Everybody who is a Comcast internet customer eventually finds out that if you have one of these Comcast-provided routers that is the size of a cereal box, you are providing something called an “Xfinity hot spot” to everybody in the world.
The idea of the Xfinity hot spots, of course, is that this becomes a selling point — a reason why somebody might want to subscribe to Comcast internet service, so as to be able gain the benefit of the ten million or so of these cereal-box-sized routers that are in place around the US.
When you as a Comcast customer learn that you have one of these routers, and you learn that you are hosting an Xfinity hot spot, you wonder if there is any drawback to this. Are you, for example, going to see a hit on your internet speeds if half a dozen members of the public are connected to your hot spot and making heavy use of the connection? (I have done tests and yes, if you put enough public users on the hot spot, it does slow down the internet for the paying customer, especially if they are on a low-speed tier of service.) But a completely separate question is, is the Xfinity hot spot taking up radio spectrum space that you might need in your home or office for other devices, such as Bluetooth hearing aids, DECT cordless phones, or mesh networking devices? And of course the answer is yes.
Comcast goes out of its way to tout the ten million Xfinity hot spots to their potential users, and goes out of its way to minimize its candor toward the customers who host those hot spots. It takes quite a lot of clicking around on the Comcast web site to learn that you, dear reader, are hosting such a hot spot, and it takes even more clicking around on the Comcast web site to learn how to toggle the hot spot on or off.
Which leads to the natural question, how does one go about turning off one’s Xfinity hot spot? I spent the past 24 hours trying to turn it off for my new service that got installed yesterday, and I have still not succeeded.
The first thing that most people would think is, it must be that you log into the router itself to turn off the Xfinity hot spot. After all, if you want to rename your own wifi network names, or change the passwords on your own wifi networks, or change your LAN subnet, or set up port forwarding, or any of dozens of other router configuration tasks, the way you would do it is by logging into the router itself. And quoted at right is a screen that shows what happened when I clicked around inside the router to turn off the two private wifi hot spots that are available in the router. You can see that each of them has a status of “inactive”. And at this point you might think that this means that the router has stopped doing wifi. Nope! You can click and click and first, you will never see anything at all in the router’s configuration web interface that even so much as reveals the existence of the Xfinity hot spot, and second, you will never see any place to click to toggle it on or off.
There is one telltale in the router user interface. What you can see, quoted at right, is a sotto voce mention that the 5 GHz radio is still active. The web page does not tell you what the 5 GHz radio is doing. But if you click around in a nearby notebook computer or tablet or cell phone, you will learn that this means the Xfinity hot spot is still active. The router is still tying up (at least) a 40-megahertz-wide portion of the 5 GHz spectrum that you might have used for DECT phones or mesh routers or some other essential function in your home or office. Indeed I think this router runs a 3×3 MIMO and is tying up three 40MHz-wide channels. It has the potential to pass up to 450 Mbps over the Xfinity hot spot. For somebody who is subscribed to one of the lower-speed tiers of Comcast internet service, a loss of 450 Mbps to a third party could be noticeable.
Which brings us back around to, how exactly is the Comcast customer able to toggle the Xfinity hot spot on and off? Comcast’s decision was to hide away this user toggle in the web-based billing portal. You can click here to see what Comcast says about how a Comcast business customer can turn off their Xfinity hot spot. You start by setting up a user ID and password and two-factor authentication and “registering” your newly installed Comcast internet service to a newly created account in the web-based billing portal. Having done all of this, you then click and click and click until you reach the page quoted at right. As you can see in the red box, there is a gear that you can click to toggle your Xfinity hot spot on or off.
Except not. Not for me. When I created the user ID and password, and registered the account, and clicked and clicked, I reached a page that looks like what you see quoted at right. When I scroll to the place where there is supposed to be a gear for toggling the Xfinity hot spot on and off, what I see is a red X and the error message “Unable to load information — Please refresh the page or come back later.”
Some 24 hours have passed during which I have repeatedly refreshed the page and come back later. During those 24 hours I have been on the telephone with Comcast tech support people named Larry, Susie and Alex (an hour and a half). After that I was on the telephone with Comcast tier-2 tech-support person John and eventually his supervisor Brent (just over an hour). Everybody tells me they are incapable of fixing this problem. One of them got the bright idea of remotely crippling the router so that none of its radios work any more. This means I lost any ability to re-enable even the private wifi hot spots. The buttons for turning on the private wifi hot spots had gotten grayed out. He did this without my permission. (Supposedly later the crippling was remotely undone.) Today I was on the phone with an “escalation team” member named Bill who also said he cannot fix it.
So anyway as of right now, I am still unable to toggle the Xfinity hot spot on and off.
Perhaps more importantly, is this a security concern?
Yes that is a very good question. Comcast, if pressed on this point, says that they route the data packets on a “VLAN” (Wikipedia article). It is true that a VLAN, if properly implemented on equipment that is free from security vulnerabilities, will obviate such a security concern. Hopefully Comcast did this correctly. If so, then no, it is not a security concern. Of course, if and when I somehow manage to toggle the Xfinity hot spot “off”, it would put my mind at ease on this point.
These reasons, and others, are why I switched from Xfinity/Comcast to my local, town-owned, municipal light plant for broadband service. Concord Municipal Light Plant ( https://concordma.gov/464/Municipal-Light-Plant ) is one of several municipal utilities in Massachusetts. Being town-owned and serving only a local population, the light plant is very reliable and responsive to customer needs. And, they are much less expensive than traditional power suppliers. A few years ago, the light plant strung optical fibers in town to manage its own power grid. But, that also enabled them to offer high-speed broadband service. Among other things, they offer symmetric service (same upload and download speed) for the same or lower price than Xfinity offers asymmetric service.
Yes I think many of us wish we had two or more choices for internet connectivity, including a benign entity like yours. But as we all know, the great majority across the US have only a single choice, and as a general rule you can throw a dart at a map of the US and in general, where the dart lands there will no terrestrial provider at all. Years ago I ran this ISP ( https://www.rric.net/ ) and it provided service to people who otherwise had no ISP available at all. Later after we proved there was a market for internet service in that neighborhood, one of the big players came in and ran backhoes up and down all the roads, and installed pretty good internet, and we wound down the internet coop.
Of course for many people nowadays, the way to go is Starlink. Here is a blog written by a Starlink user whom many readers of this blog may be acquainted with.
Just as an fyi, far easier to do it through the Xfinity App from your phone.
And yes the data is in a proper VLAN so your private network and the public VLAN data never touch.
Jim
Thank you for the idea about how to maybe fix it. Yes, I had already set up the Comcast Business app on my android phone. Prompted by your comment, I opened up the app just now and clicked around to the place called “manage Xfinity wifi hotspot”. Sure enough, clicking on that link brings up a toggle switch that is clearly intended to allow me to turn off the Xfinity wifi hotspot.
When I click on the toggle, it slides over to the “off” position for about two seconds, then reverts to the “on” position, and then a big red error banner drops down saying “We’re sorry, something went wrong. Please try again.” Then the banner disappears pretty soon after.
I tried it again and again but the toggle never actually worked. It just kept popping up the big red error banner.
Have you considered buying your own router and modem? Comcast wanted to charge me a few dollars a month to use their router (and host their hotspot). I determined that the capital outlay of about a $120 was going to be recouped in less than two years. Plus, I was able to purchase better performing equipment AND free myself of a parasitic hotspot.
Thank you so much for posting this comment! Yes, this is what I generally do with Comcast whenever I am able to do so. Unfortunately in this particular situation I need to get some static IP addresses as part of the service. Comcast’s way of doing this is a bit primitive. They put their own router on the customer premises and that router does an advertisement (BGP I suppose) within their network advertising a route for the block of IP addresses. Only then do their various backbone routers set up the routes to pass the static IPs in my direction.
Now of course what you and I would think is that it would work just as well if what we do is I provide the modem (a plain old DOCSIS modem) and I provide my own router, and I program my own router with the exact same BGP route advertisement. But I guess the Comcast folks do not want to have to trust the customer to get this right. They do not want to put their tech support people in the position of having to wonder whether the explanation for the static IPs having gotten fouled up might be that the customer fiddled with their router an hour ago and corrupted the routing advertisement. So they require that it be their router that does the routing advertisement. A router that they control at all times.
And yes this leads to the super annoying problem of having to pay rent on their danged modem in perpetuity. All because I need some static IP addresses.
Oh and of course they love getting the camel’s nose in the tent with their cereal-box-sized router on the customer’s premises since this makes it super easy to upsell the customer on maybe spending money on one or two or eight VOIP telephone lines from Comcast at some future time. The cereal-box-sized router has anywhere from 2 to 8 ATAs inside.
I have Comcast (Xfinity) and I got my own router (Arris SVG2482AC) after reviewing the Comcast list of approved routers. HOWEVER, it turns out that Comcast has reached through to Arris and those routers (once connected to Comcast) are also “nerfed”.
I found this out as I was trying to adjust the router settings to take advantage of my Pi Hole setup. I don’t remember the specifics, as it was a while ago, but I was astonished to find that settings available to other people using this router were not available to me (once connected to Comcast). I was also logging in to the router itself, adjusting IP address ranges, etc.
Anyhow, it left me deeply suspicious of Comcast’s business practices.