We knew this was coming, but now the clock is running.
-
The Federal Register entry says comments are encouraged and must be submitted (no later than February 9, 2026) to be assured of consideration.
Probably a silly question (and perhaps I read the privacyinternational.org article too quickly), but how does one, as a random US citizen, provide comment?
I searched the PDF for "respon" to see if there was a URL or similar reference, but one didn't seem to be present?
I guess Amazon won't need to plan for nearly as many attendees at this year's re:Invent (one wonders the impact on other US-hosted conferences, festivals, etc.).@ferricoxide there's an email address listed in the Federal Register entry: CBP_
PRA@cbp.dhs.gov. Submissions have to include the OMB Control Number 1651-0111. -
@briankrebs No way I could comply as I use wildcard email addressed (and have hundreds of domains) meaning I literally use a different email address on every form and web site and have no way to know them all. I have also had allocated to me well over a million phone numbers (as part of a junk call thing) - I could probably get a list of those and see if I can blow up the ESTA web site perhaps. And I have no right to give other people's numbers to the US either - does anyone, legally?
@revk @briankrebs@infosec.exchange
the EU authorities announcing they will arrest anyone returning from FIFA2026 for breaching GDPR will be quite a thing -
@briankrebs This is evil. Just straight evil. I guess the 4th amendment is vapor.
@CrankyOtter
Most likely, when conforted about this point, they will say that the 4th can only be applied to USA citizens.
Then suddently they will forget how to read international treaties about tourists/business trips/scholarships and such... -
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs Ha! LOLs. No freakin' way am I giving them that information.
I'll just travel to Canada instead. Much nicer country. Not fascist.
-
@briankrebs right about now, no one should be going to the USA, the only language the 🟠 understands is money, he really doesn't care about people, no matter who they are.
@TGG303 @briankrebs given the numbers he's spitting, I'd doubt about his general understanding of numbers (and how percentages work).
But one thing sure: he knows how to make it work in his own bank account.
-
@briankrebs Apart from tourism, this is completely counter to GDPR, and any international company that has operations in the US is not going to send employees over. They may reconsider investing in the US. This is so short-sighted and heavy handed, typical of this "Administration".
@pesky_warlock @briankrebs the times a US company violated GDPR rules... after Snowden's statements we shouldn't really expect anything else.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
Looks like #CBP / #ICE is out in Italy doing a little advance work:
"US to send ICE agents to Winter Olympics, prompting Italian anger"
"The governor of Lombardy region, Attilio Fontana, sought to calm the situation, suggesting that ICE agents would be deployed in Italy to protect US Vice President JD Vance and Secretary of State Marco Rubio.Olympics, prompting Italian anger"
Which should be the work of the US Secret Service, last time I heard...
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
the "email addresses used in the last ten years" is ludicrous. I use catch-all email-addresses and hand out concocted addresses liberally. They expect me to remember every "joesblog@mydomain.example.com" address ever used?
And every family-member's phone-number used? I barely remember my wife's phone-number let alone relatives I sporadically call via the phone.
(I mean, the rest is pretty over-the-top too, so the whole "avoid the US" is good advice regardless, but some elements are nigh-impossible)
-
@revk not to mention that the form validation would probably reject that short domain that gives your trouble sometimes
@auxonic Not mentioning the @fuck.me.uk email addresses
-
@briankrebs No way I could comply as I use wildcard email addressed (and have hundreds of domains) meaning I literally use a different email address on every form and web site and have no way to know them all. I have also had allocated to me well over a million phone numbers (as part of a junk call thing) - I could probably get a list of those and see if I can blow up the ESTA web site perhaps. And I have no right to give other people's numbers to the US either - does anyone, legally?
@revk @briankrebs Yeah I'm like you and have used hundreds of different email addresses, depending on context.
And in terms of family telephone numbers, what definition of family are they using, does this include spouse? Children? Siblings? Parents? Cousins? Niblings? I'm not certain I even have some of their phone numbers. What about if said family members are juvenile?
In terms of social media, what counts? Discord? Forums? What if my social media accounts (like FB and LI) is restricted, do I need to give them access to it?
Terrible idea.
-
@revk @briankrebs Yeah I'm like you and have used hundreds of different email addresses, depending on context.
And in terms of family telephone numbers, what definition of family are they using, does this include spouse? Children? Siblings? Parents? Cousins? Niblings? I'm not certain I even have some of their phone numbers. What about if said family members are juvenile?
In terms of social media, what counts? Discord? Forums? What if my social media accounts (like FB and LI) is restricted, do I need to give them access to it?
Terrible idea.
@tautology @briankrebs It is terrible, but there are people with no "social media", and whose phone is in fact a phone not a mobile computer. Would I even get an ESTA if I said I had no social media? And go me a dumb phone.
-
@tautology @briankrebs It is terrible, but there are people with no "social media", and whose phone is in fact a phone not a mobile computer. Would I even get an ESTA if I said I had no social media? And go me a dumb phone.
@tautology @briankrebs To be honest, if I *had* to go to US (like that would happen) it would be worth changing my name, getting a new passport in that uniquely rare name, and getting a totally dumb phone on a totally new number, and going as an "oldie" - or even not having a phone.
-
You have cpb instead of cbp
-
@farbel Did you try to send to cbp_pra@cbp.dhs.gov? Did you get a bounce?
-
the "email addresses used in the last ten years" is ludicrous. I use catch-all email-addresses and hand out concocted addresses liberally. They expect me to remember every "joesblog@mydomain.example.com" address ever used?
And every family-member's phone-number used? I barely remember my wife's phone-number let alone relatives I sporadically call via the phone.
(I mean, the rest is pretty over-the-top too, so the whole "avoid the US" is good advice regardless, but some elements are nigh-impossible)
A quick bit of shell-scripting against my Inbox maildir shows 38 unique addresses just there, and that doesn't consider all the mail in folders.
Digging though the whole mail-tree turns up 461 unique addresses.
find ~/Mail -type f -name '*:*' -print0 |
xargs -0 awk -F" *: *" '/^$/{nextfile} {$0 = tolower($0)} $1 =="to" || $1 == "cc" || $1 == "envelope-to"{print $2}' * |
sed 's/.*<\([^>]*\)>.*/\1/g;s/, */,/g' |
tr , '\012' |
grep $MYDOMAIN |
sort -u |
wc -l -
@auxonic Not mentioning the @fuck.me.uk email addresses
-
@ferricoxide there's an email address listed in the Federal Register entry: CBP_
PRA@cbp.dhs.gov. Submissions have to include the OMB Control Number 1651-0111.@briankrebs@infosec.exchange Ah. Thank you! I was looking for the wrong string. Once I had the email address, I could search for that and get:
ADDRESSES: Written comments and/or suggestions regarding the item(s) contained in this notice must include the OMB Control Number 1651–0111 in the subject line and the agency name. Please submit written comments and/or suggestions in English. Please use the following method to submit comments: Email: Submit comments to: CBP_ PRA@cbp.dhs.gov. FOR FURTHER INFORMATION
-
@jimfl @AAKL @briankrebs not enough ketchup squandered to make up the trillions in tourism impacts over decades.
-
@tautology @briankrebs To be honest, if I *had* to go to US (like that would happen) it would be worth changing my name, getting a new passport in that uniquely rare name, and getting a totally dumb phone on a totally new number, and going as an "oldie" - or even not having a phone.
@revk If you're so lucky as to be able to change your name at all (to my limited understanding it does not even compare between DE and UK for example)
-
@ferricoxide there's an email address listed in the Federal Register entry: CBP_
PRA@cbp.dhs.gov. Submissions have to include the OMB Control Number 1651-0111.@briankrebs@infosec.exchange
Email sent. Hopefully my submission was sufficiently-conformant that it won't end up on the discard-pile. Hopefully, it was adequately-expressive of my perceived personal impacts to actually mean something to whoever reads — though, I guess, at this point, that would be "whatever AI processes" — it.
