138 comments

[ 3.1 ms ] story [ 178 ms ] thread
I live in NJ and I see an open (and extremely strong) XfinityWifi network signal. I don't know if this is the default SSID with no security or one of these public hotspots. But since Comcast has a corporate office a couple miles from me, I wouldn't be surprised if they were experimenting with this lovely service locally as well.
Comcast has large gray boxes installed on some telephone pole lines that are wifi access points (with an ssid of xfinitywifi). They are installed in many cities across the country (including in NJ) and can be found on this map: http://www.att.com/maps/wifi.html (ignore the fact that this information is hosted on an att.com website)
Can you explain the att.com and comcast angle? Are you saying that att.com lists Comcast wifi hotspots?
Pretty sure they are doing this after you upgrade your modem. I have been noticing this more and more with my iPhone. Gets sort of annoying though when it keeps on trying to connect to these hotspots and basically causes my internet to drop out due to it trying to connect.
I wouldn't be surprised if Comcast could effectively deliver 150mbps to all subscribers on their network and just uses the excess capacity to provide wifi. Of course that sucks if you paid for the full 150mbps. ;)

Of course, that doesn't mean where their network connects to the internet won't get more congested...

s/congested/administratively disabled

Remember, Comcast is part of the cable company fuckery that is pushing for a "fast lane"

For cable, the other wifi network is served on a different docsis channel, and shouldn't affect your speed - at least not the part from your router to the other end of the cable.
Yes. But it probably doesn't help at the hop from their and onward.
Well, the other end should be a Comcast central office, if they don't have the necessary bandwidth backhaul, you have at least a very valid reason to complain.
Interestingly enough, there is one of these in my apartment complex. I just connected to it and it allows DNS requests through. You could connect to some ones wifi and DNS tunnel out to the internet. Looks like there is a real easy way to get free internet without giving a penny to CommieCast.
I've used iodine dns tunneling when travelling, it's slooooooow, like 28.8 dial up slow.
I set mine own up on a private server and I've gotten up to 120kB/s. It's usually fast enough to browse HN comfortably.
I'm guessing it's using raw UDP tunneling on port 53, rather than tunneling IP over recursive DNS lookups through the ISP's DNS server. This is fast but doesn't work everywhere.

I may have had bad luck, but I've not managed to get near those speeds when all I've had was access to a local DNS server, through which to connect to my iodine server.

If that were the case there would be basically no overhead and you should get full speeds.
It doesnt get you out of paying for internet: you still have to pay for the other end of the DNS tunnel.
Would you rather give your money to Amazon or to Comcast?
You can get away with spending $5/month to Amazon or a cheap VPS provider to achieve the same kind of speeds you'd get from $60 to Comcast.
You can get a decent VPS as the DNS tunnel endpoint for like 10-15$/year
It's also kind of like stealing.
CommieCast? Really? These kinds of nicknames are always childish and annoying, and commie doesn't even make sense as an insult. At least think of something clever.
FYI, the 'xfinitywifi' hotspots you've seen over the past couple years are this same thing deployed via Comcast Business customers' modems.
Brighthouse has been quietly doing something similar throughout central Florida (at least) for a year or so. I only saw it at businesses and in the cases I saw there were two separate modems.

My guess is that there's no way this doesn't degrade the customers' connection.

One correction to the article - The Comcast program is not "Opt-In" as the article notes, but an "Opt-Out" program.
I'm pretty sure Time Warner has been doing this in NY for some time now
My area (Astoria, Queens) recently got upgraded to 300/20mbps but, to get that speed, I needed to upgrade my modem. I wouldn't be surprised if this new modem will have this capability. It's yet another reason to have your own router behind their modem.

As long as my speed doesn't degrade and I'm using my own router behind the modem, I don't mind if they make it a public hot spot.

Of course, most people use the cable companies modem as their wifi/router. I wouldn't be surprised if people discover major security vulnerabilities in these mix-public/private modems.

>As long as my speed doesn't degrade and I'm using my own router behind the modem, I don't mind if they make it a public hot spot.

If your wireless router is near the modem and it's broadcasting on an overlapping channel then it will definitely degrade your speed.

First, if you care about wireless speed, you're not using 2.4GHz, you're using 5GHz. 5GHz channels do not overlap.

Second, other WiFi networks are not really the cause of interference. Certainly, if two networks are sharing the same channel and both have stations that want to use the full bandwidth at the same time, that won't work. But WiFi does listen before it transmits, and does not transmit when it can hear other stations transmitting. This lets many networks share the same channel.

Where this goes wrong is when two stations want to talk to the same access point, but can't hear each other. (The "hidden node" problem.) In that case, station A can't tell that station B is transmitting, and so station A might transmit over station B's transmission, resulting in garbage at the access point. (Access points that can both hear a station but not each other can also do this, of course.)

In the scenario you mention, your own access point and Comcast's access point are almost in the same place, so they should be able to hear the same set of stations. If they pick the same channel (and autoselection _is_ notoriously poor), they should not interfere except to share bandwidth.

Finally, there's so much crap in the 2.4GHz band already that another WiFi network isn't going to make a difference. From my apartment I can hear 20+ WiFi networks, and if I look at a spectrum readout, can see tons of other things that I have no idea what they are. https://plus.google.com/115192122236060613729/posts/RZHLmV5K...

>you're not using 2.4GHz, you're using 5GHz.

I was assuming these comcast modems were 2.4GHz. But you have a point, if you're using a 5GHz router this problem is avoided.

>Finally, there's so much crap in the 2.4GHz band already that another WiFi network isn't going to make a difference. From my apartment I can hear 20+ WiFi networks, and if I look at a spectrum readout, can see tons of other things that I have no idea what they are.

That depends on where you live. At my house there are only 2 wireless networks near enough to matter and I moved my network to a non-overlapping channel. Also I use 2.4GHZ because 5GHz doesn't cover my entire house.

> It's yet another reason to have your own router behind their modem.

You sure? If you are connecting a CAT5 between the modem and a router, you are still using the modem. Are you sure you can stop the modem from acting on its own?

My understanding is that you should instead replace the modem with your own, not just the router.

All cable modems (customer owned or ISP owned) are configured by the ISP. The main reason to buy your own modem is to save money by avoiding rental/lease charges from your ISP.
What's even worse is that they're doing this for businesses, which can become an obvious security disaster.
What part of it is a security disaster?
Often the owner of an access point is liable for illegal traffic on it.
If anything it seems as if this option will allow a better defense against that, assuming the other connected user (culprit) is identifiable.
The public hotspot will likely have a different IP than the "hosting" business. At least, let's hope they would be smart enough to do that.
I would be curious to learn how this is done technically: would the "owner" connections and public hotspot wifi connections share the same IP or not? If the IP is shared then there will be some interesting issues to be resolved if someone connects to a public hotspot, fires up Torrent client, downloads tons of movies, and then the owner of the hotspot gets the takedown notice or there will be charges against the owner for downloading copyrighted material. And you can imagine other cases from child pornography to financing terrorists.
You still need to login to the Comcast wifi using an Xfinity account, so I'd imagine activity is tracked that way.
Not sure how this would help. The server will only see IP address. The Comcast will know that a given set of users had the session open on the hotspot. But unless the hotspot sends detailed information about every packet to Comcast with session/user mapping, there is no way to map a particular request to a session/user.
The router simply maps different networks to different SSIDs:

SSID customer-net = VLAN1, nat VLAN1 192.168.1.0/24 to WAN-IP1

SSID public-net = VLAN2, nat VLAN2 192.168.2.0/24 to WAN-IP2

Sure. Having different IPs definitely helps (this was my original question if IPs will be different or not). The login to Comcast by itself doesn't help.
I believe authentication is usually handled with MAC addresses. I'm not a network engineer, but I've worked under one and professional equipment has a lot of capabilities for identifying & handling cases exactly like these; don't infer all of the network devices are as rudimentary as a WRT54G
MAC address is used in APR protocol and it doesn't go beyond your router/WAP/DHCP server. The only thing that an "external" server sees is the IP address.
ISP managed gateways provide visibility to the ARP table via SNMP or TR-69.
Cable modems can be configured to support multiple service flows with different classes of service. The users of the public hotspot network have a unique IP and separate service flows provisioning additional bandwidth to the modem. Presumably Comcast is also tracking an authenticated user's IP address while on public hotspots for DMCA enforcement purposes.
Though there's very little stopping you from setting up an access point called "XfinityWifi" and connecting it to whatever evil you want.
This is a very legitimate concern. I doubt Comcast or any other ISP using these community wifi services are really prepared to deal with this problem. Any Comcast customer who runs into problems with DMCA / legal issues (via IP) will have plenty of reasonable doubt on their side.
Typically a cable company provided cable modem is a NAT box rather rather than having a dedicated IP. It's IP within the cable company's backbone gets encoded/decoded to an IP:port where it exits their network so that all their customers can be serviced by a static block of IP addresses (of which there are essentially no more IPv4.

To share the cable modem device, the device just needs to switch packets internally.

I just installed a new modem to provide "higher speeds". Speed hasn't changed, but we have a new wifi network (xfintywifi).

We do have the old equipment, but it's not that bad honestly.

Seems like a fantastic way to indemnify yourself against any charges of piracy that are leveled at you and your Internet connection.
I'm actually connected to one of these hotspots right now. I had just moved in to this new apartment and hadn't yet had time to set up internet. But lo and behold there's this public network called "xfinitywifi", and my dad's comcast account logs me in! Now, I dont think I'd like my own modem broadcasting a hotspot, but it did turn out to be pretty convenient.
The public wifi and the private wifi have different public ip's but counter to Comcast's claim that the second wifi does not effect the internet speed, it does. I know this because I discovered the xfinitywifi network coming out of my box about 2 months ago and did some tests.

I called Comcast to ask them to wtf was going on, they refused to disable is saying it was a service to the public, bla bla bla. I was able to disable in their admin panel though.

You can just install your own router too. You can get a Motorola cable modem that works just as fine as whatever they put in there I imagine. I have my own modem.

The only time having my own modem has ever been an issue is when I called customer service about network issues. They wanted to blame my modem, but that's never been the actual problem (last time it was a bad cable outside the house).

You could also shield that thing so it can't effectively broadcast wifi and connect your own wifi router with a cable.

This is not strictly true. I own my own cable modem (bought it on Amazon before signing up with Comcast - http://www.amazon.com/Motorola-SURFboard-Gateway-SBG6580-Wir...) and I specifically picked this one because it was on Comcast's list of recommended modems and reviews suggested that it worked without headaches on Comcast's network.

HOWEVER, after installing the device, I eventually started to notice that the firmware was being updated remotely, without my intervention. At one point the Motorola administrative web UI was replaced completely with a new Arris UI (this was a few months ago when Comcast was experimenting with their IPv6 rollout). This lasted for about a month before the firmware was reverted back to an older Motorola image (and now I no longer have IPv6 at home -- I guess there were issues).

So yes, you can install your own router. But at least in some (most?) instances, your cable provider may have direct access to the firmware on your router, which essentially means that they can pull shit like this whenever they want, without your knowledge or intervention.

TLDR: Comcast can update the firmware on my cable modem without my knowledge or intervention. Because it's an all-in-one device, that basically means they can do whatever the fuck they want.

Wow. How could Comcast control the firmware updates for a product they didn't make? Did they hijack the update software lookup? This must have been done with Motorola's backing.
So I looked into this a while ago and wasn't really able to find an authoritative answer. Farthest I got was here: http://forums.comcast.com/t5/Home-Networking-Router-WiFi/DOC...

The claim seems to be that Comcast has the ability to update the firmware of any modem that is physically connected to their network. I don't know if this is actually true. There might be some obscure part of the DOCSIS spec (or an extension) that specifies how firmware updates can be delivered from the coax side (if so, I've certainly never been able to find it, and I don't even want to think about what they're (not) doing for security and authentication).

If this claim is true, then the best you can do is to get a dumb "modem only" device, in order to minimize their control of your hardware and network. Use your own router and/or your own wireless gateway and maintain exclusive firmware control over those devices.

If the claim is false, then they're likely able to get in via some sort of Comcast-specific protocol. This protocol might be in the generic firmware because Comcast also happens to sell this particular device themselves, and maintaining a single firmware image is probably easier for Motorola logistically. I wonder if there are similar update channels for other ISPs on the same device.

I believe it's pretty common for the customer equipment to be updated by the ISP. I have an old modem-only Scientific Atlanta modem. If I start it up on Comcast, the web GUI gets rebranded to Cisco, who now own SA. If I start it on WideOpenWest, it isn't rebranded anymore, it says Scientific Atlanta on the web GUI again.
For DOCSIS modems, they are only updatable and configurable via the ISP. When you connect and power on your cable modem, it requests a configuration file from someplace upstream. That config file contains the firmware version that is compatible with both the network and the modem, and if they don't match then it'll either ask upstream for a new firmware image or fail to connect to the network.

Any configuration done by an end user is limited to the LAN portion of the network. WAN should be cut off entirely.

This all makes sense, but if you get a modem with no wifi capabilities they can't turn your personal network into a wifi hotspot even if your ISP can update the firmware on the modem.
"they refused to disable is saying it was a service to the public, bla bla bla."

I know how much your country (rightfully) hates Comcast but this should be a good thing. Take off your blinders for a second and look at the good things an Opt-Out Guest (my assumption) WiFi network could do.

1. Adoption of ubiquitous internet hotspots by customers for public use. It shouldn't affect your personal bandwidth because you'd be getting priority over guests.

2. Accessibility of potential emergency services without cellular networks. Which provides an option not to use a carriers service. More choice and competition could be amazing.

3. Lowering the legal barriers of opting into being a public hotspot (many ISPs are against it)

4. New potential developer opportunities like updating maps and such for travelers.

5. Herd Immunity when it comes to flimsy IP Address based legal attack vector. Fighting this in court is a huge pain/cost.

6. It could be more economic for customers to distribution their internet for a fee? Which would enable higher quality while the cost is distributed.

7. Provoke more conversation about emphasizing internet privacy/security without using locked routers which doesn't protect users from determined local attackers.

I don't know if this is what they're enabling or not but it's food for thought.

How does this compare to FON wifi routers in Europe? There people share their connection for revenue sharing.
Not always; here in Portugal our biggest ISP started installing FON routers for all their clients, but they don't get any of the revenue sharing, just access to other FON routers.
This is quite common in Europe. In fact this sounds exactly how the BT FON crowdsourced wifi network works: https://www.btfon.com

The opening line of the article's totally wrong in saying this "would be inconceivable if it was any other company than Comcast".

> This is quite common in Europe.

The fuck it is.

Parent comment provided a source.
But not for the actual claim of "quite common in Europe". I am in Europe it's inconceivable that any common carrier would try and pull a stunt like this here.
UK doesn't have any concept of "commin carrier".

BT, a large company in the UK, has done exactly this, using a collaboration with FON to start but using their own tech now. This has been happening for years.

http://ais.globalservices.bt.com/static/assets/insights_and_...

EDIT: the wikipedia article shows many FON collaborations with large telecoms providers across Europe.

Yep, except Fon has an opt-out option, it's opt-in to begin with in a lot of places and it's done with user's knowledge and explicit permission, not behind their backs as Comcast did it.

So, no, what Comcast did is not quite common in Europe.

(comment deleted)
Comcast's service has an opt out option and was announced a year ago. I don't like to be standing up for them, but you are misrepresenting things a bit.
Here's Fon's figures from 8 years ago -

1 – Spain – 6344 (28 new yesterday) registered users

2 – United States – 6334 (11 new yesterday) registered users

3 – France – 2571 (15 new yesterday) registered users

4 – Germany – 1302 (12 new yesterday) registered users

5 – Italy – 1269 (15 new yesterday) registered users

6 – United Kingdom – 1039 (4 new yesterday) registered users

7 – Netherlands – 760 (2 new yesterday) registered users

8 – Sweden – 721 (1 new yesterday) registered users

9 – Argentina – 636 (3 new yesterday) registered users

10 – Canada – 382 (0 new yesterday) registered users

11 – Switzerland – 331 (1 new yesterday) registered users

12 – Belgium – 296 (0 new yesterday) registered users

13 – Portugal – 237 (0 new yesterday) registered users

14 – Mexico – 208 (0 new yesterday) registered users

15 – Japan – 198 (2 new yesterday) registered users

16 – Chile – 195 (0 new yesterday) registered users

17 – Austria – 177 (1 new yesterday) registered users

18 – Ireland – 170 (0 new yesterday) registered users

19 – Brazil – 169 (0 new yesterday) registered users

20 – Denmark – 135 (1 new yesterday) registered users

21 – Israel – 129 (0 new yesterday) registered users

22 – Norway – 125 (0 new yesterday) registered users

23 – China – 120 (0 new yesterday) registered users

24 – Australia – 109 (1 new yesterday) registered users

25 – Finland – 108 (0 new yesterday) registered users

26 – Poland – 85 (0 new yesterday) registered users

27 – India – 77 (1 new yesterday) registered users

28 – Colombia – 74 (0 new yesterday) registered users

29 – Venezuela – 71 (0 new yesterday) registered users

30 – Estonia – 63 (0 new yesterday) registered users

http://english.martinvarsavsky.net/fon/fonas-top-30-countrie...

and their current map - http://maps.fon.com/

And how many are auto-enabled by the ISPs without any notice and no way to opt-out?
How do I disable/enable the XFINITY WiFi Home Hotspot feature?

We encourage all subscribers to keep this feature enabled as it allows more people to enjoy the benefits of XFINITY WiFi around the neighborhood. You will always have the ability to disable the XFINITY WiFi feature on your Wireless Gateway by calling 1-800-XFINITY. You can also visit My Account at http://customer.comcast.com/, click on “Users & Preferences”, and then select “Manage XFINITY WiFi.”

http://wifi.comcast.com/faqs.html

edit - and it was announced in June of last year apparently. Though they may have had a sign on the door saying 'beware of the leopard'.

I live in France & all the major telcos* do this. It's an advertised part of the services.

* At least: Orange, Bouygues, SFR, Free.

I know for a fact that at least two major ISPs in France already do this (SFR, Free).
and in Spain, Germany, Portugal, Italy, and the United Kingdom. Which covers quite a lot of Europe already, not even counting the rest of the places that do this.
Both the Netherlands and Belgium have ISPs that do this, with the slight difference that they Wifi is only accessible to customers of the same ISP.
We also have it in Africa... Although only relatively new.
I had BT broadband a few years ago and we had this then. There were actually thee hotspots: mine, one called "BT Openzone" and one called "BT Fon". When they launched this in 2007 they had 3,000,000 customers [0], which I think they automatically opted in.

It was a good idea, but I never found it useful. It was only on residential broadband, and I never found myself hanging out in residential areas (if I went to a friends house they would just give me their wifi password).

[0] http://www.btfon.com/images/media/common/btfonLaunch041007.p...

I was once away for a while where the only access I had was to one of these. I ended up partially bypassing the paywall after a couple of hours of poking around.
The BT one never really worked for me. But wifi with stupid login pages is pretty broken if you want seamless access. I disabled it by putting my own modem in when I was on BT broadband.
IANAL

Generally in the US, the Owner of the property will own any improvements which the cable company makes to the property unless their was an encumbrance on the land title (or deed) - in which case their remedy for not allowing their use of the improvement would be foreclosure but would be in line behind all previously recorded encumbrances such as mortgages and covenants. This would historically include anything buried or running through the walls. Overhead wires also would likely fall in this category. Real property is funny that way.

Contrary to the article's implication, the cable company could retain ownership of the wire between the box and the wall socket. It's just equipment, like the box itself. But the improvements to the land convey with the land...if your neighbor builds his fence on your side of the property line, it's not his fence it's yours. That's why the cable company cannot insist you share your infrastructure.

IANAL either, but easements[1] may apply here, depending on how broadband cable is classified.

And I'm not remembering the terms for this, but I've heard there are situations where your neighbor building his fence on your land and you not taking action within a certain amount of time would cede that part of your land to your neighbor.

1. https://en.wikipedia.org/wiki/Easement

Easements are a form of encumbrance upon a title. Though real estate law varies by state in the US, access easements are typically the only form of easement established by use...i.e. Passage across the property for physical access to another property. Any other easement must typically be recorded.

Recording an easement requires paperwork at the courthouse, doc stamps, and approval of any lien holders (such as a mortgager). The reason is that the lien holder has a secured interest in the property secured by the title - that they have joint ownership is the easiest way to think about it.

But rest assured, that if you build a fence on your neighbors side of the line its his fence. You can have a contract that gives you the right to access it and prohibits your neighbor from demolishing it, but it's with your neighbor as an individual. If they sell the property the new owner owns the fence and is not bound by the contract.

My ISP in EU does this and theres zero impact. Nobody ever connects - and if they do they're quite capped. Capped enough that i couldnt tell the diff (but they can check emails and view webpages so thats nice for them)

Of course, i agreed to this when subscribing so theres that - and in fact I can turn it off if i want (its opt out)

Can you tap the wire between that public hotspot and the wall and serve those people upside down cat images (and snoop all their clear text traffic)?
I'm under the impression that the router forms a VPN tunnel to an endpoint at the ISP (which is why public users have a different IP and their traffic is easily proven not to be that of the subscribers)
technically you can, practically you do need to hack the proprietary box its a different ATM tunnel in this case but its initiated from the box "at home"
Nice, what took them so long ? it's been like that and so useful (for everyone) for years in France. Maybe one days the US will discover the EAP-SIM "revolutionary thing" too
Can confirm - "Free Wifi" (from ISP Free) is pretty useful, because you can find hostspots almost everywhere. (Too bad EAP-SIM isn't working on Android without rooting the device, sheesh :p)
Frightening level of stupidity in that article ("Exact details of the setup aren’t yet known" says the writer, so then go on to pull numerous scaremongering scenarios out of a hat) and especially stupid stupidity in the comments too.

Why is this so hard to understand? Router broadcasts a second SSID. Router ensures that connections to that SSID are completely isolated from your own network, never touch your IP address or internal devices, and are tunnelled back to base over a separate channel VPN.

In scenarios where you are maxing out your net connection and someone else is using the guest wifi too, your traffic always takes priority. That's a rule right there - the kind of thing that routers are kind of good at.

It also means that you have access to free wifi when you're out and about, as you can use your Comcast ID to use this same wireless in other locations.

As has been pointed out several times, many ISPs around the world do this. It's simple and convenient and not remotely worthy of the scaremongering and technical ignorance being displayed.

Indeed. The biggest weakness is that users aren't well trained in ensuring that the page they're typing their username/password into (to access one of the public access points) may not be genuine.

I know I've seen some faked BT Openzone login pages in the UK, luckily the BT Wifi App is clever enough only to attempt to login to the real webpage.

Yeah...until someone on the guest wifi owns the router. I'm not saying it is, or isn't, likely -- I don't know much about Comcast's Arris Touchstone Telephony Wireless Gateway Modems, but it is a risk. Then again, so is someone hacking your wifi network...
You mean the same someone who would have had to access the router using their Comcast credentials?
Yes, I am totally confident in Comcast's ability to properly ensure the security of their system, and don't think someone who connects to the guest SSID would ever be able to root it.
Given that ISP supplied routers usually come with crap wifi ability - does broadcasting a second SSID reduce the other signal even if nobody is using it? I wonder if routers could be exploited via this second SSID and access gained to peoples home/office networks.
Broadcasting the secondary SSID by itself has no significant impact but there is a wireless performance penalty to having lots of nearby devices connecting (by default) to open networks especially on single radio/band devices. If I lived in an apartment building or near a public space like a coffee shop / etc I would opt-out. On the security front I don't think it's much of a concern. These community wifi services have been widely deployed to millions of devices around the world and enterprise wireless APs have offered similar features for many years. There's always some risk but nothing extraordinary.
Does this open the door for people to capture their outgoing traffic which will include the traffic of people who are using their router? If you use the ComcastID and connect to someone else's router your non-encrypted traffic is up for grabs?
Your unencrypted traffic is always up for grabs.
No it is a separate network
But the traffic is going out of your cables at some point no? Is it not possible to capture that even if it's on a different network?
It is certainly possible, but it is far easier to just join the second network and run a packet sniffer. You could also sniff in monitor mode to see traffic on all networks in range, but driver support for that can be annoying.
Also, uh exact details are known. They've been test marketing this in DC for almost a year. I've used it. It seems to work fine and is just as you describe.

I actually think it's a pretty cool idea - tons more hotspots throughout the city. If you really don't like it, you can opt out.

>your traffic always takes priority

Does it really though? QoS on consumer grade network devices is thoroughly useless / ineffective in my experience.

Aren't they stealing electricity from these users?

It sounds like nothing but one of the ways laws developed around FAX machine spam was judges said you were costing the end person real money in sheets of paper. Certainly running the second WiFi has some small amount of additional power requirement. I'm not sure it's even barely measurable but it is more then zero which makes it like the fax paper reasoning.

I presume Comcast have put something in the small print of the terms and conditions saying they are allowed to do that.
Lawyers are notorious for not understanding the underlying things like this. Could be the crack in their armor that they didn't see. It just takes a $5 per customer class action suit to get their attention.
It's highly unlikely that their optimized-for-maximum-cheapness CPE has more than one WiFi radio. In which case, an extra SSID is just a few extra bytes in the beacon.
Are the hotspots free for anyone to use at least? Or do they intend on charging for them, too? Because that would really be a dick move.
AFAIK the way it typically works is that subscribers to the ISP's service get access for free, but others have to pay.

So if you're an xfinity customer, you can use their public wifi hotspots. But if you're not an xfinity customer, you have to pay.

Either way you're paying...
Yes, I agree. I was just explaining how it works :)
I am not a Comcast customer, but have a simple question. Who owns the CPE device(Xfinity Wifi router) that Comcast installs in people's homes? Does Comcast own it, and subscribers agree to have it managed by Comcast? Or is it owned by the subscribers?
Comcast owns it, if people don't like it they should buy their own modem/router and then it won't be an issue for them personally (and who wouldn't buy their own router anyways?).
Here in Belgium they do the same, if you have one of their new DOCSIS3 modems it is activated automatically. Although their hotspots are for their customers only. If you disable it on your router you can't access other people's hotspots. The speed is limited to 1Mbps per user so it wouldn't impact you much, knowing that euro docs is can go up to 300 Mass (if not higher)

Personally I love it, it's perfect for when you're at a friends house and want to check out something real quick.

It's a shame Comcast seems to be rolling their own system rather than joining the FON network. The great thing with FON in principle is that you can use it around the world although in practice it doesn't work very well, in my experience.