We knew this was coming, but now the clock is running.
-
@r3t3ch @briankrebs Probably not the nuanced approach most people in that position would want to hear. This is the nightmare scenario.
@AAKL @briankrebs The streets of Minneapolis and the Epstein files say it's not the possible scenario, it is the reality.
-
@AlexanderMars I suppose the naive assumption would be that they would let you through anyway, but your answer is more likely.
@AAKL better to just not travel to the US under any circumstance. I'm a US citizen, just boycott the USA. What you can't build locally or reverse engineer, pirate.
-
@AAKL @AlexanderMars Differential enforcement based on your appearance, what agent you encounter at the gate, if you pay bribes directly or via some assuredly forthcoming “golden ticket” program (administered by a private contractor likely majority-owned by the first family)…
@cwicseolfor @AlexanderMars This post supports your argument, although it's two-weeks-old and new rules are just coming into effect.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs this is bad. I assume all these data have been collected surreptitiously for years for interesting visitors.
-
I'm British, white, male, aged 60-ish.
Prior to February 2016 I typically visited the USA 3 times a year for up to six weeks.
Since February 2016 I have visited the USA twice in a decade, for a total of 10 days.
Entering the USA as a foreigner, with a Republican POTUS in the White House, *never* felt safe, but under Trump it looks diabolically dangerous. (And to a glance I resemble "one of them": I'm not female or dark-skinned.)
As a middle-aged white American I worry about coming back from out of the country; I have started considering taking burner devices. That’s where we’re at now. I shudder to think what it’s like for people who don’t have my privileges.
-
@cstross @briankrebs Honestly even returning from international travel as a US citizen doesn’t feel safe if you don’t check the right boxes in your personal profile. If I absolutely had to enter the US right now I’d pre-clear in somewhere like Dublin, but the whole thing feels like a crapshoot.
@cstross @briankrebs @complexmath could you tell me more about what the return process is like and what is requested for US citizens? I haven't travelled internationally in 20 years and my company is requesting I travel out of the country to meet international team members who (understandably) don't want to travel to the US right now. But I'm also feeling uncomfortable just leaving and coming back.
-
@ericphelps
That is a delightfully over-engineered solution and it definitely works well. Tagged addresses are going to be inferior but much simpler. Also spammers would be looking for tagged addresses.As to how, just add +string to the username of a Gmail address. It'll go to your main box. Easy to filter if needed.
Many email servers support that syntax. Others like qmail use -string.
@rbos @ericphelps Interesting: I could have sworn that once upon a time, if there was a mailbox name corresponding to the part after the +, Google would deliver mail into that mailbox. Experiment says no. Maybe I'm confusing it with email setups I tended to in my sysadmin days, where I made sure that worked.
-
@rbos @ericphelps Interesting: I could have sworn that once upon a time, if there was a mailbox name corresponding to the part after the +, Google would deliver mail into that mailbox. Experiment says no. Maybe I'm confusing it with email setups I tended to in my sysadmin days, where I made sure that worked.
@thetruejona I just sent a test email to username+asdfjasdjgasd@gmail.com and it worked, forwarded the email just fine to my regular address.
edit: Oh, unless you meant like, a sub-folder in gmail with that name. Never tried that.
-
@thetruejona I just sent a test email to username+asdfjasdjgasd@gmail.com and it worked, forwarded the email just fine to my regular address.
edit: Oh, unless you meant like, a sub-folder in gmail with that name. Never tried that.
@rbos Oh it works to the extent that adding a plus part has no effect on delivery to the inbox (I also tested). What I remember (and what I certainly set up when I was adminning email) was that user+foo@example.com would look for a mail folder belonging to user and called foo, and deliver direct into that mail folder if it existed.
-
@rbos Oh it works to the extent that adding a plus part has no effect on delivery to the inbox (I also tested). What I remember (and what I certainly set up when I was adminning email) was that user+foo@example.com would look for a mail folder belonging to user and called foo, and deliver direct into that mail folder if it existed.
@thetruejona I guess you'd have to set up a filter for that matching against To. That does sound like a useful feature to have by default without special setup.
-
@thetruejona I guess you'd have to set up a filter for that matching against To. That does sound like a useful feature to have by default without special setup.
@rbos Yes. I'm going back a ways, but I first implemented it on a sendmail and Cyrus IMAP setup. It involved a couple of minor changes on the sendmail side (essentially ignoring the plus part during incoming address rewriting and then adding it back to the final delivery address); and a permission change, adding the p permission to mail folders to allow delivery on the Cyrus side. I'm fairly sure we did it at my next employer too, with exim and Cyrus. It Just Worked for every user
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs I hope that the world uses this as a data poisoning opportunity.
If junky data is submitted, this would have the added benefit of making Palantir tools unusable. -
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs For me: no visites to the US anymore. First a new, blue administration, then a 5 years pause, then I might consider …. but no, I don’t think I’d like to take the risk. I’ll choose Canada.
-
I feel for anyone in the travel, tourism and hospitality industries, which make up ~ 10M jobs and ~ 3 percent of the nation's GDP. From the U.S. International Trade Administration (trade.gov)
"Inbound international travel to the United States plays a vital role in the Nation’s economy and promotes cultural exchange and understanding. Travel and tourism is the largest single services export for the United States, accounting for 22 percent of the country’s services exports and 7 percent of all exports in 2023. The travel and tourism industry contributed $2.3 trillion to the U.S. economy in 2022 (2.97 percent of the country’s GDP), supporting 9.5 million jobs."
@briankrebs Don’t forget all the domestic tourism that isn’t happening. I’m not interested in giving Florida or Texas any of my money, nor are a lot of other Americans.
-
@briankrebs Don’t forget all the domestic tourism that isn’t happening. I’m not interested in giving Florida or Texas any of my money, nor are a lot of other Americans.
@dtm @briankrebs Same for several other states.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs Donald's buddies in the hotel/resort/restaurant/travel/entertainment businesses must be so excited! /s/
I think they'd better hurry up with some ballroom money... -
R relay@relay.infosec.exchange shared this topic
