[zaarn]

Even with encrypted traffic, an attacker can learn things, especially if you get DNS and SNI data

I suspect (but cannot prove) that this might have been a leak from Russia's internal internet into the wider global net. Since Russia isn't well known for it's privacy respecting nature, it might have been a traffic scanner to see if people are being good citizens. However, that is just speculation and I hope it's wrong.

[cwilkes]

Yep, all you need to know is the IP addresses of certain domains (say Facebook) and then look for user IP transferring a lot of data to it meaning they are probably uploading a photo. Now tie that IP to an ISP and maybe a user and you can find out who might be posting derogatory memes about Putin.

[codedokode]

But you don't have to change routing for that - you can do that with just passive monitoring. And by the way, the law [1] that requires ISPs to store up to 6 months worth of traffic is coming into effect next year. So even monitoring won't be necessary.

Maybe they were testing effective ways to block foreign sites?

[1] https://en.wikipedia.org/wiki/Yarovaya_law

[otabdeveloper1]

> Since Russia isn't well known for it's privacy respecting nature, it might have been a traffic scanner to see if people are being good citizens.

Yes, indeed! Guilty until proven guilty! Keep up the upstanding attitude, good citizen!