HN Distilled

Essential insights from Hacker News discussions

Xfinity using WiFi signals in your house to detect motion

Original Article

Hacker News Discussion

Here's a summary of the themes from the Hacker News discussion:

Privacy Concerns and Surveillance Capabilities

A significant portion of the discussion revolves around users' concerns about privacy and the potential for increased surveillance enabled by technologies like Comcast's WiFi Motion. The core worry is that ISPs and other entities could gain intimate knowledge of individuals' presence and activities within their homes.

  • "Subject to applicable law, Comcast may disclose information generated by your WiFi Motion to third parties without further notice to you in connection with any law enforcement investigation or proceeding, any dispute to which Comcast is a party, or pursuant to a court order or subpoena," highlighted by jacobgkau, encapsulates the primary fear of data disclosure.
  • 57473m3n7Fur7h3 directly addresses the level of detail possible: "And also how many people are currently in the house, right at this moment. Maybe even which rooms of the house those people are in."
  • schiffern points to even more granular potential data leakage: "WiFi can also be used to detect heartrate and breathing, which can leak additional ad-targeting information related to activity, arousal, or agitation."
  • hopelite expresses deep skepticism about the motivations behind such features: "I have a sneaky suspicion this is not something that Xfinity/Comcast just woke up one day and thought they should implement. This has all the hallmarks of the treasonous surveillance state injecting itself to instrumentalize corporations to claim theyโ€™re not violating the supreme law called the Constitution if they simply make others commit the treasonous crimes against the people."

Technical Capabilities and Advancements in WiFi Sensing

The discussion delves into the technical underpinnings of how WiFi sensing works and its evolution, particularly with newer standards like WiFi 7. Users are surprised by how sophisticated these capabilities have become, moving from theoretical research to practical, widespread implementation.

  • "The fact that these capabilities are available to Comcast corporate is because OEMs that make set top cable receivers and combination cable modem WiFi routers provide these capabilities," explains aspenmayer, pointing to the hardware enablement.
  • transpute provides a detailed historical and future trajectory: "The 15-year path was roughly: bespoke military use... bespoke law-enforcement use... public research papers... ISPs routers implementing draft IEEE standard... many new WiFi 7+ devices with Sensing features."
  • heywoods outlines the enhancements brought by Wi-Fi 7: "Wi-Fi 7 (802.11be)... brings significant advancements that are highly beneficial for Wi-Fi sensing applications, including motion detection... Ultra-wide 320 MHz Channels... Multi-Link Operation (MLO)... 4096-QAM... Increased Spatial Streams."
  • nomel offers a comms systems perspective: "The ability to do this is a necessity for a comm system working in a reflective environment: cancel out the reflections with an adaptive filter, residual is now a high-pass result of the motion. It's the same concept that makes your cell location data so profitable..."

Legal and Regulatory Solutions vs. Technical Workarounds

A key debate centers on whether the problem of surveillance should be addressed through legal and regulatory means or through technical workarounds. Some argue for legislative action to prohibit such practices, while others focus on disabling features or using independent hardware.

  • josho asserts the primacy of legal solutions: "The solution here shouldn't be technical; it should be legal." He elaborates, "If we rely on legal protection, then not only Comcast, but all ISPs will be prohibited from spying on their customers."
  • maxerickson questions the lack of technical control: "You seem to think that it would be impossible to instruct Comcast to implement on/off for the feature? That's the sort of thing that the legal system is for."
  • Aurornis clarifies the opt-in nature of the specific feature discussed: "It's an opt-in feature. If you don't set it up, they aren't generating the home/away chart like shown in the article." However, this doesn't negate broader concerns.
  • Conversely, aspenmayer is pessimistic about legal recourse: "Comcast can only be enjoined from doing this legally, and will likely not do anything that isnโ€™t implemented by standards bodies, such as WiFi standards. The fact that these capabilities are available to Comcast corporate is because OEMs that make set top cable receivers... provide these capabilities."

User Control and the Importance of Own Hardware

A recurring theme is the lack of user control over ISP-provided equipment and the fervent recommendation to use personal, independently owned hardware to mitigate surveillance risks and gain control over network functions.

  • landl0rd articulates a strong stance on device ownership: "The point is every single thing I own should be 'on my side'... My stuff should actively make it difficult or impossible for hackers, advertisers, or law enforcement to recover any useful information."
  • chimeracoder advises: "One takeaway from this is that there's a strong privacy case for disabling the built-in wireless network from your ISP-provided modem/router and using your own, to reduce the number of ways that your ISP can surveil you."
  • jeffbee reinforces this: "If some confluence of poor regulations has led you to being stuck with Comcast, the least you can do for yourself is get your own DOCSIS modem and routers and access points that you control."
  • various commenters mention using Faraday cages or aluminum foil to block RF signals from ISP-provided hardware as a last resort when disabling WiFi is not possible.

ISP Data Collection and Business Models

Participants discuss how ISPs leverage user data and network traffic as part of their business models, often incentivizing the use of ISP-provided hardware.

  • dylan604 speculates on incentives: "If you don't broadcast your SSID, then how can device manufactures have hyper accurate location services available when GPS is not? You're not participating in the system! Hell, as much money as theGoogs gives to be the default search to various companies, would they not be willing to pay ISPs to keep that option on?"
  • OptionOfT connects data collection to service offerings: "And now we also know the reason why they give away unlimited data for free when you use their router, but not when you want to use your own router."
  • amazingman criticizes business practices: "Comcast has a stellar network operations unit, but their business operations are creepy and exploitative."

Erosion of Privacy and Normalization of Surveillance

Several comments reflect on the gradual, almost imperceptible, erosion of privacy and how once-fringe surveillance capabilities are becoming normalized and even considered "cool" or standard features.

  • aspenmayer draws a parallel to historical surveillance fears: "All these already existing dragnets make oldies like the Clipper Chip seem like a weekend hackathon project."
  • schiffern notes the shift from fringe to mainstream concern: "I miss the old days when this would come off like a crazy rant, rather than being the evening news."
  • and_xor_andrew expresses bewilderment at the rapid progression: "the fact that this ended up going from research paper to 'Comcast can tell if I'm home based on my body's physical interaction with wifi waves' is absolutely wild."
  • 0xbadcafebee, while attempting to downplay the immediate threat, highlights the process: "Features like this at Comcast are typically one or two engineers on a random team coming up with a cool idea, testing it out, and if it works, they ask if they can roll it out en-masse." This is then contrasted with the concern about how MBAs might exploit it, per unit_circle.