> Subject to applicable law, Comcast may disclose information generated by your WiFi Motion to third parties without further notice to you in connection with any law enforcement investigation or proceeding, any dispute to which Comcast is a party, or pursuant to a court order or subpoena.
Sounds like, at least in some limited circumstances (using the provided WiFi AP, having this feature turned on, etc), ISPs are going to be able to tell law enforcement/courts whether anyone was home at a certain time or not.
Law enforcement could tell whether you're home at certain time or not for decades before WiFI Motion. However with WiFi motion, if you're in some kind of a big building, like a hotel or huge office building, they will be able to tell exactly the room number and spot you're occupying.
Couldn’t you do this already? I have an electric meter on the side of my building with a public facing display of kwh usage. The water company has a similar hookup for measuring flow. Both could be used to determine occupancy in theory.
It’s tricky when privacy gets tangled with law enforcement requests. If you want better control over your data, tools like HiFiveStar can help you monitor what’s being shared. It made me feel a bit more on top of my online footprint.
One takeaway from this is that there's a strong privacy case for disabling the built-in wireless network from your ISP-provided modem/router and using your own, to reduce the number of ways that your ISP can surveil you.
I don't want my ISP doing this to me, but it sounds like something pretty cool to do myself. Does anybody know what the current state of "self-hosting" this kind of functionality is?
One more reason not to use an ISP router, although in this case most of us are at minimum carrying around GPS homing beacons in our pocket so the carriers already know where we are.
Xfinity won't give folks in certain locales (maybe everywhere in the US?) unlimited bandwidth unless they use their modem/router. This seems like a good reason that practice should be illegal.
I had a conspiracy theorist tell me one time this is why they removed all the lead paint. It never quite made sense that kids were actually eating lead chips.
This reminds of an MIT-licensed library that was Vibe-coded and released three weeks ago. The source is available here: https://github.com/ruvnet/wifi-densepose
Sensing is (sadly) part of Wi-Fi 7. If you have a recent Intel, AMD or Qualcomm device from the past few years, it's likely physically capable of detecting human presence and/or activity (e.g. breathing rate). It can also be done with $20 ESP32 devices + OSS firmware and _possibly_ with compromised radio basebands.
I'm sure people will want to make it seem like Comcast is doing something evil here, but they're not:
> Comcast does not monitor the motion and/or notifications generated by the service.
> This feature is currently only available for select Xfinity Internet customers as part of an early access preview.
> WiFi Motion is off by default.
Features like this at Comcast are typically one or two engineers on a random team coming up with a cool idea, testing it out, and if it works, they ask if they can roll it out en-masse. If it's just a software or server/backend thing and it doesn't have any negative impact, it gets accepted. Despite their terrible customer service and business practices, they do some cool stuff sometimes. They also release a fair bit of home-grown stuff as open source, which is expensive and time-consuming, but [they hope] it attracts engineers.
In case anyone is skimming the headline and comments: It's not enabled by default. This is an optional feature that you have to find, turn on, and then select up to 3 WiFi devices to use as reference signals:
> Activating the feature
> WiFi Motion is off by default. To activate the feature, perform the following steps:
The actual title of the article is "Using WiFi Motion in the Xfinity app".
The visibility of the feature for users may be "off by default" but that means nothing in terms of what Comcast is actually collecting, storing, and sending to third parties.
The term for this sort of thing is "WiFi sensing". Relevant HN thread from 2021 ("The next big Wi-Fi standard is for sensing, not communication (2021)"): https://news.ycombinator.com/item?id=29901587
As far as I can tell, devices were already on the market when that thread was made. 802.11bf was standardization to help along interoperability and future products.
I've been telling people for ages to not trust ISP provided hardware. Notice the vague language here which means they reserve the right to share private information for anything that might be called an investigation, or for any dispute which includes them (didn't pay your bill?), or a subpoena.
Subject to applicable law, Comcast may disclose information generated by your WiFi Motion to third parties without further notice to you in connection with any law enforcement investigation or proceeding, any dispute to which Comcast is a party, or pursuant to a court order or subpoena.
Plus, sharing isn't limited to a court or law enforcemnt agency - they reserve the right to share information with any third party.
This is scary, particularly considering how the current administration wants to weaponize everything they possibly can.
This is what precisely why I willingly pay more to Google for their fiber optic service than AT&T for an equivalent, albeit less expensive, plan: Google readily allows me to use my own equipment. I am voting with my dollars on this one.
This is a neat feature when it's your own device that you control, but not so great when they "disclose information generated by WiFi Motion to third parties without further notice to you."
I wanted to talk about how responsible WiFi router software authors can make things local-only (and I've done that in the past; no way to get this information even if I wanted it). But this is always temporary when "they" can push an update to your router at any time. One day the software is trustworthy, they next day it's not, via intentional removal of privacy features or by virtue of a dumb bug that you probably should have written a unit test for. Comcast is getting attention for saying they're doing this, but anyone who pushes firmware updates to your WiFi router can do this tomorrow if they feel like it. A strong argument in favor of "maybe I'll just run NixOS on an Orange Pi as my router", because at least you get the final say in what code runs.
What is the escalation path for replacing or removing the corrupt public utility commissions that allow these fraudulent and unethical monopolists to continue operating?
We have endless cases of Comcast and others criminally abusing their granted monopoly and the PUCs simply allowing them to run roughshod over consumers.
The race is on to find the cheapest/easiest decoy that can simulate such motion (because if everything is moving, then nothing is moving). A tube man in every corner?
Put your cable modem in bridge mode and use your own WiFi.
I used to recommend using your own cable modem as well, but these days you have to use the Xfinity modem to avoid overages if you're in a market with data caps.
Comcast has a stellar network operations unit, but their business operations are creepy and exploitative.
People here claiming "stick the ISP modem in a microwave oven, put on a tin foil hat and use your own device" -- do you truly, 100% trust that nobody but you has access to said "own" device?
Worth mentioning that unlike some ISPS Xfinity does let you use your own DOCSIS modems, which is the ideal way of using an ISP. ISP provided gateway's WIFI is not ideal for privacy, security and performance.
Comcast in general has a long history of snooping around and messing with users' traffic. Not that the alternatives are much better. Regular folks are screwed on this matter.
But perhaps for HNers setting up your own trusted WIFI AP and routing it (and all other traffic) through an internet gateway that routes your traffic over a secure channel (whatever that is for you, Tor, VPN services, VPN over your own cloud/vps,etc..) is ideal. It goes without saying, your DNS traffic should also not be visible to the ISPs.
Keep in mind that they sell all this data (including the motion data) not just to law enforcement but to arbitrary well-paying data brokers and other clients.
87 comments
[ 1.4 ms ] story [ 68.3 ms ] threadSounds like, at least in some limited circumstances (using the provided WiFi AP, having this feature turned on, etc), ISPs are going to be able to tell law enforcement/courts whether anyone was home at a certain time or not.
https://dl.acm.org/doi/10.1145/2486001.2486039
I know lead is bad for you, maybe a coincidence.
> Comcast does not monitor the motion and/or notifications generated by the service.
> This feature is currently only available for select Xfinity Internet customers as part of an early access preview.
> WiFi Motion is off by default.
Features like this at Comcast are typically one or two engineers on a random team coming up with a cool idea, testing it out, and if it works, they ask if they can roll it out en-masse. If it's just a software or server/backend thing and it doesn't have any negative impact, it gets accepted. Despite their terrible customer service and business practices, they do some cool stuff sometimes. They also release a fair bit of home-grown stuff as open source, which is expensive and time-consuming, but [they hope] it attracts engineers.
> Activating the feature
> WiFi Motion is off by default. To activate the feature, perform the following steps:
The actual title of the article is "Using WiFi Motion in the Xfinity app".
Here's how this level of scum works in reality:
At first: https://news.ycombinator.com/item?id=3017694
Eventually: https://news.ycombinator.com/item?id=39709991
As far as I can tell, devices were already on the market when that thread was made. 802.11bf was standardization to help along interoperability and future products.
This is scary, particularly considering how the current administration wants to weaponize everything they possibly can.
I wanted to talk about how responsible WiFi router software authors can make things local-only (and I've done that in the past; no way to get this information even if I wanted it). But this is always temporary when "they" can push an update to your router at any time. One day the software is trustworthy, they next day it's not, via intentional removal of privacy features or by virtue of a dumb bug that you probably should have written a unit test for. Comcast is getting attention for saying they're doing this, but anyone who pushes firmware updates to your WiFi router can do this tomorrow if they feel like it. A strong argument in favor of "maybe I'll just run NixOS on an Orange Pi as my router", because at least you get the final say in what code runs.
We have endless cases of Comcast and others criminally abusing their granted monopoly and the PUCs simply allowing them to run roughshod over consumers.
How do we fix it?
Turn that thing off.
I used to recommend using your own cable modem as well, but these days you have to use the Xfinity modem to avoid overages if you're in a market with data caps.
Comcast has a stellar network operations unit, but their business operations are creepy and exploitative.
Comcast in general has a long history of snooping around and messing with users' traffic. Not that the alternatives are much better. Regular folks are screwed on this matter.
But perhaps for HNers setting up your own trusted WIFI AP and routing it (and all other traffic) through an internet gateway that routes your traffic over a secure channel (whatever that is for you, Tor, VPN services, VPN over your own cloud/vps,etc..) is ideal. It goes without saying, your DNS traffic should also not be visible to the ISPs.
Keep in mind that they sell all this data (including the motion data) not just to law enforcement but to arbitrary well-paying data brokers and other clients.