Chapter 1. Introduction

$Id: intro.xml,v 1.11 2004/04/01 19:04:33 enigma Exp $

Table of Contents

ARG Background
ARG Terminology
The Do's and Don'ts of ARGdom
Update History
Questions, Comments, Corrections, Updates?


Attribution-NonCommercial-ShareAlike 1.0

This original work is Copyright © 2004, Brian Enigma. Quoted text (IRC logs, message board posts, website content) is cited and copyrighted by its original author or authors.

You are free:

  • to copy, distribute, display, and perform the work
  • to make derivative works

Under the following conditions:

Table 1.1. 

Attribution. You must give the original author credit.
Noncommercial. You may not use this work for commercial purposes without prior written approval.
Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one.
  For any reuse or distribution, you must make clear to others the license terms of this work.
  Any of these conditions can be waived if you get permission from the author.

Your fair use and other rights are in no way affected by the above.

This is a human-readable summary of the Legal Code (the full license).


This is my attempt at creating a guide for Project Syzygy. According to a number of auto response emails, it will begin in late 2004--but there was a brief, but exciting, pregame in March 2004 that gathered interest. Project Syzygy is an Alternate Reality Game, or ARG. We really do not know much more about it than that.

At present, they are looking to hire people to help out:


Remember the Cloudmakers? That aggregation of thousands of people playing an incredibly immersive game? If you played, you'll remember. It's likely that you'll never be able to forget. Since then, the scene's been, well, not exactly quiet, but not setting the world on fire, either. I got depressed for a while at the state of massively multiplayer immersive gaming. That amazing new genre was starting to look as if it had prematurely died.

Now, though, I'm excited and for good reason: Project Syzygy is launching, and we're hiring.

--Dan Hon (ref) 

ARG Background

ARG Terminology

The Alternate Reality Gaming world has invented a number of new terms as well as given new meaning to existing words and phrases. Some of them may seem a little odd or technical at first, but most people pick up on them fairly quickly.


Alternate Reality Gaming

A form of interactive fiction that immerses the player in the story. Typically the plot and characters unfold through viewing or interacting with a variety of media including, but not limited to: websites, email, online chat, text messaging, phone calls, faxes, "snail mail," newspapers, and real life (for instance, a CD hidden in a library book).


See Also Alternate Reality Gaming.

Behind the Curtain

Anything that is not technically part of the game, that you should not be allowed to see. For instance, in an ARG with unknown Puppet Masters, discovering the identity of the PMs is considered peeking behind the curtain--and rather inappropriate. Taken from The Wizard of Oz: "pay no attention to the man behind the curtain."

Brute Force

Applying massive amounts of computing power to solve something. For instance: using a computer program to try every possible combination of letters and numbers to discover a password. Generally, any solution involving brute force is inelegant and frowned upon, unless brute forcing can be done in such a way as to cause no adverse side effects for players or Puppet Masters. ...and even then, it is debatable whether brute forcing is permitted.

Internet Relay Chat

A system of online, live, text chatting (similar to an AOL chat room or Yahoo group chat) often employed as a communications tool while solving puzzles. It is also used as an online "hangout" and place to waste time when there are no immediate puzzles. More information, as well as a web-browser based Java client is available at Unfiction.


See Also Internet Relay Chat.


Either Puppet Master or Private Message, depending on the context.

See Also Puppet Master, Private Message.

Private Message

A way of communicating privately to another player. This often implies using the private message functionality of a phpBB message board (such as can be found on the Unforums), but could also be extended to mean email.

Puppet Master

The people running the game. They may or may not be known ahead of time.


Taken from a SecurityFocus article: (ref)

While we are discussing it in terms of computer security, steganography is really nothing new, as it has been around since the times of ancient Rome. For example, in ancient Rome and Greece, text was traditionally written on wax that was poured on top of stone tablets. If the sender of the information wanted to obscure the message - for purposes of military intelligence, for instance - they would use steganography: the wax would be scraped off and the message would be inscribed or written directly on the tablet, wax would then be poured on top of the message, thereby obscuring not just its meaning but its very existence.

According to, steganography (also known as "steg" or "stego") is "the art of writing in cipher, or in characters, which are not intelligible except to persons who have the key; cryptography." In computer terms, steganography has evolved into the practice of hiding a message within a larger one in such a way that others cannot discern the presence or contents of the hidden message. In contemporary terms, steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such as an image, an audio file (like a .wav or mp3) or even a video file.

Basically, it lets you hide a message inside of another file--a picture file, a sound file, a text file, etc. Programs to extract these secret messages include Stegdetect and MP3stego.

Rabbit Hole

The site, sites, or other communication mechanism that starts a given ARG. In the case of Project Syzygy, this would be the project website as well as the newspaper and magazine advertisements.

The Do's and Don'ts of ARGdom

There are very strict rules governing ARG playing. Okay, rules are not terribly strict. That is sort of the point. Participating in an ARG is not like playing chess, with strict bounds defining the move of each piece and steadfast logic for determining who won and who lost. The rules for ARGs are only barely written down and codified. They are more like "unwritten laws" or a gentlemen's agreement. Think of the following list as a set of guidelines. ARGs are designed to change the way you think--and who knows? Maybe one time, that might involve bending a rule.

Brute Forcing

Brute forcing an online resource, such as a web server, eats up bandwidth and CPU cycles. This can leave the people running the server (in our case, the Puppet Masters) with excessive bandwidth charges. It also means that other players trying to access the machine are getting a slow response because of the CPU utilization. This is a bad situation for everyone involved and should be avoided at all costs. There is always a more elegant and less intrusive way of solving something than this kind of brute force.

On the other hand, brute forcing an offline resource, such as the MD5 hashes found in Marketing Week, may be the only way to solve a puzzle. In this case, you will need to use your own judgement. If you think of a puzzle as a lock, you will earn much more praise and respect for discovering a cunning and ingenious method of picking the lock, than you would for smashing it with a sledgehammer.

Common Sense

Always use your common sense. If you are unsure whether an action is potentially good or bad, stop and think. How is it going to effect the game? The other players? The PMs? If you are still struggling with it, try dropping a note in the forums (make it anonymous, if you need to). There are plenty of friendly people online who are looking for something to discuss between puzzles. ::grin::


Often times, sites include embedded Flash or Java applets. Quite a few tools exist out there to decompile these mini-programs, so you can see the original source code. The security community finds this useful, as it can show flaws in an application. The ARG community might also find this useful, as sometimes there is data hidden in the Flash files that leads to more game knowledge.

The question arises: is this a proper thing to do in an ARG? Often times, poorly designed sites leave things in the flash that the original designers did not want you to know. There are many people who are unaware of the fact that this data can be reversed out of Flash. The old-school ARG players will say that it is the same as cheating, and is therefore off-limits. Others say that if it runs on their computer, they should be able to see what it is doing--either by decompiling a program or watching network packets as they flow into and out of the computer. ARG player Diandra notes: "The general etiquette regarding Flash file decompiling has been that the PMs can't stop you from doing it. However, it's considered bad form to post solutions derived purely by decompilation of Flash files to any ARG forum."

Currently, there is no solid answer to this question. It is still being debated. Be warned, though, that in the US it is technically illegal to decompile a program, except under very specific circumstances, because of the DMCA. Other countries have DMCA-like legislation. My personal opinion is that the web follows standard client/server architecture. If secret data needs to be calculated, it should be done server-side, where the client cannot see it. If Flash and Java are utilized to do something like check a password, it should be sent to the server (possibly hashed to protect from eavesdropping) and tested server-side, instead of a "IF $password = "secret" THEN GOTO 100" sort of scheme. Be advised, the previous statement is this author's opinion. The jury is still out as to whether this stuff is acceptable ARG practice and generally gets decided upon by the community on a case-by-case basis.

Fake Sites

Do not put up a fake website that claims to be part of the game. Similarly, do not pretend to be an in-game character in chat, on Blog posts, by forging email headers, or by any other mechanism. Unraveling the plot and puzzle solutions can be difficult as it is, without mean-spirited people inserting a bunch of intentional red herrings.

A fan site, on the other hand, may just add to the flavor and immersive quality of the game. If you want to start up a fan site, please try to be a responsible person and think about its impact on the in-game sites.


If some aspect of the ARG requires hacking to solve, it will be obvious. Don't hack a server just because you can. Breaking in to an ARG's computer system just to see what is there can be similar to skipping to the last page of a murder mystery. Sure, you have all the answers, but you end up losing the story and the interactive experience.

Again, if hacking is required, it will be obvious from the clues and plot. Also, nearly every ARG puzzle instance that has required hacking has been a "custom web page" system and not an "off the shelf" piece of software. In general, SquirrelMail, telnet, FTP, secure shell, and a number of other services come pre-installed on servers and allow the Puppet Masters and hosting administrators to update the websites and monitor system status. These are rarely, if ever, the intended target of hacking. Usually, ARG hacking is simply guessing passwords on a custom web login form.

See: Legality

Information Gathering

A great many informational tools are available on the internet that will tell you about a domain name. Generally, a simple DNS lookup is considered acceptable. Usually, it will just give some useless information about who registered the domain name. Occasionally, it a clue will exist in the DNS data. On the other hand, using a reverse-DNS tool to enumerate all of the domain names attached to a specific webserver is frowned upon. Often, this will show domain names that were registered for the game, but are not yet available for plot reasons. This is akin to peeking ahead a few chapters in a mystery novel. It does not necessarily tell you whodunnit, but it might prematurely reveal a piece of the plot that would have been more fun to discover through an engaging story.


Are you considering taking some action? Is it illegal in your jurisdiction or that of the ARG or its servers? Then don't do it. Period. ARGs are not here to get you in trouble or make you break the law. If you feel you have to do something illegal, I would suggest finding another pastime.

See: Hacking


Keep private information private. If the Puppet Masters of a particular ARG do not wish to be known, but you happen to accidentally discover their identity, keep that information "behind the curtain." Do not blab about it to anyone and everyone. If you really must tell someone, perhaps you should send a little note to the PMs explaining how you obtained this supposedly private knowledge. At the very least, it will help them plug the security or information leak so that more people do not find out. Do not simply think about yourself and how "cool" you will look announcing the identity of the PMs. Think about the other players and how knowing that information may just break the reality of their ARG experience. Besides, they think you are to blame for messing up that experience, they are less likely to think of you as "cool" and more likely to think of you as "that lamer who ruined the game."


This guide originally exists as a collection of XML files. These files conform to the DocBook specification, and allow dynamic generation of a variety of output formats, including: a single monolithic web page, a collection of smaller web pages, PDF files, etc. If you are at all interested in the XML source of this guide, feel free to check out the following files:

The specific transform used for the monolithic web page is the Docbook-XSL package, with the specific transformation "heavy-lifting" via the xsltproc command (part of the libxslt package).

The specific transform used for the multiple web pages is the same as above, only using the html/chunk.xsl template. Previously, it was DSSSL and OpenJade, but that ended up being too problematic for certain XML elements.

The specific transform used for the PDF document was the above-mentioned XSL translator combined with the Apache FOP project.

Update History


Re-released under the Creative Commons license. Fixup of decompilation section (thanks, Diandra!). Added "padding" text to add a little more space between the "Background" header and the "Glossary" header.


Added ARG background information. Fixed outdated XSL/DSSL information in the Technology section.


Marketing Week solve and minor spelling/grammar issues.


Scan of Guardian ad, scan of Marketing Week ad, update to Guardian and Marketing Week information.


Added Pareidolia section, fixed line wrapping issues, added unique IDs to heading nodes.


Updated styles, added IRC conversation, changed image filenames to include date.

previous to 2004-03-13

Too many little things to mention, going back to the inception of this document.

Questions, Comments, Corrections, Updates?

Please send questions, comments, corrections, and updates to . If you found this guide offline or mirrored elsewhere, you can always find the latest version at