This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

My Sixth World

This is where I put stuff I’ve written about my campaign’s “fluff” - ie. the narrative and the fictional world.

How stuff works

SINs and licences

A brief overview of fake IDs in the Sixth World

Construction materials

What are household objects even made out of?

The big picture

Zooming all the way out

Social classes

The Haves and the Have-Nots


Keeping it punky

Tweaking Shadowrun's tech level

Trying to maximise the ‘cyberpunk feel’ by lowering the tech level

The (Wireless) Matrix

How the wireless Matrix works, from an in-game perspective

Overview of what is possible with these rules

Game scenarios these rules attempt to capture

Making the Matrix

What the Matrix is made of: the backbone and the local mesh; hosts and other icons

Matrix icons

How things look in the Matrix

The augmented everyday

How augmented reality works and feels

Hacking the Matrix

Bending the Matrix to your will

Symmetric entropy pools

Hack-proof encrypted comms… with a twist

Other stuff

Smaller bits and pieces, plot devices, etc

Comparing these houserules to Shadowrun 5e/6e RAW

A quick list of the simplifying assumptions I have made

1 - How stuff works

How things work!

SINs and licences

A brief overview of fake IDs in the Sixth World

Construction materials

What are household objects even made out of?

1.1 - SINs and licences

A brief overview of fake IDs in the Sixth World

In a society defined by the haves and the have-nots, the sharpest line between them is the possession of a System Identification Number or SIN. A combination of citizenship, a passport, voting rights, and taxation obligations, it gives you the ability to live and work legally. To be SINless is to fall outside the system on almost every measure - no governmental support, no right to employment or vote, unable to use public facilities or transit, constanlly turned away from shops and restaurants.

What a SIN is

SINs are issued by a wide variety of governmental and extra-territorial corporate entities. They can be granted by birth or by a similar process to obtaining citizenship. Sometimes, corps grant them to particularly desirable hires. Often, corps use the threat of revoking someone’s SIN to keep their workers in line.

Physically, a SIN is merely a string of alphanumeric characters. The only human-readable part of it is a prefix code indicating the issuing entity - country or corp - who owns and controls the SIN. What counts isn’t so much the SIN itself as the data associated with it in various online hosts and datafiles.

SINs are the de facto unique identifier in the Sixth World. They are tracked everywhere, both in person and in the Matrix. Every interaction and transaction you have can be tied to your SIN and tracked in some database - and almost all of them will be. Hence every SIN has, trailing behind it, vast wakes of data, scattered across innumerable databases.

Those who don’t have a SIN - the SINless - are condemned to a life of misery. They are locked out of legal employment, of all banking, of reasonable healthcare. They cannot vote and they have no social safety net; even their basic civil rights are reduced. They face a lifetime of grinding for low cash-only wages and paying shady landlords high rent for shitty apartments, and praying that when they get sick there’s room at the charity hospital for them.

SIN broadcasts

Matrix protocols have a special sidechannel for SIN broadcasts, beamed out at all times from your commlink. These broadcasts are not quite legally required, but in any lower-middle-class or better area, not having an active broadcast is a screaming red flag that will definitely attract attention. (Note that in very rough parts of town, the kind where police only travel in entire squads or not at all, broadcasting a SIN becomes a mark that you are easy prey. Choose wisely.)

SIN checks

SINs can’t separate the privileged from the scum unless there’s a way to know which is which.

Simple ID checks

Every SIN issuer makes available a listing of basic personal information associated with the holder of the SIN: name, date of birth, metahuman race and ethnicity, home address, stuff like that. If you attract the attention of a beat cop on the street, you can expect them to pull this up; and if your SIN is fake and the details don’t match you, well, you’re in trouble now.

Unfortunately for the police (but luckily for our plucky criminals), the SIN database infrastructure is run by for-profit corps, so carrying out a check like this costs a fraction of a nuyen. So penny-pinching corps like Lone Star and Knight Errant put their cops on quotas, preventing the authorities from just checking everyone they see.

Consistency checks

If someone wants to go a bit further in verifying your SIN, the next step is to validate that the datastream attached to it looks legitimate. SINs are tracked everywhere, and that tracking information ends up in numerous databases owned by data brokers; these brokers' main line of business is selling access to the data to advertisers so they can track your every desire. But a lucrative sideline for them is running pseudo-AIs over each SIN’s profile to see how real it looks. This often catches out fake SINs, as generating a detailed, realistic, long-term history for a fake SIN is a lot of work.

Biometric checks

This is the most secure form of check; gather one or more biometics from the person in question (finger print, retina scan, even a DNA swab) and compare them to the biometrics stored on file for the SIN.

Just one problem: jurisdictions. SIN issuers do not make these biometric files readily available to anyone who asks, because the corps do not trust anyone with that data. Outside of investigations of very serious crime (eg. terrorism), most of the time, the only entity that can check biometrics is the corp or nation-state that issued the SIN.

The ins and outs of fake SINs

Lifestyle SINs

Every ‘runner has a fake SIN (or perhaps a set of fake SINs) that they live their day-to-day lives under: buying groceries, paying rent, running their GridGuide subscription, that sort of thing. They don’t use this for criminal work, because it would make them far too easy to track down. There is no overhead associated with this, it’s absorbed in day-to-day living costs.

Although they last a long time, these fake SINs aren’t particularly good, and can’t pass a lot of inspection. Most people interacting with it – like ‘runner’s landlords – most likely know it’s fake, but aren’t the kind of people who are looking too closely. This is one reason ‘runners tend to live in the less gentrified neighbourhoods.

Fake SINs

Where necessary, ‘runners can buy extra fake SINs for a job.

A fake SIN will pass simple ID checks from a beat cop on the street automatically. The fake datastream associated with the SIN might stand up to a consistency check, should the ‘runner try anything that might provoke one; for example, infiltrating a secure area through the front door via a fake identity. In Sprawlrunners game terms: roll a Notice check for whoever is inspecting the SIN to see if they spot any weirdness in the analysis results. This might be a +/- 1, depending on the resources of the corp doing the check.

Gear licences for these SINs are “open carry”, in the sense that the presence of the licence is automatically broadcast alongside the SIN. This can (obviously) attract attention, and often does.

Fake SINs are inserted into tracking databases via hacks that are quickly discovered and deleted. They are typically only useful for a week or so.

High quality fake SINs

If you’re really up to something nefarious, you can purchase a high-end fake SIN.

These are far better quality, with skilled counterfeiters creating near-impeccable fake histories spanning multiple databases. They pass all simple ID checks and consistency checks automatically. They might, or might not, pass a biometric test run against the SIN database of whoever ostensibly issued the fake. In game terms, this is a Notice check by the host/system running the scan - typically a d6-d10 rating.

Licences on high quality fake SINs can be open carry, or if the purchaser prefers, “concealed carry” – meaning the SIN broadcast does not tag the person as carrying concealed weaponry. They are still licensed, however, and get to be extra rude and snooty to any beat cops who notice their gun, stop them assuming they are unlicensed, then discover they are (seemingly) VIPs.

High quality fake SINs are still deleted after ~1 week, though, just like low-quality ones.

FAQs about SINs

Why can’t the cops look up my DNA/fingerprints/etc that I left at the crime scene?

Although many SIN issuers do gather and store a biometric profile, they don’t make this information available to the authorities (except, rarely, in the case of serious and high-profile crimes like terrorism.) So even if you do have a SIN in someone’s database, it’s very unlikely to be accessible to anyone investigating your crime… with the exception below.

What about criminal SINs?

Most nation-states will issue special “criminal SINs” to anyone convicted of crimes, petty or otherwise. If you’re unlucky enough to get issues a criminal SIN in, say, the UCAS, then any UCAS-jurisdiction cop is going to be able to read your fingerprints off their database. This can be a severe pain the ass for you and your criminal associates.

Even worse, criminal SINs are an exception to the hold-your-cards-close-to-your-chest rules most SINs are kept under. The SIN and its biometrics are shared widely and freely - that’s most of the point; a criminal SIN is an anchor you have to drag around forever. (Unless you have friends in high places who can get it wiped off the books, omae.)

Corporations don’t bother with criminal SINs. They prefer more immediate punishments.

1.2 - Construction materials

What are household objects even made out of?

Manufactured materials


Although fossil fuel extraction has long since faded in the Sixth World, plastics are still common and cheap due to production techniques that harvest biological polymers from renewable sources such as genetically engineered micro-organisms. They behave similarly to current-day plastics, and span a wide range of applications from glass-like polycarbonate, thin films used for packaging, and harder plastics used for household objects.

However they’re slightly inferior to oil-based plastics. They discolour easily after prolonged UV exposure, and tend to be either softer or more brittle. After prolonged use, they can leave a greasy residue to the touch.


Due to ease of recycling and still-abundant natural resources, most metals – aluminum, iron/steel, lead, nickel, tin – are still as common in the Sixth World as they are today. The dawn of commercially viable asteroid mining is making precious metals much more abundant than previously, so the price of gold, silver, tungsten, titanium, platinum, and other rare earth minerals has started to fall.

Forged high-end steels have been somewhat eclipsed by superior nano-fabricated variants (see below).

Nano-fabbed exotics

Nanofabricated materials such as metal/carbon alloys, ceramics, and aerogels can exhibit tremendous mechanical properties. Nanotechnology allows for very precise formation of lattice crystals that lead to immense tensile and compressive strength, superconductivity, and more. Although these materials are very expensive, this makes them highly desirable in advanced building construction (eg. supertall buildings and arcologies) and other exotic projects (eg. the platform-to-Earth tether for the Skyhook space elevator.)

The materials are mostly made in orbit, as they require large areas of hard vacuum for the nanobots to work effectively. They can only be made by the richest megacorps, and they are careful not to compete with each other too effectively, in case they erode their fat profit margins. See Limiting the Tech Level for details.

Natural materials


The emergence of various Awakened species has, naturally, led to them being killed for their hides, with a value roughly approximate to how dangerous the animal in question is to hunt. Basilisk, cockatrice, afanc, and deathrattle leather is particularly prized amongst those looking for the perfect material for their status symbol personal vehicles.

Meanwhile, decline in animal farming means cow leather has become significantly more expensive. Almost all the “leather” jackets most wageslaves or SINless can afford are synthetic pleathers.

Fakes also abound. According to market research, the amount of “dragon leather” goods on sale in any major city at any given time vastly exceeds the total amount of dragon hide in the world, including all the Great Dragons.


Although the Awakening did much to rekindle life in north America’s greatest forests, it also made those forests highly dangerous places, teeming with hostile wildlife - magical and otherwise. Consequently, the price of wood as a building material has increased sharply.

The only kinds of wood ever used in lower- or middle-class homes is pressed particleboard as a cheap building material; even that is uncommon. Upper-middle-class wageslaves might have engineered wood floors or walls made from quick-grown farmed breeds like bamboo or fir. Only the richest wageslaves can hope to own anything made of hardwoods, either manufactured new or antiques. Naturally these are now potent status symbols.

2 - The big picture

Zooming all the way out

2.1 - Social classes

The Haves and the Have-Nots

A quick reminder about SINs

System Identification Numbers or SINs are the single main ID number that a legal citizen is known by; a combination taxpayer reference, voter enrolment, driver’s licence, passport, and more. SINs are an international standard; they are issued to their citizens by most of the nations in the world as well as the largest corporations – those who have acquired extraterritoriality and so have international recognition as nation-states in their own right.

Without a SIN, you cannot own a bank account, work, pay taxes, or vote. You have some (severely curtailed) civil rights, but the legal system is not obliged to grant you representation or protection.

Some people are born SINless, typically because their parents are already in that state. Others become SINless when the corp that issued their SIN withdraws it – this is a common threat used to keep the wageslaves in line.

There is a thriving black market in forged and faked SINs, mostly by hacking various databases to insert new entries. Unconvincing fake SINs cost about a week’s wages, but provide only a fig-leaf of legitimacy. Convincing ones cost far more.

See SINs & Licences for more.

Class by class

The unhoused

Around 5-10% of the population have no permanent residence and no steady income at all. They live in their vehicles, squats, tent cities, or just migrate around the sprawl trying to find whatever corner they can to shelter from the rain. They are mostly SINless, as the threadbare welfare programs for SINners are still usually enough to stop them from falling this far. They subsist on handouts from charitable policlubs, dumpster diving, panhandling, and the occasional odd job. Substance and BTL abuse is rife as they desperately seek to escape their day-to-day existence.

The precariat

The precariat is the first class in history to be losing acquired rights - cultural, civil, social, economic, and political.
— Guy Standing

The precariat make up about 20-30% of the population and are approximately evenly split between the SINless and those with a national SIN. Their defining characteristic is under-employment and economic precarity. They juggle multiple menial jobs, fighting to get enough shifts to make rent. They compete with each other for spot-work via various smartlink apps, the modern day equivalent of day labourers gathering at the side of the road and desperately pitching for work. They are cleaners, construction workers, taxi drivers, krillburger flippers, soykaf servers; some of them turn to petty crime to get by.

They live in shoebox apartments crammed into enormous buildings in poor parts of town. Power and water brown-outs are common due to failing infrastructure. Muggings, burglaries, and thefts are comparatively low; these people have nothing to steal. But violent and antisocial crime is endemic as pent-up anger leads to lashing out.

The lower classes who are SINless have mostly managed to purchase a low-grade fake SIN. It wouldn’t pass any real checks but is enough that unscrupulous landlords and employers will turn a blind eye… but SIN checks in better neighbourhoods mean the SINless are effectively cordoned in the places society cannot see them.

Working patterns amongst the precariat are low, typically 20-30 hours per week, as there isn’t enough work to go around. Most of their work comes from gig economy apps and word-of-mouth casual work. They can rarely afford any sort of personal vehicle; they get around by bus, light transit rail, and the ever-popular bicycle.

The precariat have a lot more time and energy to spare than the wageslaves. For many, this energy turns into anger at their lot in life. If a revolution were ever to come, to tear this rotten system out by the roots, it would start here.

The wageslaves

Conservatism consists of exactly one proposition, to wit: There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect.
— Frank Wilhoit

The bulk of the population, 60% or so, are the wageslaves: ordinary working stiffs. In a former time, we would have called these “middle class”, and their existence would be characterised as both safe and comfortable. Now, their most defining characteristic is an overworked and hollowed-out numbness.

Most wageslaves either toil for a smaller corp under a national SIN, or they work for a true megacorp and have a corp-issued SIN. The latter group is further divided into those born into the corp or (rather fewer) those hired into it but required to sacrifice their national SIN in the process. The corp never misses an opportunity to remind its wageslaves that the corp can make them SINless on a whim, effectively casting them out of society. The overall atmosphere is of indentured servitude imposed by the threat of statelessness. More senior level wageslaves, who have proven themselves to their megacorp patron many times over, can aspire to a higher tier of SIN that allows their partners and children to benefit also. Their children transfer to corp-owned schooling, becoming indoctrinated in turn.

Wageslaves crowd the city. Most of them live crammed into towering apartment blocks in areas that at least see occasional rentacop patrols. They generally commute by public mass transit, although a large minority own a reasonably well-kept personal vehicle. The most affluent wageslaves can choose to escape the inner city to one of the pockets of single-occupant housing that still linger in the outer suburbs.

The wageslave’s common working pattern is the infamous “996” – 9am to 9pm, 6 days a week. Many of them get by only by abusing advanced stimulants and, for those lucky to afford it, sleep regulator cyberware. Outside of work, they mostly immerse themselves in consumerism, sports, social media, gaming – anything to distract and numb themselves. This is how the powers that be prefer it. The wageslaves are kept anaesthetised so they cannot become a threat.

The corpos

Little by little the agents have taken over the world. They don’t do anything, they don’t make anything, they just stand and take their cut.
— Jean Giraud, aka Mœbius

The difference between a wageslave and a corpo-in-the-making is belief: the corpos are the true believers in the corp’s mission, the ones prepared to dedicate their lives to not just existing inside the corp but advancing. This almost inevitably involves total moral compromise. In return, they get a life of genuine comfort and some actual measure of security. They escape the soul crushing 996 working pattern, usually by concocting excuses to leave the office like offsite meetings.

Corpos make up around 10% of the population. Some of them start as wageslaves, and claw themselves upward on merit and a callous willingness to do what it takes. Most, however, are born into it: the sons and daughters of other corpos, groomed from an early age. Nepotism is rife in the megacorps.

The odd corpo is genuinely talented. They’re the engineers who can lead a research lab to pioneering breakthroughs; the managers who genuinely inspire their reports; the military strategists who lead battalions to victory in Desert Wars. But these are the rare exceptions. Most of them are just dickheads in nice suits.

The early-career corpo may be indistinguishable from a wageslaves in socio-economic terms - working the same hours, living in the same apartments, commuting by the same trains. But the corpo won’t stay that way for long. By mid-career, they’re earning 10-20× the money a wageslave does; they’ll have a penthouse downtown, maybe a vacation place upstate, and pondering a boat. Successful late-career corpos are rich, callous, shallow, and cruel; moulded by the system in the process of ascending it, their humanity flensed away by the climb.

The klept

And, for an instant, she stared directly into those soft blue eyes and knew, with an instinctive mammalian certainty, that the exceedingly rich were no longer even remotely human.
— William Gibson, Count Zero

The klept are the one percent of the one percent, the apex predators of capitalism. They are the CEOs, the political leaders, and the dragons. The oyabuns, dons, and pakhans. The social media influencers, the elite socialites, and the stars of screen and stage. They control wealth and power sufficient to become immune to the law; the lines between legal and illegal behaviour become hopelessly blurred.

Some are world-famous and instantly recognisable, but many more are utterly anonymous. You could pass one of them on the street and never know, unless you noted their discreet and lethal personal security squad. But know that that brief shared reality - the pavement under your feet, the sky over your head - is the only thing that unites you with that person. They live in a world you cannot imagine, and it holds none of your petty constraints and concerns. They have as much in common with you as you do with a shark or a piece of moon rock.

3 - Cyberpunk

Keeping it punky

3.1 - Tweaking Shadowrun's tech level

Trying to maximise the ‘cyberpunk feel’ by lowering the tech level

Over the years, as the in-game Shadowrun setting has evolved across six editions, various in-game technologies have advanced – in some cases, advanced considerably. Modern Shadowrun has nanotech, antigravity, beam weapons, and more. For me, it has gone too far, so I want to tweak it.

I have several (slightly opposing!) goals for how I want my Shadowrun setting to feel, at least in terms of the sophistication of technology. Firstly, I desire a “classic cyberpunk” feel that is roughly aligned with Shadowrun 1/2e and the foundational works of cyberpunk fiction from the ’90s. But secondly, time, I think the cyberpunk genre derives a lot of its power from feeling like it is near-future – and not retro-future or far-future. Character’s problems and the shape of the world they inhabit should feel recognisable to us. So I also want the game world to reflect 20+ years of real-world technological advancement that has occurred since Neuromancer was written. This manifests most obviously in wireless technologies.

  • However, I do not want technology to be too advanced. I do not want my game to start to feel more like general sci-fi. ShR 5e and 6e definitely do this, to my mind.
  • I don’t want to stuff to work too well. Cyberpunk tech (or at least, the tech within monetary reach of our players) should be like real-world tech: buggy, flawed, unreliable, sometimes frustrating. I don’t want it to have this high-tech sheen where everything works and nothing has any downsides.

Hence: I want to somehow find a way to blend these different approaches. This document attempts to do that for some aspects.

The changes/tweaks I have proposed are more about aesthetics than they are about rules. Nothing here is changed for game balance reasons, and mostly they don’t result in any mechanical changes at all. It’s just about how the fictional world looks, works, and feels.

Tech to remove completely

  • Antigravity - I mean, c’mon.
  • Practical energy weapons - you can make a laser cannon, but you can’t power it from any sort of man-portable (or even troll-portable) energy cell.

Limiting augmented reality

Reasoning: sophisticated near-ubiquitous AR has the ability to transform the world beyond recognition. Road sights, billboards, car licence plates would be no more. Home appliances would have no buttons or other physical interface. Computer keyboards would cease to exist. This is too big a shift for me.

Datajacks / DNI cannot be used for AR. AR requires realtime integration of synthetic content into your normal senses, whereas simsense replaces your normal senses entirely. In order to add digital content to your sensorium, your sensorium first has to be digitised.

This means there are two ways to get AR features: cyberware or gear.

  • For visual elements: either cybereyes, or wearing glasses/goggles/a monocle, or using your commlink. The glasses literally overlay your visual field with the AR elements, which avoids a lot of the complex overhead necessary in a cybernetic approach. As a last resort, you can even use caveman methods - hold your commlink up and move it around, using its screen as a viewport onto AR cyberspace. This has a cost advantage; even the cheapest ‘link can do this, and with no additional hardware.
  • For auditory elements: either cyberears or wearing earbuds.
  • For tactile elements: either cyberarms/hands or wearing special force-feedback gloves. The gloves are quite crude in terms of the “realness” of the feedback they offer.

Without tactile elements, AR control surfaces are downright clumsy to use. Touch targets have to be rendered large enough that the user can use them, and even so, prolonged use is frustrating as mis-taps are just frequent enough to annoy you.

Resolution and focus of AR elements is limited when using glasses/goggles. Reading large amounts of text for long periods is likely to cause nasty migraines.

Combined, these mean that society does not run on AR, because AR has not reached a big enough critical mass so that it can entirely replace other display methods. Street signs still exist. Most restaurants still have signs on the door (except for the occasional hipster speakeasy trying to create some mystique.) Keyboards still exist, as do monitors and TV screens.

AR is more about how you interact with your gear than it is about how the world presents itself to you.

Limiting virtual reality

Reasoning: cyberpunk has armies of wageslaves crammed on commuter trains travelling to vast open-plan offices of beige cubicles and flickering neon lights. Why, if VR is so good? Why don’t people stay home and jack into remote hosts instead? Their employers can still watch their every move.

  • Simsense requires an extremely high-bandwidth, low-latency connection between the brain and the device encoding the simsense signal. This requires a wired connection. Therefore, a decker must be physically connected to their cyberdeck, although the ‘deck can be wirelessly connected to the rest of the world.

  • Normal people find it profoundly uncomfortable to be in VR for a prolonged period of time in public areas. The sense of disconnect from your body provokes deep unease and vulnerability. This ruins productivity.

    In the workplace, VR is therefore mostly reserved for:

    • Elite knowledge workers, deckers, scientists, architects, and the like. These people get private offices.
    • Occasional use by wageslaves for eg. telepresence in remote meetings. In short bursts, people are generally fine with it.

Clarifying VR vs AR

Reasoning: this is just to try and clean up the profusion of overlapping interface modes and Matrix stuff that Shadowrun offers.

You are in VR (ie: full simsense, body in ragdoll RAS-override mode) when you are in a host system. All Matrix actions done not in a host are done in AR. The action of entering a host and the action of switching to VR are the same action.

AR hacking is not necessarily done entirely through the datajack’s neural interface (see the next section); many hackers use either physical or AR keyboards and other control surfaces in combination with mental commands.

All VR is “hotsim” and hence has the capability for weaponised software to harm the meatware experiencing it.

DNI is not telepathy

Reasoning: taken to the extreme, DNI starts to feel a bit too sci-fi for me.

Reminder of terms: DNI is Direct Neural Interface, a brain-computer link. RAS is Reticular-Activation System; a RAS override cuts all normal sensory input and muscle control output from the brain. It is most commonly used for simsense VR.

Most DNI can only be achieved via a datajack or trodes. Trodes are very finicky to use; in order to work they have to remain fixed in place on the head. Any rapid movement or jostling threatens to dislodge them. They are not the preferred choice.

As a special case, a smartgun link also achieves a form of DNI via the special connection between the user’s palm and the gun’s onboard processor (see elsewhere in this doc.)

DNI means the user can send commands to their gear by thinking them, but this is a complex process for the hardware involved. Datajacks and trodes find it difficult to clearly read brain activity from a subject who is not in RAS override. The brain stimulation from the subject’s normal senses risks drowning out the brainwave patterns that the hardware needs to interpret as commands.

In practice this means the user must construct quite deliberate, clear thoughts for the interface to read them. DNI controls tend to be simple, eg. on/off switches and “select a setting from 1-10” dials. Composing text via DNI requires the user to think in a clear inner monologue, and can only go at around the same speed as speech. Issuing commands (eg to a smartgun to fire) similarly needs mental effort, and for that reason many smartgun owners prefer to continue to use a physical trigger.

Engaging RAS override (eg when in VR) cuts off the user’s normal senses and muscle control and solves this issue immediately. From the perspective of the datajack, it is like all the background noise of the brain shuts off at once, leaving a much clearer signal for it to listen for. This is how simsense can work so well.

Wireless Matrix interfaces on gear

Reasoning: I think Shadowrun 5e’s wireless gear bonuses and subsequent hacking is immersion-breakingly stupid, and I wish to hurl it into the sun.

Domestic / civilian gear like home appliances are completely controllable from the wireless Matrix. This allows smart home control, AR control surfaces, remote monitoring, etc. It also makes these devices controllable to anyone who hacks them.

For obvious reasons, items like weapons and cyberware are not built like this.

While they may offer Matrix control surfaces, these are strictly for secondary control and user interface only. The device’s primary functions are all controlled via other means.

For example: a cyberarm’s primary control method is the nerve splice between the cybernetic component and the user’s body. This is how the user issues all normal “commands”, ie. moving it around, picking stuff up, deploying cyberclaws, etc.

All except the cheapest models of arm might also offer a secondary Matrix interface. This is used by the arm to present information to the user that cannot be communicated via a nerve splice, such as diagnostics, service requests, user manuals, and the like. If the arm has functions that are too complex to be mapped onto the nervous control, such as a colour-changing surface coating, they may be controlled here via an AR interface panel.

Crucially: hacking attacks over the wireless Matrix can only effect the secondary interfaces and cannot bypass the device’s internal hardware firewall. A hacker cannot shut down or take over someone’s arm, or eyes, or any other cyberware. They cannot remotely detonate a grenade or remotely eject a weapon’s magazine.

Smartguns use a subdermal induction pad mounted in the user’s palm and the gun’s handle to establish an ultra short range private wireless connection that is used for the primary control surface (eg. cybernetic commands to eject magazines, switch firemodes, etc.) Again, a hacked smartgun cannot be instructed to fire, or not fire, or eject its magazine at an inopportune moment.

Drone brains

Reasoning: cyberpunk still has lots and lots of low-paid, unskilled labour. There are warehouse workers, dock hands, construction workers, shop clerks, pizza delivery drivers. They have not been replaced en masse by machines.

  • General purpose drone automation is limited by the lack of (controllable) general AI. Drones are heavily used in fields such as construction, manufacturing, and other heavy industry; but they are under close supervision at all times, as the dog-brain will frequently get into unexpected states and freeze.
  • As a special case, GridGuide empowers self-driving cars in urban areas by providing a mesh network that drones can use to co-ordinate between themselves. This does a lot to keep the dog-brains within their normal operating parameters. Outside of a GridGuide connection, self-driving cars can handle good conditions, but are easily confused by inclement weather, traffic, and so forth. This manifests as the car either parking itself or bleeping and requiring manual intervention from the passengers.
  • Delivery drones are highly vulnerable to hacking and physical attacks, followed by being looted for their parts and cargo. Companies are reluctant to use drones for automated delivery because of this. The cost-benefit is marginal at best, and favours human deliveries in the middling-to-bad neighbourhoods.


Reasoning: full-on nanotech, especially nanoware and nanoforges, pushes the tech level further than I am comfortable with.

Nanotech is in its infancy. It can do two things well:

  1. Very simple tasks in complex environments. An example of this is cyberware implantation, where nanobots carry out minimally-intrusive installation of subdermal wiring and splicing of technology onto nerve shunts. Viewed from a nanotech scale, these are relatively large pieces of engineering.
  2. Complex tasks in very simple environments. An example of this is orbital factories that produce nanosteel, aerogels, exotic carbon matrices, and other materials in hard vacuum / microgravity conditions. These nanobots cannot be used on Earth, as they cannot deal with any environmental complications while nudging carbon atoms accurately into place inside a molecular iron lattice.

Most nanomaterials cannot be constructed on Earth. Nanobots cannot achieve precision tasks inside the complex environment of the human body; nanoware does not exist. Nanobots are expensive to produce and are totally tailored to one very narrow task; there are no “general purpose” or programmable nanobots. Desktop nanoforges are not a thing.

(NB: “nanotech” is a misnomer. The ‘bots that carry out the procedures are built on the scale of hundreds of nanometers and operate on material on a scale of, at best, tens-of-nanometers.)

4 - The (Wireless) Matrix

How the wireless Matrix works, from an in-game perspective

4.1 - Overview of what is possible with these rules

Game scenarios these rules attempt to capture

Deckers can use their cyberdeck in augmented reality mode to wirelessly connect to nearby devices: cameras, maglocks, other people’s commlinks and smartguns… They can exploit these connections to hack the device and sublety manipulate them: stealing data, listening to phone calls, looping camera feeds, opening doors. Or they can abandon subtlety and switch to cybercombat: crashing devices, flooding them with bad data and 0-day vulnerabilities until they are knocked offline entirely.

People can defend against deckers in a few ways. The simplest method is to form a private network controlled by your commlink. A network groups all their gear behind the controller, then establishes it as the beachhead connection to the rest of the matrix. Now, in order to hack the devices in a network, the decker first has to hack the network itself. It’s not a lot of extra protection (unless they have a really expensive commlink), but it’s something.

Deckers and riggers can form more powerful networks using their cyberdeck or dronedeck as as controller. These are harder to hack, as these devices are much more powerful than any commlink – and even if you do hack into them, the decker or rigger might notice.

Corp wageslaves working in a facility often use a network controlled by a powerful host. This provides a lot more protection. To hack devices on a host-controlled network, the decker first of all has to hack the host; that involves a trip into VR, leaving their meatbod behind as a floppy, vulnerable shell.

Hosts are also where corps keep their juicy (and valuable!) secrets, so deckers naturally gravitate to attacking them. Those secrets are guarded by ICE and by counter-decker security staff called spiders, so it won’t be easy. Hosts can be hacked via wireless connections if the decker can get within connection range, but it’s better to find a convenient device the host trusts and use it to establish a back door via a wired connection to its inner workings.

With wireless connectivity, deckers also loom large on the modern battlefield. They can host and defend tacnets, realtime AR overlays for members of their team that allow them to share tactical information. When the situation calls for stealth, they can reconfigure their network to hide on the Matrix, disguising dataflow between the devices to look innocuous. And finally, they can make powerful DoS Attacks against opponents, overloading their electronic gear with junk data to inhibit its functionality.

4.2 - Making the Matrix

What the Matrix is made of: the backbone and the local mesh; hosts and other icons

The third-generation Matrix of the 2070s is a technological marvel, delivering immersive AR and VR applications to users without the need for wires. But how does it manage such fast connections without requiring the user to physically connect a cable? The answer comes in two parts.

The backbone

The first part is the global grid, also known colloquially as the backbone. This is broadly equivalent to what was known in the early 21st century as “the cloud”; it’s the sum of all the physical infrastructure of fibre trunks, satellite uplinks, and other super-speed connections that connect all the Matrix’s hosts together. Within the backbone, speed is functionally infinite, and distance is no issue. But you can only use the backbone if you have a physical, wired connection to it. Nobody wants that.

Early 21st century cellular wireless standards are no help. The Matrix demands very fast high-frequency ultra-wideband radios, but they are easily blocked by the gleaming steel-and-glass towers of the sprawl. You’d never get a signal. How to square this circle?

The local mesh

The answer is a short range, peer-to-peer mesh network. Suppose Alice wants to check the latest updates on her P2.1 social feed. Her commlink sends the request to her neighbour Bob’s commlink. From there, it’s forwarded to Charlie’s commlink. And so it travels, until it reaches an uplink host - which has a hardline connection to the backbone. From there, it can speed off to its final destination. The P2.1 host sees the request, and sends the response back down the same link. This all happens in the blink of an eye.

Every Matrix device automatically self-organises itself into a reliable mesh network, and sets up forwarding and routing so that everything transparently works. This is the local mesh. At all times, your Matrix devices exist in a bubble, extending perhaps a hundred meters around you. Somewhere in that bubble is your closest uplink host, the one you will send backbone traffic to. But where is your traffic going? Well, for most people, it’s usually a host.


Hosts come in a few major types, depending on what kind of connection they have.

First, there are the aforementioned uplink hosts, sometimes called beanstalks. These bridge between the backbone and the local mesh, a bit like an old-time cell tower. People don’t really think about them too much; like any piece of reliable infrastructure, they fade into the background. But they’re there, scattered around the sprawl.

The most common type people interact with in their personal lives are cloud hosts. These are hosts made up of many physical servers distributed around the planet, all with their own connection to the backbone. They exist everywhere and nowhere at once. Cloud hosts are very powerful and very secure.

However, you can’t use cloud hosts for everything. When Wally Wageslave sits working in his office like a good little drone, that office’s various systems - heat, light, power, security, Wally’s files and emails - are all run by a host located inside the building. These local hosts work exclusively on the local mesh, without a backbone connection. Local hosts have one defined place of existence; somewhere, there’s some computers in a rack you can point to and say “this is the host for this building.”

Some of the more prominent and successful hacker collectives might run illicit local hosts, sometimes called dark hosts as they (for obvious reasons) do not advertise their existence like most legal hosts do.

Offline hosts are computers that are totally air-gapped, with no connection to the local mesh or the backbone. The only way to connect to them is directly via a cable. Offline hosts are often used for very important, secret file storage, and are placed in locations that are very physically secure.

But how do you actually get stuff done on the Matrix? Well, you interact with icons.


Everything on the Matrix is represented by an icon. Icons can look like anything; cartoonish symbols, abstract runes, photorealistic 3d images; anything (although most sane Matrix designers use icons that at least vaguely resemble what they are used for). Icons can represent one of a few different types of thing:

  • Tags: tiny little passive chips. They have no batteries or computing power of their own; they are powered by wireless power gathered from the Matrix. They typically hold and/or broadcast some number of files. They cannot be hacked, as such, as they lack any processor of their own. See Tags for more.
  • Files: any type of data (text, audio, video, computer code, …), stored on any type of medium (in a tag, on a commlink, in a host, on a storage chip, …).
  • Devices: toasters, cars, door locks, speakers, microwaves, etc etc etc. In the Sixth World, near enough everything that has electrons flowing through it also has a functioning Matrix connection of its very own. Devices can be directly connected to the matrix (unattended) or protected inside a network run by a commlink, ‘deck, or host.
    • Commlinks: special devices that people use to see and interact with the Matrix.
    • Cyberdecks: souped-up commlinks that can be used to bend the rules of the Matrix by hackers and counter-hackers. There’s also drone decks, which are similar but specialised and used to remotely control drones.
  • Hosts: as mentioned above, these are the “servers” of the Matrix; big computer systems you can go into and do stuff within. So the social network P2.1 has a host that you go into to read your friends’ updates, post messages, play games with them; that sort of thing.
    • Some hosts are so big that internally they are sub-divided into zones called nodes.

4.3 - Matrix icons

How things look in the Matrix

When you view the world in AR, your commlink or cyberdeck can overlay icons for any (and all) nearby matrix devices onto your vision. This is rather overwhelming - in an urban area, the local mesh can contain thousands of icons. So most people run filtering routines that hide most of them and only show ones deemed important. For example, in a crowded street, you might only show icons for commlinks for people you know, and hide the rest.

The mesh networking routing protocols that keep the wireless matrix working tracks the approximate position and motion of all these devices, so it can predict when devices are about to go out of range of each other and have fallback routes prepared to keep traffic flowing. AR leverages this information to position icons in the user’s sensorium in vaguely the correct place, relative to where the device is.

When the user has line-of-sight to the device, this positioning is quite accurate; glance at a coffee machine in AR and you’ll see its glowing matrix icon hovering just over it. When there’s no line of sight, position accuracy drifts randomly, often by a few metres. If you are in a shopping mall and your friend is in the store a few doors down from you, you’ll see an icon for their commlink, but it’ll appear vague and fuzzed-out so you know it’s only an approximate position.

When using VR inside a host, there is no need to make things correspond to meatspace. Icon positioning is arbitrary and governed by the sculpting of the host. Some hosts look like glowing neon wireframes, with icons clustered across an infinite 2d plane. Others are painstakingly rendered 3d environments with icons grouped logically and scattered across rooms or areas. The possibilities are limitless.

Types of icon

  • Tags: tiny, passive chips; see Tags.
  • Files: any type of data (text, audio, video, computer code, …), stored on any type of medium (in a tag, on a commlink, in a host, on a storage chipdrive, …).
  • Devices: toasters, cars, door locks, speakers, cameras, drones, microwaves, etc etc etc. In the Sixth World, near enough everything that has electrons flowing through it also has a functioning Matrix connection of its very own.
    • Commlinks: special devices that people use to see and interact with the Matrix.
    • Cyberdecks: souped-up commlinks that can be used to bend the rules of the Matrix by hackers and counter-hackers. There are also drone decks, specialised variants used by riggers to control drone networks.
  • Hosts: the “servers” of the Matrix; big computer systems you can go into in VR and do stuff within. Some hosts are so big that internally they are sub-divided into zones called nodes.
    • Inside hosts, you can see (lots of!) icons for files and connected devices.
    • Hosts also contain personas, which are VR icons representing people using the host. Personas can be very simple and generic, or highly customised and tailored to the person they represent. See Personas.
    • Hosts also contain ICE, intrusion countermeasure electronics. These are autonomous software agents that form the first line of defence against hostile deckers.

4.4 - The augmented everyday

How augmented reality works and feels

Interface issues: augmented reality is not telepathy

When a user is in VR, their body’s nervous system is partially shut down by a RAS override. One of the effects of this is that by blocking sensory input to the brain from the user’s body, it makes it much easier for their datajack to read their conscious and sub-conscious impulses. This, in turn, creates a really efficient control surface; the user can send instructions as fast as they can think.

AR doesn’t work like that, as it has no RAS override. The datajack has to try and pick out the impulses amongst a storm of unrelated sensory processing. For this reason, most control of devices via AR is done indirectly through holos (see below) instead of direct brain-computer interfacing as is typical in VR.

One area where AR can directly read thoughts quite successfully is via a sort of text-to-speech service. As long as the user deliberately and clearly forms words in their mind, their inner monologue can be picked up by the datajack and sent to a commlink or other device. This is often used for text messaging or sending very simple commands, eg. to turn a smart device on/off or fire a smartgun. Compared to doing stuff in VR, it’s glacially slow, though - only about the same speed as talking, perhaps a bit faster if the user has had a lot of practice.


For anything more complex than a on/off switch, the primary type of interface in AR is an Augmented Reality Object (ARO) - often called “arrows” or “holos” in everyday language.

For a user with a datajack, holos are inserted directly into their sensorium. They typically appear as semi-translucent neon glowing screens and buttons, floating in space (hence the name “holo”.) They can have sound elements, and usually have tactile elements too - holographic buttons and controls feel real when the user touches and presses them.

Holos can be private, viewable only by one person; this is typical for someone using their commlink via AR. They can be public, viewable by anyone; this is typical for advertising hoardings and billboards. Or they can be semi-private, shared with a selected group of people.

Working life

Perhaps surprisingly, a lot of work still happens in meatspace, with physical displays and interfaces.

The early promise of VR as an accelerator for productivity never emerged, for a variety of reasons. Firstly, using VR for extended periods of time is exhausting, both mentally and physically - it’s like running full-throttle for hours and hours. Few people can maintain the pace. Secondly, the sensation of being cut off from your body when it is in a public place is quite disconcerting to most people, and they find themselves constantly distracted by worrying about their meat. So outside of a small handful of elites working from private offices, most wageslaves only dip into VR occasionally for remote meetings and the like.

AR is more commonly used, but that also has limitations. For one thing, it’s not all that much faster to use than an old-fashioned screen and keyboard. And for another, using holos for detailed work like reading lots of text or running complex simulations often cause troublesome headaches or eyestrain if used for very long periods. So the typical wageslave bounces back and forth, dipping into AR screens while on the move, but falling back to large screens at their desks.

AR and VR without datajacks

Users who do not want or cannot afford datajacks can still get online, but with some big caveats.

VR can only be achieved with a clumsy ‘trode net worn around the head. Sensory fidelity is reduced, compared to a datajack, and speed is reduced. Worst of all, the trodes have to be placed in the right spots, and are easily dislodged if the user moves around while wearing them.

Users can get an AR overlay with a variety of sense link devices: smart contacts, glasses or goggles for visual, earbuds for audio, and feedback gloves for tactile elements. As with ‘trodes, these are clumsy and inferior to datajack interfaces, but they are usable. Civilian versions of these devices are mostly fairly delicate and easily damaged by rough handling in combat. Ruggedised versions exist, but are bulky and obvious.

4.5 - Hacking the Matrix

Bending the Matrix to your will

The end of encryption

The incorporation of early quantum processors into the first cyberdecks sent an earthquake through the tech world from which it never recovered. Even the strongest, best designed encryption of the day fell before it in fractions of a second. There could be no more secrets.

Today, things have improved only slightly; the most advanced encryption in the world still cannot hold up to sustained assault from a skilled hacker with high-end cyberdeck.

This single innovation has reshaped the world.

Rise of the spiders

Faced with the total loss of passive defence - ie. strong encryption of data - the megacorps had to pivot to active defence.

First, they built high walls around their kingdoms. Some of the most sophisticated pseudo-AI on the planet exists to run ICE: Intrusion Countermeasure Electronics. ICE patrols and defends the megacorp’s hosts tirelessly, rooting out invading hackers and - sometimes - frying their brains.

But ICE isn’t all-powerful, so the corps also set people to guard those walls. These counter-hackers, called spiders in the language of the street, sit in the middle of sprawling webs of sensors and alarms. Attract their attention, and they are swiftly dispatched to deal with you. And they are good, with all the equipment and training of their deep-pocketed masters.

The Grid Overwatch Division (GOD)

Each megacorp can hire its own security staff to patrol its own hosts, but that leaves the backbone itself vulnerable to attacks. It’s too important to leave undefended, so the Corporate Court formed the Grid Overwatch Division (GOD). GOD is a semi-autonomous organisation, tasked with defending public grid infrastructure, staffed by spiders and technicians loaned from the AA and AAA megacorps.

How to hack

Sending hacking traffic over the backbone is near-impossible. The uplink nodes are equipped with powerful coprocessors that carry out deep packet inspection, scanning for anything out of the ordinary. At the first sign of trouble, aggressive autonomous agents are deployed, rapidly followed by elite GOD spiders.

It is on the local mesh where the deckers can bring their powers to bear. Hampered by the need to maintain backwards compatibility with millions of devices that have fallen into planned obsolescence, and with even small changes to the protocols requiring dozens of squabbling corps to agree, the local mesh is… well, it’s a mess. Deckers exploit this ruthlessly, using vast databases of known vulnerabilities to carve through the laughable defences that devices rely on.

There is an obvious problem, though - the local mesh is small, typically extending only 50-100 metres. With the wireless matrix, Deckers need to get close to their targets. They can no longer sit in the safety of armoured bunkers, hundreds of miles from danger.

What to hack

Any device that is attached directly to the matrix is considered to be unattended. Civilian and even security grade unattended devices have very weak defences against hacking.

Most ordinary people will arrange all of their various matrix gadgets into a personal area network (PAN.) A PAN is controlled and monitored by their commlink, which routes all matrix traffic through itself. Devices in a PAN cannot be hacked individually; instead, the decker must hack the commlink instead. PANs are a little bit more difficult to hack than an unattended device, but the main benefit is that if the commlink notices the hack attempt it can alert the owner at once. They can then take action, such as shutting down their devices.

The corporate grown-up version of a PAN is a wide area network, or WAN. WANs are very similar but instead of a commlink they are controlled and monitored by a host. As with a PAN, you cannot hack individual devices in a WAN; you have to enter VR and hack the host directly. If you can get a direct cabled connection to a device that is part of the WAN, you can exploit that to more easily hack the host. For this reason, corps tend not to put easily-accessed exterior building defences like cameras or maglocks on their primary security WANs.

Finally, there are also secure PANs, or s-PANs. S-PANs are PANs that are run from a cyberdeck or drone deck and are being actively monitored by a decker or rigger. S-PANs cannot be hacked at all, as their admin will swiftly notice any hack attempts and take defensive action. They can only be knocked offline via cybercombat.


The local mesh protocols specify that all devices monitor all the traffic they can see to scan for hack attempts. This isn’t hard to avoid in the short term, but as a decker carries out more and more hacks using the local mesh against devices and PANs, it gradually becomes more and more difficult to hide. Once it reaches a critical level, GOD will deploy autonomous agents to hunt the decker down; if they are unsuccessful, a GOD spider will reinforce them. A skilled decker relies on speed and stealth to achieve their goals before this happens.

Hosts maintain their own alarm state, separate from the local mesh one as they are outside of GOD’s jurisdiction. They react to alarms by deploying ICE and security counter-hackers, as well as alerting security personnel in meatspace that a possible intrusion is underway.

4.6 - Symmetric entropy pools

Hack-proof encrypted comms… with a twist

Quantum processors used in cyberdecks for hacking and code-breaking can shred almost any known cryptography, given enough time; but they are not omnipotent. If you really, really need a secure communications channel, and are prepared to jump through hoops for it, there is something you can do.

Ancient cryptographers would sometimes use one-time pads to encode messages in a way that was nearly unbreakable. The 207x equivalent is a symmetric entropy pool. Two parties share a massive pool of carefully generated, thoroughly randomised data. The pool is used to encrypt all communications between them before they are sent via the public Matrix. The other party uses their matching copy of the pool to decrypt the message again. In theory, this cannot be decrypted by attackers, as it appears to be completely random noise.

Shared entropy pools come with some significant downsides, however:

  1. The entropy pool has to be kept absolutely secure and private, so the parties usually have to meet face to face to set the pool up, or the data has to be sent via eg. a trustworthy data courier.
  2. Physical access to one copy of a shared entropy pool for a few minutes is enough time to duplicate it. If you possess a copy of someone else’s pool, you can undetectably spy on their communications. This makes copies of established pools extremely high-value targets for espionage.
  3. Due to an interaction between the Roper-Eld quantum computational limit and the Shannon-Hartley theorem, the size of the entropy pool required to securely encrypt a channel increases with the square of the data being sent along it. This quickly becomes very difficult to manage if the intention is to use it for long-term communications. The pools have to regularly be recreated and re-copied between users.
  4. SEPs can be used for realtime audio or (at a push) video, but cannot support the data rates necessary for AR or VR traffic.

SEP hardware

Most users of entropy pools use specialised hardware to store and work with them. This is a credstick-sized device that plugs into a standard dataport on a commlink or cyberdeck. The commlink sends the encrypted data stream into the device, and decrypted data comes back. The main advantage of this is that when being used normally the entropy pool cannot be hacked even if you hack the commlink, as the commlink cannot read the pool directly.

However, by flicking a recessed switch, the device can be put into setup mode; this is designed to allow pools to be created, synchonised, and copied. Hence, with physical access to any device for a minute or two, an attacker can easily duplicate the pool.

4.7 - Other stuff

Smaller bits and pieces, plot devices, etc

Dark fibre

The backbone infrastructure is administered and patrolled by the Grid Overwatch Division, and is theoretically neutral between the megacorps. But the corps didn’t get rich by trusting each other. Where security demands it, it’s not unusual for corporations to run their own private communication lines - for example between a secure, hidden facility and a more public one. This lets the secure facility access the Matrix discreetly without making its location or purpose obvious. This is called dark fibre.

On the local mesh, dark fibre functions like a wormhole. If you can hack the controlling host on one end, you can coerce it to carry your traffic to the other, and suddenly you can “see” devices that could be dozens or even hundreds of kilometers away. Occasionally, wily shadowrunners use this as part of a smash-and-grab, using a forgotten dark fibre link to hack into a distant host that is too physically well-protected to get near in the physical world.


Tags are tiny, passive chips, with a small amount of ROM and minimal processing power. They use the ROM to store a small number of data, which can then be broadcast onto the matrix. They usually have no battery of their own, or only a very small backup battery; instead, they rely on wireless power transmission from nearby Matrix devices.

Tags cannot be hacked, as such, as they lack any processor to hack. They can be erased by a specialist tool that generates a powerful electromagnetic field, but it only has an effective range of a few centimetres, so you need to know where the tag is.

Tags are very common in my campaign, and have numerous uses:

  • Broadcasting a fixed AR holo - eg a billboard, signage, an animated menu outside a restaurant, or a piece of grafitti.

  • Local tracking of things - most goods that cost more than a few nuyen have tags included in the packaging. Warehouses and retailers can use these tags to track inventory and ring up your shopping bill.

  • Global tracking of things - tags can be configured to upload their location to a cloud server whenever they have a working Matrix connection. People use these as locators for any of their stuff they want to keep track of.

  • Theft prevention - a variation on the tracking idea, most expensive, durable, or legally restricted goods (definitely including vehicles, guns, and ammunition) are infested with multiple tracking tags. If the goods are noticed stolen, they can be swiftly tracked down via the locations being uploaded from the tags.

    Sneaky users might have tags on their items that do not broadcast their location all the time, but sit passive and undetectable until certain times or they receive an incoming signal; this makes it very difficult to know you’ve definitely wiped every tag off something you just stole. Items the characters purchase with from the black market LPs have already gone through this.

RF blocking paint

The local mesh relies on ultra-wide band signals that can barely penetrate walls at the best of times. So it doesn’t take much to block them almost entirely via smartpaints that use nanotech to assemble a crude Faraday cage as it dries. This prevents any decker outside the area from seeing in; icons for devices inside cannot be seen from the outside, and all hacking traffic is blocked.

Smartpaints are quite expensive, so tend to be reserved for only high-security areas within a facility. These are, of course, combined with physical security measures and access controls. Smartpaints are also wildly unpopular with workers, as they are inconveniently cut off from the outside world.


Personas are a special kind of icon used in VR to represent a human user. They are endlessly customisable, by creating custom 3d models and animations and/or by purchasing expensive digital goods from your favourite brands. Most of humanity is happy with a generic persona, perhaps with a small purchased accessory or two. But for some, particularly those who live in the matrix, persona customisation is an important part of how they express themselves. This is particularly common in decker circles.

People who have spent a lot of time or money customising their persona often want to show it off in AR as well as VR. They run special programs on their commlink that do a public broadcast of their persona as an animated ARO. A miniature version may float over their head or ride around on their shoulder. Some people go so far as to animate a life-size version of their persona and have it envelop their meatbod, effectively hiding them within it. This is very difficult to do well; often they will clip through the animated persona, ruining the effect.

4.8 - Comparing these houserules to Shadowrun 5e/6e RAW

A quick list of the simplifying assumptions I have made

These rules attempt to simplify the Shadowrun 5e Matrix rules by removing a number of options. For quick reference, some of the changes I have made include:

  • Streamline and merge the “AR / VR” and “in host / on grid” distinctions. Now, being “in” a host means always being in VR, and if you’re not in a host then you are in AR.
  • Split the Matrix into two parts; a localised, short-range, wireless mesh network and a global, wired network. Hacking is only viable on the former; the latter is ruthlessly protected by GOD agents. Thus, deckers need to be fairly close to their targets, so they can reach them via the local mesh.
  • Mostly remove the concepts of personas and their associated magic unhackable digital ownership.
  • Introduce a hard line between regular PANs (hosted on a commlink) and secure PANs (hosted on a cyberdeck or drone deck.)

Hacking & cybercombat

  • Distill all primary decker offensive actions to three kinds: hacking (stealthy, grants access to manipulate devices), cybercombat (overt, violent, crashes devices), and denial of service attacks (disrupts traffic to/from a device or PAN to impose distraction penalties on people using it.)
  • If a device is in a PAN or WAN, it cannot be hacked directly; the attacker must hack the PAN or WAN instead (this is in Shadowrun 6e, to be fair.)
  • If a device is in a WAN, and the decker can get physical access to its internal debug ports, they can compromise it and get a big bonus to hacking the WAN host through it. Hence corps rarely put easily-accessed external devices like maglocks and cameras on WANs; instead, WANs are reserved for stuff like security guard gear and internal turrets and sensors.
  • Secure PANs cannot be hacked; they must be crashed in cybercombat.
  • Via a program on their cyberdeck, hackers who have infiltrated a host (in VR) can switch to AR (to move with the team) but maintain a connection to the host and still send hacking commands to devices attached to it. However, the persona they leave running in the host is more vulnerable to ICE.

Wireless off / running silent / Matrix stealth

  • Wireless devices are always visible on the Matrix - no running silent, and devices connected to PANs or WANs don’t disappear from view on the local mesh.
  • s-PANs (and only s-PANs) can be configured to hide themselves on the Matrix; they minimise traffic between their devices, cutting back to just text/voice comms. All devices are otherwise inactive and no game mechanical bonuses can be derived from them as long as the s-PAN stays in stealth mode. This is an active process that must be maintained by the decker/rigger running the s-PAN.