Comcast Turning Chicago Homes Into Xfinity Hotspots

BUL2294 writes "The Chicago Tribune is reporting that, over the next few months in Chicago, Comcast is turning on a feature that turns customer networks into public Wi-Fi hotspots. After a firmware upgrade is installed, 'visitors will use their own Xfinity credentials to sign on, and will not need the homeowner's permission or password to tap into their Wi-Fi signal. The homegrown network will also be available to non-subscribers free for several hours each month, or on a pay-per-use basis. Any outside usage should not affect the speed or security of the home subscriber's private network. [...] Home internet subscribers will automatically participate in the network's growing infrastructure, although a small number have chosen to opt out in other test markets.' The article specifically mentions that this capability is opt-out, so Comcast is relying on home users' property, electricity, and lack of tech-savvy to increase their network footprint." Comcast tried this in the Twin Cities area, and was apparently satisfied with the results, though subscribers are starting to notice.

This shit is already polluting the SF Bay Area

Not only 2.4 but 5 GHz as well.
Disgusting waste of spectrum.

Re:This shit is already polluting the SF Bay Area

[Killall+-9+Bash]

Same in Philadelphia for at least as long. Took multiple calls to tech to get someone on the phone who even knew what the fuck I was talking about. First two phone calls, the techs pretended(?) to not know what I was talking about. So, hang up and try again. Tech support roulette is fun!

During 3rd call to comcast tech support, I was told this was an "Xfinity wifi"-specific issue, and I'd need to call a separate number.

So, I called the dedicated Xfinity WiFi tech support number. They started by asking me what location I was trying to connect from. Home? Oh, well then, you need to call the home internet support number. 1-800-COMCAST. Wow. Thanks.

It wasn't until the 5th phone call that I got someone on the phone who knew what I was talking about, and they transferred me to a higher-tier tech who could turn off the hotspot.

Re:This shit is already polluting the SF Bay Area

[niftymitch]

How do they manage bandwidth caps?
How do they maintain service levels to the paying customer?

It is true that a docsis 3.0 cable modem can deliver many more bits than
most (but not all) subscribers pay for. If and only if the service
base is never infringed on does this pass my muster.

HOWEVER WiFi bandwidth is not as flexible and that is what
they are stealing and reselling.

If I did not own my own WiFi hardware I would be in court ...

I WANT COMPENSATION.

It is difficult enough to compete with neighbor WiFi and this
will force many transmitters to dial up their power increasing
the interference.

Same for the durn Femto Cell tower that ATT sold me at a discount.
Today I have apparent control over the connections allowed
but that could change. BTW... they are not magic and seriously
drop calls faster than pre Obamacare health insurance companies.

Re:This shit is already polluting the SF Bay Area

[rhook]

This is why I use all my own equipment.

Re:This shit is already polluting the SF Bay Area

[Chas]

How do they manage bandwidth caps? They same way they don't bill you for cable TV channel bandwidth. They know what's coming across their network and from where.

Additionally, Comcast Business customers (at least) are being provided with a separate cablemodem and router/AP for the public wifi.

My POB's main office just installed a 75/15 link a month or so ago. Once we found out what the equipment was for, we disabled it immediately. We also disabled the wifi on the private router/AP as well, as we already have a heavily secured wireless AP on premises and simply don't trust Comcast enough not to try and circumvent our precautions. And god help them if they do.

So what happens

[TheRecklessWanderer]

So what happens when people start connecting to your router and doing unsavory things. A couple I can think of, human trafficking or child porn, or less evil but still evil trying to get on the other side of your router. What about downloading Torrents? I mean we don't really know how good that firmware is do we? What if the FBI come knocking on your door one day saying, We noticed that someone at this address is doing some bad things. Come with us please.

Re:So what happens

[khasim]

So the easiest way would be to set up a fake access point with graphics stolen from Comcast's real site and then collect the usernames/passwords from people who are trying to connect to it.

Then use those to login to other Comcast sites and do whatever evil you want to.

The best part is that the poor person whom you're framing will have a more difficult time clearing his name because the evil activity happening in his name is happening in his city.

Re:So what happens

[LordLimecat]

Fun fact: Most routers handle more than just 2 networks. Routing between 4 virtual interfaces is nothing particularly fancy, just unusual in a home router.

Re:So what happens

[bluefoxlucid]

Yeah, the 1 cent per year.

You're using a ludicrous argument to try to wedge an on-principle enforcement into a world you don't like. If someone actually stole a penny from you per year, you wouldn't really care. If they reached into your coat pocket to take a penny, you would be very upset about the invasion of personal space, and might scream something useless about stealing when all you really care about is people groping around in your pockets.

Well Comcast owns the line and the modem. They lease you service with a specific SLA. As long as that SLA is in place--as long as the bandwidth you pay for is available when you try to use it--they're completely within their rights to lease additional on that line, and to use their equipment to provide access as long as they don't allow for unagreed intrusion into your property. So nobody's coming inside your house to plug in a CAT6 cable; and they're not connecting up to your private network, either; therefor, there's nothing of note happening here.

Re:So what happens

[bluefoxlucid]

You sound rich. Are you also trying to stop fracking because the water tower they want to put up looks ugly?

You're complaining that people may want to use Wifi, and this is a problem because you want to use Wifi, and we should exclude everyone else from using Wifi anywhere near you because it makes it harder for you to use Wifi.

Re:So what happens

[bluefoxlucid]

Your argument is invalid and ludicrous. I did not argue that mark-up was bad, or anything else analogous to a vending machine price on bottled water being relatively high.

Your argument is that Comcast is stealing a penny from you, because of electricity costs--that a Wifi access point may use 0.1mW more power when someone is accessing it. My argument is that the equipment and the line are the property of Comcast, and that as long as they meet their SLA they are doing nothing wrong, and that you are only upset because of a perceived invasion of personal space and not because of any real and physical thing such as service degradation or expense to yourself.

Face it: Comcast is costing you nothing, they are getting something for free, and you are rubbing your greasy lawsuit-happy merchant hands together trying to find an argument for why they are somehow inconveniencing you and owe you recompense. If they simply backed off from this, you would get nothing, and you would also lose the option to use your Comcast account anywhere you could find a cable modem within Wifi range--you would be poorer. Comcast's options have made you somewhat more wealthy because you have access to a resource you previously did not and nobody has to pay for it; but that's not enough for you, you want to make Comcast pay you for the privilege of making your life better.

Lawsuit-happy, greedy Americans. There's eight billion tonnes of shit Comcast is doing that we can complain about, and you bitch about the one thing they do that's actually a zero-cost benefit to basically everyone.

Re:So what happens

[tlhIngan]

I see stuff online that says normally an SSID is broadcast every 10mS or 100mS (10mS seems low to me). 10 packets per second isn't really a lot, although maybe once every 1 second would be less stupid. I mean when you open a directory in a file browser, it can populate with files for 2-3 seconds if it's large--your photos directory maybe. Why do we need advertisement 10 times per second?

Aside from that, idle access points--even at 100mS between SSID advertisements--don't seem like they'd degrade network too much. In-use access points will, but then we're back to not letting other people use Wifi because you want to use WIfi.

Here's something people don't realize about WiFi - besides the network backbone the access point connects to, WiFi devices on the same frequency communicate with each other too.

If you and your neighbour use the same WiFI channel or close to it, the two APs are actually handshaking between themselves at the management frame level (Layer 2), even though they're not actually on the same network, same SSID, or whatever. They're coordinating between themselves on usage.

And beacons are more than a "WiFi here!" broadcast, they're also used to help mobile stations save power by keeping the radio off longer. Inside the beacon is a bitmap that's indexed by association ID and tells if the AP has buffered packets for it. So a mobile station can on association tell an AP that it wants to check for traffic every 5 beacon times. The AP can either agree, refuse (perhaps there's no more packet memory) or negotiate a different interval. Then the mobile station goes to sleep if there's no traffic, and wakes up the receiver every 5 beacon periods to catch a beacon frame. If there's no traffic for it, it goes back to sleep for another 5 beacon times. If there is traffic, then it wakes up the transmitter and retrieves the packets from the AP buffers.

All that is contingent on the AP having enough buffer to store the packets (it knows it has to store it for at most 5 beacon periods - after that, it's free to drop them)

The other side effect is well, attempts to modernize the lowlevel management protocol have to take legacy devices into account. Even worse, all it needs is a legacy device on the same frequency. It doesn't matter that you have no 802.11b devices on your network, just having one on another network, same frequency will automatically disable any optimizations (because if they can't be decoded by the 802.11b station, there's a chance of a collision or interference).

Re:So what happens

[fgouget]

Why would you presume that? These modems typically have just one IP address, and I would presume that they NAT using the same one for the XFINITY wireless and for the home user.

Maybe because he knows what he's talking about and you don't?

As mentioned in the article the Xfinity users connect to the Xfinity SSID which is an open Wifi network while your Wifi network has a different SSID and is encrypted. So at the WiFi level the networks are completely separate. People seem to think this multiple Wifi network capability is new. It's not. Every access point of the past 10 years I've known about has supported 4 separate networks all along.

Then at the IP level, the way these community Wifi hotspots normally work is that when a guest connects to it he gets an address from a separate network range. Think of it as a VPN if that helps you. This ensures the guest's access is restricted to the official login server until he has registered. It also ensures the guest's IP traffic is separate from the user's local WiFi network. It also makes it possible to keep track of the guest's traffic for billing (if there's billing involved), and solves the copyright police issues.

BT in the UK do this

[Harlequin80]

I was in the UK last year and you can pick up loads of BT open wifi hotspots you can connect to. These then piggy back on a home consumers network connection.

I'm very suss on this as I would have thought contention alone would be a hell of an issue but I assume it is rate limited in some way. I had a play for a couple of minutes trying to compromise my sister-in-laws setup and couldn't manage it but I am far from skilled in that area.

That is why you use your own router

[wiredlogic]

That, folks, is why you never use an ISP provided router. Of course at some point you'll be forced to "upgrade" to a modem with integrated wifi.

Don't trust their "opt-out"

[LookIntoTheFuture]

External WIFI router and a Faraday cage. Just when you thought Comcast couldn't be more evil. Bam! F-you Comcast.

Re:Comcast WiFi

[stoploss]

the first thing I did when I got Comcast was have them disable the wifi on there router and set it up so it runs as a bridge instead.

But... if it is their router, it is their network. Thus they can turn it back on at their pleasure.

I'm sure their WiFi-unilaterally-reenabled router will be encountering lots of WiFi traffic once it is wrapped in aluminum foil (or any other basic Faraday cage/signal attenuation approach).

It may be their router and their network, but it sure as hell isn't their site.

YOU HAVE TO SIGN IN WITH YOUR COMCAST ID

[Blinkin1200]

Sorry to repost - orig post was as AC... maybe someone will actually see this one. This is NOT an open Wifi network. You must sign in with a Comcast / Xfinity User ID in order to use the network, AND you are signing into SSID 'xfinitywifi', NOT your local, private, SSID 'Ithinktheskyisfalling'. I saw it pop up on my router last year and do not have a problem with it. Any activity on the xfinitywifi SSID in going to be associated with a specific user, probably not me. Looking at the current networks in my area, I see xfnintywifi on channels 3 and 6, also another 'un-named' network, on one or more channels, that is probably emanating from the same device or another close by, judging from the MAC addresses and signal strength. I have a Samsung Galaxy Tab 2, wifi only, that I use as my mobile device and connect to the XfinityWifi network, using an ID on my account, at multiple locations. I am glad they set it up and give me access to it. No, I do not have a smart phone. BTW - there are other networks, Optimum and TWC, that can also be used with your Comcast User ID. What was it that Yoda said? - 'The ignorance is strong with some of these...' or something like that.

The good and the ugly

[ruir]

We have here a similar service with a former incumbent operator, which wonders of wonders has almost a virtual monopoly of cables services. The service itself is very useful and allow us to roam in most of locations without paying anything extra. Apparently it is a roaming authentication setup where you can authenticate in the modem of another customer, in a different VLAN/network and at limited speeds. (whilst at home you have 100 Mbps, roaming speeds appear to be on the range 5 to 2 Mbps). There are no dangers of someone knocking in the door of the other because of hacking/porn/whatever, all remote usage is linked to your account due to you logging with your id/password. The downside of this setup is that the 2.4GHz band is overcrowded, with most of the neighbours taking 2 (B)SSIDs. Often this situation compromises the quality of the service itself, both for the proper customer, and to the roaming service is equipment is providing. The situation has gotten so bad, I know of people installing repeaters at home, and I myself had to migrate to a new router in the 5GHz band to be able to work properly. I also disable the operator equipment and it works only in bridging mode, as the CPU capabilities are weak, and I don not trust the security if brings to my own network. There are also some persons who piggyback on the credentials and the family/friends, and use this service permanently with a (very) reduced Internet capacity. (As a side note, in both of my 2 houses in two different cities I can count as much as 40 BSSIDs when walking around the house)

Re:Comcast WiFi

[mysidia]

I was explicitly warned that they would no longer be able to offer remote support for troubleshooting the modem if I left it in bridge mode

Correct. I work for an ISP on the engineering side. For the very reason that modems in bridge mode cannot be remotely monitored via IP SNMP, or accessed via Telnet etc -- our policy is route always; no modems in bridge mode. No exceptions. I'm surprised Comcast even allowed that.

If a customer has their own router, then additional IP addresses can be routed to the modem and then on to their router --- otherwise, the modem will be their NAT boundary.

No customers are provided the username/password access: all config changes by support.

If monitoring finds a modem to be tampered with or no longer responsive -- most likely service will be temporarily turned off, until support clears it after the customer pays for a truck roll (in the case someone did something dumb such as insert a pin in the reset slot of our modem).

In bridge mode, the DSL/Cable modem no longer has an IP address. The only way to regain control over it is to be connected with a laptop on the LAN side of the device and know the 192.168.bla.blah address of the modem, or do a hard reset.

Very common in France, circa 2009 and elsewhere

[j-beda]

Lots of people do this all over the world.

The last time I was in Paris for an extended stay, back in 2009, at least one of the major ISPs was doing this on all their customer routers. The world did not seem to come to an end (or at least I haven't noticed it - maybe I'm oblivious). I can't recall if it was SRF, Numericable or Orange or "free" or one of the other big telecom companies, but they certainly had a lot of hotspots. They might have started working with FON to get an international system going I seem to recall.

https://corp.fon.com/en

The "public" wifi did not eat into the subscriber's bandwidth or whatever data caps they had. I don't know how (or if) they addressed the potential for honeypots stealing credentials.

FON & Deutsche Telekom

[zazzel]

Same principle here in Germany.

But Deutsche Telekom is not doing this as an opt-out thing, but as opt-in - plus you need a certain router model. I bought the (inexpensive) router and opted in, because now I can use all of these home router hotspots, plus all FON hotspots worldwide, all Telekom hotspots (in public places, at McDonald's, in high speed trains). The public hotspot users get very low QoS, so they don't harm my VDSL connection.

And the best thing: All I have to do to keep using it is connect the home router at least once every 30 days. So since the router is not my primary choice, 99% of time I'm freeloading and using my custom router, all the while keeping my hotspot privileges.

No security issues here. Nope. None.

[wiredog]

How hard is it to set up a router with the network ssid "xfnintywifi " and gather up all the username/password combinations that people use to log on? Not hard at all.

A Client of Mine Had One Installed Yesterday...

[charles05663]

I have a client (a business) in Montpelier, Vermont who had their residential cable service upgrade to "business" class. I was there while they did the work. While they were still there I checked out their work and found the extra cable modem and WiFi router and asked them about it (this was two additional devices off of a splitter). They informed me that it was part of the Xfinity service to provide a public hotspot. I said great, what is the login credentials so visitors to the office can use it. I was informed that since they were a business they (the client) was not permitted to use it and it was only for other Comcast users. I then proceeded to closet where everything was and unplugged the modem and hotspot and only left the business class modem they left. You could tell that they were pissed but could do nothing about it.

What pissed me off is that the client is paying for the electricity and hosting the device for Comcast and not allowed to use it. To top it all off, the stuck a sticker on the clients front window advertising the hotspot with out asking (this is a law office). Needless to say, I ripped that sticker off the minute I saw it.