Hacker News new | past | comments | ask | show | jobs | submit login

Future Wi-Fi devices will be able to see through your home and business walls, for activity monitoring and biometric identification, https://www.theregister.com/2021/03/31/wifi_devices_monitori...

> In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals... When 802.11bf will be finalized and introduced as an IEEE standard in September 2024, Wi-Fi will cease to be a communication-only standard and will legitimately become a full-fledged sensing paradigm... tracking can be done surreptitiously because Wi-Fi signals can penetrate walls, don't require light, and don't offer any visible indicator of their presence.

IEEE 802.11bf paper: https://arxiv.org/abs/2103.14918

Papers on device-free wireless sensing (DFWS): https://dhalperi.github.io/linux-80211n-csitool/

Remote sensing with low-cost ESP32 and 802.11n: https://academic.oup.com/jcde/article/7/5/644/5837600

What the actual fuck??

Honestly I don't see any purely technical solution to this. At some point we have to demand that laws be written to outlaw this.

If you live in Europe, you might want to sign the European citizen initiative banning biometrics


Thank you so much for the link! :-) I am going to share it with everyone I can!

Signed. Thanks for sharing.

Thanks for this comment. While it is a no-brainer for me to support this, I initially felt that this is hopeless and very few people care. But after seeing your comment, it pushed me to also sign :-) We shouldn't give up.

I tried to sign but was unable to pass the captcha on my phone.

Tried all browsers I have. Captcha doesn't even pop up.

Are you a robot?

They need 1 million signatures, they're currently at 51197 after 3 months. This is not likely to go anywhere. I guess people just don't care enough.

It's funny how you seem to believe that people "don't care" when it's actually more likely that people simply disagree.

Do you mean to say that people are fond of surveillance and facial recognition?

A lot of people are fond of security indeed! And I can imagine many even excited about this new technology. Maybe they just don't buy into this campaign. "we don't know what companies and governments want to use it for", but obviously gvts want to enforce the law and companies want to sell more stuff so nothing mysterious there and especially nothing against LGBTQI+ in the EU for sure despite the campaign's message.

I...don't await eagerly the time when tinfoil ceases to be the joke it has been for decades, instead being promoted to a solution anybody even remotely interested in their privacy utilizes.

RF blocking walls could be useful for more than just privacy. Could block out neighbors overpowered wifi APs. Just have a data line in and wifi APs inside.

That would work, as far as you don't plan on using your cell phone at home.

Luckily most carriers support call/SMS over WiFi. And if that isn't available, a signal booster could bridge the RF barrier.

Soon we’ll have to paint our home walls with Wifi proof paint to bounce off external signals , if they keep designing stuff like this...

Tinfoil hats are the joke. Tinfoil itself isn’t that funny. :-)

https://ans.unibs.it/projects/csi-murder/ enabled by https://github.com/open-sdr/openwifi

Both partially funded by EU's Horizon2020 program.

Openwifi talk at FOSDEM 2020 https://www.youtube.com/watch?v=8q5nHUWP43U

Thank you!

> Honestly I don't see any purely technical solution to this.

For home, chicken wire in the walls and wired networks. A Faraday cage is the simple solution, but unfortunately for this case is unlikely to be in most interior walls in modern buildings.

That would be illegal where I’m from since it also disrupts 911 service. Yes, even in your own home.

RF flooding and interference is illegal but I have never seen that simply blocking phone signal is illegal. Even concrete walls will do that.

That sounds like one of those things made into law but hard to enforce for practical reasons, and if they did try to enforce it, might be something that a civil rights group might take up to get stricken down. Especially with what we're discussing in this thread coming.

Gait recognition! I wonder if they can remotely decode passwords being typed on physical keyboards, since keyboards have a well-known spatial layout.

The characteristic length of 2.4GHz waves is ~12cm. This is roughly their feature resolution size. But you can do better with more antennas, more frequencies, more time, and phase information.

I've tried this [0] "typing biometrics authentication" out in some test apps. It worked well in detecting typing a password between two hands, just my left hand and just my right hand. I tried to do the same cadence - but it seems to also notice keypress duration as well. Not sure how I feel about my typing rhythm being a personal signature.

[0] https://www.typingdna.com/

Search-as-you-type interfaces, including search engines, often have enough signal to perform keystroke timing for the same purpose.

>Honestly I don't see any purely technical solution to this.


Use a router certified with "Respects Your Freedom": https://fsf.org/ryf

> Honestly I don't see any purely technical solution to this.

The technical solution is pretty simple: do not use Wi-Fi. I use wired connections for all of the devices in my household. The only non-technical aspect of the solution was an interior design-based one about unobtrusive cable wiring around the house.

Build better walls. Don't try to outlaw people "looking at you", no matter what frequency they use.

I find it equally ridiculous to try to outlaw software radio that might listen to "unapproved" radio bands, or listening to clear-text WiFi, baby monitors and cell phones.

It's almost as stupid as people who would want brain implant computers to implement DRM so people can't record and share their own memory of a movie.

Another analogy would be a country of blind people trying to legislate sighted people wearing blindfolds, because all of their privacy fences have huge holes in them.

Technology improves people's abilities. Adapt.

I think you should read your own comment but slowly to realize how absurd it is to say "Build better walls". You are basically saying the whole world should rebuild the walls because of this totally not needed WiFi standard. Great!

Also I do not agree on "technology improves people's abilities" statement. It is always based on how the technology is used. Famous example. Harnessing nuclear energy. You can use it to blow up cities or to generate power around the world.

One shouldn't develop technology for advancement's sake. Every new technology should be given thorough thought and analysis into it on why is it needed? and are the negatives outweigh the positives? or vice versa? and so on.

problem are law can not stop egrigous bad actor, so necesary for to proof against such persons with better wall. we "should" not having to do this but we are having to if we are caring for privacy.

There are a lot of walls to upgrade then, who should pay for that?

Standing in someone's garden, peering through their window is dealt with via legislation.

Since the invention of video recording devices, rather than having everyone upgrade their windows, legislation was reinterpreted and updated to govern the recording of people in private places vs public places.

It doesn't seem unreasonable for the same to be done to keep up with other forms of technology.

> Build better walls. Don't try to outlaw people "looking at you", no matter what frequency they use.

It's just not possible to make a wall that can't be seen through, at least without making them tens of meters thick, even using high density concrete, tungsten, or uranium.

Muons aren't photons, but cosmic muon tomography has been used to image the Great Pyramid of Giza and also several mountains. Exposure times for cosmic muon tomography are very long, but with enough exposure time, correlating 5-minute blocks across days, someone could work out mean density throughout your house and make low-res 3D video of your daily routine, even with 1 meter thick walls of reactor-grade high-density concrete with sheet steel cladding.

> Build better walls.

Rebuilding all houses in the world because someone creates a totally superfluous gadget. Seems reasonable.

I dunno - I could see a huge market for wallpaper with embedded wire mesh in it :)

Or just don’t install these devices in your house/live in a place where privacy is functionally impossible like an apartment building.

If the standard is built into all future WiFi standards you might have no choice in having to install those devices. If you want to obtain the fastest speeds/range/features etc.

Seems like someone can just pull up anywhere in a car and have this capability. You probably won’t have a choice.

And if someone stands out side with a wifi device emitting a signal in to your house?

A lot of this work has been research of Dina Katabi at MIT, via a function called the Sparse Fourier ("4-E-A") Transform.

I am not excusing the privacy implications, which will be abused to the extreme. However, it will be used also for health reasons, like monitoring respiration, and activity.

From https://en.wikipedia.org/wiki/Dina_Katabi

> her work on X-ray vision was chosen as one of the "50 ways that MIT has transformed computer science."

And the housing market.

Simple and Practical Algorithm for Sparse Fourier Transform, Hassanieh, Indyk, Katabi, Price (2012)


The sparse fourier transform : theory & practice - Haitham Al-Hassanieh (thesis, 2016 MIT) - Dina Katabi (thesis advisor)


Sorry I am not sure I am following, how does this impact housing market?

Possibly some future demand for faraday-caged homes?

Faraday cages do not stop Xrays, the wavelength can be smaller than the atomic spacing of metals.

This is one of those things that shouldn't even have a standard made for it.

What does everyone think is going to happen with capabilities like that?

Good news, the paper mentions privacy.

> We identify a number of critical issues that need to be addressed in this space... First, individuals should be provided the opportunity to opt out of SENS services – in other words, to avoid being monitored and tracked by the Wi-Fi devices around them.

Bad news, the paper proposes remote human identification by every Wi-Fi device.

> This would require the widespread introduction of reliable SENS algorithm for human or animal identification.

Would opt-in be legally easier than requiring human body scan registration for opt-out of Wi-Fi remote sensing?

This is a poison pill.

In order to not be tracked you must consent to be tracked so we know you don't want to be tracked.

This should not be done or allowed. Period. It's a huge invasion of privacy.

It would be better to have a beacon that simply broadcasts that you do not want to be tracked, with no further identifying features. There isn't really a good reason for identifying you to then look up that you don't want to be tracked. Make that legally binding and enforce it.

Or, better yet, make it totally opt in.

How would opt-in work in practice? Say, if this gets pushed out on $CAFE public wifi for analytics. Would it be something akin to "tick this consent box to use the wifi"?

And if $CAFE tracks you regardless of you not ticking the box or connecting to the network, how do I detect that as a regular customer?

Yeah, this tech standard is totally insane, why would I want anyone or anything to be able to scan people and objects inside my house without my knowledge? I’m aware of microphone attacks for keyboard password entry and other methods of surreptitious surveillance, but this is way past a microphone or webcam. I will pay a massive premium to purchase WiFi equipment without this feature.

Unfortunately these will be everywhere, far beyond any existing camera surveillance network.

It's also passive. Someone could stand outside your house or factory with their device and "illuminate" activity inside the building. Only EMF shielding in/on the walls could block them. Nation-state regulators could get involved, since these devices would be using spectrum that belongs to the public.

2012 article on a military use case, https://www.popsci.com/technology/article/2012-07/seeing-thr...

2017 video on an industrial use case, https://www.digitaltrends.com/cool-tech/wi-fi-radiation-tran...

This is very similar to radar, which raises the question, is radar already used to spy on peoples movements through walls?

X-Ray backscatter is definitely used for this, most famously by secret NYPD vans.


> The radars work like finely tuned motion detectors, using radio waves to zero in on movements as slight as human breathing from a distance of more than 50 feet. They can detect whether anyone is inside of a house, where they are and whether they are moving.

The cost of those devices should fall with 802.11bf Wi-Fi.

> the vans deliver a radiation dose 40 percent larger than delivered by a backscatter airport scanner; bystanders present when the van is in use are exposed to the radiation that the van emits… there may be significant health risks associated with the use of backscatter x-ray devices as these machines use ionizing radiation, a type of radiation long known to mutate DNA and cause cancer.

Could this radiation meter detect the presence of such a van?


Can make a lot of interesting products. Lights that turn on or change color when different people enter a room. home security systems that can detect motion. the ability to summon help for people who fall.

I've been looking into this for a while, should be mature enough in a year or so. there are already dozens of companies in this space

Do you think making it a standard is required to use it? The technology exists now. Writing it down isn't breathing it into existence.

Good to have threats documented, so technology/spectrum can be regulated and legal frameworks developed.

e.g. lockpicks are regulated, how about wallpicks-via-WiFi?

> lockpicks are regulated

you think?

Only in a few places.



> In Japan if you are found with lock picks you will be subject to a fine of 500,000 yen and a year in prison. In Poland, it is illegal to possess any picks without being able to show that your profession requires it ... In Hungary ownership of lock picks is completely illegal. The only people in Hungary that are allowed to have these tools are the military, and as a result lock picks are classified as military equipment. For travel within the United States or even traveling to the US, you should consult the lock pick laws in the state you are visiting.

And let’s not forget also Amazon Sidewalk

Scary times.

Is that some sort of hatch in the pavement? You order something on Prime, and moments later, a slab embossed with Amazons' logo opens, a deliveryperson jumps out and deposits the package into your outstretched arm.

Almost. It's anyone with Amazon IoTs sharing wifi with each other.

It's ambient network access, a desirable behaviour which I anticipate our descendants (or their descendants) will take for granted.

Imagine gradually choking as you wait for a friend to open their front door - oops, you forgot their air doesn't know you're allowed to use Oxygen, hope they get here in time to explicitly authorise you to breathe...

Because of the Network Effect the grand total number of Networks you care about will always be... one. So, it doesn't make sense to have a dozen fiercely independent WiFi networks in the same physical volume all of which are, in fact, just offering access to the same network (the Internet) but with separate credentials needed for each.

There have been very slow steps on the obvious way forward here. If you've been a student somewhere civilized in the last couple of decades you might have seen EduRoam. Under EduROAM your credentials from say, the University of Florida, or Stanford work at MIT and NYU, but also in Oxford, and in Tokyo. No more need to maintain separate "guest" networks so that the visiting lecturer's laptop works. But most of us, most of the time, are using dozens of little pointless fiefdoms.

Right, but do you want that one network to be run by a single company called Amazon?

All these guides showing you how to create a quick VPN on something like Lightsail. All this does is change your ISP to be .. Amazon!

Also putting all your big-tech eggs in one basket isn't a great direction for the Internet.

You will still have to identity particular users, because you want to sell access, because you want to identity those who break the rules and attack other users. But most importantly, users want to separate their networks from one another.

OTOH the technology can move from private radios to the model of cellular networks, where you don't care which tower you connect to, and the security / authorization lives at a different level.

That’s exactly what is being pitched! Sounds pretty great to me. Just move auth upstream, like eduroam/ cellular. Doesn’t preclude people from making their own separate access points, but would make doing so antiquated for most people.

Only if you tolerate devices with non-free software.

Like any TV?

Never needed a TV once since I was old enough for P2P to be invented

Yeah or anything else with non-free firmware.

So, everything practical.

If you bought it, you own it. Does your DVD player hardware come with a license agreement?

I can't tell if I'm missing something here because for some reason I think you're expecting the answer to be "no"?

But, yes DVD players come with license agreements, EULAs.

Hunh? So you are saying that if I buy the DVD player at https://www.bestbuy.com/site/sony-dvd-player-with-hd-upconve... that I'm agreeing to an "EULA" that doesn't seem to exist on the site and that is apparently not mentioned at all before purchase?

Please tell me you're joking.

Do you live in the USA? Very likely yes that DVD player will come with a EULA (End User License Agreement) in/on the box when it arrives.

Other places I'm not sure, but I'd guess you'll get one anyway.

Will they hold up in court? Who knows. But look and you're likely to find one they'll at least pretend applies to you.

(And to be clear, yes I agree that this is _ridiculous_)

If you're in the EU, that DVD player won't have a EULA attached. If you're in the US, it will.

The last one I bought came with a printout of the GPL2.

You tell me because I don't own a DVD player. :)


Commercial displays are a solution here, though they're expensive.

Don't put your wifi credentials into your TV, then you've effectively got a giant monitor/commercial display.

If you're feeling especially crafty, open the back of your TV and disconnect the wifi/bluetooth board. It's a discrete board in all of my TVs of different brands. I assume they build them this way so they can use the same network board design/production for years and just upgrade the main logic board in newer models.

I can't find any references right now, but someone once mentioned TVs shipping with SIM cards embedded so that they could collect telemetry even if you didn't connect it to your network.

Even if it isn't/hasn't happened, there's nothing to stop someone like Samsung sticking cellular modems in their TVs to work around you doing this.

If we think about it like Air-Tags too, popular enough product, it'll just connect to one of your neighbour's TV's which _is_ online.

I remember years ago, Vodafone gave me a "free" femtocell because signal in my home was poor. They neglected to mention the fact it broadcast a public cellular signal which allowed other Vodafone customers to use _my_ internet bandwidth.

> there's nothing to stop someone like Samsung sticking cellular modems in their TVs to work around you doing this.

True. Although, if they put that SIM card on the bluetooth/wifi network board that I'm disconnecting then I'll be ok.

I would be surprised if they used cellular technology for this though (from a cost perspective). I'd expect a lorawan/helium like implementation.

>Don't put your wifi credentials into your TV

Amazon has a solution to this. If your tv is within wifi range of an amazon device, your TV will be able to connect to a network. It might even be your neighbors device.

Can't say I'm planning to buy a TV anytime soon but that's good advice, thank you.

Expensive compared to the advertising-subsidised consumer version, maybe.

Expensive compared to retail-volume models. This is also a fight against manufacturing economies of scale.

Samsung sells "Commercial signage displays" to people, $1k for a 65" display.

e.g. the Samsung QB65R on Amazon

So yeah it's like $100-200 more expensive, but hardly seems.. unapproachable?

Or your neighbors do.

wasn't this a scene in Batman, Dark Night?

yes, yes it was https://www.youtube.com/watch?v=IRELLH86Edo

Is it practical to put a Faraday mesh into the exterior walls of a house?

I've rented two houses that used chicken wire to bind the plaster to the lath. You could get a bit of cell service near the windows, but you needed a WAP in each room. Finding studs was a nightmare.

Yes, this kind of shielding in construction is well understood, people concerned about information leakage have been doing it for decades and made the specs public. (Also people suffering from perceived "eletromagnetic hypersensitivity")

Of course, any house totally shielded with a Faraday cage would look extra suspicious and thus receive closer scrutiny. You'd need most of the house to be non-shielded to act as a honeypot while maintaining a small shielded section of the house for "emergencies".

Who are you hiding from exactly?


With 2 conditions; a) you would have to do it before closing up the walls and b) give up on radio.

Also, expect to have very strange windows. Of course, if visible light can pass through, that might be considered a flaw in your faraday cage so YMMV.

Personally, I'd like it if my devices knew what room I was in. Back in 2013, I'd started working on a home automation project with that goal in mind, but then all these closed source devices came out that were incredibly cheap and convenient and I haven't revisited the idea since.

I do look back with a bit of regret that more hasn't been done to push for reverse engineering these devices or somehow encouraging companies to open source their routers to support third-party operating systems, etc. We take for granted that we've open source smartphones and standard PC specifications when we don't yet have a standard that could let me run YouTube TV on my Echo Show 8, for example, or add lossless FLAC playback to my smart speaker...

I imagine window screen mesh connected electrically to the rest of your grid should work sufficiently (like the mesh on the microwave window)

>Also, expect to have very strange windows.

I have screens on my windows so I can have them open yet not have bugs wandering in and out - just pick wire mesh and ground it. Done!

You could just put antennae outside the walls like many houses/cars do.

I recently cut a couple holes in my house exterior through stucco. Like a sibling comment, that stucco was secured over some wire mesh. I can't remember how dense the mesh needs to be to block whichever frequencies would be used, but something like that would be commonplace and provide reasonable doubt.

There are different types of lathe used for plaster walls.

From chicken wire to mesh with 1/8, or less, inch rectangles.

I imagine the whole room would have to be covered with lathe. In good construction the lathe is covering every sq. inch of a room before the the base coat is put on.

Plaster wall are not typical anymore. Stucco is still used on exterior walls, but it usually just covers up ap the foundation, and might extent up the wall a few feet.

Plaster walls in a bathroom are the best walls though. The house I'm in has 1" thick plaster walls, and they hold up to a lot of abuse.

A well plastered plaster room would need screen on the door too, but that's doable.

If I was building a house, it would have stucco walls. Maybe only the exterior walls, and the ceilings? Then my signals could go room to room, but the world is locked out.

No one uses chicken wire, but it works just as well as the new smaller holed lathe sheets.

I still have no clue if modern sheets of lathe would act as a Faraday Cage?

I have fooled around with Faraday Cages, and tiny openings matter.

(I remember hearing about a guy who stole a vechicle with lowjack. He covered the vechicle with chicken wire, and the cell signal with through? He was caught.)

Attic insulation ("radiant barrier") has a layer of aluminum, it can reduce EMF if joints overlap and are sealed with aluminum tape.

You also need to ground it (you should be doing this anyway for electrical safety).

Should there be a resistor (100K? 1M?) on the connection between shield and ground?

I am not an electrical engineer, but AFAIK no. You want your ground path to be the favored path, rather then say, a sweaty human hand if there's a short.

Trying to stop radio waves is sort of like trying to stop water. Any little crack or hole and it'll come through.

In addition to that, you might want/need to use only wired connections to your router and rip out any components that enable wireless.

I see a market for personal WiFi jamming devices.

Those are illegal (at least in the US, and likely just about everywhere). Which is bitterly ironic in this case ... spying on people inside their homes using WiFi is "fine", but trying to jam that bullshit is ... illegal.

Illegal? Why? I'm only heavily using all the WiFi channels with my perfectly legitimate web browsing.

Jamming would run afoul of the FCC. Now having one or more WAPs randomly modulate their signal strength should do the trick

Anyone aware of a polished application that utilizes this for personal home monitoring? It'd be fantastic to integrate this with Home Assistant[1] in lieu of Zigbee motion sensors.

[1] https://www.home-assistant.io/

Do I understand it correct that it's possible to 'sense' what people speak with this technique?

No, that would require a precision that's probably still decades away. It could be used to grossly place people and large objects, and notice their movement. Sensing voice would require to monitor vibrations in either the person speaking or anything that vibrates with the emitted sound.

Funnily, there are much easier ways to do that, although they require direct line of vision [1]. Another option would be to measure the vibrations on walls (think glass on the wall, but hitech).

[1] https://www.schneier.com/blog/archives/2020/06/eavesdropping...

I need to invent faraday cage paint :p


Instead of going to such extreme lengths though, it's more sensible to lobby for political change. There is absolutely no legitimate reason this should be introduced as a general standard for all wifi divices. This sort of spying needs to be illegal unless specifically approved in limited cases.

Now imagine what will be accomplished with 5G.. puts on tinfoil hat.

Is there no limit to this surveillance capitalism thing? At what point does it get dystopian enough for them to stop?

when capitalism ends.

Would it be possible to use this to look at a monitor?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact