Mastodawn

Kris Vandermotten Jan 29

We knew this was coming, but now the clock is running. From Privacy International:

"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."

"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."

PI linked to and summarized a Federal Register entry describing the proposed requirements:

-All visitors must submit ‘their social media from the last 5 years’

-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.

https://www.privacyinternational.org/news-analysis/5713/trump-administration-wants-your-dna-and-social-media

The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.

Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf

@briankrebs 🤦🏻‍♀️

David J. Atkinson Jan 26

@briankrebs @anja Soon this will apply to American citizens.

You S Blues Jan 26

@meltedcheese @briankrebs @anja Agreed. I would expect that to either leave or return.

Oliver Jensen Jan 26

as someone who has been using unique email addresses for every service, I look forward to submitting several hundred addresses.

Derick Rethans Jan 26

@ojensen @briankrebs Do you even remember them all? I certainly don't.

Oliver Jensen Jan 26

@derickr @briankrebs most of them, since they're in a big list in my email provider. Doubtless there's a few that I've deleted, though, so to be safe I'll need to add a bunch of maybes to the list.

Eric Phelps Jan 26

@derickr @ojensen @briankrebs Password managers! They can hold unique email addresses as well as the expected passwords and user names. Every account should have all three of those unique.

Gmail, firefox, duck, and pretty much all commercial email providers let you generate more email addresses than you'll ever need. Having hundreds of active email addresses is a normal thing. I tell myself that 😏.

@ericphelps
Tagged email addresses accomplish much the same thing!

Eric Phelps Jan 26

@rbos I pre-generated a thousand email addresses, registered them with my email provider, and loaded them into my password manager. They're ready to go for new accounts with a simple rename.

The whole "tagging" thing with Gmail is one of those theoretical things I know about but have never done.

@ericphelps
That is a delightfully over-engineered solution and it definitely works well. Tagged addresses are going to be inferior but much simpler. Also spammers would be looking for tagged addresses.

As to how, just add +string to the username of a Gmail address. It'll go to your main box. Easy to filter if needed.

Many email servers support that syntax. Others like qmail use -string.

Jonathan McKeown Feb 9

@rbos @ericphelps Interesting: I could have sworn that once upon a time, if there was a mailbox name corresponding to the part after the +, Google would deliver mail into that mailbox. Experiment says no. Maybe I'm confusing it with email setups I tended to in my sysadmin days, where I made sure that worked.

@thetruejona I just sent a test email to [email protected] and it worked, forwarded the email just fine to my regular address.

edit: Oh, unless you meant like, a sub-folder in gmail with that name. Never tried that.

Jonathan McKeown Feb 9

@rbos Oh it works to the extent that adding a plus part has no effect on delivery to the inbox (I also tested). What I remember (and what I certainly set up when I was adminning email) was that [email protected] would look for a mail folder belonging to user and called foo, and deliver direct into that mail folder if it existed.

@thetruejona I guess you'd have to set up a filter for that matching against To. That does sound like a useful feature to have by default without special setup.

Jonathan McKeown Feb 9

@rbos Yes. I'm going back a ways, but I first implemented it on a sendmail and Cyrus IMAP setup. It involved a couple of minor changes on the sendmail side (essentially ignoring the plus part during incoming address rewriting and then adding it back to the final delivery address); and a permission change, adding the p permission to mail folders to allow delivery on the Cyrus side. I'm fairly sure we did it at my next employer too, with exim and Cyrus. It Just Worked for every user

@ericphelps @derickr @ojensen @briankrebs Then you won't be allowed in the country.

the hatter Feb 9

@ericphelps @derickr @ojensen @briankrebs Password managers are also a good place to store your date of birth - if, somehow, different sites seem to think you have different DoBs

@ojensen @briankrebs
That’s what I thought!

Bernard Sheppard Jan 26

@briankrebs @ojensen as someone who has no intention of entering the US under the current administration or any semblance of it, I too look forward to... checks notes... submitting 658 active email addresses

Bernard Sheppard Jan 26

@briankrebs @ojensen and that is not counting duck duck go email addresses, of course...

Alun Jones Jan 26

@ojensen @briankrebs my website generates time-limited email addresses. The key for generating them is the time to millisecond accuracy i.e. I'm accumulating 1,000 new addresses every second. About 4 billion since I put this system in place.

SaanichGuy 🇨🇦🇨🇦Jan 26

@briankrebs no travel to the US dictatorship

Boycott US

Maximilian Overdraft, Esq.Jan 26

@SaanichGuy @briankrebs US boycott US too. General strike.

Elisabeth M Jan 26

@aka_quant_noir @SaanichGuy @briankrebs funny thing is imagining how upset they would be if literally every person left the US. Can you imagine their confusion

"Guys ... but guys, I ... need someone here to order around."

Mark Hahn Jan 26

@independentpen @aka_quant_noir @SaanichGuy @briankrebs
That's the thing: a surprising number of Americans want to be submissives ordered around by Strict Father.

Ketakater Jan 26

@markhahn @independentpen @aka_quant_noir @SaanichGuy @briankrebs That was our job back then. You know... Best regards from a German.

Maximilian Overdraft, Esq.Jan 26

@independentpen @SaanichGuy @briankrebs

We don't need to leave the US. Just it's economic system. Stop honoring debt. Stop paying taxes. Set up extremely robust mutual aid.

The strength of our communities should be measured by how deeply in each other's business we can get, such that nobody fails or is left alone to suffer.

arrakeen_urbanite Jan 26

@briankrebs If this happens, the EU should impose similar restrictions on U.S. citizen travelers.

Elisabeth M Jan 26

@arrakeen_urbanite @briankrebs that would definitely suck for us citizens, but our government would not care. Punch them, not us

Compassionate Crab Jan 26

@arrakeen_urbanite @briankrebs

And for everyone's safety, require vaccinations. Maybe do mandatory drug tests, too.

@arrakeen_urbanite @briankrebs No, just to people with private jets or diplomatic passports.

H.Lunke & Socke Jan 26

@arrakeen_urbanite @briankrebs

only on politicians

Offbeatmammal Jan 26

@arrakeen_urbanite @briankrebs not all, start by declaring ICE a terror organisation and refusing to allow anyone who works for it to travel, and then target members of the Administration specifically.

@arrakeen_urbanite @briankrebs Then people who are escaping will have to find refuge outside Europe.

@arrakeen_urbanite @briankrebs Remember when Europe refused to take Germany's Jews? What happened to them next?

Möchtegern Jan 27

@arrakeen_urbanite @briankrebs No. Let them travel. Let them come. Let EU be a safe haven for anyone wanting to flee Drump Country.

I’m really worried that the idea that cultural exchange stops is one of the prime targets of the current US „administration“. Don’t help them achieve this goal of Northkoreanification

@arrakeen_urbanite @briankrebs wouldn’t that help these people in validating their own imposed restrictions?

“See! They thought it such a good idea they can’t wait to follow our lead, copying what we did first.”

Fjord In Progress Jan 27

@arrakeen_urbanite @briankrebs making it that much harder for people to flee from the country

Henrik Fossan Jan 26

@briankrebs
Probably, some secret plans. Included AI, control. I get, that, they wish.. not yet. Crack the, egg.

Toast, Anonymous Fedi Fungus Jan 26

@briankrebs I wish people understood how important the Federal Register is to how law is made. The government has to consider comments and if they fail to consider them seriously you can sue to block a regulation. The more people who comment with serious objections to a rule, the harder it is for the government to implement that rule. It’s an under appreciated avenue for direct democracy and direct action. If there’s an issue you care about, you can follow that on the FR

Infosec StuC Jan 26

@ShiitakeToast new rule: "Anyone submitting an objection to the federal register must first provide 5 years social media, all email addr...."

The only way to win is not to play.

ShadSterling Jan 26

@ShiitakeToast @briankrebs how can we submit comments on this proposal?

@briankrebs @ShiitakeToast

Sure, but we can all see that this administration completely ignores the law.

Of course, people should submit their concerns.

Rich Stein (he/him)Jan 26

@briankrebs
Seems like a good time — unfortunately — for those outside the US to #boycott major sporting events like the #WorldCup, #LAOlympics, etc. There is no way to guarantee the safety of travelers from abroad — just as there is no way to guarantee the safety of US citizens — until these fascists, goons, grifters and thugs are out of office. Sad.

cognitively accessible math Jan 26

@RunRichRun @briankrebs Pro sports are such a racket, anyway.... Imagine if 1 tenth of those dollars went to charity or ... mutual aid in ICE targets....

@briankrebs If the EU were any use, it would protect my fucking Email from being handed over to the USA by any idiot family member who thinks it's an ok idea to travel to the USA. I'm sure they'll be fine with it.

@Giliell @briankrebs If you didn't consent I think it would be contrary to GDPR to give it.

@annehargreaves @briankrebs Yeah, but that's only good if it's being enforced.

Elisabeth M Jan 26

@briankrebs do not come here

@briankrebs So who own stock in Zoom?
Anyway, this is more info than I had to provide to get a TS clearance.

Tanquist Jan 26

@briankrebs
I wonder if bigwigs in the US hospitality industry will be submitting any comments.

David Scott Moyer Jan 26

@farbel @briankrebs is CPB a typo for CBP, or the actual address is CPB_PRA ? CPB dhs gov goes nowhere.

David Scott Moyer Jan 26

@faraiwe @briankrebs I changed it and got this:

Bart Teeuwisse ❄️🇺🇦Jan 26

@farbel @faraiwe @briankrebs Even with a valid email address DHS doesn't want to accept my feedback.

David Scott Moyer Jan 26

@bartt @faraiwe @briankrebs exactly. It's bullshit like everything else they do and say.

David Scott Moyer Jan 26

@bartt @faraiwe @briankrebs well they officially opened mine. Waiting for the blowback.

@farbel @bartt @briankrebs suspense is killing me

David Scott Moyer Jan 26

@faraiwe @bartt @briankrebs I don't plan to go back to the US til June. A lot can happen before then.

David Scott Moyer Jan 26

@faraiwe @briankrebs From the linked DHS document: