New Xfinity router motion-detecting feature stokes privacy fears — feature powered by Wi-Fi signals

News
By published

When I'm in a scummy corporate competition and my opponent is Comcast.

Xfinity's app asking "Where do you live" as a precursor to officially spying on you with its router
Xfinity might not need to ask you that anymore. (Image credit: Shutterstock)

Comcast has recently introduced a new feature to its Xfinity routers that converts them into motion detectors using only Wi-Fi signals. It's called “WiFi Motion" and it works by sensing disruptions in signal strength between your router and nearby devices to detect movement. The idea is that when someone moves through the signal field—say, between your PlayStation and router—it registers that as motion and sends you an alert through the Xfinity app.

Unlike cameras or radar sensors, this setup doesn’t need extra hardware. It operates purely based on signal interference and can even detect small movements, such as a raised arm. Xfinity claims it can distinguish between a pet and a person, and you can customize the system's sensitivity or the frequency of notifications. It supports up to three devices at once, allowing you to link a computer, a printer, and a gaming console to facilitate tracking.

How WiFi Motion detects movement using Wi-Fi signals

(Image credit: Xfinity)

At face value, this sounds convenient, and it would have been fine and dandy if Xfinity hadn't pulled the classic fine print shenanigans. Buried deep within the terms of service, the company has a clause stating that once you enable this feature, you give the company the right to collect and log your data, which can subsequently be sold to advertisers.

But that's not even the scary part. According to Comcast's policy, these logs can be shared in legal disputes or with law enforcement under subpoena, without requiring additional consent. While it’s not tracking you with a camera, it’s still observing patterns: when you’re home, when you’re not, and how often there’s movement in different rooms. This data is exclusively attached to your account, so any alibis are out of the question.

Subject to applicable law, Comcast may disclose information generated by your WiFi Motion to third parties without further notice to you in connection with any law enforcement investigation or proceeding, any dispute to which Comcast is a party, or pursuant to a court order or subpoena.

Comcast Terms of Service for "WiFi Motion"

Security researchers have long flagged ISP-owned routers as a black box when it comes to privacy. Most users never change the default settings, and with automatic updates and remote access, it’s hard to say what else your router might be capable of in the future. That's why the concern here isn’t just what Xfinity is doing now, but what it could be allowed to do later.

Reaction online has been precisely what you'd expect. Reddit threads are already comparing this to a low-resolution camera that can "see" through walls, and many users have pointed out that you can’t entirely opt out unless you ditch the Xfinity router altogether. Members of r/technology are particularly concerned about this development and reflect a deeper sentiment regarding the growing surveillance state.

Xfinity just added Wi-Fi-powered motion tracking to its routers — here's why it could be a privacy nightmare from r/technology

As it stands, the feature is opt-in and only available to customers renting xFi Gateways, not those using their router or modem. We suggest choosing from our selection of the best Wi-Fi routers available. But for many, the trade-off is already too steep. Even if you trust the tech, you’re still handing over detailed movement data to your ISP, which is then sending it off to God knows who. And once it’s out there, there’s no taking it back.

Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.

See more Routers News
Hassam Nasir
Hassam Nasir
Contributing Writer

Hassam Nasir is a die-hard hardware enthusiast with years of experience as a tech editor and writer, focusing on detailed CPU comparisons and general hardware news. When he’s not working, you’ll find him bending tubes for his ever-evolving custom water-loop gaming rig or benchmarking the latest CPUs and GPUs just for fun.

6 Comments Comment from the forums
  • chaz_music
    This technology has been around for nearly 10-15 years. It was initially an FBI/CIA tool that has finally become so easy to implement that they can build it into a standard high end WiFi router for motion detection. In the military version of this, they can actually make usable images of the people in the room. The higher the WiFi frequency, the better the image (shorter wavelengths for showing smaller features).

    Nearly all ISPs are trying to find ways to monetize the data that they collect about their customers, including DNS queries (when you type a web address, they read it and same for doing searches that are not https). Similar things are happening with cars equipped with OnStar and other communication systems - even if you don't have an account with them. The auto industry has already been caught selling user data to auto insurance companies. And the same for apps on your cellphones. Especially if they are free. They are making money somehow, and it could be simply selling your data and location / travel info to insurance companies and other companies that can profit from your data.

    And smart TVs? Oh my. Not a good idea. At all. Several of them have been caught send viewer data back to the mothership. Was it Vizio that the first one caught? And on this same topic, the US FCC is considering allowing the new ATSC 3.0 TV tuners to allow providers to charge for over the air TV broadcasts. To make money.

    I have a zero trust policy for my ISP, so I use my own gateway equipment and use my own WiFi with a hardware firewall (don't rely on your end devices to firewall). For devices that stream, like cellphones, TVs, and Rokus, I have them on their own DMZ network (with NAT) that does not have access to my house protected network. And I have also made Cloudflare my DNS provider - not just let the ISP supply DNS web address data. Because they make money off your DNS queries. I saw the effect of this instantly one evening while watching TV with my girlfriend. She did a search for adopting cats, and a few mniutes later we started seeing cat food commercials - over and over. Dystopian.

    Since we just decimated the US government agencies that protected US citizens privacy, this protection has been nearly ruined and a vacuum exists. So plan for your devices being used against you - anytime money can be made. I used to think Edward Snowden was a bit off, but not since the ... 2016 US election. Just sayin'.
    Reply
  • USAFRet
    chaz_music said:
    This technology has been around for nearly 10-15 years.
    While you are probably correct, lets leave the politics out of this.
    Deal?
    (and this goes for anyone else reading this)
    Reply
  • PedroMDK
    chaz_music said:
    This technology has been around for nearly 10-15 years. It was initially an FBI/CIA tool that has finally become so easy to implement that they can build it into a standard high end WiFi router for motion detection. In the military version of this, they can actually make usable images of the people in the room. The higher the WiFi frequency, the better the image (shorter wavelengths for showing smaller features).

    Nearly all ISPs are trying to find ways to monetize the data that they collect about their customers, including DNS queries (when you type a web address, they read it and same for doing searches that are not https). Similar things are happening with cars equipped with OnStar and other communication systems - even if you don't have an account with them. The auto industry has already been caught selling user data to auto insurance companies. And the same for apps on your cellphones. Especially if they are free. They are making money somehow, and it could be simply selling your data and location / travel info to insurance companies and other companies that can profit from your data.

    And smart TVs? Oh my. Not a good idea. At all. Several of them have been caught send viewer data back to the mothership. Was it Vizio that the first one caught? And on this same topic, the US FCC is considering allowing the new ATSC 3.0 TV tuners to allow providers to charge for over the air TV broadcasts. To make money.

    I have a zero trust policy for my ISP, so I use my own gateway equipment and use my own WiFi with a hardware firewall (don't rely on your end devices to firewall). For devices that stream, like cellphones, TVs, and Rokus, I have them on their own DMZ network (with NAT) that does not have access to my house protected network. And I have also made Cloudflare my DNS provider - not just let the ISP supply DNS web address data. Because they make money off your DNS queries. I saw the effect of this instantly one evening while watching TV with my girlfriend. She did a search for adopting cats, and a few mniutes later we started seeing cat food commercials - over and over. Dystopian.

    Since we just decimated the US government agencies that protected US citizens privacy, this protection has been nearly ruined and a vacuum exists. So plan for your devices being used against you - anytime money can be made. I used to think Edward Snowden was a bit off, but not since the ... 2016 US election. Just sayin'.
    Decimation is reduction by 10%.
    Reply
  • Alvar "Miles" Udell
    This feature was announced 4 months ago. Also, "renting" a router is already one of the biggest known scams ISPs use to gouge customers, especially since many have been known to charge a "rental fee" forever even after they've paid for the device, which was finally stopped by US law.

    https://www.linkedin.com/feed/update/urn:li:activity:7302406161843040256?trk=public_post_embed_social-actions-reactions
    https://www.theverge.com/2020/12/19/22191096/internet-modem-router-rental-fee-fix-television-viewer-protection-act-tvpa
    Reply
  • Heat_Fan89
    Alvar Miles Udell said:
    This feature was announced 4 months ago. Also, "renting" a router is already one of the biggest known scams ISPs use to gouge customers, especially since many have been known to charge a "rental fee" forever even after they've paid for the device, which was finally stopped by US law.

    https://www.linkedin.com/feed/update/urn:li:activity:7302406161843040256?trk=public_post_embed_social-actions-reactions
    https://www.theverge.com/2020/12/19/22191096/internet-modem-router-rental-fee-fix-television-viewer-protection-act-tvpa
    I was onto that game many, many years ago. I am with Xfinity and use my own modem-router. Even my Xfinity rep told me, renting a modem-router from them is a giant ripoff.
    Reply
  • mamaluke
    The technology's origin was in1944. Invented by Hedy Lamarr. It was first deployed by US Navy a decade later and was used to control nuclear torpedos/etc in-flight until obsoleted by digital encryption. The military patents were sold for commercial use - that's where cellular and WiFi radio tech got MU-MIMO.

    The data for detecting motion is used in every WiFi device and can be used by ANYONE who knows how to generate it or retrieve it - anywhere within WiFi range. No login or password required. It does not matter whether you disable it in your xfinity WiFi router or any other WiFi Router. The data used for detecting motion is generated by every WiFi radio chipset many times per second - it is the crux of WiFi radio . .

    A motivated semi-talented programmer can implement WiFi motion-sensing functionality and can run it on a laptop outside - no physical access inside the residence. No password required, no login required, no SSID knowledge required.
    Reply