Comcast thinks it ok to install public wifi in your house

Why am I not surprised?

Whose fault would it be if your comcast installed public wifi would be abused to download illegal material or launch a botnet, to name some random fun one could have on your behalf. :-/

(apologies if this was posted already, couldn't find an email about it on the list)

"A mother and daughter are suing Comcast claiming the cable giant's router in their home was offering public Wi-Fi without their permission.

Comcast-supplied routers broadcast an encrypted, private wireless network for people at home, plus a non-encrypted network called XfinityWiFi that can be used by nearby subscribers. So if you're passing by a fellow user's home, you can lock onto their public Wi-Fi, log in using your Comcast username and password, and use that home's bandwidth.

However, Toyer Grear, 39, and daughter Joycelyn Harris – who live together in Alameda County, California – say they never gave Comcast permission to run a public network from their home cable connection.

In a lawsuit [PDF] filed in the northern district of the golden state, the pair accuse the ISP of breaking the Computer Fraud and Abuse Act and two other laws.

Grear – a paralegal – and her daughter claim the Xfinity hotspot is an unauthorized intrusion into their private home, places a "vast" burden on electricity bills, opens them up to attacks by hackers, and "degrades" their bandwidth.

"Comcast does not, however, obtain the customer's authorization prior to engaging in this use of the customer's equipment and internet service for public, non-household use," the suit claims.

"Indeed, without obtaining its customers' authorization for this additional use of their equipment and resources, over which the customer has no control, Comcast has externalized the costs of its national Wi-Fi network onto its customers."

The plaintiffs are seeking monetary damages for themselves and on behalf of all Comcast customers nation-wide in their class-action case – the service was rolled out to 20 million customers this year."

In the US at least you have to authenticate with your Comcast credentials
and not like a traditional open wifi where you can just make up an email
and accept the terms of service. I also understand that it is a different
IP than the subscriber. Based on this the subscriber should be protected
from anyone doing anything illegal and causing the SWAT team to pay a
visit. I haven't upgraded my gear though.

Now..they are doing this on your electric bill and taking up space (albeit
a small amount of it) in your home.


In analyzing my neighbors who use comcast (I live in a townhouse and can
see many access points) my biggest complaint is the the wifi pollution
these comcast router/access-points cause.

For each neighbor who has comcast HSI, expect to see 3 SSID with different
mac showing up. There is the xfinity one, the customer one, and a blank one
broadcasting with similar mac on the same channel.

So even if you are just minding your business as a comcast customer
watching netflix, someone who hooks into your comcast router can not only
kill your wifi throughput but streaming content etc on the same channel,
but also piss of your neighbors (me) because of the small channel space in
the 2.4GHz range.

The 2nd problem I have with this is that I'm pretty sure 99.8% of the
people who have comcast and have their new routers have no clue they are
paying for essentially running a public hotspot for comcast. Even if you
still have to register or pay for it, it's available to the general public
without these people knowing about it.

Bright House/RoadRunner has been doing this in Tampa Bay for a couple years
now -- but they only do it on business installs. It's how the Bright House
Wifi and CableWifi SSID services are provisioned.

Interestingly, they *do* do it with a separate cablemodem and a tee, and
a separate high-power access point; it's not built into the cablemodem
provisioned for the business customer proper. So space and power *would*
be an issue for these users, though I don't know that anyone's complained.

As another commenter noted, you do have to be a subscriber for their
auth network to recognize you.

I will give them their props: I only had to sign in *once*, last year;
their auth controller has recognized my MAC address at every spot I've
used since.

-- jra

LibertyGlobal (basically all cable in Europe) calls this "Wi-Free"

description here:

Uses likely the same trick as Comcast has:
- separate DOCSIS channel, thus not on your IP/bandwidth[1]
- separate SSID (2.4Ghz channel 1 b/g/n + n is what I have seen)
- authenticated by user/pass (thus you are tracked)

in the LG case though it is opt-out which means that you go to the
"MyUPC" or similar page on their website and turn it off. Turning it off
does mean one cannot use that service elsewhere though.

As in .ch one either has DSL through Swisscom or Cable through UPC
(typically cheaper and faster and one has TV anyway) the latter is
almost per building available, thus the spread of this "UPC Wi-Free" is
pretty big. Check the map at the bottom, it is rather insane, though I
think that map renders where their customers are not where it is
enabled. I see 4 different ones just from my office with the imac
internal antenna...

As most people have pre-paid 4G though I wonder how useful it is that
these SSIDs are everywhere. Maybe one could see it as a sneak
advertising model though.

Primarily it will cause wifi-boxes that auto-select channels to move
away from channel 1 (which seems to be the primary one to be used)
moving away from that channel, thus meaning that other wifi channels get
even more crowded. And likely the Wi-Free ones are not used...

They btw did announce this 'feature' by advertising it. Of course few
people will understand the impacts as their marketing department does
not either and claims 'it does not impact you'...


[1] = of course if you have crappy connectivity then it becomes crappier
if a channel is taken away

AFAIK, British Telecom do something similar here in the UK. Contribute
or no access for you.

Doesn't work that way. Separate authenticated channel. Presents
differently from you with a different IP address out on the Internet.

What Comcast is stealing is electricity. Pennies per customer times a
boatload of customers.

theft n. the generic term for all crimes in which a person
intentionally and fraudulently takes personal property of another
without permission or consent and with the intent to convert it to the
taker's use (including potential sale). In many states, if the value
of the property taken is low (for example, less than $500) the crime
is "petty theft,"

Unless of course the knucklehead jurisdiction passed a law to allow
it. I'm betting they didn't.

Bill Herrin

Not a law, it's in their updated terms and conditions that no one reads.

  I thought cablevision has been doing this for years.

  I had a higher level tech at mi casa within the last two years and he suggested their goal was to get enough coverage to start offering CV voip cell phones. "pay a little less, for not guaranteed coverage'

   Ryan Pavely
    Net Access

All of the members of the CableWiFi consortium have been.

Bright House Networks, Cox Communications, Optimum, Time Warner Cable and

Liberty Global, the largest MSO, also does it and this year announced an
agreement with Comcast to allow roaming on each other's WiFi networks,
though that is not extended to the other members of CableWiFi at this time.

Scott Helms
Vice President of Technology
(678) 507-5000

Seems to me that they (Bright House Networks, Cox Communications, Optimum, Time Warner Cable and Comcast) are effectively operating a business out of your house and without a business license. I am sure that this is illegal in many towns and many towns would like the revenue.

In fact does this put the homeowner at risk since they are effectively supporting a business running out of their house?


Actually, that's sort of scary if you think about it too hard. Shared-secret
authentication has its flaws, but it still beats shared-nonsecret auth.

I really hope it's something on your laptop other than the mac address....

It's not - Cablevision allow you to register devices via their
website.... by mac address.

Not really, this is much more like the mesh networks that have been put in
place by lots of WISPs where every customer is also a relay. It's also
comparable to pico cells that many of the LTE operators use to extend

Scott Helms
Vice President of Technology
(678) 507-5000

It's very scary, and something I'm doing a paper on. It _is_ just MAC
recognition, at least until you try and use a MAC address that's already
active somewhere else.

Scott Helms
Vice President of Technology
(678) 507-5000

It is, you only have to log in once and then it remembers your MAC
address. Harvesting usable MAC addresses is as trivial as putting up an
open access point with the SSIDs xfinitywifi and CableWifi and recording
the MAC addresses that connect to it.

Scott Helms
Vice President of Technology
(678) 507-5000

It is, you only have to log in once and then it remembers your MAC
address. Harvesting usable MAC addresses is as trivial as putting up
an open access point with the SSIDs xfinitywifi and CableWifi and
recording the MAC addresses that connect to it.

I was just pointing out that you don't even need to login with the
device. Cablevision allow you to register a MAC address on their


My apologies, I misread your email :slight_smile:

Scott Helms
Vice President of Technology
(678) 507-5000

I think it's more than AC power issue....who knows what strength level
they program that SSID to work at ? More wifi signal you are exposed to
without your knowledge and on.

I have Comcast & ATT internet at home...and I have noticed an xfinitywifi
ssid at full strength. This tread brought it to my attention. It was not
there when installed.

Over the last few months, I have noticed on many occasions my attached
storage device flashing as it's accessed but never found anything on my
LAN using it. So I removed it from my LAN. In addition, I have the blast
service 100 meg/sec.. Sites slow down often. The modem's cpu processor and
cache is not used just for me as part of my service !

Gee, before bandwidth considerations, that's a bottle neck, isn't it ?

Docsis is limited to bandwidth in neighborhoods based on headend and
street plant configurations.

Why would I, while paying for service want to encourage others to drop in
my neighborhood or house to use the wifi - the cpu bandwidth of the
wireless device and it's cache ?

If you tell me these Docsis modems can do 200 meg/sec I would be
surprised. This would explain why I see poor downloads of on-demand movies
on directTV.

BTW, I founded ISP channel ...the cable modem company before ATT created
@Home to compete. So I am very aware of the network devices limitations,
cable plant wiring structures and headend physical limitations.

However, I have not studied these new Docsis modems. So how do I shut the
xfinitywifi SSID?

Thank You
Bob Evans

BT in the UK did the same thing a few years ago with a silent firmware