We knew this was coming, but now the clock is running.
-
@farbel @briankrebs is CPB a typo for CBP, or the actual address is CPB_PRA ? CPB dhs gov goes nowhere.
@faraiwe @briankrebs From the linked DHS document:
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs So given you have to go through US immigration/customs even if just transiting through the US, this is also going to impact US Airlines, as who wants to turn over all that data even if just spending a few hours air side on the way to some where else?
-
@briankrebs I would be unable to comply, even if I wanted to (and hell, I don't want to).
I regularly use unique Email addresses and not all of them are documented. I guess that 5 years means 500+ email addresses.
HaveIBennPwned quite often informs me, how wise that move is
. Do they allow wildcards in email addresses?There are several more "no go" points in that text. And if a relative would hand out any information about me, I would consider that a breach of trust. So I won't do that either.
I think any person wanting to visit the U.S. at the current state must be completely nuts.
@masek @briankrebs Who even knows all of the profiles, phone numbers, emails etc their relatives use? Like you, I wouldn't even be able to provide my own even if I wanted to.
This seems like it's only meant to stifle free speech/ intimidate and to create probable cause if you want to go after someone. Because nobody will be able to fully comply
-
I'm British, white, male, aged 60-ish.
Prior to February 2016 I typically visited the USA 3 times a year for up to six weeks.
Since February 2016 I have visited the USA twice in a decade, for a total of 10 days.
Entering the USA as a foreigner, with a Republican POTUS in the White House, *never* felt safe, but under Trump it looks diabolically dangerous. (And to a glance I resemble "one of them": I'm not female or dark-skinned.)
@cstross @briankrebs Living here is not a walk in the park at this point...
I'd never ask anybody to travel here now. I'm glad I'm no longer in the events-organizing part of tech -- I couldn't host anything anywhere in the U.S. if it required people to come from outside.
Not our largest problem right now, but it's a fairly nasty symptom.
-
@briankrebs I wish people understood how important the Federal Register is to how law is made. The government has to consider comments and if they fail to consider them seriously you can sue to block a regulation. The more people who comment with serious objections to a rule, the harder it is for the government to implement that rule. It’s an under appreciated avenue for direct democracy and direct action. If there’s an issue you care about, you can follow that on the FR
@ShiitakeToast new rule: "Anyone submitting an objection to the federal register must first provide 5 years social media, all email addr...."
The only way to win is not to play.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs Not visiting any time soon, but FUCK NO!
-
@arrakeen_urbanite @briankrebs No, just to people with private jets or diplomatic passports.
-
@briankrebs Why would anyone want to travel to the US. Use a burner phone
@CaptMorgan How in the world would using a burner phone help with any of this?
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs Data privacy aside, how would I know that this info wouldn't just find its way out onto the dark web for sale? I already gave up everything including my arsehole print to these fucks so that's one party who shouldn't have it already but that shouldn't mean I want it distributed more widely. Feels deeply unworkable for essentially having every bit of info that a fraudster could destroy my life with.
-
I'm British, white, male, aged 60-ish.
Prior to February 2016 I typically visited the USA 3 times a year for up to six weeks.
Since February 2016 I have visited the USA twice in a decade, for a total of 10 days.
Entering the USA as a foreigner, with a Republican POTUS in the White House, *never* felt safe, but under Trump it looks diabolically dangerous. (And to a glance I resemble "one of them": I'm not female or dark-skinned.)
@cstross@wandering.shop @briankrebs@infosec.exchange it doesn't just look dangerous, it looks actually impossible (legally) for many of us if that goes through. I don't have access to all of the information they're asking for even if I did want to give it to them (which I don't).
-
@briankrebs
Seems like a good time — unfortunately — for those outside the US to #boycott major sporting events like the #WorldCup, #LAOlympics, etc. There is no way to guarantee the safety of travelers from abroad — just as there is no way to guarantee the safety of US citizens — until these fascists, goons, grifters and thugs are out of office. Sad.@RunRichRun @briankrebs Pro sports are such a racket, anyway.... Imagine if 1 tenth of those dollars went to charity or ... mutual aid in ICE targets....
-
@cstross @briankrebs Living here is not a walk in the park at this point...
I'd never ask anybody to travel here now. I'm glad I'm no longer in the events-organizing part of tech -- I couldn't host anything anywhere in the U.S. if it required people to come from outside.
Not our largest problem right now, but it's a fairly nasty symptom.
@jzb @cstross @briankrebs Agreed. No one should visit the States now. It's not safe here.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs lmao if they wanted those types of data points on me, they'd have a lot to fish through! I've been using dummy phone numbers, emails, and identities for services for over a decade. I'm talking hundreds of numbers. Thousands of emails. Do they count bots as my social media? Literally gigs of plaintext to sort through. Not to mention I post encrypted blobs in places too.
This is just going to impact our economy negatively. Zero forethought.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs and coupled with immigration law having provisions that classify any kind of omission on an immigration, visa, or entry form as potential immigration fraud and grounds to disqualify the individual from ANY future status = anybody that forgets one email address or social media account they’ve had years ago is suddenly easily turned into an “illegal immigrant” and passed into the jurisdiction of ICE for deportation and potentially a permanent life ban from the US.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
Ha. Fuck America. lol
-
as someone who has been using unique email addresses for every service, I look forward to submitting several hundred addresses.
@ojensen @briankrebs
That’s what I thought! -
@ojensen @briankrebs Do you even remember them all? I certainly don't.
@derickr @briankrebs most of them, since they're in a big list in my email provider. Doubtless there's a few that I've deleted, though, so to be safe I'll need to add a bunch of maybes to the list.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs
Why didn't they just require everyone get chipped also? -
@tdr @independentpen Besides, tit-for-tat international relations rarely works.
If the EU should do anything in response to something like this, make it a reminder that sharing that information without the explicit and informed consent of the data subject is strictly prohibited under the GDPR. And that that includes a third country resident sharing such data as relates to EU data subjects.
-
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
@briankrebs the 2028 Olympics in LA will be fun. No visitors and no athletes from outside.
