[Reaver]

I think the issue here is what type of check is happening...

And the rules from 4/5e are not really clear here.

Basically what is supposed to happen is the level of the check is related to the size of the purchase, much like it is in real life....

Consider the last few (big and small)  purchases I have made recently

A Pizza ($25)
A Computer ($2100)
A Pistol ($550)
A condo ($540,000)

For the Pizza, I just presented my bank card, entered my PIN, and boom done... no issue...
This is a basically a raiting 1 SIN scan... It is a small purchase, there is no need for valuable information to be exchanged. I just provide a bank account number (the card) and the PIN to the account, and the bank is happy...

When I bought the Computer I put it on my Visa card. I simply showed my card, the dealer swipes it, I entered the PIN for the card (because the purchase was over $1000).... and away I go.
This is basically a rating 2 scan... Why? Because to get the Credit Card, I had to provide Visa with my financial information to prove I could cover my purchases before they would issue my a card, They also put a purchase limit of the card, that IF a purchase over a set amount was made, a PIN was required...  (at my asking, I've had credit card fraud in the past)

When I bought the Pistol, I paid cash. But I still had to present my FAL/PAL license, my driver's license, and submit to a criminal background check.... (again)
This is probably close to a rating 4 scan, as I had to provide multiple sources of reference, And those references themselves had requirements to be met before they could be issued as well...

When I bought the Condo, I got a 5 year mortgage and paid 15% down. However, I had to submit 5 years of financial data to the mortgage company, along with my Social security number, bank account statements, a letter from my bank, my driver's license, and my current residence....
This is probably a rating 5 scan by Shadowrun standards, as I had to give multiple verified, 3rd party reports to get approval for the condo mortgage.



As the value of the purchases went up, or as other laws came into play (Canadian gun laws), more and more stringent checks were placed on my purchases.... Mostly has the "responsibility" and consequence of the purchase went up....

The same is supposed to be true in Shadowrun.... They just left all this out when  they cut out credsticks....





 

[Reaver]

an other thing to consider with the GSINR doing the checks for security is the delay (as I mentioned before) in processing the infomation for a random door check, VS what you are actually asking the system for.

Yes the GSINR knows who is who and who they work for... but they is pretty much it...

Yes, Toby Hooper is an employee of Neo-net, yes he is a Bioinformatics specialist (as determined by his educational credentials), and yes hi lives at 12-1001 Nowhere St. (as by his rental agreement).


But what is NOT stored in those records is that Toby Hooper has access to Room #131 and Room #454 AND floor 4 of the Neo-net Seattle hasting and Bloor St building... Or any other buildings and rooms that he may have access to....


AND, If you are Neo-Net, do you really want the (probably) hundreds of people who are making and editing SIN entries to know this? Especially when you HAVE TO (as per SIN protocols dictated by the CC) Share ALL this info with EVERY GSINR database?

sounds like a prime extraction target list for every corp with access to the GSINR... which is every member of the CC...

"We need to step up our game in Medical Technology... Who does Shiawaise have working at their Washington medical Labs? Hmmm... Lilly Bunto... PhD, working in the advanced cellular repair labs by her access codes... lives alone... at 132-9867 45th street... Perfect, send a "recruiting team" to hire her..."
   

[penllawen]

ALSO snipped from the rules, was how the GSINR is run. As of 2047, SINs are controlled at 2 master points (the GSINR, and the original Country) with multiple backs ups everywhere. And their use, protocols for checks, record keeping and accessibility are dictated by the Corporate Court... ...

SINs don't behave that way because the Corporate Court doesn't want the to behave that way, as there is no advantage to the corps for them to act that way, and the increase in expenditures for the increase in SIN checks just open a fucking door, are frankly, asinine.
...
And that is an advantage to the Corporate Court how?

No, seriously. How is that an advantage to the Corporate Court? Its an advantage to the individual AA and AAA megacorps (of which there are dozens!)... But it offers no advantage to the Big 10 of the Corporate Court.
Industrial Espionage is business that ALL corporations play at, and the target of said Espionage is other Corporations....

By hoisting the costs of security checks to the  GSINR just increases the expense of the CC, while raising the security of their competitors for a minimal (or worse, a REBATE!) cost to the Corporations. (If the cost of a private system of FOBs costs $1 million a year to run, but all the GSINR invoices for the "SIN system" you want is $200,000... WIN FOR THE COMPANY!).

None of the stuff about the GSINR or the Corp Court applies, as far as I can see. As you mentioned further up the quote above, all the SIN information is also held by the issuing corp, and I am specifically talking about AA/AAA corps and their employees here. So all that data can be at their fingertips, if they want it to be.

Let us return to Wally Wageslave, a faithful Renraku worker bee. Wally arrives at work, shuffles in through the lobby and elevator, grabs a soykaf, and goes through the Ultra Mega Security Checkpoint (UMSC) to go work on his Double Secret Valuable Project. Wally has, of course, a commlink with a persona that is broadcasting his Renraku-issued corp SIN.

Let's consider two scenarios for the UMSC.

Scenario A: Wally presses his thumb against a scanner. It takes the print, digitises it, hashes it, compares it to a list of allowed people that is stored on the UMSC (or on the host it is connected to, if you prefer). Wally's thumb is on the "you're cool" list. In he goes.

Scenario B: As Wally walks up, the UMSC examines his persona and records his SIN. Wally presses his thumb against a scanner. It takes the print, digitises it, hashes it, and sends it off to the Renraku SIN database. The SIN database checks the print matches and returns a yes; the SIN is valid and this print matches the records for the SIN. The UMSC checks Wally's SIN is on its "you're cool" list, and lets him in.

Scenario B is very bad for the game. It makes Shadowrunner's lives annoyingly hard (unless maybe you're running something ultra-black-trenchcoat, I guess, then you might enjoy this. I wouldn't.)

But I cannot see any in-game reason why Renraku aren't doing Scenario B. It can't reasonably take any longer to carry out the check; it's still just a thumbprint scanner and a database check. It's way more secure. It doesn't cost any more. It doesn't expose Renraku to any risks that I can see.

Sadly, it looks like this is an confusion caused by the change to the wireless matrix, and the poor matrix planning that went into 4e....

It 100% flows from the decision to have ubiquitous personas with SIN broadcasts, yes, I agree. From there, you have to make personas/SINs hack proof, or PCs start stealing bank accounts. But now you have an unhackable form of ID controlled by the corps that they can use to validate their workers, which causes knock-on problems that I believe are still unresolved.

[Xenon]

So I did a little research into the SINs....

Thanks for looking into this.

Yes, I am fully aware of the fact that different editions treat SIN differently. All text from all my posts are based upon how SR5 (specifically) treat fake SINs.

For example, in SR5 you don't need a SIN to have a high+ lifestyle. You can rent an apartment without having a SIN (but I think that perhaps you should need one). Your apartment will not be "burned" if your SIN is burned (but I think that perhaps it should, and in SRM I think it is - at least in 6th edition).

In 5th edition they only have certified credsticks (which are cash on hand that belong to the holder). This doesn't require a SIN (but it require that you have matrix access to the financial institute that certified the stick if you transfer money to or from the stick -- it is possible to forge certified cresticks with any amount of money that will show up when checking the balance, but as soon as you try to transfer money it will be obvious that you are trying to scam). In previous editions they also have credsticks that were linked to your bank-account (which required a SIN, as you described).

In 5th edition everything is wireless and you can still have a bank-account (or Credit Account as it is called in 5th) and it does, typically, still require a SIN (just that you don't get a physical object associated with the account, all transactions are handled via virtual transactions). Oh, and licenses require a SIN as well. Credit Accounts and Licenses are burned when your fake SIN is burned. But nothing else.... you are still the owner of all your electronic devices and firearms etc. Even if you bought them legally, which typically require validating your SIN (fake or otherwise).

Then there are a lot of public activities (public transportation, visiting libraries and museums, shopping, taking a taxi etc) that typically require that you have a SIN, but it doesn't seem to matter which SIN you use or if you use a fake SIN or not (at least as long as the SIN verification believe you are a legit citizen). And there is also a criminal black market that often supplies many of the same services without requiring a SIN and that accept certified credsticks as payment.




Also, to continue my previous post....

If SIN verification units draw blood each time they checked if the SIN is fake or not then there should be a game mechanic that would automatically burn fake SINs if you failed to provide matching DNA. There is no such game mechanic. Which seem to suggest (at least to me) that blood is not drawn while doing SIN verification.

If SIN verification instead just cross reference various financial transactions and checking the existence of various biometric data and cross referencing that the same data is stored in both the national and the central registry database etc (to see if the integrity of the SIN is high enough to be considered a legit SIN) then it would make sense that the game mechanic is based upon the rating of the SIN verification unit and the rating of the fake SIN. And this is exactly what the existing game mechanics are doing(!)

You might not be giving them a bag, but fake fingerprints are possible at this point. This video shows how you can copy fingerprints using ...

Shadowrun have extensive rules on how to beat different sensors and scanners.

remove case and tampering with the works (p. 363)
maglock passkeys (p. 448)
keycard copier (p. 447)
use prints of an authorized user (p. 364)
cellular glove molder (p. 447)
retinal duplication (p. 453)
using a recording (p. 364)
voice modulator (p. 452)
DNA enzyme bath (p. 364)
prosthetic makeup and biosculpting (p. 364)
etc.
etc.

This is not the issue.

What I mean is that high rated fake SINs that come "with samples" does not come with samples that YOU are supposed to show to a SIN verification unit. Instead they come with a "set of biometric data including DNA, retinal scan, and fingerprints" logged in on-line databases. Fake SINs that have this level of detail make the fake SIN seem very real. It is very hard to distinguish fake SIN of this level from a real SIN. Fake SINs of this rating will probably pass an integrity test even from a very high rated SIN verification unit.

What I mean is that the SIN verification unit is asking for your SIN (not your fingerprints!). And then it check the integrity of that SIN (not that your fingerprints are tied to the SIN, but rather that if the SIN have complete financial records as well as logged fingerprints on-line then the integrity of the SIN is very high and odds are the SIN is not fake). If it pass the check then the SIN verification unit will report that the SIN is not fake and the the subject is a legit citizen.

Scenario B is very bad for the game. It makes Shadowrunner's lives annoyingly hard (unless maybe you're running something ultra-black-trenchcoat, I guess, then you might enjoy this. I wouldn't.)

Agreed!

But I cannot see any in-game reason why Renraku aren't doing Scenario B.

If you want it to work this way then that is also possible.
Check my previous post for suggestions on how to resolve it (perhaps it would fit in your matrix rewrite?)

(I would not recommend it though)

[Reaver]

None of the stuff about the GSINR or the Corp Court applies, as far as I can see. As you mentioned further up the quote above, all the SIN information is also held by the issuing corp, and I am specifically talking about AA/AAA corps and their employees here. So all that data can be at their fingertips, if they want it to be.

Sadly it does apply. GSINR is controlled by the corporate Court. They dictate what is stored on the SIN, how it is stored, what is included in the SIN and what is omitted. While Renraku may maintain their own SIN registry, they still have to comply with the standards set by the corporate court, or risk losing access to the GSINR and be solely reliant on their own network.

And considering the topographic framework of the interconnected Matrix, and the vast role that SINs play in commerce in the 2070s+, that is not feasible.

Think of it like the Google/Apple Store Terms of Service. You can use their Store fronts to sell and buy anyone peoducts, but if you break the TOS, you are removed... SAme thing here. If you don't comply to the GSINR, you lose access to it... And that is not something any one can afford.

The two major other reasons are Time and  Security.

Time
We have no idea how long it takes to run a informatics search in the GSINR. All that we do know is that the higher the rating of the scanner, the better the scan, and the longer it takes. We know that running a "deep scan" at a police station (rating 6+) takes hours.
So, does asking for a finger print informatics return take 1 second? Or 1 hour?

If its a second, great...

If its 30 seconds...   that's a LOT of lost productivity over the course of a year when you factor in everyone....

If its 1 minute... well... now your system is fallen apart as no one is going to use it on the ground level and will be defeated by the users.
("Don't let that fucking door close!!! I am not standing here for a gawddamn minute while 'IT' figures out I'm me! I have to Piss NOW!!!")

This is something we just can't answer. But we can guess at that its "longer than near instant"

Security
The GSINR undergoes BILLIONS of additions, edits, changes, corrections, and modification every second, as ownership and currency exchanges hands around the world. Which means the Renraku database also undergoes BILLIONS of additions, edits, changes, corrections, and modifications every second as it keeps as current as it can tot he changing wealth and infrastructure of the world.

THAT is not secure.

Add to the fact, that the Registry is also under the direct control of separate entity (the CC), who have ownership level control over the system. The Grey and Black markets that seem to have access to the registry to the level of being able to inact ownership level control (Rating 6 fake SINs)...
Its looking more and more like the vaunted "security" of the GSINR is not so great.... (OR, that event eh best system has holes...)

So basically, we have several dozen players (the CC, AA/AAA Corps, National Governments, Grey/Black market players) all who can "play" with the registry. (And the thousands of people this actually works out to be. Bureaucracy is a wonderful thing.)

How is that sounding more secure then a privately maintained card reader/Fob/bio scan?

you have the building you want protected. So you install an in house server(host) to handle the security devices. you have one point (ok, in the matrix world not so much) of entry for information (the in house server/host). All checks are handled on a simple Pass/fail between the device and the host, instead of relying on the device, to the GSINR to the host. 

Now, you only have a single host to protect your security system, and thus one place to look when a breach happens, instead of relying on a correct response from a known (security wise) compromised datastore and then relying on said compromised datastore to begin recovery.


In short,

From a security stand point, there are too many "fingers in the Pie" to rely on the GSINR as a security tool for the efficiency of daily security, as there are too many who could make catastrophic changes on a whim...

<Anyone else remember Big D's Will?>

the other question I have for you however....

"What happens when the GSINR returns a false negative?"

They happen... Most thumb scanners won't read the thumbs of people "who actually work for a living"   (by that, I mean most people in construction, yard workers, factory workers. Because we work with our hands on a daily basis with rough abrasive surfaces, our finger prints get worn right off, or get calloused over.)

[penllawen]

None of the stuff about the GSINR or the Corp Court applies, as far as I can see. As you mentioned further up the quote above, all the SIN information is also held by the issuing corp, and I am specifically talking about AA/AAA corps and their employees here. So all that data can be at their fingertips, if they want it to be.

Sadly it does apply. GSINR is controlled by the corporate Court. They dictate what is stored on the SIN, how it is stored, what is included in the SIN and what is omitted. While Renraku may maintain their own SIN registry, they still have to comply with the standards set by the corporate court, or risk losing access to the GSINR and be solely reliant on their own network.

I disagree.

SR5 pg 363, emphasis mine:

"A SIN is issued by a country or extraterritorial corporation (AA or AAA rating) at the time a person becomes a citizen. This is generally when a person is born “legally” in that country somewhere—a hospital, clinic, or maybe even at home with the assistance of a Renraku DulaDroneTM. A new SIN will be issued in the case of a change in citizenship. The SIN itself is a string of characters generated using some of the person’s vital statistics fed into an incredibly complicated mathematical algorithm. This guarantees that no two SINs will ever be the same. However, this means that anyone with access to the proper software, like law enforcement agents and other government officials, can know several things just by looking at the SIN: your name, birth date, place of birth, and nation that issued the SIN. A set of biometric data including DNA, retinal scan, and fingerprints will also be taken and logged into the system, associated with the newly created SIN. All of this information is then registered with two master databases: one maintained by the country that issued the SIN, and the Global SIN Registry (GSINR) controlled by the Corporate Court. These datastores are among the most secure on the planet, with multiple off-line backups for each."

If Renraku wants to answer the question "do these set of fingerprints match up with the ones recorded for this Renraku-issued SIN", it can do so via its own database, as it is the SIN issuer in question. It doesn't need to go anywhere near the GSINR. It doesn't need to ask the GSINR anything; hell, it doesn't even need to run the check on the GSINR if it doesn't want to. It can't do this for a UCAS SIN or an Ares SIN or a French SIN - but it can do it for a Renraku one, because it is itself the source of truth for all the information for Renraku issued SINs.

Hell, if Renraku wanted to gather some additional piece of biometrics - let's say a palmprint for the sake of argument - and store that in its SIN database, there's nothing stopping it from doing that either. Why would the GSINR care one way or the other?

Also note that biometric information isn't "stored in the SIN", as you suggest. It is stored alongside it, associated with it.

[Shinobi Killfist]

Other than turning a blind eye to this, what is the fix?  Seems like there needs to be a fundamental change to the SIN system so they aren't that hard to hack so hard and change the associated information to and that hacking them isn't the door to all their assets.

[Reaver]

Also note that biometric information isn't "stored in the SIN", as you suggest. It is stored alongside it, associated with it.

Now the system is most insecure.

All I have to do, is change the associated data entry to mine...

Now, because its not "on the SIN". only associated, My bio-informatics can get me into the Renraku facility, and when I present 'Wally's' (Faked) SIN but with MY actual bioinformatics (due to the association to my medical data), I'm in like Flynn!

What's that?

I  Can't do that as a shadowrunner?
You're right, I can't. BUT I can pay a black market specialist to do it, as they "do it all the time" (Rating 5 and 6 FAKE sins remember?)

[penllawen]

Other than turning a blind eye to this, what is the fix?  Seems like there needs to be a fundamental change to the SIN system so they aren't that hard to hack so hard and change the associated information to and that hacking them isn't the door to all their assets.

My best attempt so far was a few pages back. I think it's still pretty scruffy and definitely over-complex, and I certainly don't love it, but it's the best I've got so far that doesn't break the setting in any way I can find:

• Define "personas" as a digital shadow-self; you, in the Matrix. (Note this is distinct from the persona icon, the thing that you customise to look however you want. I think it's better to separate those terms. (Also, you can't customise your persona icon infinitely; IP law applies. If you want to persona to carry a Gucci bag, go to the Gucci host and pay for a legally licensed 3d model of one.))
• Personas initially boot up with no permissions at all.
• Personas contact various powerful hosts to say "hello, I am John. Please grant me the permissions to use John's car."
• The host does whatever checks it wants. If the user has DNI, these are some very difficult to fake challenge-response brainwave scans (basically, the host tells your DNI to poke your brain. Yes, that's scary sounding, on purpose.)
• If you lack DNI, you're back to using foolable stuff like retina scans and fingerprints. Your security is much worse. It sucks to be poor in Shadowrun. Get a datajack, loser. >> I believe this is the only major departure from RAW's mechanics.
• Higher security things, like the permissions for your car or your smartgun, will regularly re-scan your brainwave auth to confirm you are still you. This means stealing someone's persona when they use DNI isn't just a one-time hard thing, it's an ongoing process hard thing.
• If a persona every fails even one of these security checks, it hard locks out of everything at once - so if the Ford host is suddenly not sure you are you, you lose all your credentials to everything until you can reboot your commlink and sign back in. This is built into deep layers of Matrix protocols and is impossible to circumvent without hacking the hosts that run the permissions (which are typically very secure for most items). Yes, this sometimes misfires, and people sigh, and reboot. I like my tech to be at least as annoying and fallible in SR as it is in real life.
• If a persona ever appears on the Matrix twice - ie. a faked persona pops up and says "hey, I'm John" - the same hard lockout happens to both personas at once. "Personabombing" - making a crappy fake of someone's persona that does nothing but get them locked out a few seconds later - is a thing, albeit a thing that doesn't achieve much other than mild inconvenience.
• Similarly to users without DNI, users can also choose to download all their credentials onto their commlink and run entirely locally with no requirements to connect to any servers. Now all your stuff is only as secure as your commlink is ie. not much. Useful for people off-grid in the wilderness or intent on leaving no digital footprints at all, though.

Plus

It's not so much that, as it is "if this system has access to my brainwave data, then it can use it elsewhere to authenticate as me."

Oh, I have an answer for this, but I didn't make it explicit above. Don't think of the "brainwave scan" as a passive thing. Think of it as a challenge/response. The host uses your DNI to provoke some transient state in your brain, then measures how it reacts to that state - like tossing a particularly size and shape rock into a pool, and observing the resultant ripples. No two hosts use the same rock, so your credentials are unique to each host. This is a desirable goal within the universe, so I'm comfortable with the idea it would be built this way.

For extra dystopic fun, this process might be fleetingly noticeable to the user. A burst of synthesia, the sudden unprovoked smell of fresh ground black pepper, a vivid unprovoked recall of a childhood memory - who knows?

And

You're correct, if SINs and Personas are these perfectly unhackable/unspoofable then they should be the method every security checkpoint uses to validate IDs.  But they're not used that way for the same reason they're unhackable, arbitrary decision for desired game play options. 

I do have an idea here BTW (but I didn't want to lead with it because I didn't want to immediately shuttle the conversation down my own views.)

Re: security gates, I think it's quite reasonable that crudely spoofing someone's SIN (or their persona; the issues are very similar) might work briefly but not work long-term. So imagine I set my commlink to broadcast your SIN, which after all, is just a short string. Fine. But very shortly after that, some host somewhere is going to notice the duplication - that there's two different personas using the same SIN - and it'll start ringing alarm bells. Not long after that, any system using those SINs to do anything with will be alerted, and immediately start rejecting the SIN.

By "not long here" I'm thinking a few seconds.

So actually, you do have just about long enough to maybe get a security door open with your stolen SIN, but probably not do much of anything else. So that's why your corpsec doesn't use SIN verification; it can be cheated, just for a handful of seconds, and doors open faster than that. That's enough to give corpsec nightmares so they prefer their auth to live entirely inside their own architecture - so we're back to our beloved 80s keypads and swipecards.

[penllawen]

Also note that biometric information isn't "stored in the SIN", as you suggest. It is stored alongside it, associated with it.

Now the system is most insecure.

All I have to do, is change the associated data entry to mine...
..
You're right, I can't. BUT I can pay a black market specialist to do it, as they "do it all the time" (Rating 5 and 6 FAKE sins remember?)

Oh yes, this is certainly another way in which the setting is broken. It can't decide how secure the SIN databases are. One second they're the most secure on the planet; the next, you can sneak false data into them for a measly few k-nuyen.

[Reaver]

Other than turning a blind eye to this, what is the fix?  Seems like there needs to be a fundamental change to the SIN system so they aren't that hard to hack so hard and change the associated information to and that hacking them isn't the door to all their assets.

That depends.

What do you think the SIN is supposed to do?

If its just a collection of your identity and used as "tool of citizenship" like it is supposed to be. it works fine.

The moment you try to make it the "Be all and end all" of personal information and collection,
It breaks down pretty fast.


Hell, we can't even agree on who or how the GSINR is administered....

[penllawen]

That depends.

What do you think the SIN is supposed to do?

If its just a collection of your identity and used as "tool of citizenship" like it is supposed to be. it works fine.

The moment you try to make it the "Be all and end all" of personal information and collection,
It breaks down pretty fast.

I think this is the wrong way of looking at it.

The way I see it: the setting describes SINs as being capable of being the be-all-and-end-all of bulletproof identification, because it makes personas and their SIN broadcasts unhackable. Now I agree that this makes the game break down. But that's not because I tried to make them that way. The system did that to itself, as I believe I have demonstrated with repeated quotes from the 5e CRB.

[Stainless Steel Devil Rat]

I think it's important to recognize the distinction between Personas and SINs.  They are very much not the same thing.

We know SINs are hackable (admittedly, only by NPCs).  Any idea you have rooted in identity theft? That's probably SIN-related when you start putting it in game terms.

Your Matrix Persona is independent of any SIN(s) you happen to to be broadcasting.  Which is a good thing for Shadowrunners, since they tend to change their SIN as often as their clothing (or more often, in the case of Street and Squatter lifestyles...)

The two are not interchangeable concepts.

[Reaver]

That depends.

What do you think the SIN is supposed to do?

If its just a collection of your identity and used as "tool of citizenship" like it is supposed to be. it works fine.

The moment you try to make it the "Be all and end all" of personal information and collection,
It breaks down pretty fast.

I think this is the wrong way of looking at it.

The way I see it: the setting describes SINs as being capable of being the be-all-and-end-all of bulletproof identification, because it makes personas and their SIN broadcasts unhackable. Now I agree that this makes the game break down. But that's not because I tried to make them that way. The system did that to itself, as I believe I have demonstrated with repeated quotes from the 5e CRB.

But that's the issue.

They never before 4e (and then 5e), made SINs into this "Super uber, unhack able, admanatine fortress of solitude....
in fact, they point out all the time that they are not unhackable by the very existence of FAKE SINs right from the get go... (its just the Player can't hack them)


The impact of the SIN, while large, was mitigated by the separation of "Person" and "asset"....

Under the old SIN/Credstick system, one could not be a "Person", yet still have assets. And, one could be a "Person" yet not have assets.

in short, Your money and possessions  were not tied to a digital constructed architecture which in turn linked you to a digital identity....


THIS is where the major cracks in the system got introduced, when they did an edition and rules re-work of the matrix to fit in the "wireless Topography", and "digitize" the world and "simplify" the system....

Now, I not touching the Persona and Matrix issue with an 11 foot pole..
IMHO throw the entire fucking thing in the fucking fire where it deserves, as the unworkable poorly thought out fan fiction crap that it is....
Which prety much sums up my feelings of 4e matrix as  whole... (and carries over to 5 and 6e as well, just because its based off the unworkable shit stain that was 4e matrix rules... No offense to the current writers... One can not polish a turd.)


And really, THIS is the heart of your problem Penllawen...
Not SINs...
Not Personas...

The Matrix and its rules.
There are too many fiat reasons for the whys and hows, and not enough structure.


So basically,

SINs don't work that way, and Personas don't work that way.

Why? Because Fiat.

[penllawen]

I think it's important to recognize the distinction between Personas and SINs.  They are very much not the same thing....
The two are not interchangeable concepts.

Yes, that's true. Where I have conflated them above, I have done so only for brevity, on the basis they have very similar unhackable-for-game-reason superpowers. (With the exception of the very specific carveout for fake SIN creation.)