> Subject to applicable law, Comcast may disclose information generated by your WiFi Motion to third parties without further notice to you in connection with any law enforcement investigation or proceeding, any dispute to which Comcast is a party, or pursuant to a court order or subpoena.
Sounds like, at least in some limited circumstances (using the provided WiFi AP, having this feature turned on, etc), ISPs are going to be able to tell law enforcement/courts whether anyone was home at a certain time or not.
The solution here shouldn't be technical; it should be legal.
If we rely on the technical path, Comcast can achieve the same by how many active IPv6 addresses are in use. Even if you aren't using your phone, the device is going to be constantly pinging services like email, and your ISP can use that to piece together how many people are at home.
If we rely on legal protection, then not only Comcast, but all ISPs will be prohibited from spying on their customers. Ideally the legislation would be more broad and stop other forms of commercial/government surveillance, but I can't imagine a world where Congress could actually achieve something that widely helpful for regular citizens.
We suffer from a problem that engineers want nothing to do with politics. I 1000% agree we need a digital bill of rights. It pains me every time a “well behaved” website pops up a cookie consent banner for the billionth time after I already consented because the browser wiped all the persistent user identifiers available to it. For my protection -_-
I want privacy codified in human law. I didn't vote for standards bodies to pave the road to hell by removing every goddamned persistent handle we can find from existence. I didn't vote for the EU to reinvent an internet worse than popup ads by attacking the symptoms not the cause. I would rather have the internet of the 2000s back in a heartbeat than keep putting up with shitty “technical solutions” to corporations having too much power at scale. I don’t care if people break the law: prosecute them when they do and make the punishments enough to deter future law breakers.
There is absolutely something civilized beyond a lawless advertising wild west where the technical solution is to all be masked Zorros.
Why is it that if someone said “we need a legal solution to gun violence” the people that say “no we need a technical solution all people should wear kevlar and carry 9mm pistols” are considered the lunatics but when we ask for a legal solution to rampant non-consensual tracking for the purpose of indoctrinating the consumer class with propaganda we all laugh and say bah the solution must be technical? I don’t get it.
> The solution here shouldn't be technical; it should be legal.
I disagree. Solutions should be technical whenever possible, because in practice, laws tend to be abused and/or not enforced. Laws also need resources and cooperation to be enforced, and some laws are hard to enforce without creating backdoors or compromising other rights.
"ISPs will be prohibited from spying on their customers" doesn't mean ISPs won't spy on their customers.
> The solution here shouldn't be technical; it should be legal.
The parent commenter was highlighting that law enforcement can compel them to provide the data.
The customer has to opt-in to WiFi motion sensing to have the data tracked. If you see something appear in an app, you should assume law enforcement can compel the company to provide that data. It's not really a surprise.
> If we rely on legal protection, then not only Comcast, but all ISPs will be prohibited from spying on their customers.
To be clear, the headline on HN is editorialized. The linked article is instructions for opting in to WiFi motion sensing and going through the setup and calibration. It's a feature they provide for customers to enable and use for themselves.
> The solution here shouldn't be technical; it should be legal.
I expect more than a few commenters here will disagree with you. Some rather vehemently.
To those that do so, I'd encourage you to read the novel Attack Surface by Cory Doctorow. While it's fiction, in the book, Doctorow makes a pretty compelling argument for the notion that when it comes to privacy, we can't win by "out tech'ing" the governments and corporations. We're simply too heavily out-resourced. If I'm interpreting his message correctly, he is saying basically what Josho is saying here: that we have to use the political/legal system to get the privacy protections that we care about enshrined into law and properly enforced.
Now, is that going to be easy? Hell no. But after reading the book I was largely sold on the idea, FWIW. That said, the two approaches aren't necessarily mutually exclusive. But I do believe that those of us who care about privacy should focus more on using our (knowledge|skills|resources) to try to foster change through politics, than on trying to beat "them" with better tech.
YMMV, of course. But if you haven't read the book, at least consider giving it a shot. Probably Doctorow makes the argument better than I can.
> The solution here shouldn't be technical; it should be legal
Technical solutions tend to last longer. Legal solutions have a habit of being ignored when they become inconvenient.
The legal default should be that collecting this sort of data should always be illegal without informed consent and never used beyond the remit of that consent. As inconvenient as it sometimes is, the world needs GDPR.
The solution can be technical, but only if it is also sneaky. Blocking or disallowing certain information is one thing but making that information worthless is better. A simple AI agent could pretend to ping all sorts of services. It could even do some light websurfing. This fake traffic would nullify any value from the real traffic, destroying the market that feeds this surveillance industry.
I see a UI that allows homeowners to fake certain people being in the house when they are not, either replaying traffic or a selection of generic bots that mimic the traffic of various cohorts.
you cant tell most of those things because same ip doesnt coorespond to a unique service and plenty of programs and websites phone to servers where addresses have changed. there is no static database.
you also cant associate it to a person automatically. the burden of proof is high - how many jurors have tech at home they know nothing about and maybe got hacked?
Comcast has remote control of all of their equipment so they will just turn it on for you if they get a court order or a big enough check from an adtech company.
Wifi imaging is a bit like a silhouette and generally accurate enough to work out gait and height which could give a good indication of which people are in what locations in a home. That is some very scary power in the hands of a corpo.
More scary in the hands of the government. Whether you didn’t trust the prior US government or this one - which pretty much covers the entire population - that’s the folks that shouldn’t have this technology at their disposal. I struggle to see a use a corporation will have for this even extending ad tech to the maximum potential. The most useful application is surveillance for political purposes - in the current government, how better to cross reference with the uber database of people they are building to enact political policy to know when people they want to disappear to a foreign prison? This provision doesn’t even seem to require a warrant.
they only have some level of control over DOCSIS modem.
if you install the cheapest/simplest DOCSIS modem, and connect it to your own wireless access point that is NOT controlled by Comcast - they wont know anything.
They will only see traffic coming from 1 local IP - of your wireless AP
You can turn the customer AP off; however, the Comcast Customer Shared WiFi is always on. This is true even for Comcast Business accounts. You're expected to be a hotspot for their other customers.
Which is one of the main reasons I bought my own modem.
buy your own DOCSIS modem from Amazon and your own wireless AP. Separate AP is needed, because Comcast has some form of control over DOCSIS modem (they can reboot and send config to your modem)
Is this true if the modem/router/AP is in bridge mode (so acting as just a modem)? They would have to essentially provision 2 IPs per customer in that case, I wonder if they just don't bother.
WiFi can also be used to detect heartrate and breathing, which can leak additional ad-targeting information related to activity, arousal, or agitation.
You should assume that any information a company has about you will be turned over to law enforcement in that case. They don’t have a choice, they’re required to cooperate.
The purpose of that clause isn’t to allow them to cooperate with law enforcement. That’s a given. It’s to avoid problems with you when they do, so they have something to point to and say “we did warn you.” Law supersedes private contracts. They could write “we will never give your information to law enforcement” but all that means is that they’ll be forced to break the contract when that happens.
> Sounds like, at least in some limited circumstances (using the provided WiFi AP, having this feature turned on, etc), ISPs are going to be able to tell law enforcement/courts whether anyone was home at a certain time or not.
Kind of, but I'll bet most homes would frequently also appear "empty" any time the occupants are asleep. Not everyone gets up to go to the bathroom in the middle of the night.
It’s tricky when privacy gets tangled with law enforcement requests. If you want better control over your data, tools like HiFiveStar can help you monitor what’s being shared. It made me feel a bit more on top of my online footprint.
Law enforcement could tell whether you're home at certain time or not for decades before WiFI Motion. However with WiFi motion, if you're in some kind of a big building, like a hotel or huge office building, they will be able to tell exactly the room number and spot you're occupying.
Couldn’t you do this already? I have an electric meter on the side of my building with a public facing display of kwh usage. The water company has a similar hookup for measuring flow. Both could be used to determine occupancy in theory.
Just don't use your vendor's hardware. Get a cheap cable modem and hang whatever infra you want on the other side. Get a hardware VPN like the Velocloud. Using your ISP's equipment is like using their SMTP.
Curious: What about adding a small battery powered WiFi device to your dogs collar? Would that look like a person moving around the house? What about a WiFi controlled mini drone that flew around you house?
This technology doesn't rely on you actually having a WiFi device on you. It can detect presence/motion by changes to the standing waves of the EM propagation throughout the room.
As the salty water meatbags move from room to room we change how the reflections and scattering patterns of 2.4 and 5GHz waves move. Studying these changes and some calibration, you can even determine small changes (like is the person on the left side of the room breathing, are they standing or prone, etc).
In their docs, they show using the WiFi connection from a printer to determine motion sensing and have the option to exclude pets.
> If you’d like to prevent your pet’s movement from causing motion notifications, you can exclude pet motion in your WiFi Motion settings by turning on the Exclude Small Pets feature.
> Motion is detected based on the amount of signal disruption taking place between the Xfinity Gateway and your selected WiFi-connected devices, so motion from small pets (around 40 pounds or less) can be filtered out while keeping you notified of large movements more likely to be caused by humans.
It's basically passive radar using the wifi bands as the reflection AFAIK. It doesn't seem to be about the active state of devices, but the deflections in known points. It's creepy.
I was thinking of attaching a wifi enabled device to a roomba if you wanted to appear to be home when you weren't. I would hope, though, that doing something like this wouldn't be illegal. It's your home, your stuff, etc. Besides, I don't want to get arrested for leaving a rotating fan on or something.
Would be curious how that works with larger family with pets. Depending on the week we're 5-7 people and 2-4 dogs. With a single AP the noise beyond "something happened" would be pretty rough I think.
“Comcast does not monitor the motion and/or notifications generated by the service.”
Sounds like the above claim amounts to nothing more than, “trust me bro.” Or, rather, that that nothing stops them from monitoring it, other than the cost, as they haven’t monetized it yet.
If they have access to your router and its logs, they can simply check whether your mobile device was in WiFi range at that time.
Sure, mobile devices can be turned off, but at that point, so can routers.
In 99.9% of circumstances, it's a "nothing burger" from a law enforcement perspective, except maybe for detecting actual crime occurring when no residents are home.
definitly an atrocious violation of privacy, but in reality discerning between an animal, something blowing in the wind, and a person moving would be very hard without a dedicated calibrated array for that to hold up in court. I'm aware they have "exclude animal" but theres no way its at all accurate.
Using your mobile data and internet traffic is far easier and already deeply integrated into off the shelf law enforcement products. Those progams are even more terrifying than this by an order of magnitude.
I've been telling people for ages to not trust ISP provided hardware. Notice the vague language here which means they reserve the right to share private information for anything that might be called an investigation, or for any dispute which includes them (didn't pay your bill?), or a subpoena.
Subject to applicable law, Comcast may disclose information generated by your WiFi Motion to third parties without further notice to you in connection with any law enforcement investigation or proceeding, any dispute to which Comcast is a party, or pursuant to a court order or subpoena.
Plus, sharing isn't limited to a court or law enforcemnt agency - they reserve the right to share information with any third party.
This is scary, particularly considering how the current administration wants to weaponize everything they possibly can.
This is what precisely why I willingly pay more to Google for their fiber optic service than AT&T for an equivalent, albeit less expensive, plan: Google readily allows me to use my own equipment. I am voting with my dollars on this one.
Scary, but is it any scarier than the status quo before this feature was implemented? The fidelity of the data, perhaps, but it's more or less been the standard that our footprint where we intersect with a third-party is no longer ours to control.
Xfinity won't give folks in certain locales (maybe everywhere in the US?) unlimited bandwidth unless they use their modem/router. This seems like a good reason that practice should be illegal.
If you want to remove the 1.2TB data cap, you can either pay $25/mo and get Xfinity's gateway router "included" OR pay $30/mo to use your own modem/router.
I use my own modem/router with them, but I have to pay an extra $30/mo for unlimited download. Complete garbage. I wish there was competition; Comcast is my only realistic option in San Francisco.
In that situation, I would put the vendor modem in a microwave or other impromptu faraday cage to prevent the leakage. Remove/isolate the antennas as best as possible.
This practice, and fear of the exact sort of nonsense in this article, plus wanting to keep my wifi bandwidth free for the network I actually connect to, is why I'm still on AT&T DSL in my area, at 50 mbps. Comcast is available at up to gigabit, and they can keep it.
AT&T is pretty bad in its own way. They snoop DNS and to sell your info (including physical address) to advertisers - even if you switch your DNS providers. They used to had a paid opt out (~$20/mo IIRC) but I don’t see that option anymore.
I had AT&T DSL many years ago. They forced me to use their modem/router combo from 2Wire. It was truly awful. I eventually got so fed up with trying to connect things to the WiFi that I bought a separate router to plug into it, and connected to that network, which it did let me do. That solved most of my problems, other than the overall poor service.
I'm doing the first bit, but I can't turn off the wifi -- only stop broadcasting my "personal" network. And actually, as I went in to make sure that was the case, I saw that broadcasting of my personal network had been forcibly turned back on. Lovely!
Does your apartment lease require that you use Comcast's hardware? When I signed up for Xfinity years ago I wanted to use my own hardware (NetGear cable modem, Buffalo Airstation with DD-WRT). I forget now whether I had to walk through the activation over the phone with a tech - I vaguely recall having to provide some information about the modem, which was one of the models listed as supported on their use-your-own-hardware web page - but the whole thing was easy.
Other people have mentioned that not using Comcast's stuff means that certain features won't be available, but I don't care. I don't have huge bandwidth needs, for instance.
Are you in California? I'd contend there's a CCPA issue there. "I live at X address, and demand that you not collect my movement information from any of your equipment at this address or others."
If you ask the Xfinity managers who came up with this idea whether thieves will be able to buy live information on whether your home is empty from hackers on the dark web, the managers will likely say... nothing. What they will do is look at you with a deer-in-the-headlights expression in their shocked faces.
I don't want my ISP doing this to me, but it sounds like something pretty cool to do myself. Does anybody know what the current state of "self-hosting" this kind of functionality is?
I am also super interested for the personal use case. What is the resolution? Can I track my cat through the house? See when they go to the feeder? Count my own bathroom visits?
> What is the resolution? Can I track my cat through the house? See when they go to the feeder? Count my own bathroom visits?
None of the above.
The setup process has you select 3 reference devices. You should pick the devices so that your normal motion areas are between the device and the router.
The router then watches the WiFi signals from those devices. If they fluctuate more than baseline, it's assumed that something is moving around in the area.
It's a threshold detection that can serve as a crude motion sensor for home/away purposes.
Presence detection without the possibility of images being captured seems a reasonable application to me. So much the better if I could do it with hardware I already have versus installing motion detectors or other sensors.
Check out ESP32-based projects like ESP32-CSI-Tool or the FreqSense library, which can implement WiFi sensing with minimal hardware and completely under your control.
In case anyone is skimming the headline and comments: It's not enabled by default. This is an optional feature that you have to find, turn on, and then select up to 3 WiFi devices to use as reference signals:
> Activating the feature
> WiFi Motion is off by default. To activate the feature, perform the following steps:
The actual title of the article is "Using WiFi Motion in the Xfinity app".
These days it is never safe to assume that opting-in does anything more than making some of the information that's being collected regardless available.
Although I actually agree with you that it probably isn't doing anything by default to the extent that it isn't doing anything yet because it's new they haven't worked out how to monetize it.
I think at least right now this is reasonable: It's off by default, and if you choose to turn it on, they don't use it for anything themselves, but Comcast is disclosing that it may be forced to give the data over with a legal request.
If I was advising Comcast, I'd tell them this is a dumb thing to introduce because just the perception of bad behavior is not worth any particular benefit, but whatever. I can't imagine someone deciding they want a Comcast plan because it offers this, and there's no way for them to monetize it without almost assured legal backlash.
The visibility of the feature for users may be "off by default" but that means nothing in terms of what Comcast is actually collecting, storing, and sending to third parties.
I have a sneaky suspicion this is not something that Xfinity/Comcast just woke up one day and thought they should implement. This has all the hallmarks of the treasonous surveillance state injecting itself to instrumentalize corporations to claim they’re not violating the supreme law called the Constitution if they simply make others commit the treasonous crimes against the people.
Because we all know, of course, the Constitution only applies to the federal government, right? If mega-corporation USA Inc uses its shell company Comcast to violate the Supreme law of the land in a treasonous manner, then you are of course SOL asa mere citizen since they aren’t the federal government and the Constitution does not apply to them.
That’s speculation. In the article, you can see that it’s meant as a pseudo-alarm system. It’s plausible that someone at Comcast thought this is a value-add. (Netgear already offered this as a feature on their routers, it’s not a novel concept.)
Even within tech circles, lots of people aren’t worried about privacy and even have indoor cameras in their homes.
Normally the pathway for this kind of thing would be:
1. theorized
2. proven in a research lab
3. not feasible in real-world use (fizzles and dies)
if you're lucky the path is like
1. theorized
2. proven in a research lab
3. actually somewhat feasible in real-world use!
4. startups / researchers split off to attempt to market it (fizzles and dies)
the fact that this ended up going from research paper to "Comcast can tell if I'm home based on my body's physical interaction with wifi waves" is absolutely wild
It's not too crazy, if you're familiar with comms systems.
The ability to do this is a necessity for a comm system working in a reflective environment: cancel out the reflections with an adaptive filter, residual is now a high-pass result of the motion. It's the same concept that makes your cell location data so profitable, and how 10G ethernet is possible over copper, with the hybrid front end cancelling reflections from kinks in the cable (and why physical wiggling the cable will cause packet CRC errors). It's, quite literally, "already there" for almost every modern MIMO system, just maybe not exposed for use.
> the fact that this ended up going from research paper to "Comcast can tell if I'm home based on my body's physical interaction with wifi waves" is absolutely wild
The 15-year path was roughly:
1. bespoke military use (see+shoot through wall)
2. bespoke law-enforcement use (occupancy, activity)
3. public research papers by MIT and others
4. open firmware for Intel modems
5. 1000+ research papers using open firmware
6. bespoke offensive/criminal/state malware
7. bespoke commercial niche implementations
8. IEEE standardization (802.11bf)
9. (very few) open-source countermeasures
10. ISP routers implementing draft IEEE standard
11. (upcoming) many new WiFi 7+ devices with Sensing features
> There is one area that the IEEE is not working on, at least not directly: privacy and security.. IEEE fellow and member of the Wi-Fi sensing task group.. the goal is to focus on “at least get the sensing measurements done.” He says that the committee did discuss privacy and security: “Some individuals have raised concerns, including myself.” But they decided that while those concerns do need to be addressed, they are not within the committee’s mandate.
I was reading Hyatt's Privacy Policy and they mention biometrics (and even genetic information for some reason). Does this mean they can analyze all of my behavior in the hotel room?
I'm not about to find out. I really liked Hyatt, too.
This is a neat feature when it's your own device that you control, but not so great when they "disclose information generated by WiFi Motion to third parties without further notice to you."
I wanted to talk about how responsible WiFi router software authors can make things local-only (and I've done that in the past; no way to get this information even if I wanted it). But this is always temporary when "they" can push an update to your router at any time. One day the software is trustworthy, they next day it's not, via intentional removal of privacy features or by virtue of a dumb bug that you probably should have written a unit test for. Comcast is getting attention for saying they're doing this, but anyone who pushes firmware updates to your WiFi router can do this tomorrow if they feel like it. A strong argument in favor of "maybe I'll just run NixOS on an Orange Pi as my router", because at least you get the final say in what code runs.
To whom it may concern, for those who use the modem in bridge mode, it is possible to discreetly pop open the Xfinity modem and disconnect the wireless antennas.
Sensing is (sadly) part of Wi-Fi 7. If you have a recent Intel, AMD or Qualcomm device from the past few years, it's likely physically capable of detecting human presence and/or activity (e.g. breathing rate). It can also be done with $20 ESP32 devices + OSS firmware and _possibly_ with compromised radio basebands.
The network already could. The standardisation is just making the feature available without hiding it.
The core of the sensing technology is about improving MU-MIMO + OFDM + all the other speed tricks. Human bodies interfere in predictable ways so you need the tech to steer around that. As a side effect, you get detection capabilities for free.
In such a setup, your laptop and router already know where you are. The question is whether or not to offer it to you so you can use that information for things like home automation. Had they not made this part of the protocol, the privacy risks were just as bad, you just wouldn't be aware of them.
Commercialization gives consumers and regulators the opportunity to express their opinions on the sudden and unsolicited transparency of the walls, floors and ceilings of their homes and businesses.
I tried Wifi7 at my home, but most of the benefits are lost when physical walls are in the way. Therefore I think WiFi 7 is more for commercial applications.
TSA can check your heart rate / breathing rate elevating during your walk through security.
Casinos can see your heart spike before placing a bet. If the system is digital maybe that can be synced to always deal a loss hand.
The only use case I've heard of is elderly care, where no movement might mean a person has fallen and needs help. An edge, strictly opt-in scenario that would be addressed more effectively (movement+HR+body temp) by relatively cheap wearables.
Commercial use of WiFi sensing predates WiFi 7 (a notable example is Philips smart bulbs with presence detection). AFAIK WiFi 7 just includes an amendment by the 802.11bf working group to improve performance.
What's the commercial use of having this data though? Or even law enforcement use? We all have our phones on us most of the time anyways, knowing where in my house I'm at doesn't really... change anything...
There are 1000+ public research papers on machine learning + RF detection of human activity, including but not limited to breathing rate, keystrokes, body position, body motion, gestures, sleeping, biometric (identity) signals and more, https://scholar.google.com/scholar?q=device+free+wireless+se...
What's the economic value of remote collection of human behavioral signatures without consent, integrated with AI and robotics and "digital twins"? We're not there yet, but if the technology continues improving, what's the future value of "motion capture" of humans without body-worn sensors?
In theory, this will enable "Minority Report" user interfaces. 3D gestures could be combined with "AI" voice interfaces. Biometric authentication (e.g. heart rate) could replace passwords. Walk into a room and it adapts itself to your preferences. Etc.
There are lots of "cool" Jetsons sci-fi use cases, but ONLY IF the data and automation are entirely under control of the human subjects, e.g. self-hosted home server, local GPUs, local LLM, local voice recognition, etc.
If you had a particular idea from the LLM that you wanted to share people would be more receptive, but just dumping the whole output comes across as intellectually lazy
Please don't do this. Whether it's LLM-generated or not, we don't want big blocks of text from elsewhere pasted into comments here. Please at least try to craft original human thoughts.
> The IEEE plans to take the concepts for Wi-Fi sensing from the proprietary system built by Cognitive (which has been licensed to Qualcomm and also Plume) and create a standard interface for how the chips calculate interference that determines where in space an object is.
- Activity Tracking: Detects movement patterns to identify changes in daily routines to spot health concerns
- Sleep Monitoring: Tracks sleep duration, wake times and nighttime interruptions to assess sleep quality
- Anomaly Detection: Establishes household baseline to proactively identify unusual patterns & changes in activity
Put your cable modem in bridge mode and use your own WiFi.
I used to recommend using your own cable modem as well, but these days you have to use the Xfinity modem to avoid overages if you're in a market with data caps.
Comcast has a stellar network operations unit, but their business operations are creepy and exploitative.
Is their network good, though? They try to keep my data in their network as long as possible affecting latency to certain places, which is significantly worse than what fiber providers in my area do.
About fivish years ago I interviewed with a Wi-Fi device maker and the engineer I interviewed with was bragging that they could watch users walk around their home.
Okay I'm as concerned about privasy as everybody else is here but i also gotta admire that its pretty neat they can actually do that. Are they measuring the signal echo like what radar does? If they controlled both the receiver and transmitter i wouldn't be as surprised to find out they can tell when something crosses between them and form a 2-dimensional mesh (like that episode of Star Trek TNG where geordie detects cloaked romulan ships by having starfleet deploy a fleet of ships that send signals back and forth and look for timing variances) but if I'm understanding correctly this is different because they only control a single point in the network?
I wonder if they have enough information to make out shapes or if it's just a simple rangefinder?
Honestly even that is pretty incredible. At the very least that's enough date to count family members, possibly ID them if they have different-shaped bodies, and identify certain activities with obvious silhouettes (eg, sex).
I don't think it justifies the impending orwellian hellscape this technology will eventually unleash, but one positive thing about this that has me a bit excited is that this could easily clear up many ambiguities in criminal cases. for example, fairly often a death will get ruled as a suicide but victim's relatives and friends will insist that it must have been a murder; imagine being able to use this technology to definitively prove whether or not there was another party present when the victim died.
Or in rape cases where the defendant is protesting their innocence, knowing the body language of the victim and the defendant could be a vital clue because you might be able to observe the victim fighting back.
Again, I don't think the positives outweigh the negatives to the point that it could ever justify an invasion of privacy on this scale (you might as well just make everybody let the government set up a thermal camera in their house!) but it is interesting to think about the problems this could solve.
The term for this sort of thing is "WiFi sensing". Relevant HN thread from 2021 ("The next big Wi-Fi standard is for sensing, not communication (2021)"): https://news.ycombinator.com/item?id=29901587
As far as I can tell, devices were already on the market when that thread was made. 802.11bf was standardization to help along interoperability and future products.
I worked in a nascent water tech space recently involving an IOT water flow sensing device installed on a main water line. I worked extensively on detection models capable of distinguishing water fixture use during simultaneous usage scenarios. When your full time job involves a niche domain such as this, a whole new world begins to reveal itself. You can distinguish people based on their patterns of fixture usage. You can determine how many people are living in a residence. You can determine hygiene habits of each person. There's a lot more to these smart home devices than what meets the eye. You thought the sensor was good for just detecting leaks and approximately breaking down water consumption? Think again.
This device alone is capable of doing a lot, but when combined with other sensing devices such as a WIFI motion detection system, you can create a system where the whole is greater than the sum of the parts. First, you may not even need to monitor water flow now because detecting a person in the bathroom, moving about, is sufficient to detect toilet usage followed by hand-wash, and shower usage. You will know duration of each. You may be able to distinguish people in a residence, which means you'll learn who did what throughout a household.
Right about now you may be wondering who would ever want to know this kind of stuff? Who cares if you just used the toilet and didn't wash your hands? Who cares if you frequently use the toilet, or wash your hands excessively, or frequently and excessively wash your hands throughout the day? What if you are a landlord with a tenant leasing agreement stipulating no one other than the listed members on the contract shall occupy the residence without permission of the landlord (with exceptions, of course).
One takeaway from this is that there's a strong privacy case for disabling the built-in wireless network from your ISP-provided modem/router and using your own, to reduce the number of ways that your ISP can surveil you.
My home ISP's cell router (because no other internet reaches our area anymore) has almost no configurable settings (just wifi name/password/hidden), and actively forbids you from disabling wifi even though I only use it through the wired connection.
(And what limited configurability it provides is only through the app, which requires you to agree to their "molest your privacy policy". I had been content with just not installing the app , but my threat model hadn't considered this new development ...)
So you need fake upstream downstream traffic, put your router in a lead box, use DNS over https, and then all that for nothing because the Amazon router was backdoored by the NSA too
This is piled on top of the existing strong case for all Comcast wifi equipment being hot garbage. If some confluence of poor regulations has led you to being stuck with Comcast, the least you can do for yourself is get your own DOCSIS modem and routers and access points that you control.
Next step it will just be a feature they offer and whether you know of it, use it, or want it, it'll always be on in the background due to you signing a terms of service that lets them. And then it'll not just be in a xfinity router but your tv, phone, etc. Just makes me want to live in a cabin in the woods.
What is the escalation path for replacing or removing the corrupt public utility commissions that allow these fraudulent and unethical monopolists to continue operating?
We have endless cases of Comcast and others criminally abusing their granted monopoly and the PUCs simply allowing them to run roughshod over consumers.
This reminds of an MIT-licensed library that was Vibe-coded and released three weeks ago. The source is available here: https://github.com/ruvnet/wifi-densepose
Could I sufficiently foil their mechanism here by not connecting any WiFi devices to their access point and then wrapping their access point with foil? Or would you need to take it all the way and put the device in a faraday cage? I’ve always wanted to build one but never had the motivation. Maybe this will be the impetus I need to finally make one! Like others have stated I use the ISP provided hardware to get around the data cap. But connect nothing to it other than my own router.
One more reason not to use an ISP router, although in this case most of us are at minimum carrying around GPS homing beacons in our pocket so the carriers already know where we are.
Up next - Comcast will pause ads when it detects that you've walked into the kitchen - or raise the volume. Advertisers can pay extra for this feature.
Soon ICE will have given Comcast enough money to provide a live feed of the neighborhoods they are targeting and where all the bodies are that match the height of their targets.
We need to be finding the xfinity wifi hotspots in our neighborhoods, knock on doors, and help people understand the risks they are creating for themselves and their neighbors and how to setup their own routers.
Funny, Xfinity has been spamming me for months now trying to get me to get off my own hardware and onto theirs. Promising me vague "speed improvements" (and of course without ever bothering to provide a single piece of data about how/why speed would be improved, or by how much). No, no I don't think I will.
Is Xfinity licensing Wifi Motion™ from Cognitive Systems?[0]
"WiFi Motion, Cognitive’s Wi-Fi Sensing solution, is an innovative software platform that leverages AI and sophisticated algorithms to transform existing Wi-Fi signals into a motion sensing network."
Another company operating in this space is Origin Wireless.
They demonstrated breathing detection with WiFi in 2017[1].
They've since partnered with ISPs to offer a WiFi Sensing "TruShield" home security service.[2]
Can't help but imagine a reality where this is widespread and people resort to installing radio reflective curtains/decorations that freely move with slight ambient air currents in an effort to scramble the reflections and make it as hard as they can to measure.
Something like a belly dance belt around the router could also work.
Worth mentioning that unlike some ISPS Xfinity does let you use your own DOCSIS modems, which is the ideal way of using an ISP. ISP provided gateway's WIFI is not ideal for privacy, security and performance.
Comcast in general has a long history of snooping around and messing with users' traffic. Not that the alternatives are much better. Regular folks are screwed on this matter.
But perhaps for HNers setting up your own trusted WIFI AP and routing it (and all other traffic) through an internet gateway that routes your traffic over a secure channel (whatever that is for you, Tor, VPN services, VPN over your own cloud/vps,etc..) is ideal. It goes without saying, your DNS traffic should also not be visible to the ISPs.
Keep in mind that they sell all this data (including the motion data) not just to law enforcement but to arbitrary well-paying data brokers and other clients.
I'm sure people will want to make it seem like Comcast is doing something evil here, but they're not:
> Comcast does not monitor the motion and/or notifications generated by the service.
> This feature is currently only available for select Xfinity Internet customers as part of an early access preview.
> WiFi Motion is off by default.
Features like this at Comcast are typically one or two engineers on a random team coming up with a cool idea, testing it out, and if it works, they ask if they can roll it out en-masse. If it's just a software or server/backend thing and it doesn't have any negative impact, it gets accepted. Despite their terrible customer service and business practices, they do some cool stuff sometimes. They also release a fair bit of home-grown stuff as open source, which is expensive and time-consuming, but [they hope] it attracts engineers.
If it is what I think it is -> I worked on it at Technicolor.
The tech is very cool, the initial pitch was to fine tune wifi performance to get the best bandwidth\coverage ratio for a particular customer.
But indeed, during testing we quickly discovered that we can map apartments and houses to some extent. You knew when someone was on the toilet for example.
> WiFi Motion will function only in areas of your home where you have strong WiFi signals traveling between your gateway and your WiFi-connected devices, and Comcast does not guarantee or warrant performance.
It is clearly just monitoring RSSI and everybody's acting like this is some spooky radar based technology.
Might be useful for people to investigate hardware mods that disable WiFi on their newer gateways. I have an XB3, but motion detection requires an XB7/XB8: https://news.ycombinator.com/item?id=43527521
Can anyone recommend a worthwhile setup for me? I am interested in switching my setup on Cox. It seems the Arris S33 plus Unifi Dream Router is one of my best options for good speed and features like ad blocking and VLAN? Best to buy direct from the manufacture or is Amazon ok?
How long is it before a starlink has this capability. Maybe a stretch, but also inevitable. I think about the fact that there are probably many uses of starlink that don't involve a consumer login, they just provide ubiquitous surveillance wherever.
I treat the ISP-provided gateway as a part of the internet, I don't use its WiFi and don't attach other devices to it which are not my own router or a honeypot. The subnet the gateway resides in is like a moat surrounding a castle.
People here claiming "stick the ISP modem in a microwave oven, put on a tin foil hat and use your own device" -- do you truly, 100% trust that nobody but you has access to said "own" device?
Myself and my buddies worked on it. This might sound ripe with "conspiracy". I know how it's going to sound. Take it for what you will. Initially wanting to know things like, whose in what room, how many people, and what your actively doing, who you socialize with most etc. Been working on this since they bought Skydog/Powercloud. Purposely "helped" design the spec for wifi since Wifi 5 or earlier. How do we get more sensor devices into the home? Build an IoT line of business and make wifi "better". Imagine seeing the the entire USA on a map (comcast "national watchtower" tool), and then seeing what each router can "see", including those xfinity hotspots. One, giant, signal map of devices with tagged metadata such as a percentage associated to "who" owns the device, what the device is, and what apps you have installed, which you are using at this current moment, any health and biometric data in case grandma fell over and can't get up. There is always a hidden SSID transmitting. p0f is nicely preinstalled on the wifi router cpe. Now create the standard firmware RDK for worldwide use purchasing cable/tv networks in other countries. (Sky, IoT companies in Italy). Now give them more ability, like to unlock your home "MyQ" (comcast ventures "investment"), why stop there, get into businesses such as taco bell with LoRaWAN. Add xfinity mobile for that extra juice of seeing all the little SIMS (game) characters on the (very real) map so you can recommend to them how to better schedule their life. It's all there. Now take that same map, and make it global. Attend the next SCTE conference and see it all for yourself. They're proud of it. I thought, I was too.
On one hand, cool. On the other hand, why? This doesn't seem terribly accurate or insightful. A security camera is cheaper and has a better sensor and logic for detecting motion.
I recall years ago reading a research paper on WiFi signals being used to track people through wall using MIMO…then American Express investing in the technology and now this…
Looking forward for Wifi singnal scrambling. I mean if we take things like Spectre seriously (I don't to a large degree), this would certainly qualify as well.
The race is on to find the cheapest/easiest decoy that can simulate such motion (because if everything is moving, then nothing is moving). A tube man in every corner?
- be able to spy on my neighbors
- add more surveillance systems into my house
- have my neighbors be able to spy on me through my walls
I get that there is utility to this thing but come on, they don't even guarantee that the information is private and they say they collect it. Does the boot really taste that good? Why are we so obsessed with surveillance and giving people the power to surveil ourselves? Why are so many devs complicit in developing these tools? Again, I can understand how there's honest and good nature utility to them, but just because something has utility doesn't mean you get to ignore any harm. This trade-off is literally the whole of ethics in engineering. Engineers both create the tools for utopia and the tools for autocracy. The bitter truth is that often tools for autocracies are created while trying to create tools for utopias. But frankly, I'm not convinced this one is in that ambiguous gray zone...
We could use terahertz spectrum to detect specific molecules and in turn use terahertz frequencies and radios as a way to track specific ingredients in food or pollutants in the air
Is there a PKD sci-fi story about terahertz-radar smart lock breathalyzer (substances, viruses) with conditional door entry/exit rules?
Engineers both create the tools for utopia and the tools for autocracy.
It's the same tool much of the time, including here. Utopia is getting a warning there is an intruder in your residence before you walk in, or better deterring that from happening. Autocracy is the government tracking you in your house.
I agree, but the reason I'm less convinced this is in that gray zone is because, frankly, break-ins are relatively rare. In general, crime is highly localized. So while I'm sure it is useful to some people, I'm quite suspicious that it is not helpful for most people. Maybe gives them peace of mind, but that peace of mind can increase paranoia. We'll just have to see the rates of false positives to false negatives...
But I do see this as an extremely useful tool for autocrats, hackers, and abusive relationships. I'm willing to bet that this is used by these malicious actors far more than your average user gets a true positive detection. And we really should be clear, the danger is far more than autocrats.
I'm boring. I want a pipe, like a water pipe for data, and I'll do the rest. This makes them actively combative.
Ignoring the whole TV/landline stuff they keep pushing as that's too easy a target, they are actively hostile about just using internet.
It was way cheaper to use their modem. About $15/mo. Why? Because they want a huge hotspot network in every house. They swear it won't affect speed, but as I never got close to advertised speeds, I didn't believe that. They also act as their 'cell network' that they try to push, and basically call you an idiot for declining. In fairness their cell network is pretty cheap, but I'm just not interested.
I chose to pay more to use my own modem, and they absolutely hounded me, stopping just short of calling me stupid about once a month. Maybe it was commissioned sales people searching for people like me as a given, and getting mad when I rebuffed.
And let's not even talk about data caps. Which, by the way, using their modem exempted you. Why? I naively assume because they can't differentiate hotspot data from yours. Maybe I'm wrong.
The whole service is dystopian. I moved since luckily to a rural, middle of nowhere area that does their own fiber. It has zero of those issues, and costs about half as much for twice the speed. It makes you realize how scummy they really are.
I had a conspiracy theorist tell me one time this is why they removed all the lead paint. It never quite made sense that kids were actually eating lead chips.
Apart from what the sibling poster said about lead (II acetate) having a sweet taste, little kids will put literally anything in their mouths. You ain't lived till you had to get dog shit out of a baby's mouth.
> Subject to applicable law, Comcast may disclose information generated by your WiFi Motion to third parties without further notice to you in connection with any law enforcement investigation or proceeding, any dispute to which Comcast is a party, or pursuant to a court order or subpoena.
Sounds like, at least in some limited circumstances (using the provided WiFi AP, having this feature turned on, etc), ISPs are going to be able to tell law enforcement/courts whether anyone was home at a certain time or not.
The solution here shouldn't be technical; it should be legal.
If we rely on the technical path, Comcast can achieve the same by how many active IPv6 addresses are in use. Even if you aren't using your phone, the device is going to be constantly pinging services like email, and your ISP can use that to piece together how many people are at home.
If we rely on legal protection, then not only Comcast, but all ISPs will be prohibited from spying on their customers. Ideally the legislation would be more broad and stop other forms of commercial/government surveillance, but I can't imagine a world where Congress could actually achieve something that widely helpful for regular citizens.
We suffer from a problem that engineers want nothing to do with politics. I 1000% agree we need a digital bill of rights. It pains me every time a “well behaved” website pops up a cookie consent banner for the billionth time after I already consented because the browser wiped all the persistent user identifiers available to it. For my protection -_-
I want privacy codified in human law. I didn't vote for standards bodies to pave the road to hell by removing every goddamned persistent handle we can find from existence. I didn't vote for the EU to reinvent an internet worse than popup ads by attacking the symptoms not the cause. I would rather have the internet of the 2000s back in a heartbeat than keep putting up with shitty “technical solutions” to corporations having too much power at scale. I don’t care if people break the law: prosecute them when they do and make the punishments enough to deter future law breakers.
There is absolutely something civilized beyond a lawless advertising wild west where the technical solution is to all be masked Zorros.
Why is it that if someone said “we need a legal solution to gun violence” the people that say “no we need a technical solution all people should wear kevlar and carry 9mm pistols” are considered the lunatics but when we ask for a legal solution to rampant non-consensual tracking for the purpose of indoctrinating the consumer class with propaganda we all laugh and say bah the solution must be technical? I don’t get it.
102 replies →
> The solution here shouldn't be technical; it should be legal.
I disagree. Solutions should be technical whenever possible, because in practice, laws tend to be abused and/or not enforced. Laws also need resources and cooperation to be enforced, and some laws are hard to enforce without creating backdoors or compromising other rights.
"ISPs will be prohibited from spying on their customers" doesn't mean ISPs won't spy on their customers.
38 replies →
> The solution here shouldn't be technical; it should be legal.
The parent commenter was highlighting that law enforcement can compel them to provide the data.
The customer has to opt-in to WiFi motion sensing to have the data tracked. If you see something appear in an app, you should assume law enforcement can compel the company to provide that data. It's not really a surprise.
> If we rely on legal protection, then not only Comcast, but all ISPs will be prohibited from spying on their customers.
To be clear, the headline on HN is editorialized. The linked article is instructions for opting in to WiFi motion sensing and going through the setup and calibration. It's a feature they provide for customers to enable and use for themselves.
5 replies →
> I can't imagine a world where Congress could actually achieve something that widely helpful for regular citizens.
"Best we can do is letting all the AI companies hoover up your data too"
It doesn't require IPv6. The modem is just as aware of all the private IPv4 addresses on your network as well as all the public IPv6 ones.
Unless you put your own gateway (layer 3 switch, wifi ap, linux router) in front of it.
6 replies →
> The solution here shouldn't be technical; it should be legal.
I expect more than a few commenters here will disagree with you. Some rather vehemently.
To those that do so, I'd encourage you to read the novel Attack Surface by Cory Doctorow. While it's fiction, in the book, Doctorow makes a pretty compelling argument for the notion that when it comes to privacy, we can't win by "out tech'ing" the governments and corporations. We're simply too heavily out-resourced. If I'm interpreting his message correctly, he is saying basically what Josho is saying here: that we have to use the political/legal system to get the privacy protections that we care about enshrined into law and properly enforced.
Now, is that going to be easy? Hell no. But after reading the book I was largely sold on the idea, FWIW. That said, the two approaches aren't necessarily mutually exclusive. But I do believe that those of us who care about privacy should focus more on using our (knowledge|skills|resources) to try to foster change through politics, than on trying to beat "them" with better tech.
YMMV, of course. But if you haven't read the book, at least consider giving it a shot. Probably Doctorow makes the argument better than I can.
"The solution here shouldn't be technical; it should be legal."
Laws can be broken. Laws of physics cannot. Best to utilize both a legal and physical defense.
> The solution here shouldn't be technical; it should be legal
Technical solutions tend to last longer. Legal solutions have a habit of being ignored when they become inconvenient.
The legal default should be that collecting this sort of data should always be illegal without informed consent and never used beyond the remit of that consent. As inconvenient as it sometimes is, the world needs GDPR.
> The solution here shouldn't be technical; it should be legal.
It should be both, one serving as a backup to the other. Theft is illegal, yet we lock our doors.
just buy your own simple modem and install your own wireless access point.
do not buy any device from comcast you dont fully control!
2 replies →
In the EU, residential users have a right to use their own routers. IMHO, this should be the norm, and ISPs shouldn't be shipping routers to users.
Problem is, most folks aren't aware of how much spying the ISP routers do, and they want the most easy and convenient choice. Hence the status quo.
1 reply →
In the future when you say things like this, please say "First" or else you're starting an endless back-and-forth of one-ups and false dichotomies.
A legal precedent easily leads to a technical block.
> The solution here shouldn't be technical; it should be legal.
The technical solution seems strictly preferable
Legal "protections" only protect you up the moment a warrant is issued, if that
>> The solution here shouldn't be technical
The solution can be technical, but only if it is also sneaky. Blocking or disallowing certain information is one thing but making that information worthless is better. A simple AI agent could pretend to ping all sorts of services. It could even do some light websurfing. This fake traffic would nullify any value from the real traffic, destroying the market that feeds this surveillance industry.
I see a UI that allows homeowners to fake certain people being in the house when they are not, either replaying traffic or a selection of generic bots that mimic the traffic of various cohorts.
> Comcast can achieve the same by how many active IPv6 addresses are in use
Isn't this basically impossible with IPv6 Privacy Extension Addresses?
you cant tell most of those things because same ip doesnt coorespond to a unique service and plenty of programs and websites phone to servers where addresses have changed. there is no static database.
you also cant associate it to a person automatically. the burden of proof is high - how many jurors have tech at home they know nothing about and maybe got hacked?
> The solution here shouldn't be technical
Why not? Just run your own router instead of the one your ISP tries to give you.
What if I left my device at home?
20 replies →
Ipv6? I ain't enabling that anyway
> ... I can't imagine a world where Congress could actually achieve something that widely helpful for regular citizens.
The solution is to not use the internet if you care about your privacy.
2 replies →
Comcast has remote control of all of their equipment so they will just turn it on for you if they get a court order or a big enough check from an adtech company.
Wifi imaging is a bit like a silhouette and generally accurate enough to work out gait and height which could give a good indication of which people are in what locations in a home. That is some very scary power in the hands of a corpo.
More scary in the hands of the government. Whether you didn’t trust the prior US government or this one - which pretty much covers the entire population - that’s the folks that shouldn’t have this technology at their disposal. I struggle to see a use a corporation will have for this even extending ad tech to the maximum potential. The most useful application is surveillance for political purposes - in the current government, how better to cross reference with the uber database of people they are building to enact political policy to know when people they want to disappear to a foreign prison? This provision doesn’t even seem to require a warrant.
they only have some level of control over DOCSIS modem. if you install the cheapest/simplest DOCSIS modem, and connect it to your own wireless access point that is NOT controlled by Comcast - they wont know anything.
They will only see traffic coming from 1 local IP - of your wireless AP
37 replies →
You can turn the customer AP off; however, the Comcast Customer Shared WiFi is always on. This is true even for Comcast Business accounts. You're expected to be a hotspot for their other customers.
Which is one of the main reasons I bought my own modem.
just dont buy any device form comcast!
buy your own DOCSIS modem from Amazon and your own wireless AP. Separate AP is needed, because Comcast has some form of control over DOCSIS modem (they can reboot and send config to your modem)
problem solved
You can turn off the shared hotspot: https://www.xfinity.com/support/articles/disable-xfinity-wif...
3 replies →
Is this true if the modem/router/AP is in bridge mode (so acting as just a modem)? They would have to essentially provision 2 IPs per customer in that case, I wonder if they just don't bother.
for comcast business you can get the modem that doesn't have wifi at all.
And also how many people are currently in the house, right at this moment. Maybe even which rooms of the house those people are in.
WiFi can also be used to detect heartrate and breathing, which can leak additional ad-targeting information related to activity, arousal, or agitation.
https://www.mdpi.com/1424-8220/24/7/2111
1 reply →
One could just keep a rotisserie chicken roasting in the oven to make it seem like someone’s home
You should assume that any information a company has about you will be turned over to law enforcement in that case. They don’t have a choice, they’re required to cooperate.
The purpose of that clause isn’t to allow them to cooperate with law enforcement. That’s a given. It’s to avoid problems with you when they do, so they have something to point to and say “we did warn you.” Law supersedes private contracts. They could write “we will never give your information to law enforcement” but all that means is that they’ll be forced to break the contract when that happens.
> Sounds like, at least in some limited circumstances (using the provided WiFi AP, having this feature turned on, etc), ISPs are going to be able to tell law enforcement/courts whether anyone was home at a certain time or not.
Kind of, but I'll bet most homes would frequently also appear "empty" any time the occupants are asleep. Not everyone gets up to go to the bathroom in the middle of the night.
It’s tricky when privacy gets tangled with law enforcement requests. If you want better control over your data, tools like HiFiveStar can help you monitor what’s being shared. It made me feel a bit more on top of my online footprint.
Law enforcement could tell whether you're home at certain time or not for decades before WiFI Motion. However with WiFi motion, if you're in some kind of a big building, like a hotel or huge office building, they will be able to tell exactly the room number and spot you're occupying.
They could also do that with the surveillance feeds and actually confirm its you and not the night custodian.
Couldn’t you do this already? I have an electric meter on the side of my building with a public facing display of kwh usage. The water company has a similar hookup for measuring flow. Both could be used to determine occupancy in theory.
Just don't use your vendor's hardware. Get a cheap cable modem and hang whatever infra you want on the other side. Get a hardware VPN like the Velocloud. Using your ISP's equipment is like using their SMTP.
Curious: What about adding a small battery powered WiFi device to your dogs collar? Would that look like a person moving around the house? What about a WiFi controlled mini drone that flew around you house?
[Note: this should be illegal]
This technology doesn't rely on you actually having a WiFi device on you. It can detect presence/motion by changes to the standing waves of the EM propagation throughout the room.
As the salty water meatbags move from room to room we change how the reflections and scattering patterns of 2.4 and 5GHz waves move. Studying these changes and some calibration, you can even determine small changes (like is the person on the left side of the room breathing, are they standing or prone, etc).
In their docs, they show using the WiFi connection from a printer to determine motion sensing and have the option to exclude pets.
6 replies →
It doesn't require a WiFi device to work.
> If you’d like to prevent your pet’s movement from causing motion notifications, you can exclude pet motion in your WiFi Motion settings by turning on the Exclude Small Pets feature. > Motion is detected based on the amount of signal disruption taking place between the Xfinity Gateway and your selected WiFi-connected devices, so motion from small pets (around 40 pounds or less) can be filtered out while keeping you notified of large movements more likely to be caused by humans.
It's basically passive radar using the wifi bands as the reflection AFAIK. It doesn't seem to be about the active state of devices, but the deflections in known points. It's creepy.
A much easier alternative is to not enable the feature on your router.
It's an opt-in feature. If you don't set it up, they aren't generating the home/away chart like shown in the article.
3 replies →
I was thinking of attaching a wifi enabled device to a roomba if you wanted to appear to be home when you weren't. I would hope, though, that doing something like this wouldn't be illegal. It's your home, your stuff, etc. Besides, I don't want to get arrested for leaving a rotating fan on or something.
Would be curious how that works with larger family with pets. Depending on the week we're 5-7 people and 2-4 dogs. With a single AP the noise beyond "something happened" would be pretty rough I think.
“Comcast does not monitor the motion and/or notifications generated by the service.”
Sounds like the above claim amounts to nothing more than, “trust me bro.” Or, rather, that that nothing stops them from monitoring it, other than the cost, as they haven’t monetized it yet.
Or someone else monitors them?
They don't MONITOR it, but they do log and store it all for years and years and will turn it over or sell it to anyone who asks.
> using the provided WiFi AP
Which you can simply not do if you don't trust your ISP not to misuse it. Which is why I never run my ISP's router, I run my own instead.
They already can.
If they have access to your router and its logs, they can simply check whether your mobile device was in WiFi range at that time.
Sure, mobile devices can be turned off, but at that point, so can routers.
In 99.9% of circumstances, it's a "nothing burger" from a law enforcement perspective, except maybe for detecting actual crime occurring when no residents are home.
definitly an atrocious violation of privacy, but in reality discerning between an animal, something blowing in the wind, and a person moving would be very hard without a dedicated calibrated array for that to hold up in court. I'm aware they have "exclude animal" but theres no way its at all accurate.
Using your mobile data and internet traffic is far easier and already deeply integrated into off the shelf law enforcement products. Those progams are even more terrifying than this by an order of magnitude.
Spot on, device tracking is much better than wifi sensing
Can't they already do this with the data of which devices are connected when? Motion data doesn't identify you in the way that device data does
I've been telling people for ages to not trust ISP provided hardware. Notice the vague language here which means they reserve the right to share private information for anything that might be called an investigation, or for any dispute which includes them (didn't pay your bill?), or a subpoena.
Plus, sharing isn't limited to a court or law enforcemnt agency - they reserve the right to share information with any third party.
This is scary, particularly considering how the current administration wants to weaponize everything they possibly can.
This is what precisely why I willingly pay more to Google for their fiber optic service than AT&T for an equivalent, albeit less expensive, plan: Google readily allows me to use my own equipment. I am voting with my dollars on this one.
Scary, but is it any scarier than the status quo before this feature was implemented? The fidelity of the data, perhaps, but it's more or less been the standard that our footprint where we intersect with a third-party is no longer ours to control.
> is it any scarier than the status quo before this feature was implemented
Yes. It's an invasion of privacy inside peoples' homes.
If you're asking if it's worse then yes it is worse.
The status quo after January 2025 looks nothing like it did before.
1 reply →
And that's a reason to give up privacy?
Xfinity won't give folks in certain locales (maybe everywhere in the US?) unlimited bandwidth unless they use their modem/router. This seems like a good reason that practice should be illegal.
If you want to remove the 1.2TB data cap, you can either pay $25/mo and get Xfinity's gateway router "included" OR pay $30/mo to use your own modem/router.
Put their WiFi router inside a faraday’s cage and wire a modem behind it. That should shave off the $25/mo.
I use my own and there's a data cap.
1 reply →
I have to pay more when I do not use their device? Crazy...
1 reply →
I use my own modem/router with them, but I have to pay an extra $30/mo for unlimited download. Complete garbage. I wish there was competition; Comcast is my only realistic option in San Francisco.
As far as I’m aware, Xfinity fiber customers have to use the provided “Xfinity Wi-Fi Gateway” and cannot enable bridge mode.
If anyone knows a way around this, please share! I want to connect my Xfinity ONT directly to my UniFi router.
They have changed this policy with their new plans released last week. You no longer have to use their equipment to get unlimited data
In that situation, I would put the vendor modem in a microwave or other impromptu faraday cage to prevent the leakage. Remove/isolate the antennas as best as possible.
6 replies →
I was thinking about this with respect to the new uncomplicated no-contract service with no caps they started offering:
https://www.slashdot.org/story/25/06/26/2124252/comcasts-new...
Apparently you can get 1/2gbit ethernet only modems without wifi. You don't save any money over using their equipment.
This practice, and fear of the exact sort of nonsense in this article, plus wanting to keep my wifi bandwidth free for the network I actually connect to, is why I'm still on AT&T DSL in my area, at 50 mbps. Comcast is available at up to gigabit, and they can keep it.
AT&T is pretty bad in its own way. They snoop DNS and to sell your info (including physical address) to advertisers - even if you switch your DNS providers. They used to had a paid opt out (~$20/mo IIRC) but I don’t see that option anymore.
2 replies →
I had AT&T DSL many years ago. They forced me to use their modem/router combo from 2Wire. It was truly awful. I eventually got so fed up with trying to connect things to the WiFi that I bought a separate router to plug into it, and connected to that network, which it did let me do. That solved most of my problems, other than the overall poor service.
1 reply →
So use their router, but connect your own to it. Then turn off the WiFi in their equipment
I'm doing the first bit, but I can't turn off the wifi -- only stop broadcasting my "personal" network. And actually, as I went in to make sure that was the case, I saw that broadcasting of my personal network had been forcibly turned back on. Lovely!
14 replies →
I use a cellular connection for my internet, but my apartment building is wired with Xfinity, and probably 90% of people use it.
Naturally, there is no way for me to opt out of this.
Does your apartment lease require that you use Comcast's hardware? When I signed up for Xfinity years ago I wanted to use my own hardware (NetGear cable modem, Buffalo Airstation with DD-WRT). I forget now whether I had to walk through the activation over the phone with a tech - I vaguely recall having to provide some information about the modem, which was one of the models listed as supported on their use-your-own-hardware web page - but the whole thing was easy.
Other people have mentioned that not using Comcast's stuff means that certain features won't be available, but I don't care. I don't have huge bandwidth needs, for instance.
1 reply →
Are you in California? I'd contend there's a CCPA issue there. "I live at X address, and demand that you not collect my movement information from any of your equipment at this address or others."
Time to make your apartment a faraday cage!
3 replies →
Exactly why I rent the modem but it sits unplugged in the closet lol
If you ask the Xfinity managers who came up with this idea whether thieves will be able to buy live information on whether your home is empty from hackers on the dark web, the managers will likely say... nothing. What they will do is look at you with a deer-in-the-headlights expression in their shocked faces.
Sigh.
The word "liability" might not always work, but occasionally it makes someone think a little harder about what their company is doing.
A company like Comcast knows more about the liabilities of what they're doing than any of their customers do, guaranteed.
Any service provided by a connected device can be framed as something "people can buy on the Dark Web".
XFinity lets you make HTTP requests to the web via your router. Uh-oh: XFinity decided to sell info on your web requests on the Dark Web.
I don't want my ISP doing this to me, but it sounds like something pretty cool to do myself. Does anybody know what the current state of "self-hosting" this kind of functionality is?
I am also super interested for the personal use case. What is the resolution? Can I track my cat through the house? See when they go to the feeder? Count my own bathroom visits?
> What is the resolution? Can I track my cat through the house? See when they go to the feeder? Count my own bathroom visits?
None of the above.
The setup process has you select 3 reference devices. You should pick the devices so that your normal motion areas are between the device and the router.
The router then watches the WiFi signals from those devices. If they fluctuate more than baseline, it's assumed that something is moving around in the area.
It's a threshold detection that can serve as a crude motion sensor for home/away purposes.
4 replies →
Just get cameras and local storage/processing for them. No need for elaborate Wi-Fi presence detection hacks.
Presence detection without the possibility of images being captured seems a reasonable application to me. So much the better if I could do it with hardware I already have versus installing motion detectors or other sensors.
2 replies →
This is hacker news, of course there is a need
This would be cool as a cheap "is someone home" sensor for Home Assistant.
Check out ESP32-based projects like ESP32-CSI-Tool or the FreqSense library, which can implement WiFi sensing with minimal hardware and completely under your control.
>Check out ESP32-based projects like ESP32-CSI-Tool or the FreqSense library
Interesting, mind sharing links to these?
3 replies →
In case anyone is skimming the headline and comments: It's not enabled by default. This is an optional feature that you have to find, turn on, and then select up to 3 WiFi devices to use as reference signals:
> Activating the feature
> WiFi Motion is off by default. To activate the feature, perform the following steps:
The actual title of the article is "Using WiFi Motion in the Xfinity app".
"...for you." --Bane
These days it is never safe to assume that opting-in does anything more than making some of the information that's being collected regardless available.
Although I actually agree with you that it probably isn't doing anything by default to the extent that it isn't doing anything yet because it's new they haven't worked out how to monetize it.
I think at least right now this is reasonable: It's off by default, and if you choose to turn it on, they don't use it for anything themselves, but Comcast is disclosing that it may be forced to give the data over with a legal request.
If I was advising Comcast, I'd tell them this is a dumb thing to introduce because just the perception of bad behavior is not worth any particular benefit, but whatever. I can't imagine someone deciding they want a Comcast plan because it offers this, and there's no way for them to monetize it without almost assured legal backlash.
The visibility of the feature for users may be "off by default" but that means nothing in terms of what Comcast is actually collecting, storing, and sending to third parties.
>It's not enabled by default.
Here's how this level of scum works in reality:
At first: https://news.ycombinator.com/item?id=3017694
Eventually: https://news.ycombinator.com/item?id=39709991
I remember reading this paper when it came out, didn't think it would be commercializable, and here we are.
https://dl.acm.org/doi/10.1145/2486001.2486039
I have a sneaky suspicion this is not something that Xfinity/Comcast just woke up one day and thought they should implement. This has all the hallmarks of the treasonous surveillance state injecting itself to instrumentalize corporations to claim they’re not violating the supreme law called the Constitution if they simply make others commit the treasonous crimes against the people.
Because we all know, of course, the Constitution only applies to the federal government, right? If mega-corporation USA Inc uses its shell company Comcast to violate the Supreme law of the land in a treasonous manner, then you are of course SOL asa mere citizen since they aren’t the federal government and the Constitution does not apply to them.
In case it want clear, that was sarcasm.
I miss the old days when this would come off like a crazy rant, rather than being the evening news.
In case people missed it:
https://theconversation.com/from-help-to-harm-how-the-govern...
https://www.eff.org/deeplinks/2023/07/even-government-thinks...
https://www.politico.com/news/magazine/2024/02/28/government...
I was just reading up on wifi 7 today. It sounds like the spec was designed with WIFI sensing in mind.
That’s speculation. In the article, you can see that it’s meant as a pseudo-alarm system. It’s plausible that someone at Comcast thought this is a value-add. (Netgear already offered this as a feature on their routers, it’s not a novel concept.)
Even within tech circles, lots of people aren’t worried about privacy and even have indoor cameras in their homes.
Yeah, it's bizarre.
Normally the pathway for this kind of thing would be:
1. theorized
2. proven in a research lab
3. not feasible in real-world use (fizzles and dies)
if you're lucky the path is like
1. theorized
2. proven in a research lab
3. actually somewhat feasible in real-world use!
4. startups / researchers split off to attempt to market it (fizzles and dies)
the fact that this ended up going from research paper to "Comcast can tell if I'm home based on my body's physical interaction with wifi waves" is absolutely wild
It's not too crazy, if you're familiar with comms systems.
The ability to do this is a necessity for a comm system working in a reflective environment: cancel out the reflections with an adaptive filter, residual is now a high-pass result of the motion. It's the same concept that makes your cell location data so profitable, and how 10G ethernet is possible over copper, with the hybrid front end cancelling reflections from kinks in the cable (and why physical wiggling the cable will cause packet CRC errors). It's, quite literally, "already there" for almost every modern MIMO system, just maybe not exposed for use.
> the fact that this ended up going from research paper to "Comcast can tell if I'm home based on my body's physical interaction with wifi waves" is absolutely wild
The 15-year path was roughly:
https://www.technologyreview.com/2024/02/27/1088154/wifi-sen...
> There is one area that the IEEE is not working on, at least not directly: privacy and security.. IEEE fellow and member of the Wi-Fi sensing task group.. the goal is to focus on “at least get the sensing measurements done.” He says that the committee did discuss privacy and security: “Some individuals have raised concerns, including myself.” But they decided that while those concerns do need to be addressed, they are not within the committee’s mandate.
1 reply →
[dead]
I was reading Hyatt's Privacy Policy and they mention biometrics (and even genetic information for some reason). Does this mean they can analyze all of my behavior in the hotel room?
I'm not about to find out. I really liked Hyatt, too.
The ER I was seen at a few weeks ago had me sign a consent to use my data to (presumably) train AI.
Was it possible to deny it?
2 replies →
This is a neat feature when it's your own device that you control, but not so great when they "disclose information generated by WiFi Motion to third parties without further notice to you."
I wanted to talk about how responsible WiFi router software authors can make things local-only (and I've done that in the past; no way to get this information even if I wanted it). But this is always temporary when "they" can push an update to your router at any time. One day the software is trustworthy, they next day it's not, via intentional removal of privacy features or by virtue of a dumb bug that you probably should have written a unit test for. Comcast is getting attention for saying they're doing this, but anyone who pushes firmware updates to your WiFi router can do this tomorrow if they feel like it. A strong argument in favor of "maybe I'll just run NixOS on an Orange Pi as my router", because at least you get the final say in what code runs.
To whom it may concern, for those who use the modem in bridge mode, it is possible to discreetly pop open the Xfinity modem and disconnect the wireless antennas.
Sensing is (sadly) part of Wi-Fi 7. If you have a recent Intel, AMD or Qualcomm device from the past few years, it's likely physically capable of detecting human presence and/or activity (e.g. breathing rate). It can also be done with $20 ESP32 devices + OSS firmware and _possibly_ with compromised radio basebands.
Was anyone asking for their network to be able to sense their breathing rate? What does this enable that actually improves people’s lives?
This is the kind of stuff that pushes me to pull a Ron Swanson and throw my technology in the dumpster.
The network already could. The standardisation is just making the feature available without hiding it.
The core of the sensing technology is about improving MU-MIMO + OFDM + all the other speed tricks. Human bodies interfere in predictable ways so you need the tech to steer around that. As a side effect, you get detection capabilities for free.
In such a setup, your laptop and router already know where you are. The question is whether or not to offer it to you so you can use that information for things like home automation. Had they not made this part of the protocol, the privacy risks were just as bad, you just wouldn't be aware of them.
Similar technology has been quietly in use for a while, with falling cost, e.g. "Inside a $1 radar motion sensor", https://news.ycombinator.com/item?id=40834349 (100 comments).
Commercialization gives consumers and regulators the opportunity to express their opinions on the sudden and unsolicited transparency of the walls, floors and ceilings of their homes and businesses.
I tried Wifi7 at my home, but most of the benefits are lost when physical walls are in the way. Therefore I think WiFi 7 is more for commercial applications.
TSA can check your heart rate / breathing rate elevating during your walk through security.
Casinos can see your heart spike before placing a bet. If the system is digital maybe that can be synced to always deal a loss hand.
The only use case I've heard of is elderly care, where no movement might mean a person has fallen and needs help. An edge, strictly opt-in scenario that would be addressed more effectively (movement+HR+body temp) by relatively cheap wearables.
Commercial use of WiFi sensing predates WiFi 7 (a notable example is Philips smart bulbs with presence detection). AFAIK WiFi 7 just includes an amendment by the 802.11bf working group to improve performance.
What's the commercial use of having this data though? Or even law enforcement use? We all have our phones on us most of the time anyways, knowing where in my house I'm at doesn't really... change anything...
There are 1000+ public research papers on machine learning + RF detection of human activity, including but not limited to breathing rate, keystrokes, body position, body motion, gestures, sleeping, biometric (identity) signals and more, https://scholar.google.com/scholar?q=device+free+wireless+se...
What's the economic value of remote collection of human behavioral signatures without consent, integrated with AI and robotics and "digital twins"? We're not there yet, but if the technology continues improving, what's the future value of "motion capture" of humans without body-worn sensors?
In theory, this will enable "Minority Report" user interfaces. 3D gestures could be combined with "AI" voice interfaces. Biometric authentication (e.g. heart rate) could replace passwords. Walk into a room and it adapts itself to your preferences. Etc.
There are lots of "cool" Jetsons sci-fi use cases, but ONLY IF the data and automation are entirely under control of the human subjects, e.g. self-hosted home server, local GPUs, local LLM, local voice recognition, etc.
[flagged]
If you had a particular idea from the LLM that you wanted to share people would be more receptive, but just dumping the whole output comes across as intellectually lazy
Please don't do this. Whether it's LLM-generated or not, we don't want big blocks of text from elsewhere pasted into comments here. Please at least try to craft original human thoughts.
This is actually a feature of the Plume wifi mesh devices. https://support.plume.com/s/article/Sense-Live-View?language... It's also available from any other ISP that uses them, or if you buy your own Plume device and a subscription. It's been there for years. https://arstechnica.com/gadgets/2020/03/from-wi-fi-to-spy-fi...
https://staceyoniot.com/the-next-big-wi-fi-standard-is-for-s...
> The IEEE plans to take the concepts for Wi-Fi sensing from the proprietary system built by Cognitive (which has been licensed to Qualcomm and also Plume) and create a standard interface for how the chips calculate interference that determines where in space an object is.
Other firmware sensing capability: https://www.cognitivesystems.com/caregiver/
Put your cable modem in bridge mode and use your own WiFi.
I used to recommend using your own cable modem as well, but these days you have to use the Xfinity modem to avoid overages if you're in a market with data caps.
Comcast has a stellar network operations unit, but their business operations are creepy and exploitative.
Is their network good, though? They try to keep my data in their network as long as possible affecting latency to certain places, which is significantly worse than what fiber providers in my area do.
About fivish years ago I interviewed with a Wi-Fi device maker and the engineer I interviewed with was bragging that they could watch users walk around their home.
Okay I'm as concerned about privasy as everybody else is here but i also gotta admire that its pretty neat they can actually do that. Are they measuring the signal echo like what radar does? If they controlled both the receiver and transmitter i wouldn't be as surprised to find out they can tell when something crosses between them and form a 2-dimensional mesh (like that episode of Star Trek TNG where geordie detects cloaked romulan ships by having starfleet deploy a fleet of ships that send signals back and forth and look for timing variances) but if I'm understanding correctly this is different because they only control a single point in the network?
I wonder if they have enough information to make out shapes or if it's just a simple rangefinder?
It's far from great for imaging, but it can be done. https://www.zmescience.com/research/inventions/wifi-technolo...
Similarly, "DensePose from WiFi" (2023), 40 comments, https://news.ycombinator.com/item?id=34423395
Honestly even that is pretty incredible. At the very least that's enough date to count family members, possibly ID them if they have different-shaped bodies, and identify certain activities with obvious silhouettes (eg, sex).
I don't think it justifies the impending orwellian hellscape this technology will eventually unleash, but one positive thing about this that has me a bit excited is that this could easily clear up many ambiguities in criminal cases. for example, fairly often a death will get ruled as a suicide but victim's relatives and friends will insist that it must have been a murder; imagine being able to use this technology to definitively prove whether or not there was another party present when the victim died.
Or in rape cases where the defendant is protesting their innocence, knowing the body language of the victim and the defendant could be a vital clue because you might be able to observe the victim fighting back.
Again, I don't think the positives outweigh the negatives to the point that it could ever justify an invasion of privacy on this scale (you might as well just make everybody let the government set up a thermal camera in their house!) but it is interesting to think about the problems this could solve.
The term for this sort of thing is "WiFi sensing". Relevant HN thread from 2021 ("The next big Wi-Fi standard is for sensing, not communication (2021)"): https://news.ycombinator.com/item?id=29901587
As far as I can tell, devices were already on the market when that thread was made. 802.11bf was standardization to help along interoperability and future products.
I worked in a nascent water tech space recently involving an IOT water flow sensing device installed on a main water line. I worked extensively on detection models capable of distinguishing water fixture use during simultaneous usage scenarios. When your full time job involves a niche domain such as this, a whole new world begins to reveal itself. You can distinguish people based on their patterns of fixture usage. You can determine how many people are living in a residence. You can determine hygiene habits of each person. There's a lot more to these smart home devices than what meets the eye. You thought the sensor was good for just detecting leaks and approximately breaking down water consumption? Think again.
This device alone is capable of doing a lot, but when combined with other sensing devices such as a WIFI motion detection system, you can create a system where the whole is greater than the sum of the parts. First, you may not even need to monitor water flow now because detecting a person in the bathroom, moving about, is sufficient to detect toilet usage followed by hand-wash, and shower usage. You will know duration of each. You may be able to distinguish people in a residence, which means you'll learn who did what throughout a household.
Right about now you may be wondering who would ever want to know this kind of stuff? Who cares if you just used the toilet and didn't wash your hands? Who cares if you frequently use the toilet, or wash your hands excessively, or frequently and excessively wash your hands throughout the day? What if you are a landlord with a tenant leasing agreement stipulating no one other than the listed members on the contract shall occupy the residence without permission of the landlord (with exceptions, of course).
Thanks for sharing this. Check out this other comment on this page to see what one company says they can do (health baselining etc)
https://news.ycombinator.com/item?id=44428654
One takeaway from this is that there's a strong privacy case for disabling the built-in wireless network from your ISP-provided modem/router and using your own, to reduce the number of ways that your ISP can surveil you.
My home ISP's cell router (because no other internet reaches our area anymore) has almost no configurable settings (just wifi name/password/hidden), and actively forbids you from disabling wifi even though I only use it through the wired connection.
(And what limited configurability it provides is only through the app, which requires you to agree to their "molest your privacy policy". I had been content with just not installing the app , but my threat model hadn't considered this new development ...)
That’s always a good idea, but they’ll still be able to tell when someone is home because the outbound internet traffic will increase.
And don’t forget to set your DNS to a non-ISP resolver.
SNI is not encrypted.
You need a box downstream of your ISP devices that encrypts all traffic out over a VPN. This is what I do.
So you need fake upstream downstream traffic, put your router in a lead box, use DNS over https, and then all that for nothing because the Amazon router was backdoored by the NSA too
> That’s always a good idea, but they’ll still be able to tell when someone is home because the outbound internet traffic will increase.
Sure, but not necessarily who is home, since they won't have the MAC address of your device(s) connecting.
Also, traffic volumes are a lot noisier of signals than you might think, given how much automated and background stuff we have these days.
Even better, don't use the Comcast router at all. It's a rip off anyway
Don't they hand out combination modem/routers? What's a cheaper alternative?
5 replies →
If it lets you. I think Bell modem+router+AP devices always broadcast a TV network with no way of disabling it whether you have TV service or not.
That's what a good-ol' Faraday cage is for.
1 reply →
This is piled on top of the existing strong case for all Comcast wifi equipment being hot garbage. If some confluence of poor regulations has led you to being stuck with Comcast, the least you can do for yourself is get your own DOCSIS modem and routers and access points that you control.
Score one more point for the tinfoil hat crowd:
1. Black tape over our webcams to keep them from watching us.
2. Cardboard over our windows to keep laser microphones from hearing us.
3. RFID blocking wallets to keep our money safe from them.
4. WiFi motion detectors watching our every move in our own home. <---You are here.--->
5. Aluminum underwear keeping our private parts from being scanned into AI at airports.
6. Tinfoil hats protecting our thoughts.
Next step it will just be a feature they offer and whether you know of it, use it, or want it, it'll always be on in the background due to you signing a terms of service that lets them. And then it'll not just be in a xfinity router but your tv, phone, etc. Just makes me want to live in a cabin in the woods.
What is the escalation path for replacing or removing the corrupt public utility commissions that allow these fraudulent and unethical monopolists to continue operating?
We have endless cases of Comcast and others criminally abusing their granted monopoly and the PUCs simply allowing them to run roughshod over consumers.
How do we fix it?
This reminds of an MIT-licensed library that was Vibe-coded and released three weeks ago. The source is available here: https://github.com/ruvnet/wifi-densepose
Thought I could integrate that into home assistant...till I got to the 78% GPU utilization part. Bit heavy for 24/7
Could I sufficiently foil their mechanism here by not connecting any WiFi devices to their access point and then wrapping their access point with foil? Or would you need to take it all the way and put the device in a faraday cage? I’ve always wanted to build one but never had the motivation. Maybe this will be the impetus I need to finally make one! Like others have stated I use the ISP provided hardware to get around the data cap. But connect nothing to it other than my own router.
One more reason not to use an ISP router, although in this case most of us are at minimum carrying around GPS homing beacons in our pocket so the carriers already know where we are.
And now we also know the reason why they give away unlimited data for free when you use their router, but not when you want to use your own router.
I can turn off the WiFi on my ISPs (Cox) router. I just have it port-forward everything into my own wifi-router where I manage it from there.
Up next - Comcast will pause ads when it detects that you've walked into the kitchen - or raise the volume. Advertisers can pay extra for this feature.
Soon ICE will have given Comcast enough money to provide a live feed of the neighborhoods they are targeting and where all the bodies are that match the height of their targets.
We need to be finding the xfinity wifi hotspots in our neighborhoods, knock on doors, and help people understand the risks they are creating for themselves and their neighbors and how to setup their own routers.
Funny, Xfinity has been spamming me for months now trying to get me to get off my own hardware and onto theirs. Promising me vague "speed improvements" (and of course without ever bothering to provide a single piece of data about how/why speed would be improved, or by how much). No, no I don't think I will.
Is Xfinity licensing Wifi Motion™ from Cognitive Systems?[0]
"WiFi Motion, Cognitive’s Wi-Fi Sensing solution, is an innovative software platform that leverages AI and sophisticated algorithms to transform existing Wi-Fi signals into a motion sensing network."
Another company operating in this space is Origin Wireless. They demonstrated breathing detection with WiFi in 2017[1]. They've since partnered with ISPs to offer a WiFi Sensing "TruShield" home security service.[2]
[0]https://www.cognitivesystems.com/
[1]https://www.engadget.com/2017-10-09-origin-wireless-motion-d...
[2]https://www.originwirelessai.com/trushield/
Yes
Can't help but imagine a reality where this is widespread and people resort to installing radio reflective curtains/decorations that freely move with slight ambient air currents in an effort to scramble the reflections and make it as hard as they can to measure.
Something like a belly dance belt around the router could also work.
Other options:
Humans who want some rooms of their house to be non-transparent will need either new construction or to retrofit shielding, e.g. QuietRock drywall.
Linksys has offered similar functionality (“Linksys Aware”) since 2019.
https://www.theverge.com/2019/10/8/20905223/linksys-aware-me...
Worth mentioning that unlike some ISPS Xfinity does let you use your own DOCSIS modems, which is the ideal way of using an ISP. ISP provided gateway's WIFI is not ideal for privacy, security and performance.
Comcast in general has a long history of snooping around and messing with users' traffic. Not that the alternatives are much better. Regular folks are screwed on this matter.
But perhaps for HNers setting up your own trusted WIFI AP and routing it (and all other traffic) through an internet gateway that routes your traffic over a secure channel (whatever that is for you, Tor, VPN services, VPN over your own cloud/vps,etc..) is ideal. It goes without saying, your DNS traffic should also not be visible to the ISPs.
Keep in mind that they sell all this data (including the motion data) not just to law enforcement but to arbitrary well-paying data brokers and other clients.
I'm sure people will want to make it seem like Comcast is doing something evil here, but they're not:
> Comcast does not monitor the motion and/or notifications generated by the service.
> This feature is currently only available for select Xfinity Internet customers as part of an early access preview.
> WiFi Motion is off by default.
Features like this at Comcast are typically one or two engineers on a random team coming up with a cool idea, testing it out, and if it works, they ask if they can roll it out en-masse. If it's just a software or server/backend thing and it doesn't have any negative impact, it gets accepted. Despite their terrible customer service and business practices, they do some cool stuff sometimes. They also release a fair bit of home-grown stuff as open source, which is expensive and time-consuming, but [they hope] it attracts engineers.
> does not monitor motion
This doesn't mean that they can't monitor motion (e.g. as compelled via NSL). This product sorely needs E2EE.
It's all well and good until the MBAs get a hold of it... Technology doesn't exist in a vacuum.
or a third party
If it is what I think it is -> I worked on it at Technicolor.
The tech is very cool, the initial pitch was to fine tune wifi performance to get the best bandwidth\coverage ratio for a particular customer. But indeed, during testing we quickly discovered that we can map apartments and houses to some extent. You knew when someone was on the toilet for example.
I really wish Xfinity focused on providing a reliable service instead of building out next gen surveillance machines
> WiFi Motion will function only in areas of your home where you have strong WiFi signals traveling between your gateway and your WiFi-connected devices, and Comcast does not guarantee or warrant performance.
It is clearly just monitoring RSSI and everybody's acting like this is some spooky radar based technology.
Might be useful for people to investigate hardware mods that disable WiFi on their newer gateways. I have an XB3, but motion detection requires an XB7/XB8: https://news.ycombinator.com/item?id=43527521
Can anyone recommend a worthwhile setup for me? I am interested in switching my setup on Cox. It seems the Arris S33 plus Unifi Dream Router is one of my best options for good speed and features like ad blocking and VLAN? Best to buy direct from the manufacture or is Amazon ok?
People really like the Arris S33 and the motorola... god I think it's the SB8200? something like that.
How long is it before a starlink has this capability. Maybe a stretch, but also inevitable. I think about the fact that there are probably many uses of starlink that don't involve a consumer login, they just provide ubiquitous surveillance wherever.
I treat the ISP-provided gateway as a part of the internet, I don't use its WiFi and don't attach other devices to it which are not my own router or a honeypot. The subnet the gateway resides in is like a moat surrounding a castle.
People here claiming "stick the ISP modem in a microwave oven, put on a tin foil hat and use your own device" -- do you truly, 100% trust that nobody but you has access to said "own" device?
Start by implementing AP per-client authentication for Wi-Fi client devices.
Myself and my buddies worked on it. This might sound ripe with "conspiracy". I know how it's going to sound. Take it for what you will. Initially wanting to know things like, whose in what room, how many people, and what your actively doing, who you socialize with most etc. Been working on this since they bought Skydog/Powercloud. Purposely "helped" design the spec for wifi since Wifi 5 or earlier. How do we get more sensor devices into the home? Build an IoT line of business and make wifi "better". Imagine seeing the the entire USA on a map (comcast "national watchtower" tool), and then seeing what each router can "see", including those xfinity hotspots. One, giant, signal map of devices with tagged metadata such as a percentage associated to "who" owns the device, what the device is, and what apps you have installed, which you are using at this current moment, any health and biometric data in case grandma fell over and can't get up. There is always a hidden SSID transmitting. p0f is nicely preinstalled on the wifi router cpe. Now create the standard firmware RDK for worldwide use purchasing cable/tv networks in other countries. (Sky, IoT companies in Italy). Now give them more ability, like to unlock your home "MyQ" (comcast ventures "investment"), why stop there, get into businesses such as taco bell with LoRaWAN. Add xfinity mobile for that extra juice of seeing all the little SIMS (game) characters on the (very real) map so you can recommend to them how to better schedule their life. It's all there. Now take that same map, and make it global. Attend the next SCTE conference and see it all for yourself. They're proud of it. I thought, I was too.
In a future Visible Social Network movie, through-wall sensing creators could livestream their own activity telemetry as a global public demo.
Everyone would follow suit, or would they? See the movie and find out!
On one hand, cool. On the other hand, why? This doesn't seem terribly accurate or insightful. A security camera is cheaper and has a better sensor and logic for detecting motion.
I recall years ago reading a research paper on WiFi signals being used to track people through wall using MIMO…then American Express investing in the technology and now this…
Are there any kits to place my comcast modem in a faraday cage?
Looking forward for Wifi singnal scrambling. I mean if we take things like Spectre seriously (I don't to a large degree), this would certainly qualify as well.
The race is on to find the cheapest/easiest decoy that can simulate such motion (because if everything is moving, then nothing is moving). A tube man in every corner?
The race is already on for biometric fingerprinting via WiFi Sensing, e.g. via heart rate.
>WiFi Motion is not a home security service and is not professionally monitored.
That's funny because it does sound like they suggest it be used as such.
3 cat feeders(small dispensers) 3 different recurring times, 3 cats = never a dull moment for the FBI on watch...
Great, I always wanted to
I get that there is utility to this thing but come on, they don't even guarantee that the information is private and they say they collect it. Does the boot really taste that good? Why are we so obsessed with surveillance and giving people the power to surveil ourselves? Why are so many devs complicit in developing these tools? Again, I can understand how there's honest and good nature utility to them, but just because something has utility doesn't mean you get to ignore any harm. This trade-off is literally the whole of ethics in engineering. Engineers both create the tools for utopia and the tools for autocracy. The bitter truth is that often tools for autocracies are created while trying to create tools for utopias. But frankly, I'm not convinced this one is in that ambiguous gray zone...
15 years of research and 5 years of HN discussion. It can always get worse, https://news.ycombinator.com/item?id=29901979
Is there a PKD sci-fi story about terahertz-radar smart lock breathalyzer (substances, viruses) with conditional door entry/exit rules?
Engineers both create the tools for utopia and the tools for autocracy.
It's the same tool much of the time, including here. Utopia is getting a warning there is an intruder in your residence before you walk in, or better deterring that from happening. Autocracy is the government tracking you in your house.
I agree, but the reason I'm less convinced this is in that gray zone is because, frankly, break-ins are relatively rare. In general, crime is highly localized. So while I'm sure it is useful to some people, I'm quite suspicious that it is not helpful for most people. Maybe gives them peace of mind, but that peace of mind can increase paranoia. We'll just have to see the rates of false positives to false negatives...
But I do see this as an extremely useful tool for autocrats, hackers, and abusive relationships. I'm willing to bet that this is used by these malicious actors far more than your average user gets a true positive detection. And we really should be clear, the danger is far more than autocrats.
[dead]
Given that your ISP is monitoring your DNS, is wifi motion (usage is probably as valuable) really that bad?
I have Xfinity as a backup isp. Bye bye!
I did this a decade ago. We can detect your breath rate. It's far more sensitive with modern units.
Does wrapping their modem in foil work at defeating this thing in any meaningful way? I have my own router.
ISP routers should have an admin option to disable WiFi.
Grounded fine copper mesh can attenuate RF and maintain cooling.
Probably. Even better would be opening it up and grounding the antenna.
Easier is to simply not enable this feature if you don't want to use it.
I always turn off every feature on every router I don't own and use it in pass through mode.
>WiFi Motion is off by default
Okay, so buy my own router and then put the ISP one in a metal box. Gotcha!
Xfinity is the worst service I'd ever used.
I'm boring. I want a pipe, like a water pipe for data, and I'll do the rest. This makes them actively combative.
Ignoring the whole TV/landline stuff they keep pushing as that's too easy a target, they are actively hostile about just using internet.
It was way cheaper to use their modem. About $15/mo. Why? Because they want a huge hotspot network in every house. They swear it won't affect speed, but as I never got close to advertised speeds, I didn't believe that. They also act as their 'cell network' that they try to push, and basically call you an idiot for declining. In fairness their cell network is pretty cheap, but I'm just not interested.
I chose to pay more to use my own modem, and they absolutely hounded me, stopping just short of calling me stupid about once a month. Maybe it was commissioned sales people searching for people like me as a given, and getting mad when I rebuffed.
And let's not even talk about data caps. Which, by the way, using their modem exempted you. Why? I naively assume because they can't differentiate hotspot data from yours. Maybe I'm wrong.
The whole service is dystopian. I moved since luckily to a rural, middle of nowhere area that does their own fiber. It has zero of those issues, and costs about half as much for twice the speed. It makes you realize how scummy they really are.
Not with the ancient barely working WRT54G that comcast keeps nagging me to replace!
Note that according to the website: "WiFi Motion is off by default."
Reason #293674 to always use your own router and modem as often as possible
Reason 732 why I would never use the network gear provided by an ISP.
Just get your own router and don't use ISP provided router.
Similar features are planned for consumer routers, see IEEE 802.11bf.
Yeah, disable that wifi on an device not controlled by you
If they make the firmware there's no guarantee they aren't still doing it just without a broadcast SSID going along with it.
I guess technically they don't need to use wifi, could just have a hidden microwave chip in it and use a non-wifi detection sysatem.
Great. Now super paranoid lol.
>tape a smartphone to your roomba
>stream audiobooks
>leave house, commit crime
It’s creepy there is an Exclude Small Pets mode.
so is this just looking at the SNR for any given connected device and looking for sudden dramatic changes in it?
One more reason yet to have my own modem.
Can you block this with a pihole?
I had a conspiracy theorist tell me one time this is why they removed all the lead paint. It never quite made sense that kids were actually eating lead chips.
I know lead is bad for you, maybe a coincidence.
Even old lead paint didn't have a lot of lead in it. A thin layer of lead paint with <1% lead does nearly nothing for WiFi signals.
We use lead for shielding ionizing radiation like gamma rays, but even that uses a lot more lead than you'd find in paint.
Not all "radiation" is the same thing.
Good to know! Thanks for clarifying.
There is a pattern called 'Pica' where kids gnaw on stuff, windows, ledges etc https://en.wikipedia.org/wiki/Pica_(disorder)
Apart from what the sibling poster said about lead (II acetate) having a sweet taste, little kids will put literally anything in their mouths. You ain't lived till you had to get dog shit out of a baby's mouth.
>It never quite made sense that kids were actually eating lead chips
You know that lead tastes sweet, right?
I did not! I've never eaten lead lol
is ther an adblock for https ? can we do subdomain https ad blocking ?
...and promising to give it to cops.
Turn that thing off.
holy shit we live in a matrix
Yet another reason to refuse to rent their modem or router.
[dead]
[flagged]
Is it nothing? I bet the price is nothing.
[flagged]
[flagged]