Yes, the whole thing is really sad 
There are 2 main ways to leave.
- Have a remote job in Russia and live in a less developed visa-free country (most popular: Kazakhstan, Armenia, Georgia, Turkey, Serbia, Vietnam, Thailand etc.)
- Get a job in a better country (mainly Western EU/US/UK/Canada)
Both require a highly skilled occupation but especially the second option. Developers, data scientists, engineers, higher level management, academics have a good chance of getting positions and they sure take that chance 
Western perspective is a bit extreme! If you imagine that everyone is scared to share their beliefs with strangers bc they might get in trouble, that’s not true! You have to be a loud political activist to get in trouble for your beliefs. As an example, I studied and then taught in a top Russian university; we always made jokes about the regime during classes (if the topic came up) bc we assumed that everyone is anti-Putin. These days people are a bit more cautious talking about the war in formal settings but not with friends or strangers in informal circumstances.
However, I have a more privileged perspective bc I’m from Moscow (richest city with the most opportunities) and have a good education. Someone from a smaller town/less educated environment might face more social repercussions for their anti-Putin beliefs (e.g. friends thinking they’re weird for not supporting the war) but not legal repercussions. Those, as I’ve said, are typically reserved to activists and public figures who don’t toe the line.
Generally speaking most secure networks have some kind of pcap log for a short period of time for reviewing things that do get flagged. They still also have more meta data than most people seem to think. A fp can still trigger an alert and have it store data on your connection unintentionally. If you really want to not be tracked the payment can’t be linked to you and you have to come from another IP that is not directly connected to you. (Hardware included) It’s funny the “privacy” people think they have using a VPN. It will basically prevent you from getting flagged for pirating. Anything more serious and it will not. I’ve tracked people using vpns. Its not that hard.
Naw man people don’t have active captures until after an investigation starts. Pcaps use too much CPU to just leave running.
lol you can’t have an active capture after the investigation starts. That’s like asking for video recordings after the bank got robbed and didn’t have cameras. A network sensor at the very least on the edge doing full pcap or it’s a trash network.
This is my professional opinion.
More nonsense. Common practice is to set up a capture after you begin investigating and look to reproduce the issue. This has no effect on the quality of the network. Fiber is still fiber whether you’re capturing or not.
lol you have no idea what you’re talking about. People like you make networks too easy to run through.
Look up what security onion is or what a gigmon is. Just because you have never seen a secure network you can’t comprehend one.
You’re assuming VPN services run their network like Microsoft or Palo Alto, it’s silly.
lol gigmon is a device to duplicate network traffic. Security onion isn’t technically a “SIEM”. The things I recommend disprove the concept that no one captures PCAP data.
Happy to further explain if you’re still a bit confused though.
Fundamentally speaking securing a network follows the same best practices.
I’m not assuming anything. I know for a fact how a good majority of them operate.
Also a tip the real reason pcap is limited is disk space. Not CPU
More nonsense, CPU consumption is a major problem with pcaps.
That’s like calling a car an engine. It contains a SIEM in the elastic stack alone technically. It’s not however what it‘s considered.
I’ll be sure to let Doug know though.
I think you’re confused on what I stated.
Everyone has a risk profile and you don’t spend more to secure a network than it’s worth.
I only stated a secure network. I simply don’t think a network without at the very least full pcap at the edge is secure. It needs a lot more than that of course but it tells me what I need to know about the organization security posture.
I think you’re a bit confused on capture vs processing. Even then only misconfiguration makes it CPU bound.
