MacInTouch Amazon link...

AirPort issues/alternatives

Channels
Apple, Security, Products
I scanned the Ars Technica review and the Plume privacy policy. The website bothers me; they seem totally uninterested in revealing why their stuff works.

Then I thought about Apple's pricing for a 3TB "Time Capsule" and a single, bridged, last-generation Airport Express (which is the setup in my Comcast-fed home, where my "modem" is a DOCSIS 3.1 customer-owned device not working to extend Comcast's own public or secured (xfinitywifi and XFINITY, respectively) networks.

My "solution" doesn't adequately perform in my 1800-ft2, two-story house. I don't know if it's because my Airport Extreme is flaky or just the topology of the house. If I were staying here, I'd probably jump for the faster Plume config with lifetime service. Considering Tim Cook's claims that Apple keeps your private stuff private, counterpointed by the apparent fact that your Watch might donate your atrial-fib-revealing ECG to Facebook, I'm not seduced by Plume's less self-promotional promises of privacy.

I'm moving some time in the next year. I'll take another look when I'm in my new location.
 


For what it's worth... Plume Privacy Policy...
Thanks for that, Ric. Scary, not that I was a potential customer anyway.

I switched to the 1.1.1.1 DNS provided by CloudFlare; it was easy, except I kept getting bounced on a "404" to a "search" page on my ISP. Not at home now with that Netgear, but it was possible to fix with a setting I don't remember off-hand. A way to test if your ISP is hijacking your DNS settings, or you need to check how your router is configured: either ping a non-real Internet address, or enter an intentional typo, e.g., www.georgx.com

Cloudflare offers 1.1.1.1 apps for both iOS and Android and just announced a new service, "Warp," that's supposed to be a free VPN with freemium pay for more options later. As Facebook offered a free VPN that was mostly a way of more efficiently tracking users, let's hope Cloudflare really is supporting privacy - and that their apps will get tested.

Actually, Facebook went far beyond tracking:
TechCrunch said:
Facebook pays teens to install VPN that spies on them
We asked Guardian Mobile Firewall’s security expert Will Strafach to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.
As a VPN service controls a user's encryption keys, a sketchy VPN is in position to be a man-in-the-middle and read what's passing through its service.
 



Software magic in the Comcast gateway separates the customer WiFi traffic to the cable from the public traffic. Speed settings are independent, because everything is managed in the gateway.
I have the Comcast triple-play package (TV/phone/internet), which limits my choices of modems to the Arris TG1682G. It was a "required upgrade" from my old modem. The new one has the 'xfinity' hotspot, plus its own wireless base. One of them was interfering with my Airport Extreme. Their customer service gave me instructions for turning off the private network, but that did not shut off the public hotspot. So another call to them to shut that off.

After all of that, I still don't know if the hotspot is really off. I still see the 'xfinity' hotspot, but I live in an apartment, and that could be a neighbor's. The status lights on the front of the modem show that the wireless is still on, but customer service says that is just a bug; it is really off. Hmmm.

They also say that even though I told them to turn it off, they may turn it on again anyway, contrary to my instructions.

I suspect that the hotspot is still on and there is no way to turn it off. It is no longer interfering with my AirPort though.
 


MacInTouch's Amazon link reveals a refurbished certified Arris Surfboard DOCSIS 3.1 cable modem for about $130 at Amazon. If you own it, you control it and need worry no more about Comcast getting you to do their network hosting for them on your dime. You'll recoup the cost within a year.

My own experience with iStumbler suggests you might not be a able to determine if Comcast's current device in your apartment is the source of the 'xfinitywifi' hotspot (a neighbor's might be too close for iStumbler to discriminate between them).
 


I have the Comcast triple-play package (TV/phone/internet), which limits my choices of modems to the Arris TG1682G. It was a "required upgrade" from my old modem. The new one has the 'xfinity' hotspot, plus its own wireless base. One of them was interfering with my Airport Extreme. Their customer service gave me instructions for turning off the private network, but that did not shut off the public hotspot. So another call to them to shut that off.
After all of that, I still don't know if the hotspot is really off. I still see the 'xfinity' hotspot, but I live in an apartment, and that could be a neighbor's. The status lights on the front of the modem show that the wireless is still on, but customer service says that is just a bug; it is really off. Hmmm. They also say that even though I told them to turn it off, they may turn it on again anyway, contrary to my instructions.
I suspect that the hotspot is still on and there is no way to turn it off. It is no longer interfering with my AirPort though.
Mark, you did hit on two things we have found to be very true regarding the Xfinity public WiFi.

Turning it off (either by your on-line account or by calling tech support) may, or just as likely, may not, turn it off. I have sat with their techs on the phone, and they needed multiple attempts (once, 6) to actually get it off. The only way to be sure is to identify that signal (hint - turn the consumer WiFi on and note the channel; the Xfinity one will be the same - change your user channel and see which of the probable Xfinity readings follows suit) and then assure it is really off using one of the many 3rd-party applications.

Now - with all that said... if you do get it off, it will be reactivated at some point by Comcast. They push settings, updates and the like at random intervals, and doing so will normally turn the Xfinity signal back on. No notice to you either. I have seen it turn back on with nothing but a power cycle; but that most likely varies with the modem type.

In summary, watch it carefully with the proper tools and kill it again when required, which may be often or not. Drives us crazy at many of our Comcast clients, so we try to always specify the Netgear modem de jour, as it has no WiFi at all inside. If we want WiFi, we do our own unit.
 


... My own experience with iStumbler suggests you might not be a able to determine if Comcast's current device in your apartment is the source of the 'xfinitywifi' hotspot (a neighbor's might be too close for iStumbler to discriminate between them).
A simple technique, if you have the Comcast Gateway credentials, is to change the WiFi channel assignments for your SSID. iStumbler and WiFi Explorer can both show changes in channel usage. Those that change identically are most likely related.
 


David is essentially correct - unless Comcast has some sharp engineers who are able to override the laws of physics. Two "radios" on the same frequency (after all, WiFi modems are just radios) will, without a doubt, affect the throughput of any device on that frequency.
The clarification here is that there aren't two radios. There's one radio, which is announcing two different SSID names. This is exactly why, as you say:
one is unable to set the user WiFi and the Xfinity WiFi to different channels.
Now, that said, it's still correct that the overall capacity of that single radio channel is being divided between "your" SSID and the Xfinity SSID. As a general matter, a single wireless client node is rarely able to use up the full capacity of an access point channel anyway - that's why access points can be shared across many clients effectively. But it's definitely true that there could be some impact in exactly the right circumstances.
 


Not sure if this has been suggested, but I recently installed TP-Link's Deco M9 system to replace Cox Cable's dreadful "Panoramic WiFi," which left one room in my not terribly large house dead. Deco fixed it for $200 (refurbished from B&H Photo) and was incredibly easy to set up (you must use a phone app to do so, but it's very straightforward.
 


I have the Comcast triple-play package (TV/phone/internet), which limits my choices of modems to the Arris TG1682G. It was a "required upgrade" from my old modem.
You should Visit Comcast's My Device Info page. Log in with your Comcast credentials and select your service tier to get a list of compatible modems.

When I looked for myself, I found 6 modems with voice capability. See my post from March 26.
After all of that, I still don't know if the hotspot is really off. I still see the 'xfinity' hotspot, but I live in an apartment, and that could be a neighbor's.
If you use a tool like iStumbler, it should show you all the access points advertising XFINITY and xfinitywireless. Look to see if any of them have the same MAC address as your own Wi-Fi network.
 


A simple technique, if you have the Comcast Gateway credentials, is to change the WiFi channel assignments for your SSID. iStumbler and WiFi Explorer can both show changes in channel usage. Those that change identically are most likely related.
My way to discern the difference in xfinitywifi is to note the approximate distance in iStumbler. The one from my Comcast access point is 2.5 meters away. The one from across the street is about 15 meters. I also have a neighbor who has Comcast, and that one is about 11 meters. So anything more than a couple meters is most likely not yours.
 


The clarification here is that there aren't two radios. There's one radio, which is announcing two different SSID names. This is exactly why, as you say:
Now, that said, it's still correct that the overall capacity of that single radio channel is being divided between "your" SSID and the Xfinity SSID. As a general matter, a single wireless client node is rarely able to use up the full capacity of an access point channel anyway - that's why access points can be shared across many clients effectively. But it's definitely true that there could be some impact in exactly the right circumstances.
John, no matter what, the impact will always be there (those pesky laws of physics again), as traffic always exists on both SSID's in normal operation, even when no clients are attached. But, as designed, you really would actually have no way to know if one or more 3rd-party clients are using your modem/router - the very purpose of Xfinity WiFi. You would need 3rd-party monitoring software to keep tabs on usage and traffic.

Additionally, even if you get Xfinity off, you most likely are surrounded by numerous other people's units, which may or may not be in use, but will always also clutter the limited bandwidth available on any channel. We routinely survey client sites for WiFi traffic and channel usage, and frequently must change their channel due to surrounding radios. Again, two radios on the same channel will always affect bandwidth, traffic aside.

On a previous observation - how to determine whose WiFi is whose: If one looks at the Mac's detailed WiFi menu (hold down Option key when selecting), you can see the BSSID, which is the MAC address of the WiFi source you are connected to. If you are using the Comcast box for your personal WiFi, the Xfinity WiFi will have the very same BSSID except for the last "word" (i.e.: last 2 digits/letters of the hex ID). For instance, if your WiFi ends in 'b4', the Xfinity WiFi of the same box will end in 'b5'.
 


I have the Comcast triple-play package (TV/phone/internet), which limits my choices of modems to the Arris TG1682G. It was a "required upgrade" from my old modem.
Are you sure it truly was required? I, too, have the triple-play. I received emails and even a snail mail letter alerting me that my modem was old and not delivering the speed that I am paying for, and saying that I needed to upgrade. I went into my local "Xfinity store" and asked if they had a newer non-wifi model that I could update to; they did not.

So I have ignored it, and yet my service has kept on working flawlessly. After I have sufficient time to set up and test my Ooma service, I will put it into service, powered by the standalone modem that I also ordered.
 


Are you sure it truly was required? I, too, have the triple-play. I received emails and even a snail mail letter alerting me that my modem was old and not delivering the speed that I am paying for, and saying that I needed to upgrade. I went into my local "Xfinity store" and asked if they had a newer non-wifi model that I could update to; they did not. So I have ignored it, and yet my service has kept on working flawlessly. After I have sufficient time to set up and test my Ooma service, I will put it into service, powered by the standalone modem that I also ordered.
I suspect now it wasn't a hard requirement. When I asked, Comcast told me that 'yes, it is required; your internet will stop working after a specific date', which I think was early 2018.

I should have just held out and waited.
 


Mark, you did hit on two things we have found to be very true regarding the Xfinity public WiFi. Turning it off (either by your on-line account or by calling tech support) may, or just as likely, may not, turn it off.
You can sign in to the router and turn it off. It works fine and does actually turn it off. If you see an Xfinity wifi SSID as still being available, it is a neighbor's.
Now - with all that said... if you do get it off, it will be reactivated at some point by Comcast. They push settings, updates and the like at random intervals, and doing so will normally turn the Xfinity signal back on.
Not true [for me] unless, for some reason, the update causes the router to do a full reset, which causes it to go back to its default settings. Of course, in that case, your SSID and any other custom settings would also chang,e so you would certainly know it. Simply restarting the router won't do this, and no update I have ever received from Comcast has ever turned the setting back on (I turned it off the day I got it).
 


MacInTouch's Amazon link reveals a refurbished certified Arris Surfboard DOCSIS 3.1 cable modem for about $130 at Amazon. If you own it, you control it and need worry no more about Comcast getting you to do their network hosting for them on your dime. You'll recoup the cost within a year.
My own experience with iStumbler suggests you might not be a able to determine if Comcast's current device in your apartment is the source of the 'xfinitywifi' hotspot (a neighbor's might be too close for iStumbler to discriminate between them).
The problem with this modem is that it doesn't support phone service. It is a non-starter if you use Comcast's Triple Play package deal... assuming you actually use the phone option.
 


I suspect now it wasn't a hard requirement. When I asked, Comcast told me that 'yes, it is required; your internet will stop working after a specific date', which I think was early 2018.
There is one situation in which I think that might have been true, now that I give it more thought. How old was your old modem, out of curiosity? If it was really old (DOCSIS 2.0 or older) it could have reached the point of Comcast "switching off" support for older modems... but they generally have to be ancient for that to happen.
 




There is one situation in which I think that might have been true, now that I give it more thought. How old was your old modem, out of curiosity? If it was really old (DOCSIS 2.0 or older) it could have reached the point of Comcast "switching off" support for older modems... but they generally have to be ancient for that to happen.
My old modem may have been DOCSIS 2.0. It was first installed in late 2012.
 


My way to discern the difference in xfinitywifi is to note the approximate distance in iStumbler. The one from my Comcast access point is 2.5 meters away. The one from across the street is about 15 meters. I also have a neighbor who has Comcast, and that one is about 11 meters. So anything more than a couple meters is most likely not yours.
That is not reliable here. iStumbler is currently showing two different neighbors closer than my 5G extension. It shows the 2G band of the same extension device three meters closer. Neither band’s distance is particularly accurate. It shows them as 6.5 meters and 9.7 meters when they are easily >14 meters from my desktop. I don't know how useful comparing BSSIDs (MAC address) is either. There is an "xfinitywifi" that appears intermittently and appears to rotate BSSIDs (or is at least two "xfintiywifi" nodes appearing intermittenty), none of which is remotely similar to any others in my proximity.
 


MacInTouch's Amazon link reveals a refurbished certified Arris Surfboard DOCSIS 3.1 cable modem for about $130 at Amazon. If you own it, you control it and need worry no more about Comcast getting you to do their network hosting for them on your dime. You'll recoup the cost within a year.
I had a particularly bad experience with a refurbished Arris voice modem a few years ago. It did not work, resulted in months going round with Comcast, and finally an FCC complaint. The FCC resolved it in my favor quickly (but the modem still didn't work). I would not count on such a prompt, consumer friendly, response from the FCC these days.
 


You can sign in to the router and turn it off. It works fine and does actually turn it off. If you see an Xfinity wifi SSID as still being available, it is a neighbor's.
Now - with all that said... if you do get it off, it will be reactivated at some point by Comcast. They push settings, updates and the like at random intervals, and doing so will normally turn the Xfinity signal back on.
Not true [for me] unless, for some reason, the update causes the router to do a full reset, which causes it to go back to its default settings. Of course, in that case, your SSID and any other custom settings would also chang,e so you would certainly know it. Simply restarting the router won't do this, and no update I have ever received from Comcast has ever turned the setting back on (I turned it off the day I got it).
You are indeed very lucky, and must have some new model of modem from Comcast, for, considering your one example, I can cite hundreds here where this is not true, including 3 new installs in just the last two weeks.

As well, virtually each and every one of our hundreds of Comcast modems we are now, or have been, responsible for over the last years experience had the random turn-back-on of the Xfinity WiFi, and we have verified this with both senior Comcast tech support and their engineering.

We have never seen any Comcast modem that allows "local" control (i.e. by the user) of the Xfinity side of the modem. Maybe only true here in South Florida, but I think the modem selections are pretty much the same in all their states (9?). I spoke with a senior tech support manager this afternoon over this issue to ascertain if this has changed, and he stated "absolutely not" Perhaps he was mistaken?
 


I don't know how useful comparing BSSIDs (MAC address) is either. There is an "xfinitywifi" that appears intermittently and appears to rotate BSSIDs (or is at least two "xfintiywifi" nodes appearing intermittenty), none of which is remotely similar to any others in my proximity.
Could you share some of those MAC addresses?

A MAC address is a structure consisting of several fields containing useful information.

In particular, the first three bytes, and within that the two least significant bits of the first byte are most important.

The least significant bit of the first byte is a 0 for a unicast MAC address and 1 for a multicast address. The second-least significant bit is a 0 for a globally-unique address and 1 for a "locally administered" address.

I'm going to ignore the multicast bit, except for a quick mention that there are standard-defined multicast MAC addresses, including ranges for mapping IP multicast destination addresses onto Ethernet multicast destination addresses.

The second-least-significant bit of the first byte determines if the address is global or local. Most of the MAC addresses you see will be global - this bit will be 0. In this situation, the first three bytes identify the manufacturer of the network interface. You can use the IEEE master list of OUIs to identify a manufacturer from these addresses.

For example, my Dell laptop's MAC starts with F8-CA-B8. A Linux PC here has five Ethernet ports. The one on the motherboard has an address starting with 00-1d-09 (Dell) and the four on a PCIe card have addresses starting with 00-15-17 (Intel). The Linksys router here has an address starting with 24-F5-A2 (Belkin - Linksys's parent company).

If Comcast is using addresses where the second-to-last bit of the first byte is 0, then it is a hardware-assigned address that should uniquely identify the router (and more likely, one network port on that router), along with the manufacturer of that router.

If the second-least-significant bit of the first byte is a 1, then it is a locally-administered MAC address and may not be globally unique. For example the "docker0" virtual network interface on my Linux PC has a MAC address beginning with 02-42-10 (02 = 00000010).

If Comcast's xfinitywifi MAC addresses also follow this pattern, then they are being generated by Comcast's software and won't match customers' local networks. They might be a function of the device's hardware MAC address, but there's no rule requiring this and doesn't seem to be any commonly used algorithm either.
 


I went into my local "Xfinity store" and asked if they had a newer non-wifi model that I could update to; they did not.
... It's a long time since I've seen a non-WiFi router supplied by Comcast or its competitors. These days, if you don't want WiFi, they usually just disable that service on a standard WiFi router.
 


These days, if you don't want WiFi, they usually just disable that service on a standard WiFi router.
That's the problem. It would be nice if we could guarantee that it would stay disabled once set, but, much like their hotspot feature, we can't. That guarantees that my current modem will be the last I ever lease from them.
 


My old modem may have been DOCSIS 2.0. It was first installed in late 2012.
Based on what I can see from that information, it's unlikely. I looked it up; DOCSIS 3.0 was released in 2006.

I was hoping that your situation was an example of them doing something honest for once...
 


I changed over to a Comcast triple-play last fall. Told the nice salesperson I did not want their WiFi and wanted to own my modem rather than lease. She said a Touchstone TM822G was approved and would work. So I bought one, and the install went fine, and I used my
AirPort with it.

Then Comcast upped the speed of my subscription and started sending me the message that my modem was not able to support the new higher speed, saying "it's time for a modem update." The online Comcast page listed a few approved non-wifi modems with phone support, each a lot more expensive than the Touchstone, but I couldn't find any place that had them in stock. Their listing for the Touchstone said it was not fast enough for the new speed.

Comcast kept sending me mail about how my brand-new modem was too slow. Then they changed their modem page, raising the rated speed of the TM822G, and stopped sending me mail. So far, it has been working fine at 120Mbps down, 11Mbps up.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts