Xfinity using WiFi signals in your house to detect motion
154 comments
·June 30, 2025jacobgkau
josho
The solution here shouldn't be technical; it should be legal.
If we rely on the technical path, Comcast can achieve the same by how many active IPv6 addresses are in use. Even if you aren't using your phone, the device is going to be constantly pinging services like email, and your ISP can use that to piece together how many people are at home.
If we rely on legal protection, then not only Comcast, but all ISPs will be prohibited from spying on their customers. Ideally the legislation would be more broad and stop other forms of commercial/government surveillance, but I can't imagine a world where Congress could actually achieve something that widely helpful for regular citizens.
armchairhacker
> The solution here shouldn't be technical; it should be legal.
I disagree. Solutions should be technical whenever possible, because in practice, laws tend to be abused and/or not enforced. Laws also need resources and cooperation to be enforced, and some laws are hard to enforce without creating backdoors or compromising other rights.
"ISPs will be prohibited from spying on their customers" doesn't mean ISPs won't spy on their customers.
transpute
We need more funding for open-source WiFi Sensing counter-measures, e.g. EU research, https://ans.unibs.it/projects/csi-murder/
> this paper addressed passive attacks, where the attacker controls only a receiver, but exploits the normal Wi-Fi traffic. In this case, the only useful traffic for the attacker comes from transmitters that are perfectly fixed and whose position is well known and stable, so that the NN can be trained in advance, thus the obfuscator needs to be installed only in APs or similar ‘infrastructure’ devices. Active attacks, where the attacker controls both the transmitter and the receiver are another very interesting research area, where, however, privacy protection cannot be based on randomization at the transmitter.
https://github.com/ansresearch/csi-murder/
> The experimental results obtained in our laboratory show that the considered localization method (first proposed in an MSc thesis) works smoothly regardless of the environment, and that adding random information to the CSI mess up the localization, thus providing the community with a system that preserve location privacy and communication performance at the same time.
Aurornis
> The solution here shouldn't be technical; it should be legal.
The parent commenter was highlighting that law enforcement can compel them to provide the data.
The customer has to opt-in to WiFi motion sensing to have the data tracked. If you see something appear in an app, you should assume law enforcement can compel the company to provide that data. It's not really a surprise.
> If we rely on legal protection, then not only Comcast, but all ISPs will be prohibited from spying on their customers.
To be clear, the headline on HN is editorialized. The linked article is instructions for opting in to WiFi motion sensing and going through the setup and calibration. It's a feature they provide for customers to enable and use for themselves.
tehwebguy
> The customer has to opt-in to WiFi motion sensing to have the data tracked.
Not for long, there’s money to be made by adding this to the cops’ customer lookup portal.
sandworm101
>> The solution here shouldn't be technical
The solution can be technical, but only if it is also sneaky. Blocking or disallowing certain information is one thing but making that information worthless is better. A simple AI agent could pretend to ping all sorts of services. It could even do some light websurfing. This fake traffic would nullify any value from the real traffic, destroying the market that feeds this surveillance industry.
baggachipz
> I can't imagine a world where Congress could actually achieve something that widely helpful for regular citizens.
"Best we can do is letting all the AI companies hoover up your data too"
slt2021
just buy your own simple modem and install your own wireless access point.
do not buy any device from comcast you dont fully control!
oliwarner
> The solution here shouldn't be technical; it should be legal
Technical solutions tend to last longer. Legal solutions have a habit of being ignored when they become inconvenient.
The legal default should be that collecting this sort of data should always be illegal without informed consent and never used beyond the remit of that consent. As inconvenient as it sometimes is, the world needs GDPR.
hamhock666
> ... I can't imagine a world where Congress could actually achieve something that widely helpful for regular citizens.
The solution is to not use the internet if you care about your privacy.
kevin_thibedeau
We are now treating foreign students with suspicion when they don't have a satisfactory internet footprint. Only a matter of time until that gets turned against the citizenry. Submit to surveillance capitalism or go to jail you deviant.
dylan604
What if I left my device at home?
matthew-wegner
It would work even better. From the linked support page:
"Motion is detected based on the amount of signal disruption taking place between the Xfinity Gateway and your selected WiFi-connected devices, so motion from small pets (around 40 pounds or less) can be filtered out while keeping you notified of large movements more likely to be caused by humans."
aspenmayer
With enough signals, gait recognition for example is possible, and those same signals could be corroborated with presence or absence of concomitant device signals to determine if your device is moving with your person, and if not, to then flag this for enhanced monitoring if evasion is suspected.
lrvick
Comcast has remote control of all of their equipment so they will just turn it on for you if they get a court order or a big enough check from an adtech company.
Wifi imaging is a bit like a silhouette and generally accurate enough to work out gait and height which could give a good indication of which people are in what locations in a home. That is some very scary power in the hands of a corpo.
slt2021
they only have some level of control over DOCSIS modem. if you install the cheapest/simplest DOCSIS modem, and connect it to your own wireless access point that is NOT controlled by Comcast - they wont know anything.
They will only see traffic coming from 1 local IP - of your wireless AP
boston_clone
Hmm. Not much of this is true.
They provide a modem / router combination device at even their cheapest tier.
That device can leverage this technology, and the technology isn’t reliant on traffic.
They can gather plenty, and can provide it to third parties without our knowledge or consent.
57473m3n7Fur7h3
And also how many people are currently in the house, right at this moment. Maybe even which rooms of the house those people are in.
schiffern
WiFi can also be used to detect heartrate and breathing, which can leak additional ad-targeting information related to activity, arousal, or agitation.
snarf21
Curious: What about adding a small battery powered WiFi device to your dogs collar? Would that look like a person moving around the house? What about a WiFi controlled mini drone that flew around you house?
[Note: this should be illegal]
brewtide
It's basically passive radar using the wifi bands as the reflection AFAIK. It doesn't seem to be about the active state of devices, but the deflections in known points. It's creepy.
Yeri
It doesn't require a WiFi device to work.
> If you’d like to prevent your pet’s movement from causing motion notifications, you can exclude pet motion in your WiFi Motion settings by turning on the Exclude Small Pets feature. > Motion is detected based on the amount of signal disruption taking place between the Xfinity Gateway and your selected WiFi-connected devices, so motion from small pets (around 40 pounds or less) can be filtered out while keeping you notified of large movements more likely to be caused by humans.
godshatter
I was thinking of attaching a wifi enabled device to a roomba if you wanted to appear to be home when you weren't. I would hope, though, that doing something like this wouldn't be illegal. It's your home, your stuff, etc. Besides, I don't want to get arrested for leaving a rotating fan on or something.
Aurornis
A much easier alternative is to not enable the feature on your router.
It's an opt-in feature. If you don't set it up, they aren't generating the home/away chart like shown in the article.
vel0city
This technology doesn't rely on you actually having a WiFi device on you. It can detect presence/motion by changes to the standing waves of the EM propagation throughout the room.
As the salty water meatbags move from room to room we change how the reflections and scattering patterns of 2.4 and 5GHz waves move. Studying these changes and some calibration, you can even determine small changes (like is the person on the left side of the room breathing, are they standing or prone, etc).
In their docs, they show using the WiFi connection from a printer to determine motion sensing and have the option to exclude pets.
puppycodes
im very skeptical of the accuracy claimed. The layout and complexity of objects in most homes to do this is way to awkward to work reliably.
For someone breathing or a heartbeat you need much higher GHz signal. Usually this is done at 30ghz to 60ghz. The power flux leaving the antenna has an inverse square drop off rate which makes this basically impractical unless your standing directly in front of it.
puppycodes
definitly an atrocious violation of privacy, but in reality discerning between an animal, something blowing in the wind, and a person moving would be very hard without a dedicated calibrated array for that to hold up in court. I'm aware they have "exclude animal" but theres no way its at all accurate.
Using your mobile data and internet traffic is far easier and already deeply integrated into off the shelf law enforcement products. Those progams are even more terrifying than this by an order of magnitude.
casper14
Spot on, device tracking is much better than wifi sensing
timewizard
You can turn the customer AP off; however, the Comcast Customer Shared WiFi is always on. This is true even for Comcast Business accounts. You're expected to be a hotspot for their other customers.
Which is one of the main reasons I bought my own modem.
slt2021
just dont buy any device form comcast!
buy your own DOCSIS modem from Amazon and your own wireless AP. Separate AP is needed, because Comcast has some form of control over DOCSIS modem (they can reboot and send config to your modem)
problem solved
jhowison
You can turn off the shared hotspot: https://www.xfinity.com/support/articles/disable-xfinity-wif...
lrvick
And they can turn it right back on again.
null
johnklos
I've been telling people for ages to not trust ISP provided hardware. Notice the vague language here which means they reserve the right to share private information for anything that might be called an investigation, or for any dispute which includes them (didn't pay your bill?), or a subpoena.
Subject to applicable law, Comcast may disclose information generated by your WiFi Motion to third parties without further notice to you in connection with any law enforcement investigation or proceeding, any dispute to which Comcast is a party, or pursuant to a court order or subpoena.
This is scary, particularly considering how the current administration wants to weaponize everything they possibly can.
femiagbabiaka
Xfinity won't give folks in certain locales (maybe everywhere in the US?) unlimited bandwidth unless they use their modem/router. This seems like a good reason that practice should be illegal.
m463
I was thinking about this with respect to the new uncomplicated no-contract service with no caps they started offering:
https://www.slashdot.org/story/25/06/26/2124252/comcasts-new...
Apparently you can get 1/2gbit ethernet only modems without wifi. You don't save any money over using their equipment.
afruitpie
As far as I’m aware, Xfinity fiber customers have to use the provided “Xfinity Wi-Fi Gateway” and cannot enable bridge mode.
If anyone knows a way around this, please share! I want to connect my Xfinity ONT directly to my UniFi router.
mixdup
They have changed this policy with their new plans released last week. You no longer have to use their equipment to get unlimited data
0cf8612b2e1e
In that situation, I would put the vendor modem in a microwave or other impromptu faraday cage to prevent the leakage. Remove/isolate the antennas as best as possible.
Saris
Can also open it up and disconnect the wifi antennas, or cut the traces if they're on the PCB.
zeta0134
This practice, and fear of the exact sort of nonsense in this article, plus wanting to keep my wifi bandwidth free for the network I actually connect to, is why I'm still on AT&T DSL in my area, at 50 mbps. Comcast is available at up to gigabit, and they can keep it.
harles
AT&T is pretty bad in its own way. They snoop DNS and to sell your info (including physical address) to advertisers - even if you switch your DNS providers. They used to had a paid opt out (~$20/mo IIRC) but I don’t see that option anymore.
aaronmdjones
This is quite easy to avoid by using DNS over TLS. It's like 15 minutes of effort in some OpenWRT documentation [1]. If you want any hope of having some semblance of control and privacy, you would already be using your own router, with their CPE being relegated to modem-only duties. It only makes sense that in this situation you choose a router that can run highly-configurable and privacy-preserving software.
I did it several months ago, including the optional adding an outbound firewall rule dropping forwarded UDP/TCP 53 traffic (I tried the redirect rule suggested there first, but it didn't work and the firewall ruleset failed to load, so a drop will have to do. I didn't bother investigating why, because everything on my LANs is configured to use the router as their only nameserver anyway).
I also added a rule dropping it from the router itself in case something breaks, for example if it suddenly decides to start honouring the DHCP-received nameserver addresses (my ISP) despite being configured not to.
EDIT: The article doesn't make this clear, but the bootstrap section is only necessary if you specify upstream nameservers by name (e.g. "https://dns.cloudflare.com/dns-query"). This is not required. For example, you can configure a manual upstream of "tls://1.1.1.1" like I did, and then it doesn't need to do any DNS lookups at all, so does not need to be configured with bootstrap servers, so will not break if you add the 2 firewall rules I mentioned.
[1] https://openwrt.org/docs/guide-user/services/dns/dot_dnsmasq...
dylan604
So use their router, but connect your own to it. Then turn off the WiFi in their equipment
femiagbabiaka
I'm doing the first bit, but I can't turn off the wifi -- only stop broadcasting my "personal" network. And actually, as I went in to make sure that was the case, I saw that broadcasting of my personal network had been forcibly turned back on. Lovely!
nick__m
If you cannot disable it and you don't trust the wifi but need the service, wrap the isp provided box it in aluminum foil and ground that foil ( no need to try to solder on the foil, an alligator clip is more practical), the wifi will still be on but it will be completely blind. Just make sure it doesn't overheat.
dawnerd
Put the thing in a faraday box.
dylan604
If you don't broadcast your SSID, then how can device manufactures have hyper accurate location services available when GPS is not? You're not participating in the system! Hell, as much money as theGoogs gives to be the default search to various companies, would they not be willing to pay ISPs to keep that option on? I'm just throwing ideas out that I know nothing about, but I don't see why they would be opposed to the concept.
reaperducer
I use a cellular connection for my internet, but my apartment building is wired with Xfinity, and probably 90% of people use it.
Naturally, there is no way for me to opt out of this.
bikenaga
Does your apartment lease require that you use Comcast's hardware? When I signed up for Xfinity years ago I wanted to use my own hardware (NetGear cable modem, Buffalo Airstation with DD-WRT). I forget now whether I had to walk through the activation over the phone with a tech - I vaguely recall having to provide some information about the modem, which was one of the models listed as supported on their use-your-own-hardware web page - but the whole thing was easy.
Other people have mentioned that not using Comcast's stuff means that certain features won't be available, but I don't care. I don't have huge bandwidth needs, for instance.
snickerbockers
Okay I'm as concerned about privasy as everybody else is here but i also gotta admire that its pretty neat they can actually do that. Are they measuring the signal echo like what radar does? If they controlled both the receiver and transmitter i wouldn't be as surprised to find out they can tell when something crosses between them and form a 2-dimensional mesh (like that episode of Star Trek TNG where geordie detects cloaked romulan ships by having starfleet deploy a fleet of ships that send signals back and forth and look for timing variances) but if I'm understanding correctly this is different because they only control a single point in the network?
I wonder if they have enough information to make out shapes or if it's just a simple rangefinder?
thfuran
It's far from great for imaging, but it can be done. https://www.zmescience.com/research/inventions/wifi-technolo...
transpute
Similarly, "DensePose from WiFi" (2023), 40 comments, https://news.ycombinator.com/item?id=34423395
EvanAnderson
I don't want my ISP doing this to me, but it sounds like something pretty cool to do myself. Does anybody know what the current state of "self-hosting" this kind of functionality is?
0cf8612b2e1e
I am also super interested for the personal use case. What is the resolution? Can I track my cat through the house? See when they go to the feeder? Count my own bathroom visits?
Aurornis
> What is the resolution? Can I track my cat through the house? See when they go to the feeder? Count my own bathroom visits?
None of the above.
The setup process has you select 3 reference devices. You should pick the devices so that your normal motion areas are between the device and the router.
The router then watches the WiFi signals from those devices. If they fluctuate more than baseline, it's assumed that something is moving around in the area.
It's a threshold detection that can serve as a crude motion sensor for home/away purposes.
HeavenFox
For home / away purposes it's easier to just detect if your phone is connected to the network. I built something like that before by shipping the log from my UniFi controller to a RPi and listen for events where my phone's MAC address connect or disconnnect.
0cf8612b2e1e
Nuts. Less interesting than the claims of monitoring heart rate, but still potentially some applications “for free” if it just needs to analyze signal strength from devices I already have. Theoretically could put it directly onto my OpenWRT router and make it available from there.
sneak
Just get cameras and local storage/processing for them. No need for elaborate Wi-Fi presence detection hacks.
yborg
I remember reading this paper when it came out, didn't think it would be commercializable, and here we are.
andy_xor_andrew
Yeah, it's bizarre.
Normally the pathway for this kind of thing would be:
1. theorized
2. proven in a research lab
3. not feasible in real-world use (fizzles and dies)
if you're lucky the path is like
1. theorized
2. proven in a research lab
3. actually somewhat feasible in real-world use!
4. startups / researchers split off to attempt to market it (fizzles and dies)
the fact that this ended up going from research paper to "Comcast can tell if I'm home based on my body's physical interaction with wifi waves" is absolutely wild
nomel
It's not too crazy, if you're familiar with comms systems.
The ability to do this is a necessity for a comm system working in a reflective environment: cancel out the reflections with an adaptive filter, residual is now a high-pass result of the motion. It's the same concept that makes your cell location data so profitable, and how 10G ethernet is possible over copper, with the hybrid front end cancelling reflections from kinks in the cable (and why physical wiggling the cable will cause packet CRC errors). It's, quite literally, "already there" for almost every modern MIMO system, just maybe not exposed for use.
transpute
> the fact that this ended up going from research paper to "Comcast can tell if I'm home based on my body's physical interaction with wifi waves" is absolutely wild
The 15-year path was roughly:
1. bespoke military use (see+shoot through wall)
2. bespoke law-enforcement use (occupancy, activity)
3. public research papers by MIT and others
4. open firmware for Intel modems
5. 1000+ research papers using open firmware
6. bespoke offensive/criminal/state malware
7. bespoke commercial niche implementations
8. IEEE standardization (802.11bf)
9. (very few) open-source countermeasures
10. ISP routers implementing draft IEEE standard
11. (upcoming) many new WiFi 7+ devices with Sensing features
> There is one area that the IEEE is not working on, at least not directly: privacy and security.. IEEE fellow and member of the Wi-Fi sensing task group.. the goal is to focus on “at least get the sensing measurements done.” He says that the committee did discuss privacy and security: “Some individuals have raised concerns, including myself.” But they decided that while those concerns do need to be addressed, they are not within the committee’s mandate.
hopelite
I have a sneaky suspicion this is not something that Xfinity/Comcast just woke up one day and thought they should implement. This has all the hallmarks of the treasonous surveillance state injecting itself to instrumentalize corporations to claim they’re not violating the supreme law called the Constitution if they simply make others commit the treasonous crimes against the people.
Because we all know, of course, the Constitution only applies to the federal government, right? If mega-corporation USA Inc uses its shell company Comcast to violate the Supreme law of the land in a treasonous manner, then you are of course SOL asa mere citizen since they aren’t the federal government and the Constitution does not apply to them.
In case it want clear, that was sarcasm.
schiffern
I miss the old days when this would come off like a crazy rant, rather than being the evening news.
In case people missed it:
https://theconversation.com/from-help-to-harm-how-the-govern...
https://www.eff.org/deeplinks/2023/07/even-government-thinks...
https://www.politico.com/news/magazine/2024/02/28/government...
Tijdreiziger
That’s speculation. In the article, you can see that it’s meant as a pseudo-alarm system. It’s plausible that someone at Comcast thought this is a value-add. (Netgear already offered this as a feature on their routers, it’s not a novel concept.)
Even within tech circles, lots of people aren’t worried about privacy and even have indoor cameras in their homes.
sojsurf
I was just reading up on wifi 7 today. It sounds like the spec was designed with WIFI sensing in mind.
cs702
If you ask the Xfinity managers who came up with this idea whether thieves will be able to buy live information on whether your home is empty from hackers on the dark web, the managers will likely say... nothing. What they will do is look at you with a deer-in-the-headlights expression in their shocked faces.
Sigh.
Aurornis
In case anyone is skimming the headline and comments: It's not enabled by default. This is an optional feature that you have to find, turn on, and then select up to 3 WiFi devices to use as reference signals:
> Activating the feature
> WiFi Motion is off by default. To activate the feature, perform the following steps:
The actual title of the article is "Using WiFi Motion in the Xfinity app".
snickerbockers
"...for you." --Bane
These days it is never safe to assume that opting-in does anything more than making some of the information that's being collected regardless available.
Although I actually agree with you that it probably isn't doing anything by default to the extent that it isn't doing anything yet because it's new they haven't worked out how to monetize it.
ocdtrekkie
I think at least right now this is reasonable: It's off by default, and if you choose to turn it on, they don't use it for anything themselves, but Comcast is disclosing that it may be forced to give the data over with a legal request.
If I was advising Comcast, I'd tell them this is a dumb thing to introduce because just the perception of bad behavior is not worth any particular benefit, but whatever. I can't imagine someone deciding they want a Comcast plan because it offers this, and there's no way for them to monetize it without almost assured legal backlash.
buryat
People who worked at xfinity on anything related to this will pay a reasonable price. The price is yet to be determined
jrockway
This is a neat feature when it's your own device that you control, but not so great when they "disclose information generated by WiFi Motion to third parties without further notice to you."
I wanted to talk about how responsible WiFi router software authors can make things local-only (and I've done that in the past; no way to get this information even if I wanted it). But this is always temporary when "they" can push an update to your router at any time. One day the software is trustworthy, they next day it's not, via intentional removal of privacy features or by virtue of a dumb bug that you probably should have written a unit test for. Comcast is getting attention for saying they're doing this, but anyone who pushes firmware updates to your WiFi router can do this tomorrow if they feel like it. A strong argument in favor of "maybe I'll just run NixOS on an Orange Pi as my router", because at least you get the final say in what code runs.
amazingman
Put your cable modem in bridge mode and use your own WiFi.
I used to recommend using your own cable modem as well, but these days you have to use the Xfinity modem to avoid overages if you're in a market with data caps.
Comcast has a stellar network operations unit, but their business operations are creepy and exploitative.
smallerize
This is actually a feature of the Plume wifi mesh devices. https://support.plume.com/s/article/Sense-Live-View?language... It's also available from any other ISP that uses them, or if you buy your own Plume device and a subscription. It's been there for years. https://arstechnica.com/gadgets/2020/03/from-wi-fi-to-spy-fi...
transpute
https://staceyoniot.com/the-next-big-wi-fi-standard-is-for-s...
> The IEEE plans to take the concepts for Wi-Fi sensing from the proprietary system built by Cognitive (which has been licensed to Qualcomm and also Plume) and create a standard interface for how the chips calculate interference that determines where in space an object is.
Other firmware sensing capability: https://www.cognitivesystems.com/caregiver/
- Activity Tracking: Detects movement patterns to identify changes in daily routines to spot health concerns
- Sleep Monitoring: Tracks sleep duration, wake times and nighttime interruptions to assess sleep quality
- Anomaly Detection: Establishes household baseline to proactively identify unusual patterns & changes in activity
> Subject to applicable law, Comcast may disclose information generated by your WiFi Motion to third parties without further notice to you in connection with any law enforcement investigation or proceeding, any dispute to which Comcast is a party, or pursuant to a court order or subpoena.
Sounds like, at least in some limited circumstances (using the provided WiFi AP, having this feature turned on, etc), ISPs are going to be able to tell law enforcement/courts whether anyone was home at a certain time or not.