cttttt
Don’t get it twisted. We definitely agree.
This will effectively add any computer it’s installed on to a botnet and create another attack vector (via Vanguard).
The tradeoff I described, tho, is one on the Riot side. And as much as this form of anticheat is ridiculous, it makes sense given Riot’s business model. A bunch of cheaters can easily waste their money and engineering effort. They made the deliberate choice to narrow their market of potential players to those who are willing to install Vanguard and feel that Vanguard pushes most cheaters out of that narrow market. It makes sense.
Re: That tradeoff, tho, users aren’t involved. The tradeoff users have is between installing the game or not.
And again we both agree, installing this to an important computer or on your home network carries a tonne of risk.
Not that I’m defending Vanguard, but Riot’s choosing to invest in developer resources for Vanguard (and in finding cheat developers) so they don’t have to invest in server capacity or developer resources to support cheater only lobbies.
As long as their anticheat is effective, every cheater they can repel is some amount of server capacity that legitimate players can use.
Also, cheaters in the types of games Riot makes will cause some amount of opponents to simply leave the game in frustration. So part of this is just trying to keep players who are willing to install the game happy.
They’ve chosen to make free to play games, so this tradeoff actually makes sense for Riot. But again, kernel level hacks aren’t something everyone will or even should install.
It’s all about tradeoffs.
Late reply, but just so you know…
Before you first launch the game, you must agree to the Riot Games terms of service. The terms very clearly state what is toxic behaviour and are pretty easy to read through. After the tutorial and before you queue for the first time, you must agree to an in game code of conduct, which is a summary of what “[good in game conduct]” (paraphrased) is.
Although it’s not confirmed, players seem to be punished based on the volume of in-game reports and some sort of review. When you report a player, there are categories you can choose that describe their conduct. There’s also a text box where you can type out what you feel they did.
For text chat violations, this sometimes happens automatically, and even without reports. For example, if you use a racist term, you will be immediately muted in text chat for a time.
Although it hasn’t been confirmed, Riot has been trailing a system where they actually record and transcribe in game voice chat. The rumour is that an in game report will trigger an automated and/or manual review of the transcript. For most reports, you’ll get a confirmation in a few hours that the player was punished and a thanks for the feedback that will help the community.
Punishments range from a competitive queue cooldown (these get progressively longer the more you repeat the behaviour, and reset after a stretch of good behaviour) to hardware ID bans for the worst cases. A hardware ID ban prevents the player from playing on any account on a PC with the same hardware fingerprint for at least 5mo, and, in some cases, permanently closes accounts that are suspected to be theirs.
If someone bought a bunch of in-game cosmetics, this will very likely cause them to move on to another game. But, of course, the worse offenders will find a way.
And btw, the terms also make it clear that when you buy in game cosmetics, you’re actually buying a non-transferable, revocable license to use them in-game. This license can be revoked at any time; for example if you violate the terms of service.
And also, Riot’s support site gives players a way to dispute bans, just in case a player was banned by mistake.
It’s not perfect (and the game isn’t even perfect in any way… far from it) but they at least make it clear what is toxic behaviour, and have put some thought into this system for trying to handle it. I think the video/article is more about stepping up manual review and scale of punishments for the worst offenders.
This is definitely a case of overloading a feature when they could just make multiple features.
I personally love the ability to easily switch the active Bluetooth device (so I love the new behaviour), but not everyone has this need.
They should just have added multiple quick settings tiles so we can all be happy.
They’re completely different implementations of systems that steam video/audio/inputs.
Valve’s is pretty buggy but has deep integration with Steam and allow NAT traversal, while Sunshine/Moonlight are way more reliable, have features that reduce latency but are pretty barebones as far as features: they just do streaming with no tight integration with what’s being streamed.
And Sunshine is a reverse engineered version of Nvidia’s game stream server, since Nvidia sunset Gamestream a few months ago.
Whoever made this has never used Google Cloud Platform.
I’m not sure if it’s part of a TLS standard yet but I was talking about encrypted SNI (ECH, formerly called ESNI).
Today, early on in a TLS connection, the client actually tells the server, in plain text, the domain name it’s intending to communicate with. The server then presents a response that only the owner of that domain can produce, then keys are exchanged and the connection progresses, encrypted. This was required to allow a single server to serve traffic on multiple domains. Before this, a server on an IP:Port combo could only serve traffic on a single domain.
But because of this, a man in the middle can just read the ClientHello and learn the domain you’re intending to connect to. They can’t intercept any encapsulated data (e.g. at the HTTP level, in the case of web traffic) but they can learn the domains you’re accessing.
ECH promises to make the real ClientHello encrypted by proceeding it with a fake ClientHello. The response will contain enough information to fetch a key that can be used to encrypt the real ClientHello. Only the server will be able to decrypt this.
And your ISP can still see which domains you’re going to if you use them as your DNS.
Just so you know, because TLS SNI is not encrypted and not yet universally obfuscated (adoption of this is pretty slow and one of the largest CDN providers had to pause their rollout last I checked), not-even-barely-deep packet inspection can be used to track the sites you visit regardless of your DNS provider or wherever resolution is encrypted. Just do a packet dump and see.
Also, if a website isn’t fronted by one of the most popular CDN providers in existence, it can be possible to infer the sites you’re visiting based on their server IP addresses.
Although this just shifts where tracking can occur, a VPN is the only reliable way to maybe prevent your ISP from tracking the sites you visit, if this is your desire.