Late reply, but just so you know…

Before you first launch the game, you must agree to the Riot Games terms of service. The terms very clearly state what is toxic behaviour and are pretty easy to read through. After the tutorial and before you queue for the first time, you must agree to an in game code of conduct, which is a summary of what “[good in game conduct]” (paraphrased) is.

Although it’s not confirmed, players seem to be punished based on the volume of in-game reports and some sort of review. When you report a player, there are categories you can choose that describe their conduct. There’s also a text box where you can type out what you feel they did.

For text chat violations, this sometimes happens automatically, and even without reports. For example, if you use a racist term, you will be immediately muted in text chat for a time.

Although it hasn’t been confirmed, Riot has been trailing a system where they actually record and transcribe in game voice chat. The rumour is that an in game report will trigger an automated and/or manual review of the transcript. For most reports, you’ll get a confirmation in a few hours that the player was punished and a thanks for the feedback that will help the community.

Punishments range from a competitive queue cooldown (these get progressively longer the more you repeat the behaviour, and reset after a stretch of good behaviour) to hardware ID bans for the worst cases. A hardware ID ban prevents the player from playing on any account on a PC with the same hardware fingerprint for at least 5mo, and, in some cases, permanently closes accounts that are suspected to be theirs.

If someone bought a bunch of in-game cosmetics, this will very likely cause them to move on to another game. But, of course, the worse offenders will find a way.

And btw, the terms also make it clear that when you buy in game cosmetics, you’re actually buying a non-transferable, revocable license to use them in-game. This license can be revoked at any time; for example if you violate the terms of service.

And also, Riot’s support site gives players a way to dispute bans, just in case a player was banned by mistake.

It’s not perfect (and the game isn’t even perfect in any way… far from it) but they at least make it clear what is toxic behaviour, and have put some thought into this system for trying to handle it. I think the video/article is more about stepping up manual review and scale of punishments for the worst offenders.

I’m not sure if it’s part of a TLS standard yet but I was talking about encrypted SNI (ECH, formerly called ESNI).

Today, early on in a TLS connection, the client actually tells the server, in plain text, the domain name it’s intending to communicate with. The server then presents a response that only the owner of that domain can produce, then keys are exchanged and the connection progresses, encrypted. This was required to allow a single server to serve traffic on multiple domains. Before this, a server on an IP:Port combo could only serve traffic on a single domain.

But because of this, a man in the middle can just read the ClientHello and learn the domain you’re intending to connect to. They can’t intercept any encapsulated data (e.g. at the HTTP level, in the case of web traffic) but they can learn the domains you’re accessing.

ECH promises to make the real ClientHello encrypted by proceeding it with a fake ClientHello. The response will contain enough information to fetch a key that can be used to encrypt the real ClientHello. Only the server will be able to decrypt this.

And your ISP can still see which domains you’re going to if you use them as your DNS.

Just so you know, because TLS SNI is not encrypted and not yet universally obfuscated (adoption of this is pretty slow and one of the largest CDN providers had to pause their rollout last I checked), not-even-barely-deep packet inspection can be used to track the sites you visit regardless of your DNS provider or wherever resolution is encrypted. Just do a packet dump and see.

Also, if a website isn’t fronted by one of the most popular CDN providers in existence, it can be possible to infer the sites you’re visiting based on their server IP addresses.

Although this just shifts where tracking can occur, a VPN is the only reliable way to maybe prevent your ISP from tracking the sites you visit, if this is your desire.

If all computer hardware was a single solid colour and just worked, there would be fewer reasons to replace it or pay more for different models. It’s like skins in an online game: if you give people a choice, some will pay more just because something looks different…some will buy yet another one because it, too looks different.

It’s more down to trust and attestation than a technical implementation. Whoever makes an NFC payment system needs to prove to payment processors that the chain of software and hardware from the payment terminal to whatever proves you’re the account holder (a card or a phone) can be identified. And, separately, the implementation needs to be audited.

This may sound like they’re trying to make this horrible walled garden on the surface, but bank users expect their money to not get stolen. And if it is, they expect the bank to make that problem disappear. The bank can only provide these assurances if they control everything.

This is why they use hardware attestation and a chain of trust all the way through to the OS to identify the specific implementation of an NFC payment system. They want to know they can go after whoever created the buggy NFC payment implementation to recover the money or to least stop partnering with them.

Not a lot of FOSS developers would go through the trouble.