We knew this was coming, but now the clock is running. From Privacy International:

"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."

"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."

PI linked to and summarized a Federal Register entry describing the proposed requirements:

-All visitors must submit ‘their social media from the last 5 years’

-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.

https://www.privacyinternational.org/news-analysis/5713/trump-administration-wants-your-dna-and-social-media

The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.

Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf

Oh look: #discord outsourced their age verification to some vendor. You know, the #ageverification that countries like the UK want to make mandatory for basically every online service. And the vendor had a data breach exposing photos of government IDs for 70,000 people.

Do you feel safer? How many children did we protect by exposing the IDs of these 70,000 (presumably) adults? Thanks for taking one for the team, you 70,000 canaries in the #privacy coal mine.

https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service

In honor of Meta's latest announcement, a thread on 175 years of 3D failure.

Let's first go all the way back to 1851 with the Brewster Stereoscope. No less a person than Queen Victoria was impressed, kicking off a fad that quickly sold over 250,000 units. Turns out it was not the future of photography.

1/

trade offer

you receive: SMB3-like gay foxgirl platformer, turn-based roguelike starring an agender body snatching imp, adorable hat based puzzle game, and an SMB1-like platformer with fiesty fox girl protagonist

we receive: $20 and the ability to survive the winter

https://itch.io/s/169922/kitsune-games-bundle

There is some chatter about a CA mis-issuing a certificate for 1.1.1.1. https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/SgwC1QsEpvc/m/0V_VMV7uAgAJ

This CA (https://crt.sh/?caid=201916, only ~300 certs) is only trusted by (1) the Microsoft root program, and (2) the eIDAS QWAC trusted list.

MS has not been actively managing their root program for years now, and the EU wanted to push theirs on browsers with much better ones.