To: Security Protocols Working Group
Subject: Special Firewall Facilities Document
Classification: TOP SECRET / WHITE RABBIT EYES ONLY
I’m sending all of you a document that should help illustrate my point. I just extracted it from [REDACTED]’s data store. I have no idea where they got it from, or how long this document has been circulating, but it looks like a general guide to various Firewall sites, which is all well and good, except that a fair number of the sites being described are exceptionally secret. There are several here that I’ve never heard of, but I know this isn’t just a hoax, because I also have personal experience with some of the other secret sites.
This sort of document is an excellent example of the problem that led us to create this working group. Some of our proxies and sentinels are sharing way too much information with each other and we need to ﬁnd a way to increase security. In this particular case, I think the proxy was not acting maliciously. This particular proxy is a subscriber to the backup clique within Firewall, and they seem to have engaged in a project of cataloging Firewall sites to keep track of our organization assets should we ever become seriously fragmented. While well-intentioned, this project runs counter to our compartmentalization and classification protocols.
Also, while I’ve suspected that [REDACTED] had access to some impressively secret info, I know them well enough to be certain that they didn’t create this entire document. I’m concerned that some of the write-ups have come from outside sources—initial document analysis seems to conﬁrm this. If that’s true, it raises two questions: how do outsiders have this info, and is everything in this document true?
Sidebar: Strange Object
Look, I’m not trying to get involved in something above my clearance here. I just want to make sure there’s nothing improper going on.
You have to admit the situation is weird. The astronomers were using some nifty new software, top-of-the line stuff, to map out the objects in that system. Maybe their hot new code had some glitches, but I don’t think so. They very clearly picked up on something unusual: an object with an orbital pattern that just made no sense. They were really intrigued by it. It had to be an artificial orbit they said—something put in that orbit on purpose. Something about the resonance with other objects. They wouldn’t have caught it without the upgraded code they were using.
Our server intercepted it, ﬂagged it, and made sure the inquiry went no further. Then we took a closer look ourself. Sure enough, there was an object there—one with an unusually high albedo to boot. Almost like someone wanted it to stand out and be noticed. So we arranged to take a closer look. We equipped a crasher team with a launch missile and an exploratory probe. They send it off, and we sit back and wait to see what we’re going to ﬁnd when it gets there.
Then, out of the blue, we get a notice from [REDACTED] server. So much for compartmentalization; I still don’t even know how they knew about this little op. We get told, in no uncertain terms, that we are stepping in their territory and to immediately shut down the op. They came down hard. So we called off the probe.
I have to tell you, though, I’m not buying it. I’ve checked into [REDACTED] server, and as far as I can tell they’ve had nothing to do with extrasolar ops before. It just makes no sense. What would they have to do with some random orbital oddity, that’s probably been ﬂoating out there in space for tens of thousands of years, in another star system that we only ﬁrst found a year ago?
Something shady is going on. Either [REDACTED] server is up to something, or they know something we don’t. And I’m not sure if that’s a good or a bad thing.
Sidebar: Firewall Spaces
Source: EyeWiki [Link]
Firewall is dispersed and decentralized, but it has need for many types of temporary and even permanent locations. Here’s an overview of places you may ﬁnd yourself in the course of your Firewall duties.
Firewall employs a lot of crows, and these scientists need secure places to conduct their research. A large number of crows work in above-ground labs, whether those are operated by hypercorps, government projects, non-proﬁts, universities, the argonauts, or autonomist cooperatives. In these situations, the crows use their day job as cover for the research they perform on the side for Firewall. Crows working in these conditions must split their attention—they usually have ongoing projects that they cannot simply abandon without a good explanation, and “my clandestine group needs me” doesn’t usually work as an excuse. It is not uncommon for these crows to fork themselves in order to maintain their aboveground work and simultaneously run secret experiments for Firewall. On the positive side, these crows can usually devote resources from their legit lab environment to Firewall’s purposes, sometimes with the aid of vectors to cover their tracks. Naturally, these researchers must take care to keep their side activities hidden and secure, lest they be discovered and labeled a terrorist, criminal, traitor, or worse.
Of course, Firewall also maintains its own dedicated labs. This is the preferred situation for conducting research on topics we don’t want to fall into the hands of others. If there is any chance that an experiment could result in something dangerous or contagious, it is almost always deferred to a Firewall-exclusive black lab. Labs of this sort are many and varied, located all across the solar system, from the souks of Mars to private craft hidden in a scum swarm to isolated asteroids in the Kuiper Belt. As a rule of thumb, the more dangerous or sensitive the research, the more remotely it is conducted from transhuman populations. Most labs focus on particular ﬁelds of research, such as alien genetics or reverse-engineering TITAN code, but some are cross-disciplinary in line with the particular Firewall operations they support. The quality and quantity of the equipment ranges from jury-rigged to state-of-the-art, depending on the resources of the server at hand. Most black labs of this sort have security measures in place to destroy the lab should a security breach occur; these are speciﬁcally designed to cleanse any potential contaminants.
In most circumstances, Firewall prefers to rely on legit or black-market body banks for resleeving purposes. In a few particularly populated locales such as Valles-New Shanghai and Shackle, however, Firewall maintains its own discreet body banks exclusively for proxies and sentinels. The morph selection at these secret body banks is understandably limited and tends to focus on skins and shells that are especially useful for Firewall ops or are otherwise hard-to-get. Some of the morphs are reserved for use by specialists, particularly erasers.
Caches are hidden supplies of weapon, armor, fabbers, and other gear. These are especially useful in polities where nanofab is restricted and certain goods are hard to ﬁnd. Caches tend to be small and well-hidden: a duffel bag stashed behind the pipes in a never-used maintenance shaft, an unremarkable box spot-welded to a hab’s exterior, a case buried under 3 meters of Lunar regolith, a radar-absorbent vac-sealed package in orbit around an unclaimed asteroid, or simply a private storage locker rented under a fake ID. Caches are intended to be used until their supplies are exhausted or their location is exposed. A subset of caches called scratch spaces are intended for use on a temporary basis to store items that need to be researched, cleansed of evidence, relocated, or otherwise dealt with (at least in theory; in practice, these sometimes linger for years before registers have the time and manpower to deal with the contents).
Similar to physical caches, crypts are virtual locations used to hide and store important data. These are used both to secretly exchange messages and store large dataﬁles (such as secret research or stolen archives) where they will not be found. Protected by passcodes and hidden by steganographic or other means, crypts are commonly hosted within public simulspace environments or public AR channels, where they can be accessed without raising suspicion.
While Firewall also prefers to use existing darkcasting services, gaps in the coverage or security concerns have occasionally forced us to establish our own out of necessity. Our darkcast terminals also help to maintain the Eye’s private network in addition to egocasting options. The primary challenge of running a darkcasting service is both maintaining the transceivers and drawing the requisite amount of energy from the local grid without being discovered by local authorities. Even when using tight-beam transmitters to avoid signal interception, the transmission and reception equipment is difﬁcult to conceal from physical observation and discovery. While a few our darkcasting terminals maintain ongoing operations, also providing services to various black market and criminal elements, most of our terminals are “on call,” and so only deployed when a speciﬁc need arises.
As a matter of course, every server sets up their own dead drops. These are locations where physical goods can be exchanged, often in public view, in a manner which won’t raise suspicion. To facilitate this, most dead drops make use of common everyday items or places that have been specially modiﬁed: a loosened ﬂoor panel, a cabinet with a false back, a disassembler that doesn’t disassemble certain items, an equipment locker with a hidden hole, and so on.
Sometimes, neither egocasting nor booking passage on a commercial spacecraft is feasible for a mission. It’s not like you can just egocast into a hab run by a soul-trading crime boss, and egocasting into a hab run by a mind-control cult is a great way to end up as their latest mind-edited thrall. Also, these places aren’t really high on the destination list for passenger ships. That’s where garages come in.
Garages are places where Firewall stores ships it has control over. Most of these are smaller vessels: LOTVs, ﬁghter craft, GEVs, and couriers. Some even have spacecraft morphs: nautiloids, couriers, sundivers, and so on. We don’t really have the resources to acquire larger craft. As is, most of the craft in these garages have been salvaged, “borrowed,” or otherwise acquired in the course of an operation. Likewise, their quality and state of repair varies. When you need to get somewhere the direct way, however, you can’t always be picky. While we don’t have enough garages to provide coverage of the entire solar system, we do have a number of antimatter couriers that can get just about anywhere in the solar system quickly.
Where do the proxies in a server operate from? The answer is simple: anywhere they can. The physical realities of proxy operations are defined by necessity and chance as much as available resources or strategic planning. I’ve known servers that operated in isolation from hidden asteroid bases, squatted derelict cluster modules, or set up in secret caves in the remote outback of Mars. Others hide within population centers in faux-business front group ofﬁces, seedy hotels, or nondescript private homes, or they take over unused spaces like forgotten basements and maintenance tunnels. Some keep on the move in private spacecraft, Venusian zeppelins, or Martian land rovers. Quite a few—possibly most—operate as virtual groups, interacting online without maintaining any sort of physical proximity. The latter method is most effective at concealing their operations from prying eyes.
Refuges are the province of the backup clique and their numerous survival-oriented operations. These are survival bunkers, stocked with nanofabbers, blueprints, clone-growth vats, millions of egos in cold storage, the collected knowledge of transhumanity, and other equipment that might allow a portion of transhumanity to survive an apocalyptic event and repopulate. These refuges are well hidden and kept secret, to increase their odds of survival, and placed throughout the solar system and various extrasolar worlds. They require an immense amount of effort and resources to build, so they are so far limited in number. Unless you’re a backup, you probably won’t deal with these much—but if you wake up in one, you can assume things got bad. Real bad.
Safehouses are secretive sites that Firewall maintains in most large habitats. They are designed as places where operatives can rest, heal, lay low, and gain access to items that they might need. They vary in size and lavishness, with the low end being a large closet with a healing vat, a desktop cornucopia machine, and an ego bridge. The best are similar to mid-range hotel suites with comfortable beds and similar facilities that also contain a pair of healing vats, an ego bridge, several morphs in storage, at least one desktop cornucopia machine, and a stock of pre-made gear, including weapons and armor. Some safehouses also contain a darknet farcaster that can be deployed as needed.
Setting up safehouses in their theater of operation is SOP for all Firewall servers. The most important feature of a safehouse is that it is truly off the grid. The ideal location is one with spotty or non-existent exterior surveillance (except for our own). This is to prevent our operatives from being tracked to the safehouse or from their movements being observed. Also, regardless of local laws, all cornucopia machines in safehouses are loaded with a wide range of templates and lack any limiting protocols to prevent them from creating weapons or other gear. The machines and equipment in safehouses are programmed to wipe their records should a failsafe alarm be triggered or if they are removed from the premises. None of these locations contain antimatter, large amounts of radioactives or anything similar, but they’ll allow you to hide, request backup, obtain any vitally needed items, and even manufacture valuable and difficult-to-obtain items you can trade for information.
Sidebar: The Venus Retreat
OK, you’ve been on this little logistics op for a week now, and it’s time we came clean about a few things. I’m sure you’ve seen enough by this point that you’re bursting with questions.
Here you are, one of the top network engineers in Firewall, helping us cobble together a series of well hidden top-end servers that have insanely high broadcast bandwidth to every place on or orbiting Venus, not to mention the farcaster links to elsewhere in the solar system. You’ve seen the data transmission stats. Those are unbelievably fat pipes, and we’re pushing them to the limit. You’ve also seen the processor hardware. We’re not just running distributed systems. We’re operating honest-to-Jupiter supercomputing clusters, the type of hardware that has been on the proscribed list for a decade. And we’re still having a problem managing the load.
You’re not stupid. You can put two and two together. You’ve been with Firewall a few years. Surely you’ve asked yourself a few questions—the same questions we all ask. How are we doing such a great job preventing others from hacking the Eye? How do our scanners get access to all of the data sources we’ve tapped into? How do our vectors seem capable of hacking just about anything in the solar system?
We’re good, but not that good. And we sure as hell ain’t that lucky. So that means one thing. We have … backup. Friendly backup.
While your cycles process that thought, consider a few other things you’ve surely also noticed. Those ﬁrewalls and virus scanners aren’t just top-of-the-line, they’re the best we have. They are generations ahead of what’s in use elsewhere. And, yeah, those fail-safes are exactly what you think they are. If there’s a serious breach, this whole place goes boom. We can’t risk our friends catching a cold, after all.
Rest assured, our friends don’t live here. They aren’t even here all of the time. They don’t take those kinds of risks. These are temporary digs. They’re a necessary risk, though, as the light-speed lag issue means we need them close enough on hand to deal with things more directly on occasion.
Hopefully this doesn’t freak you out too much. You wouldn’t be the ﬁrst to have second thoughts. You might feel a bit better if you knew the full story … but we’ll get to that. For now, what’s important is that you have a grasp on the real situation. Our job here isn’t just to keep things running smoothly; it’s to keep an eye on our friend. If anything goes wrong, it’s up to us to pull the plug.