We knew this was coming, but now the clock is running.
-
@briankrebs Apart from tourism, this is completely counter to GDPR, and any international company that has operations in the US is not going to send employees over. They may reconsider investing in the US. This is so short-sighted and heavy handed, typical of this "Administration".
@pesky_warlock @briankrebs the times a US company violated GDPR rules... after Snowden's statements we shouldn't really expect anything else.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
Looks like #CBP / #ICE is out in Italy doing a little advance work:
"US to send ICE agents to Winter Olympics, prompting Italian anger"
"The governor of Lombardy region, Attilio Fontana, sought to calm the situation, suggesting that ICE agents would be deployed in Italy to protect US Vice President JD Vance and Secretary of State Marco Rubio.Olympics, prompting Italian anger"
Which should be the work of the US Secret Service, last time I heard...
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
the "email addresses used in the last ten years" is ludicrous. I use catch-all email-addresses and hand out concocted addresses liberally. They expect me to remember every "joesblog@mydomain.example.com" address ever used?
And every family-member's phone-number used? I barely remember my wife's phone-number let alone relatives I sporadically call via the phone.
(I mean, the rest is pretty over-the-top too, so the whole "avoid the US" is good advice regardless, but some elements are nigh-impossible)
-
@revk not to mention that the form validation would probably reject that short domain that gives your trouble sometimes
@auxonic Not mentioning the @fuck.me.uk email addresses
-
@briankrebs No way I could comply as I use wildcard email addressed (and have hundreds of domains) meaning I literally use a different email address on every form and web site and have no way to know them all. I have also had allocated to me well over a million phone numbers (as part of a junk call thing) - I could probably get a list of those and see if I can blow up the ESTA web site perhaps. And I have no right to give other people's numbers to the US either - does anyone, legally?
@revk @briankrebs Yeah I'm like you and have used hundreds of different email addresses, depending on context.
And in terms of family telephone numbers, what definition of family are they using, does this include spouse? Children? Siblings? Parents? Cousins? Niblings? I'm not certain I even have some of their phone numbers. What about if said family members are juvenile?
In terms of social media, what counts? Discord? Forums? What if my social media accounts (like FB and LI) is restricted, do I need to give them access to it?
Terrible idea.
-
@revk @briankrebs Yeah I'm like you and have used hundreds of different email addresses, depending on context.
And in terms of family telephone numbers, what definition of family are they using, does this include spouse? Children? Siblings? Parents? Cousins? Niblings? I'm not certain I even have some of their phone numbers. What about if said family members are juvenile?
In terms of social media, what counts? Discord? Forums? What if my social media accounts (like FB and LI) is restricted, do I need to give them access to it?
Terrible idea.
@tautology @briankrebs It is terrible, but there are people with no "social media", and whose phone is in fact a phone not a mobile computer. Would I even get an ESTA if I said I had no social media? And go me a dumb phone.
-
@tautology @briankrebs It is terrible, but there are people with no "social media", and whose phone is in fact a phone not a mobile computer. Would I even get an ESTA if I said I had no social media? And go me a dumb phone.
@tautology @briankrebs To be honest, if I *had* to go to US (like that would happen) it would be worth changing my name, getting a new passport in that uniquely rare name, and getting a totally dumb phone on a totally new number, and going as an "oldie" - or even not having a phone.
-
You have cpb instead of cbp
-
@farbel Did you try to send to cbp_pra@cbp.dhs.gov? Did you get a bounce?
-
the "email addresses used in the last ten years" is ludicrous. I use catch-all email-addresses and hand out concocted addresses liberally. They expect me to remember every "joesblog@mydomain.example.com" address ever used?
And every family-member's phone-number used? I barely remember my wife's phone-number let alone relatives I sporadically call via the phone.
(I mean, the rest is pretty over-the-top too, so the whole "avoid the US" is good advice regardless, but some elements are nigh-impossible)
A quick bit of shell-scripting against my Inbox maildir shows 38 unique addresses just there, and that doesn't consider all the mail in folders.
Digging though the whole mail-tree turns up 461 unique addresses.
find ~/Mail -type f -name '*:*' -print0 |
xargs -0 awk -F" *: *" '/^$/{nextfile} {$0 = tolower($0)} $1 =="to" || $1 == "cc" || $1 == "envelope-to"{print $2}' * |
sed 's/.*<\([^>]*\)>.*/\1/g;s/, */,/g' |
tr , '\012' |
grep $MYDOMAIN |
sort -u |
wc -l -
@auxonic Not mentioning the @fuck.me.uk email addresses
-
@ferricoxide there's an email address listed in the Federal Register entry: CBP_
PRA@cbp.dhs.gov. Submissions have to include the OMB Control Number 1651-0111.@briankrebs@infosec.exchange Ah. Thank you! I was looking for the wrong string. Once I had the email address, I could search for that and get:
ADDRESSES: Written comments and/or suggestions regarding the item(s) contained in this notice must include the OMB Control Number 1651–0111 in the subject line and the agency name. Please submit written comments and/or suggestions in English. Please use the following method to submit comments: Email: Submit comments to: CBP_ PRA@cbp.dhs.gov. FOR FURTHER INFORMATION
-
@jimfl @AAKL @briankrebs not enough ketchup squandered to make up the trillions in tourism impacts over decades.
-
@tautology @briankrebs To be honest, if I *had* to go to US (like that would happen) it would be worth changing my name, getting a new passport in that uniquely rare name, and getting a totally dumb phone on a totally new number, and going as an "oldie" - or even not having a phone.
@revk If you're so lucky as to be able to change your name at all (to my limited understanding it does not even compare between DE and UK for example)
-
@ferricoxide there's an email address listed in the Federal Register entry: CBP_
PRA@cbp.dhs.gov. Submissions have to include the OMB Control Number 1651-0111.@briankrebs@infosec.exchange
Email sent. Hopefully my submission was sufficiently-conformant that it won't end up on the discard-pile. Hopefully, it was adequately-expressive of my perceived personal impacts to actually mean something to whoever reads — though, I guess, at this point, that would be "whatever AI processes" — it. -
@klefstadmyr @auxonic % No match
-
@revk If you're so lucky as to be able to change your name at all (to my limited understanding it does not even compare between DE and UK for example)
@wink In theory in UK my name is what I say it is.
I cannot find much definitive stuff on legally holding multiple concurrent names, but that does happen to some extent I think in UK.
We don't, in theory, have "legal name" as a concept in UK, but UK gov would love if we did, so some things sort of do.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs
Will it be the same on the land border like Canada towards USA and USA towards Mexico? Some country requires data to quit the country. -
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs I guess it's time for me to up the rhetoric against this fascist regime we're living under. This is no longer the free country that we once had, but now it is a police state. This treatment of people visiting this country is absolute proof of this.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs I mean, it's not like *this* is suddenly the reason for me not to want to visit.
Never been, never will. The act that these days they wouldn't let my trans ass in anyways is of no consequence.
I'll continue to enjoy beautiful Canada, not to mention all the places in Europe I've already visited and will again in the future. Would love to see more of the world too, the USA can eat a dick though.
