We knew this was coming, but now the clock is running.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
"Open air prison…"
Sounds like Trump is taking lessons from Israel to apply at home. Soon they will be sniping the journalists, the bloggers, so no pictures show the world the depths.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs I'm curious: what happens if you get to the checkpoints with a clean disposable phone, no other digital devices, and no email or social media records on hand?
-
@briankrebs so international FOSS orgs will finally stop organising their events in the US! Right? RIGHT!?
-
@briankrebs I'm curious: what happens if you get to the checkpoints with a clean disposable phone, no other digital devices, and no email or social media records on hand?
@AAKL you probably get the kicking room
-
@AAKL you probably get the kicking room
@AlexanderMars I suppose the naive assumption would be that they would let you through anyway, but your answer is more likely.
-
@briankrebs I'm curious: what happens if you get to the checkpoints with a clean disposable phone, no other digital devices, and no email or social media records on hand?
@AAKL @briankrebs It depends...
If you're white they'll just toss you into some prison hellhole with no records and conveniently "lose" you.
If you're any sort of darker skin they'll just shoot you on site.
If you're a billionaire, you'll get sucked off by a mionr.
-
@AAKL @briankrebs It depends...
If you're white they'll just toss you into some prison hellhole with no records and conveniently "lose" you.
If you're any sort of darker skin they'll just shoot you on site.
If you're a billionaire, you'll get sucked off by a mionr.
@r3t3ch @briankrebs Probably not the nuanced approach most people in that position would want to hear. This is the nightmare scenario.
-
@AlexanderMars I suppose the naive assumption would be that they would let you through anyway, but your answer is more likely.
@AAKL @AlexanderMars Differential enforcement based on your appearance, what agent you encounter at the gate, if you pay bribes directly or via some assuredly forthcoming “golden ticket” program (administered by a private contractor likely majority-owned by the first family)…
-
@r3t3ch @briankrebs Probably not the nuanced approach most people in that position would want to hear. This is the nightmare scenario.
@AAKL @briankrebs The streets of Minneapolis and the Epstein files say it's not the possible scenario, it is the reality.
-
@AlexanderMars I suppose the naive assumption would be that they would let you through anyway, but your answer is more likely.
@AAKL better to just not travel to the US under any circumstance. I'm a US citizen, just boycott the USA. What you can't build locally or reverse engineer, pirate.
-
@AAKL @AlexanderMars Differential enforcement based on your appearance, what agent you encounter at the gate, if you pay bribes directly or via some assuredly forthcoming “golden ticket” program (administered by a private contractor likely majority-owned by the first family)…
@cwicseolfor @AlexanderMars This post supports your argument, although it's two-weeks-old and new rules are just coming into effect.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs this is bad. I assume all these data have been collected surreptitiously for years for interesting visitors.
-
I'm British, white, male, aged 60-ish.
Prior to February 2016 I typically visited the USA 3 times a year for up to six weeks.
Since February 2016 I have visited the USA twice in a decade, for a total of 10 days.
Entering the USA as a foreigner, with a Republican POTUS in the White House, *never* felt safe, but under Trump it looks diabolically dangerous. (And to a glance I resemble "one of them": I'm not female or dark-skinned.)
As a middle-aged white American I worry about coming back from out of the country; I have started considering taking burner devices. That’s where we’re at now. I shudder to think what it’s like for people who don’t have my privileges.
-
@cstross @briankrebs Honestly even returning from international travel as a US citizen doesn’t feel safe if you don’t check the right boxes in your personal profile. If I absolutely had to enter the US right now I’d pre-clear in somewhere like Dublin, but the whole thing feels like a crapshoot.
@cstross @briankrebs @complexmath could you tell me more about what the return process is like and what is requested for US citizens? I haven't travelled internationally in 20 years and my company is requesting I travel out of the country to meet international team members who (understandably) don't want to travel to the US right now. But I'm also feeling uncomfortable just leaving and coming back.
-
@ericphelps
That is a delightfully over-engineered solution and it definitely works well. Tagged addresses are going to be inferior but much simpler. Also spammers would be looking for tagged addresses.As to how, just add +string to the username of a Gmail address. It'll go to your main box. Easy to filter if needed.
Many email servers support that syntax. Others like qmail use -string.
@rbos @ericphelps Interesting: I could have sworn that once upon a time, if there was a mailbox name corresponding to the part after the +, Google would deliver mail into that mailbox. Experiment says no. Maybe I'm confusing it with email setups I tended to in my sysadmin days, where I made sure that worked.
-
@rbos @ericphelps Interesting: I could have sworn that once upon a time, if there was a mailbox name corresponding to the part after the +, Google would deliver mail into that mailbox. Experiment says no. Maybe I'm confusing it with email setups I tended to in my sysadmin days, where I made sure that worked.
@thetruejona I just sent a test email to username+asdfjasdjgasd@gmail.com and it worked, forwarded the email just fine to my regular address.
edit: Oh, unless you meant like, a sub-folder in gmail with that name. Never tried that.
-
@thetruejona I just sent a test email to username+asdfjasdjgasd@gmail.com and it worked, forwarded the email just fine to my regular address.
edit: Oh, unless you meant like, a sub-folder in gmail with that name. Never tried that.
@rbos Oh it works to the extent that adding a plus part has no effect on delivery to the inbox (I also tested). What I remember (and what I certainly set up when I was adminning email) was that user+foo@example.com would look for a mail folder belonging to user and called foo, and deliver direct into that mail folder if it existed.
-
@rbos Oh it works to the extent that adding a plus part has no effect on delivery to the inbox (I also tested). What I remember (and what I certainly set up when I was adminning email) was that user+foo@example.com would look for a mail folder belonging to user and called foo, and deliver direct into that mail folder if it existed.
@thetruejona I guess you'd have to set up a filter for that matching against To. That does sound like a useful feature to have by default without special setup.
-
@thetruejona I guess you'd have to set up a filter for that matching against To. That does sound like a useful feature to have by default without special setup.
@rbos Yes. I'm going back a ways, but I first implemented it on a sendmail and Cyrus IMAP setup. It involved a couple of minor changes on the sendmail side (essentially ignoring the plus part during incoming address rewriting and then adding it back to the final delivery address); and a permission change, adding the p permission to mail folders to allow delivery on the Cyrus side. I'm fairly sure we did it at my next employer too, with exim and Cyrus. It Just Worked for every user
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs I hope that the world uses this as a data poisoning opportunity.
If junky data is submitted, this would have the added benefit of making Palantir tools unusable.
