Dnia piątek, 4 lipca 2014 19:07:05 Georgi Guninski pisze:
Another question:
How much traffic they are monitoring with these definitions? All visible? Almost all except the u$a?
Well, some definitions contain Five Eyes country codes as negative matching rules (i.e. IPs from Five Eyes countries will *not* get matched), others do not have this condition. I find this very surprising as it suggests that Five Eyes and other exclusion rules are possibly defined on a per-fingerprint basis; I would have thought these would rather be implemented somewhere higher-up (i.e. some post- processing/post-filtering) so that IPs from Five Eyes don't get accidentally snatched due to somebody forgetting to include the rule in their fingerprint. On the other hand, I guess it can also be the other way around: NSA doesn't give a flying fsck about Five Eyes and the policy is to "grab everything, nobody will know anyway"; the "do not include Five Eyes IPs" rule in one of the fingerprints would then be an overzealous technician including it in the fingerprint because they thought they should ("we don't spy on our friends", etc). Fun stuff either way. -- Pozdr rysiek