow the SINless to participate in legitimate commerce (and all at the small cost of a 15% tax on gross income). The jury is still out. Not sure if I like this or not.
Redjack
QUOTE (Sendaz @ Jan 4 2015, 11:17 AM) *
So should there be a dual rating on Fake SINs perhaps?
Yes!

QUOTE (Sendaz @ Jan 4 2015, 11:17 AM) *
The second stat could be for how long the 'shelf life' of the Fake SIN lasts before the system definitely catches on that someone is double dipping with the SIN and shuts it down.
If you do not want it stopping the SIN full stop, it could also act as an interval of time before the first stat rating degrades.
So if it's a 'burn' Fake Sin with an Rating 5 but an interval of 1 day, the next day it's a 4, third day down to a 3 and so on.

So this could act as a cost modifier on the cost for a fake as you wouldn't pay as much for something that is only good for 24 hours as you would for one that can hold up potentially for months.
I realized we are really talking about stolen SINs, not fake SINs.

STOLEN SIN
SIN Rating: [1,2,3,4,5,6] [see Fake SIN Details: SR5, pg367]
SIN Depreciation: [None, 1 week, 1 day, 12 hours, 1 hour]
SIN Expiration: [N/A, 8/12/24/36/48/72/96 hours, 1/2/3/4 weeks]

Something like that?
Sendaz
Yes, that was what I meant.

For depreciation, I was thinking more 1 Hour, 1 Day, 1 Week, 1 Month, Indefinite or maybe it should be kept looser as some might be good for 36 plus change like for the student hiking example above.

But yes, this seems like a good way to represent how to use a stolen SIN.

Now just have to figure cost modifiers if the players are buying one from a contact/fixer sort.
Redjack
Just throwing out something for us to tear apart to build a cost structure from:

How about this for a base:

STOLEN SIN:
Base Cost: R1-3 = 100•/rating; R4-6 = 250•/rating
Base Depreciation: None
Base Expiration: 24 hours

My thoughts here are that a stolen SIN would normally not depreciate, it would simply expire at the point in time that it is noted as compromised.

How about every additional 24 hours increases base cost by 25%?
Sendaz
Looking at it again, maybe you are right about no depreciation for a Stolen SIN as because as soon as the hiker comes back out of the hills and starts using his SIN, the system is going to flag there is two sources of the same SIN on it's radar so to speak. Kind of like how the credit card company contacts me about suspicious activity. How fast it shuts down the SIN though would depend as it would have to sort out who was valid and who wasn't. Or maybe it just locks down both and lets the real owner contact them to sort it out.

I think depreciation could still play a factor for a true Fake SIN though. This could represent the various systems updating themselves, closing loopholes and flagging possible discrepancies that might have been used to generate the original Fake. Sort of a SOTA for SIN.

So maybe have it so Stolen SIN has Rating and Expiration while Fake SIN has Rating and Depreciation?
Redjack
QUOTE (Sendaz @ Jan 4 2015, 12:29 PM) *
I think depreciation could still play a factor for a true Fake SIN though. This could represent the various systems updating themselves, closing loopholes and flagging possible discrepancies that might have been used to generate the original Fake. Sort of a SOTA for SIN.
Looking at the chart on pg367 (SR5), how about this: Any Fake SIN above R3 to which a lifestyle is not attached or 10% maintenance in not paid, depreciates 1 rating point/month. Once depreciated, it costs a full 2,500• per rating point to restore.

Thoughts?
Sengir
Based on the fake SIN rules on p. 367, low-level SIN checks (the ones you would encounter at a taxi or discount store) should be extremely easy to defeat:

An R1 SIN verifier just checks whether you can provide a SIN at all, and an R1 SIN is just random data. It's the future equivalent of being asked to sign in with you name, without demanding any proof that what you wrote there is indeed your name.

At Rating 2, the verification is a "basic redundancy check on the number and vital statistics" but without any verification of external data, and the according SINs don't contain any such data. "Using Forgery" (p. 145) says you can't create "data-based" stuff, but since an R2 SIN does not have external data, it should still fall without in the scope of using Forgery.


I really like those new rules, it's just that price of fake SINs does not match: Rating 1 fakes should be something street-savvy characters make up on the fly and everybody else gets a dime a dozen, and a Rating 2 SIN should still be easily in the reach of a character with the capability for some number crunching or a hundred bucks to spare.



But since this grew out of a Matrix thread, here's a real tough one: Fluff implies that SINs work over the Matrix, where biometric checks obviously do not work, unless the other side believes that the image of a fingerprint you sent over is really scanned from your finger. Digital certificates and stuff would also be a very weak protection, since encryption in SR is fundamentally broken. So, how to handle anything more discerning than the equivalent of an "Of course I'm over 18" button?
Draco18s
QUOTE (Sengir @ Jan 4 2015, 02:55 PM) *
Based on the fake SIN rules on p. 367, low-level SIN checks should be extremely easy to defeat


Quite, which is why I never liked the SIN check rules. Even a R6 fake could be detected something like 60% of the time by a R6 checker...because dice.

Fake ID's rating in dice as an opposed test against the verifications system's rating in dice. With ties going to the verification system.

R1 vs. R1: the fake SIN wins 21% of the time, due to the ties when both dice roll blank.
Sengir
QUOTE (Draco18s @ Jan 4 2015, 09:07 PM) *
Quite, which is why I never liked the SIN check rules. Even a R6 fake could be detected something like 60% of the time by a R6 checker...because dice.

Fake ID's rating in dice as an opposed test against the verifications system's rating in dice. With ties going to the verification system.

R1 vs. R1: the fake SIN wins 21% of the time, due to the ties when both dice roll blank.

The new SIN rules in 5th are what most people already houseruled: Roll scanner's ratingx2 with the SIN rating as threshold, which drops the chance of cracking an R6 to single digits.
Draco18s
QUOTE (Sengir @ Jan 4 2015, 03:33 PM) *
The new SIN rules in 5th are what most people already houseruled: Roll scanner's ratingx2 with the SIN rating as threshold, which drops the chance of cracking an R6 to single digits.


Ah. Of course. I've looked at SR5 through a telescope, so I didn't have those rules on hand.
Redjack
QUOTE (Sengir @ Jan 4 2015, 01:55 PM) *
since an R2 SIN does not have external data, it should still fall without in the scope of using Forgery.
That seems plausible.
QUOTE (Sengir @ Jan 4 2015, 01:55 PM) *
that price of fake SINs does not match: Rating 1 fakes should be something street-savvy characters make up on the fly and everybody else gets a dime a dozen, and a Rating 2 SIN should still be easily in the reach of a character with the capability for some number crunching or a hundred bucks to spare.
My Shadowrun group was put off by the increase in price increases in SINs.
QUOTE (Sengir @ Jan 4 2015, 01:55 PM) *
since encryption in SR is fundamentally broken.
We noticed last night that "encryption" has been relegated to simply a firewall enhancement in SR5. Protected and archives now fill the space that one would think of for encryption. I guess where I'm going with this is that for the system to work, SINs have to have some level of security. I think we've expressed a vulnerability with fake and stolen SINs, but need to consider that the continual checks and cross checks make the system as a whole functional.
Cain
I think the problem needs to be approached from a different angle.

The first issue is that Fake SINs are mandatory. You can't legally buy anything, not even food, without some sort of fake SIN., But even low level ones cost, and you can blow through them very quickly. I'm thinking of introducing a "Rating 0" fake SIN: easy to get a hold of, but won't stand up to any sort of serious check. You man need some sort of limit on how many you can have at once, though.

The next is the ridiculous frequency of SIN checks. One of the examples in the SR4.5 book has a SIN being checked dozens of times as you walk down the mall. My solution for that was to simply ignore all casual checks-- if you have a fake SIN of any level, you automatically pass. It's only on a detailed check that you have to worry. When combined with the Rating 0 idea, this means you can easily get something good enough to pay for a slurpee at the stuffer shack, but it won't hold if a cop or security guard runs your ID.

Next is how easy it is to break a fake SIN. The SR5 rules are an improvement: it's Device x 2, vs a Threshold of the SIN. Since it's not an opposed test, there's less chance of a bad roll breaking a good SIN. Still, the odds are very high that a basic SIN check will blow an equal rating SIN. I would suggest dropping the test dice to just Device for standard security checks, and add Data Search for in-depth ones: the checkpoint guards won't have the time or skill to do a lot of digging, but if you're sitting on your heels at the police station, they're going to be trying a lot harder.

Finally is the response to discovering a SIN is fake. The SR5 book leaves it entirely to GM discretion, which makes sense, but some guidance would have been much more helpful. The only suggested response is to call the authorities, which might lead some to think the only proper response is to call in a SWAT team and end the runner with a hail of lead. A listing of possible responses would be better. I'm partial to the Denver Missions rule: if you failed a SIN check, you were detained and harassed for an hour or so, then you paid a small bribe and could go on your way. Just some ideas as to how you could respond, that would make it much better.
Smash
QUOTE (Redjack @ Jan 5 2015, 04:20 AM) *
One of the places where this really matters is the ownership mechanic and that you can't buy anything without a SIN. There is, of course, a larger question as to whether or not there needs to be any changes?

Corporations will still sell defects, knockoffs, and even excess product to the black market. When they do so and don't establish ownership, they have no responsibility of warranty, software updates, etc. This then infers that the ownership mechanic needs an adjustment to simply state that there is a lot of stuff in the barrens that simply has no owner... and never did.

I had kicked around the idea of a new type of SIN, let's call it a Consumer SIN. Tied to no nations or corporation. Issued directly by the Corporate Court to allow the SINless to participate in legitimate commerce (and all at the small cost of a 15% tax on gross income). The jury is still out. Not sure if I like this or not.


This feel like one of those cases where the Dystopia of Shadowrun is being lost.

Being SINless is supposed to suck! You live in the barrens or worse are locked up in some archology somewhere and issues a criminal SIN. You don't participate in the normal economy, you participate in an underground economy driven through scavenging and crime. At best you might get a job somewhere working for some prick who's taking full advantage of your situation.

This is by design. The Corps like this because it gives them an exploitable resource for cheap labor or hassle free experimentation subjects.

As for SINS in general they need to become less complicated, not more. The way licensing works in this game is ridiculous. It all needs to be rolled into one thing, whether it be the SIN or the lifestyle.

Also, SINS as they currently stand are burned way too easily. As a rating 6 SIN is the best you can get it really needs to be nigh on bullet proof, especially given the cost.
Smash
QUOTE (Cain @ Jan 5 2015, 07:54 AM) *
The next is the ridiculous frequency of SIN checks. One of the examples in the SR4.5 book has a SIN being checked dozens of times as you walk down the mall. My solution for that was to simply ignore all casual checks-- if you have a fake SIN of any level, you automatically pass. It's only on a detailed check that you have to worry. When combined with the Rating 0 idea, this means you can easily get something good enough to pay for a slurpee at the stuffer shack, but it won't hold if a cop or security guard runs your ID.


Agree mostly, but not with the rating 0 SIN. You are meant to be able to survive without one, it's just hard and doesn't involve needing to go to malls. I agree that the SIN checking has gone overboard in the setting. Short of going to a high lifestyle area it just shouldn't happen unless Knight Errant have some cause to do it manually.

QUOTE (Cain @ Jan 5 2015, 07:54 AM) *
Next is how easy it is to break a fake SIN. The SR5 rules are an improvement: it's Device x 2, vs a Threshold of the SIN. Since it's not an opposed test, there's less chance of a bad roll breaking a good SIN. Still, the odds are very high that a basic SIN check will blow an equal rating SIN. I would suggest dropping the test dice to just Device for standard security checks, and add Data Search for in-depth ones: the checkpoint guards won't have the time or skill to do a lot of digging, but if you're sitting on your heels at the police station, they're going to be trying a lot harder.


Pretty much agree with this as well. I also think scanner ratings need to be fleshed out more. Most checks should be done with low level scanners, even the cops should be using them. Government buildings, courts etc should be the only places rating 4+ ones should ever be used.
Redjack
QUOTE (Smash @ Jan 4 2015, 03:19 PM) *
This feel like one of those cases where the Dystopia of Shadowrun is being lost.
Agreed. That's why a consumer SIN or as Cain appears to call it a r0 SIN, didn't go any further for me.
Cain
QUOTE (Smash @ Jan 4 2015, 01:19 PM) *
This feel like one of those cases where the Dystopia of Shadowrun is being lost.

Being SINless is supposed to suck! You live in the barrens or worse are locked up in some archology somewhere and issues a criminal SIN. You don't participate in the normal economy, you participate in an underground economy driven through scavenging and crime. At best you might get a job somewhere working for some prick who's taking full advantage of your situation.

Yes, but playing a game should not suck.

Shdowrunners fall into the adventurer mentality: they're not Average Joes, they're something else. So, they get a small degree of plot immunity: no runner has to worry about a common cold, or random bank errors, or parking tickets. They get to ignore the everyday stuff.

Rating 0 SINs work on that principle. Shadowrunners are supposed to be survivors, professional deniable assets who protect their identity. It's reasonable to assume they have stored, or have access to, a few backup identities that aren't well fleshed out. It's not much, not enough to withstand any dedicated check, but it is good enough to get across town to your safehouse without being flagged for driving without a license.
Sengir
QUOTE (Redjack @ Jan 4 2015, 09:51 PM) *
My Shadowrun group was put off by the increase in price increases in SINs.

On the top end, I think the prices are OK. High-rated scanners guard places where the proles are not supposed to enter, if a way to get past those checks was within reach of the poor, the dystopia would suffer again.

On the low end, even the prices from 4th seem a bit high. 2000 • for an alphanumeric string containing a roughly matching height and age, without even the need to forge a physical document?

QUOTE
We noticed last night that "encryption" has been relegated to simply a firewall enhancement in SR5. Protected and archives now fill the space that one would think of for encryption. I guess where I'm going with this is that for the system to work, SINs have to have some level of security. I think we've expressed a vulnerability with fake and stolen SINs, but need to consider that the continual checks and cross checks make the system as a whole functional.

What I was getting at is how checking a SIN online would even work: The best thing they could do would be an R1 check, i.e. you sending some random number. Whether the size and sex of that number match would already be impossible to verify, unless you send a photo and they believe it's you...
Kyrel
QUOTE (Sengir @ Jan 4 2015, 11:39 PM) *
What I was getting at is how checking a SIN online would even work: The best thing they could do would be an R1 check, i.e. you sending some random number. Whether the size and sex of that number match would already be impossible to verify, unless you send a photo and they believe it's you...

Wouldn't that depend on just how the checking system is created? A Rating 1 system might only check that you have something that corresponds with a SIN number with the correct amount of digits and something that resembles correct data, but who's to say that a Rating 6 system doesn't include both a camera for visual comparison of the picture in the SIN, as well as a check of other biometric data like a handprint, retinal scan, and possibly a skin sample, all of which is then cross checked against half a dozen databases from various systems and databases? Also, another question is just how much information is stored on a SIN? And how much of it is checked by a given Rating X system? Your SIN might include various forms of historic information about you, meaning school history, criminal history, biometric information etc. Your fake SIN might well include all of the information, but if you crosscheck the different databases related to the various types of information, are all the things going to match up? Or is the system going to get a result that tells it that the person that went to school where your SIN says is a 66 year old male elf, while the person who got the parking ticket associated with your sin belong to a 21 year old male troll, and the medical data associated with your SIN belongs to a 32 year old male human who lives in Hong Kong for the moment? Even if you can't check that the person holding the SIN have the same biometric data that the SIN says, that doesn't mean that you can't discover other discrepancies through electronic means alone.
Cain
QUOTE (Sengir @ Jan 4 2015, 02:39 PM) *
What I was getting at is how checking a SIN online would even work: The best thing they could do would be an R1 check, i.e. you sending some random number. Whether the size and sex of that number match would already be impossible to verify, unless you send a photo and they believe it's you...

If you want to go realistic: it's the start of the month, so I'm paying all my bills. I just got new internet, so I had to put in my credit card info to pay online. They had never seen my card before, but apparently, the first time I put it in, I mistyped it. The system turned red in a few places, said I had put in an invalid card number. Now, this was all *before* I actually clicked on "pay now", so apparently not only did the computer run a check before I approved the payment, it ran it against every possible credit card, and discovered that the mistyped one didn't belong to me, or possibly anyone else.

Now, SINs in Shadowrun contain a lot of information baked in: your date of birth, name, sex, place of birth, that sort of thing. Apparently, that's all encoded into your number, kind of like how the office of issue is encoded into your SSN. Washington State does a similar thing with driver's license numbers; if you read it, you can figure out their birthdate and sex. So, if you send some random number, anyone who knows what to look for will know it's a fake. And the return information will likely not only include a name, but your sex, metatype, and a picture. Even on a R1 check, if you're a male dwarf, and the SIN is written for a female troll go-go dancer, the picture will give it away.
binarywraith
Actually, it's because there's an algorithm that each major card issuer (Visa/Discover/Mastercard/AmEx) uses to generate their card numbers, and a single digit off is usually not going to create a valid card number. This is also why a given form can often tell you which type of card you're using by number alone.
Cain
QUOTE (binarywraith @ Jan 4 2015, 05:23 PM) *
Actually, it's because there's an algorithm that each major card issuer (Visa/Discover/Mastercard/AmEx) uses to generate their card numbers, and a single digit off is usually not going to create a valid card number. This is also why a given form can often tell you which type of card you're using by number alone.

Same thing, though. A SIN is supposed to include your birth date, name, etc. It's part of the algorithm in generating it in the first place. So, a random string of numbers isn't going to come back as a valid SIN.
Bertramn
I am thinking of a system which takes the SIN mechanic to the extreme.

Does Paranoia have something one could use?
Or do you guys know of any other RPG systems which handle this identity issue?

My pet thought project, Shadowrun 2100, could use an elaborate mechanic for something like that.
Sengir
QUOTE (Kyrel @ Jan 5 2015, 12:20 AM) *
Wouldn't that depend on just how the checking system is created? A Rating 1 system might only check that you have something that corresponds with a SIN number with the correct amount of digits and something that resembles correct data, but who's to say that a Rating 6 system doesn't include both a camera for visual comparison of the picture in the SIN, as well as a check of other biometric data like a handprint, retinal scan, and possibly a skin sample, all of which is then cross checked against half a dozen databases from various systems and databases?


QUOTE (Sengir @ Jan 4 2015, 08:55 PM) *
Fluff implies that SINs work over the Matrix, where biometric checks obviously do not work, unless the other side believes that the image of a fingerprint you sent over is really scanned from your finger. Digital certificates and stuff would also be a very weak protection, since encryption in SR is fundamentally broken. So, how to handle anything more discerning than the equivalent of an "Of course I'm over 18" button?



@Cain
QUOTE (Cain @ Jan 5 2015, 04:33 AM) *
Same thing, though. A SIN is supposed to include your birth date, name, etc. It's part of the algorithm in generating it in the first place. So, a random string of numbers isn't going to come back as a valid SIN.

On an R1 scanner it might, since that kind of check only tests if you can provide any number that looks like a SIN. An R2 scanner does a "basic redundancy check", which I assume means something like a Cyclic Redundancy Check, or the Mod 10 checksum used for card numbers

A problem with that is that the description implies that a SIN which has a correct checksum (presumably already at R1, because otherwise it would not encode random height and sex but nothing at all) would always get past an R2 scanner...
Shemhazai
I generally like the SIN rules, but I would change a few things.

Sengir has just made a good point. That's how the rules logically read.
Smash
QUOTE (Cain @ Jan 5 2015, 09:04 AM) *
Yes, but playing a game should not suck.

Shdowrunners fall into the adventurer mentality: they're not Average Joes, they're something else. So, they get a small degree of plot immunity: no runner has to worry about a common cold, or random bank errors, or parking tickets. They get to ignore the everyday stuff.

Rating 0 SINs work on that principle. Shadowrunners are supposed to be survivors, professional deniable assets who protect their identity. It's reasonable to assume they have stored, or have access to, a few backup identities that aren't well fleshed out. It's not much, not enough to withstand any dedicated check, but it is good enough to get across town to your safehouse without being flagged for driving without a license.


The whole point of becoming a runner is to find a way out of the sucktitude of being SINless. It's not meant to just be a vocation of choice. It's not like runners say "You know what Chartered Accountant would be boring as shit, I'm going to become a Street Samurai!" I think that's something that 4th and 5th edition have let slide, hence my statement on Dystopia being lost. Now that's not to say that you can't have a runner that's just a disenfrachised youth if that's what you want, but that's not the primary driver, especially in the earlier settings.

With an E in resources you can start with a R1 SIN and a months low lifestyle. Sure you might not have much else, but that's why you're becoming a runner right? If you choose not to have a SIN then you're eeking out a living in the Barrens with a street or squatter lifestyle. Neither of which I think require (or should require) as legal SIN.
Draco18s
Again, that's where the fundamental disconnect between the setting and rules is. Per the rules if you do not have a SIN, any SIN, driving a car and getting food become impossible.

Not because doing so is illegal without a SIN, but because per the rules, you should be outright arrested for trying. Not accosted but thrown in lockup. Which breaks down if 30% of the world's population is SINless: there'd be no room to hold them.

Ergo, either:
a) its not impossible to get food without a SIN
b) its not impossible to get a (fake) SIN
binarywraith
No room to hold them, and who's going to bother arresting them when you just have to feed and shelter them after? I mean, 15% criminal SIN tax on the absolutely zero money they make is poor return on investment, not to mention the costs of paying KE or the Star to pick 'em up and process 'em.
Smash
QUOTE (Draco18s @ Jan 6 2015, 10:48 AM) *
Again, that's where the fundamental disconnect between the setting and rules is. Per the rules if you do not have a SIN, any SIN, driving a car and getting food become impossible.


Driving a car would be hard, but I think your assumption that you can only get food from registered businesses is not a particularly plausible one.

QUOTE (Draco18s @ Jan 6 2015, 10:48 AM) *
Not because doing so is illegal without a SIN, but because per the rules, you should be outright arrested for trying. Not accosted but thrown in lockup. Which breaks down if 30% of the world's population is SINless: there'd be no room to hold them.

Ergo, either:
a) its not impossible to get food without a SIN
b) its not impossible to get a (fake) SIN


This is why (In Seattle at least, there are the barrens. It's a place the illegals can live and the government doesn't have to do anything about it. Wasn't the government herding them all into one of the archologies at one stage?

There's be plenty of businesses that don't care and just fudge transactions (credsticks are as good as cash afterall). Alternatively I imagine there are black markets for everything in this Dystopian setting. The barrens would be full of little markets driven by trade of good that fall off the back of trucks or that are grown locally. Thinking of this, I assume that this is how most Shadowrunners source their gear anyway. I never imagined that they're getting their military grade weapons from Wallmart or their used cyberware.
Cain
QUOTE (Sengir @ Jan 5 2015, 05:42 AM) *
@Cain

On an R1 scanner it might, since that kind of check only tests if you can provide any number that looks like a SIN. An R2 scanner does a "basic redundancy check", which I assume means something like a Cyclic Redundancy Check, or the Mod 10 checksum used for card numbers

A problem with that is that the description implies that a SIN which has a correct checksum (presumably already at R1, because otherwise it would not encode random height and sex but nothing at all) would always get past an R2 scanner...


The problem is that a SIN is more complicated than that, nor do we know what information goes into a SIN check. So, let's say that when you slot your ID, you also have to add some personal information-- maybe use your birthday as a PIN. If that doesn't line up with the numbers in the SIN, you're auto-flagged. And not all runners would know that, there's plenty of people in Washington state who don't know what goes into their driver's license number.


QUOTE (Smash @ Jan 5 2015, 02:53 PM) *
The whole point of becoming a runner is to find a way out of the sucktitude of being SINless. It's not meant to just be a vocation of choice. It's not like runners say "You know what Chartered Accountant would be boring as shit, I'm going to become a Street Samurai!" I think that's something that 4th and 5th edition have let slide, hence my statement on Dystopia being lost. Now that's not to say that you can't have a runner that's just a disenfrachised youth if that's what you want, but that's not the primary driver, especially in the earlier settings.

Actually, that's absolutely not true.

There are many reasons why someone might become a shadowrunner. In fact, there used to be one called the "Chromed Accountant"; he showed up in lots of shadowtalk, and he was indeed an ex-suit. Dirk Montgomery was one of the first characters in Shadowrun, and he was an ex-corp employee who left because of corruption in his company. Sam Verner *was* the first character to become a shadowrunner in Shadowrun fiction, and he was a Renraku wageslave, complete with SIN. There's lots of others going back that far. They became voluntarily SINless, getting high powered deckers and fixers to delete them from the SIN database.
Shemhazai
QUOTE (Cain @ Jan 6 2015, 08:20 AM) *
The problem is that a SIN is more complicated than that, nor do we know what information goes into a SIN check. So, let's say that when you slot your ID, you also have to add some personal information-- maybe use your birthday as a PIN. If that doesn't line up with the numbers in the SIN, you're auto-flagged. And not all runners would know that, there's plenty of people in Washington state who don't know what goes into their driver's license number.

Software, even if it's cut off from the Matrix, can determine name, age, date of birth, city of birth, and issuing nation. This means that a fake SIN can be spotted if this data is obviously wrong. The rules talk about age, nationality and sex not matching, so gender must be in there somewhere, because it exists even when there is no supporting (online) data. The nationality not matching doesn't make sense to me. Who's to say I'm not whatever nationality the SIN says? It would make more sense if it were ethnicity or metatype. I would also change the wording so that the issuer can be a megacorp, not just a nation.

I think a hacker should be able to write a script to extract the embedded info from a given SIN, and determine if a SIN is mathematically valid. Would that negatively impact the game? Should the algorithm be a well-kept secret?

The system has biometrics on file. The rules discuss external supporting data and history as well. These are basically database lookups as you described. Higher rating devices can instruct the system to check for conflicts and to externally verify at random.

The "no food and no walking down the street" part I would also change. I can see a few reasons why people might want it: end times Biblical prophecy (Rev. 16-17), commentary on eroding privacy, grittier dystopia, or my favorite, opportunities for drama like the films Minority Report (where the main character got his eyes replaced by a street doc so he could roam freely) or The Net. (Oh noes, I've been DELETED!)

When I first heard of the SINless, it evoked a powerful image of people who somehow fell through the cracks but were freer despite the hardship. The definition now includes a significant part of the population. I think the game world as a whole is better with SINless people being relatively rare.
Cain
QUOTE (Shemhazai @ Jan 6 2015, 12:17 AM) *
Software, even if it's cut off from the Matrix, can determine name, age, date of birth, city of birth, and issuing nation. This means that a fake SIN can be spotted if this data is obviously wrong. The rules talk about age, nationality and sex not matching, so gender must be in there somewhere, because it exists even when there is no supporting (online) data. The nationality not matching doesn't make sense to me. Who's to say I'm not whatever nationality the SIN says? It would make more sense if it were ethnicity or metatype. I would also change the wording so that the issuer can be a megacorp, not just a nation.

I think a hacker should be able to write a script to extract the embedded info from a given SIN, and determine if a SIN is mathematically valid. Would that negatively impact the game? Should the algorithm be a well-kept secret?


The question isn't the decker who makes the fake SIN, the question is the SINless schlub using it.

If the fake SIN is any good (at least rating 1) all the data has to make sense. It can't list one birthdate in the data, and another in the number itself, for example. That means whatever formula is used to derive the SIN must be known to the person who made it.

But, that doesn't mean Ted the Troll, who buys that SIN off someone, knows that information. So, if he uses the SIN, and it asks for routine information like his birthdate as a PIN, he'll get flagged right away. Ted might not know the birthdate encoded into the SIN, or might forget it.

QUOTE
The "no food and no walking down the street" part I would also change. I can see a few reasons why people might want it: end times Biblical prophecy (Rev. 16-17), commentary on eroding privacy, grittier dystopia, or my favorite, opportunities for drama like the films Minority Report (where the main character got his eyes replaced by a street doc so he could roam freely) or The Net. (Oh noes, I've been DELETED!)

When I first heard of the SINless, it evoked a powerful image of people who somehow fell through the cracks but were freer despite the hardship. The definition now includes a significant part of the population. I think the game world as a whole is better with SINless people being relatively rare.

There are people today who are kind of "off the grids"; they don't have bank accounts, credit cards, or smartphones, any of that. They exist in a weird limbo: some of them have legal ID, so they can work, but they operate in a cash economy. Some people live here by choice, others because they're forced to-- I did for a while, I got into trouble and was not able to have a bank account for a few years.

Anyway, that's how I picture the SINless living. It's a life that's hard to imagine if you don't live it-- you're a slave to the check cashing places, you can't shop online without buying a prepaid card, that sort of thing. In order to purchase things online, you need a way to convert what you have into something they'll accept, which is harder than it sounds. I picture a lot of bartering going down, plus a lot of simulated ID's being used-- prepaid credit cards, for example, can double as an ID in a pinch.
Sendaz
I see the SINless doing a lot of trading/bartering with each other as well as the one or two souls who have connections with a SIN type or their own SIN who can run in to the better areas and get stock.

Not too unlike how back in Everquest you would have guys from opposite faction (like say a troll) who would stand just out of the aggro range of the NPC guards of a human controlled city (instant death if the troll went in) and bought food from other players who could go in and get supplies for them (at a small profit).

So a Fake SIN should be obtainable, but not too easily otherwise why doesn't everyone just have a Fake one to do whatever, but again not astronomical for the low rating stuff that is little more than the equivalent of a badly made fake to go get booze with.
Bertramn
I do not like the disconnect after fourth edition,
between on one hand establishing the Crash 2.0,
which leaves millions SINless,
and on the other hand requiring everybody to have a SIN for any mundane action.

If the system required the SIN, why does the system not force SINs upon the SINless?
It is an authoritarian action, that falls well in line with the fluff.
In this scenario I might not be hindered in buying anything, if I am SINless,
but I might be arrested if the autorities catch me, and forcefully assigned a SIN.
The only data they could include in the SIN would be Metatype, Gender, 'Race',
looks, and DNA, but that is enough to start in my opinion.
To get privileges, like better chances of getting a job in the Sinner world,
one would have to provide data, like a birth certificate, and diplomas and such.
SINless could still exist in the Barrens, where the authorities do not reach,
without being registered at all.

As I said, I would love to take the concept further.
In my example of 2100, while a SIN could be required for certain actions,
that might work just as well the other way around.
If I have a skillfully faked SIN with attached investigative privileges bestowed by Ares Macrotechnology,
I could probably beat up people on the street for 'interrogation purposes',
and not be further hassled by Knight Errant officers, after they check my SIN.

It would be friggin' awesome,
and it fits in great with the theme of: SINner; SIN; SINless, being a play on the screwed-up ethical situation the SIN imposes.
Shemhazai
QUOTE (Cain @ Jan 6 2015, 09:54 AM) *
The question isn't the decker who makes the fake SIN, the question is the SINless schlub using it.

If the fake SIN is any good (at least rating 1) all the data has to make sense. It can't list one birthdate in the data, and another in the number itself, for example. That means whatever formula is used to derive the SIN must be known to the person who made it.

But, that doesn't mean Ted the Troll, who buys that SIN off someone, knows that information. So, if he uses the SIN, and it asks for routine information like his birthdate as a PIN, he'll get flagged right away. Ted might not know the birthdate encoded into the SIN, or might forget it.

I think you've answered my question.

First, I wasn't talking about deckers generating SINs, but instead going by the SIN theft model discussed earlier in the thread. I now think that neither should be allowed. I would hope that when you buy a SIN you at least know its basic info.

By the rules, level 1 SINs don't have any supporting data (online data). They only have data embedded in the number itself, and it's just some random person. I'm not really feeling the birthdate PIN idea. Higher rating devices can already externally verify random information (other databases with corroborating information about the SINner), or check biometrics on the spot.

As for whether or not the SIN generation or data extraction algorithms are public knowledge, it seems to me that those would enable hackers to not only do what the authorities can do, which is get the embedded info out of a SIN, but also trivially create at least rating 2 SINs with matching age, gender, and race. These shouldn't be allowed. Maybe if it consumed vast computational power to generate a working SIN on the fly, or (strong) cryptography were somehow involved to make it much harder to crack SINs...

If simple SIN theft were an option, it seems like it would be too easy to phish or pharm real ones out of the air, even to sell them on underground markets.
Sengir
QUOTE (Cain @ Jan 6 2015, 08:20 AM) *
The problem is that a SIN is more complicated than that, nor do we know what information goes into a SIN check.

We know, because it's spelled out on page 368 of the core book, bottom left.


@Shemhazai: What's the problem if people can make up a crappy SIN which allows them to buy food, but nothing else?
Cain
QUOTE (Sengir @ Jan 6 2015, 12:34 PM) *
We know, because it's spelled out on page 368 of the core book, bottom left.

Unless there's something wrong with my pdf, that's the Reputation rules. nyahnyah.gif

I found the table you're looking for, though. The odd part is that it doesn't actually seem to do anything, it's just a fluff description-- it looks like a bunch of technobabble to me. They use "redundancy check" at least twice, but what does that actually mean? They check the same information more than once? More than one database?

Even Rating 1 checks are too vague. All it says is: "Do you have a SIN?"-- what does that mean, exactly? Do you just say "Yes, Mr. Bartender, I do!" and you're good? Wouldn't you need to run it, at least minimally, just like the above section suggests?
Tymeaus Jalynsfein
QUOTE (Cain @ Jan 6 2015, 02:51 PM) *
Even Rating 1 checks are too vague. All it says is: "Do you have a SIN?"-- what does that mean, exactly? Do you just say "Yes, Mr. Bartender, I do!" and you're good? Wouldn't you need to run it, at least minimally, just like the above section suggests?


I would have thought that was pretty obvious... smile.gif
It means that the Rating 1 Verification Device only looks to see if the SIN number makes sense (and will check absolutely nothing else). Even with a R6 SIN, it will never be checked beyond that particular data point.
Cain
QUOTE (Tymeaus Jalynsfein @ Jan 6 2015, 01:56 PM) *
I would have thought that was pretty obvious... smile.gif
It means that the Rating 1 Verification Device only looks to see if the SIN number makes sense (and will check absolutely nothing else). Even with a R6 SIN, it will never be checked beyond that particular data point.

That makes no sense, for a variety of reasons.

First of all, if all it checks is that a SIN makes sense, you can still get a lot of wild (but possible) responses, like how the troll was actually born in Nigeria in 1986.

Second, it means no one is checking backup security points, like a PIN or CCV number.

Third, it assumes no credit checks, which either means you can't use to it buy anything, or identity theft is a huge booming field. An old homeless trick with stolen credit cards was to run around to McDonalds and buy 24.99 worth of stuff. That's because their system doesn't require a PIN for purchases under $25. I won't go into how that can become cash, but basically there's ways to bleed someone dry even when there's a good system of checks in place.
Smash
QUOTE (Tymeaus Jalynsfein @ Jan 7 2015, 08:56 AM) *
I would have thought that was pretty obvious... smile.gif
It means that the Rating 1 Verification Device only looks to see if the SIN number makes sense (and will check absolutely nothing else). Even with a R6 SIN, it will never be checked beyond that particular data point.


Agreed. Most businesses will be checking SINs only to the point that they exist. I wouldn't even think that they check any of the info (at least for the sale of non-restricted goods). It would be purely for taxation and transaction record keeping. Some, where it would be easy to fudge would ignore the SIN check anyway where possible ("Yep, 2000 burgers were wasted this month", cash goes straight into manager's pocket).
Redjack
QUOTE (Cain @ Jan 6 2015, 04:14 PM) *
That makes no sense, for a variety of reasons.
To the contrary, it makes perfect sense to some of us.
QUOTE (Cain @ Jan 6 2015, 04:14 PM) *
First of all, if all it checks is that a SIN makes sense, you can still get a lot of wild (but possible) responses, like how the troll was actually born in Nigeria in 1986.
Its not looking at any of those extranious details. Its only looking to see that the fake SIN has the data element of SIN, not birth date, sex, race, etc.
QUOTE (Cain @ Jan 6 2015, 04:14 PM) *
Second, it means no one is checking backup security points, like a PIN or CCV number.
Agreed.
QUOTE (Cain @ Jan 6 2015, 04:14 PM) *
Third, it assumes no credit checks, which either means you can't use to it buy anything, or identity theft is a huge booming field
A bank account is not the same as a identification (SIN).
Sengir
QUOTE (Cain @ Jan 6 2015, 10:51 PM) *
Unless there's something wrong with my pdf, that's the Reputation rules. nyahnyah.gif

Might be that I still have the old release on this device.

QUOTE
I found the table you're looking for, though. The odd part is that it doesn't actually seem to do anything, it's just a fluff description-- it looks like a bunch of technobabble to me. They use "redundancy check" at least twice, but what does that actually mean? They check the same information more than once? More than one database?

Even Rating 1 checks are too vague. All it says is: "Do you have a SIN?"-- what does that mean, exactly? Do you just say "Yes, Mr. Bartender, I do!" and you're good? Wouldn't you need to run it, at least minimally, just like the above section suggests?

You know that feeling when a discussion seems to repeat itself? http://forums.dumpshock.com/index.php?show...t&p=1306397
Shemhazai
QUOTE (Sengir @ Jan 6 2015, 09:34 PM) *
@Shemhazai: What's the problem if people can make up a crappy SIN which allows them to buy food, but nothing else?

A good question with a complex answer. There are trade-offs with various approaches, but I don't like the option of creating hundreds of low level SINs in a poor attempt to live under the radar. In short, my view of how the world should work includes buying fake SINs in the underground economy, even crappy ones.
Cain
QUOTE (Redjack @ Jan 6 2015, 02:36 PM) *
A bank account is not the same as a identification (SIN).

No, but in Shadowrun, apparently they're closely linked. Nobody carries cash anymore, and options like certified credsticks are apparently rare.

On top of that, right now credit cards are being used as a sort of backup ID. There are places that require both a credit card and conventional ID, even if they accept cash. I was on vacation for Christmas, and both of the hotels were like that. I know some rent a car places have a similar policy.

Since a SIN is required to purchase anything legally, it's not a stretch to say it's linked to most of your credit cards and bank accounts. It means you don't need to carry a separate debit card, credit card, cash, driver's license, and account numbers-- it's all handled with the same ID, which fits the Shadowrun SIN fiction. However, it also means that identity theft is serious business, since if I can forge someone else's SIN, I'll have access to their entire financial life.
Smash
QUOTE (Cain @ Jan 7 2015, 12:13 PM) *
Since a SIN is required to purchase anything legally, it's not a stretch to say it's linked to most of your credit cards and bank accounts. It means you don't need to carry a separate debit card, credit card, cash, driver's license, and account numbers-- it's all handled with the same ID, which fits the Shadowrun SIN fiction. However, it also means that identity theft is serious business, since if I can forge someone else's SIN, I'll have access to their entire financial life.


Which is probably why it shouldn't be in the game. Your SIN gets burned your resources get burned or alternatively I now need yet another level of complexity on SIN management in game that desperately needs less.
Redjack
QUOTE (Cain @ Jan 6 2015, 07:13 PM) *
Since a SIN is required to purchase anything legally, it's not a stretch to say it's linked to most of your credit cards and bank accounts.
Not saying that it isn't. Only making the point that stealing someone's SIN does not automatically mean you've also stolen their bank accounts.
Sengir
QUOTE (Cain @ Jan 7 2015, 02:13 AM) *
No, but in Shadowrun, apparently they're closely linked.

The combination of my name and address is also linked to a lot of other information. But that does not mean every place which asks you to provide a name and address performs of thorough check of this identity. Just think of the countless online registration forms which require an name and address, unless it's needed for shipping or billing you can (and should) register as Damien Knight of 1600 Pennsylvania Avenue and nobody cares.

QUOTE
On top of that, right now credit cards are being used as a sort of backup ID. There are places that require both a credit card and conventional ID, even if they accept cash.

I'd say that is rather a feature of the sorry state of US identification means wink.gif
Cain
QUOTE (Sengir @ Jan 7 2015, 05:19 AM) *
The combination of my name and address is also linked to a lot of other information. But that does not mean every place which asks you to provide a name and address performs of thorough check of this identity. Just think of the countless online registration forms which require an name and address, unless it's needed for shipping or billing you can (and should) register as Damien Knight of 1600 Pennsylvania Avenue and nobody cares.

No, but that goofiness stops the moment you're supposed to pay for something online.

According to SR5, a SIN is "linked to every piece of information about them in the Matrix"-- which would include bank accounts, among others. By providing your SIN, you don't just give someone your address and phone number, you give them your entire credit history, every legal transaction you've ever done, all your medical records, the works. This system cannot work if identity theft is a big deal. And, apparently it's not-- it seems to be easier to create a totally false SIN than hack someone else's, for example.

Anyway, not only does a SIN link to all your information, in some cases it's all you need to access that information (or money). There's an example in one of the books about wifi purchases-- you just throw what you want into a bag, and walk out. The wifi detects your purchases and your SIN, bills you appropriately, and off you go. It's kind of like the paypoint card readers-- you don't need a PIN, the physical card is enough. In this case, just broadcasting the right SIN is enough--but that only works if the SIN itself is very very secure.
Redjack
QUOTE (Cain @ Jan 7 2015, 07:57 AM) *
According to SR5, a SIN is "linked to every piece of information about them in the Matrix"-- which would include bank accounts, among others. By providing your SIN, you don't just give someone your address and phone number, you give them your entire credit history, every legal transaction you've ever done, all your medical records, the works. This system cannot work if identity theft is a big deal. And, apparently it's not-- it seems to be easier to create a totally false SIN than hack someone else's, for example.
I'm really not sure if you're being purposefully obtuse here or not, but "linked" and "combined" do not mean the same thing. My social security number is "linked" to all my financial records but obtaining it does not grant you access to query all my financial records.

You are derailing this conversation and I would prefer that not happen...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012