OS X: How to disentangle your Mac from the ‘Xfinitywifi’ network

“Lately I’ve been running into a lot of trouble with folks who’ve joined a Comcast ‘xfinitywifi’ network,” Melissa Holt reports for The Mac Observer.

“These nationwide Wi-Fi hotspots are provided by Comcast through the use of its customers’ modems, which I suppose is all right if you’re a Comcast subscriber who’s out and about and desperate for network connectivity,” Holt reports. “The issue starts, however, when computers begin auto-joining that open network after they’ve connected to it that first time.”

“If you’re able to enter your Comcast credentials and access the Internet, great. But if you’re at home and should be on your own Wi-Fi instead — you know, the one with access to your printers, say — this can cause all sorts of frustrating issues that aren’t always easy for people to figure out,” Holt reports. “So if you need to stop the auto-joining madness on your own Mac or on someone else’s, here’s how.”

Directions with screenshots in the full article here.

MacDailyNews Take: Be careful joining random Wi-Fi networks, okay?

SEE ALSO:
How to easily turn that old Mac into an inexpensive personal VPN – November 19, 2015
How and why you should use a VPN to protect your data’s final mile – January 16, 2015

22 Comments

    1. People have to know about that option first, then they have to understand what it means, then they have to find it, then they have to CLICK THE BUTTON.

      This is often too difficult for the average or the technically challenged so few people do it.

    2. This doesn’t address the problem at all. At issue is when you’ve joined a network SSID, your Mac will try to reconnect to that SSID. So when you leave your Xfinity house, and want to use an Xfinity hotspot, it may try to reconnect to the Xfinity hotspot in your home, instead of your own network, putting you outside of the firewall and creating other network issues.

      The answer is to:
      1) Lower the priority of the Xfinity SSID.
      2) Delete the Xfinity SSID from your list.
      3) Turn off the Xfinity hotspot in your home.

      Option #3 may not be an option if you are close to an Xfinity hotspot from a neighbor, and there are plenty of reasons why you might want to leave your Xfinity hotspot on while #1 or #2 solve the problem.

          1. That’s for your personal Wifi. The Xfinity hotspot SSID that is available to the public isn’t unique. They do this intentionally so that you can sign in once and then roam around from place to place without having to log in to other Xfinity hotspots.

            Usually, this is beneficial as it’s transparent, but it can create problems which is the whole point of this article. If the hotspot SSIDs were unique there would be no need for this article.

  1. I think the people who can’t figure out how to manage their networks probably are so tech illiterate they would unfortunately never even realize they have this problem and surely would never find this article for it to be able to help them. In other words, this article serves as a reminder to double check your parents’ network settings this holiday season.

  2. Pretty much everyone has these free wifi hotspots.. I hate them.

    To clarify.. it’s *not* auto join networks.. It’s your HOME MODEM given to you by Comcast etc that automatically turn on a guest network that *anyone* driving by can join…

    and I 2nd Demondeathkill’s comments.. double check the modems of your parents etc.

    1. I love them. I wish more people would leave them active, as I leave mine active.

      The benefits are that unlike setting up a guest network with your router, the Xfinity hotspot doesn’t get included in your bandwidth or data cap. Furthermore, you’re not responsible for anything someone does while connected, and they’re entirely behind your firewall. It does all of this without having to manage passwords for guest or activate/deactivate the guest network.

      While traveling, it’s pretty awesome to be somewhere and find that you can still connect even if there is no cell coverage because someone nearby has Xfinity and hasn’t disabled the hotspot.

      1. you may like it.. but war drivers also like it.
        remember, most people have zero clue that its even running.. and they have zero clue how to setup their home network (and computers) to be safe.

        IMO these should be off by default, and must be turned on by the customer or the installer *after* it has been explained to the customer.

        When I turned mine off from my TWC modem about 30-40 minutes after the guy left.. 2 people had already connected to it.

        1. “you may like it.. but war drivers also like it.”

          That’s a good thing though. Every war driver is absolutely welcome to come and have at it with my Xfinity hotspot. That’s much better than having war drivers trying to, or worse succeeding at using my connection.

          “they have zero clue how to setup their home network (and computers) to be safe.”

          There’s nothing to set up with the Xfinity hotspot. It’s either on or off. When it’s on, the customer’s network is just as safe as when it’s off. It may be safer since it’s worthless for someone to try to hack into your wifi solely for connectivity if they have an Xfinity account.

          “IMO these should be off by default, and must be turned on by the customer or the installer *after* it has been explained to the customer. “

          I agree that it should be explained, if nothing else because many people who have turned if off have done so without understanding it at all.

          Really, can you name one significant downside to having Xfinity hotspot turned on?

            1. Except that doesn’t happen.

              When you sign up for Xfinity, you sign up for a specific data rate plan. The faster plans are more expensive. Let’s say you sign up for 50mbps. Your connection may be capable of being much faster than that, but Comcast throttles you down to match your plan.

              The overhead on the connection to your house, if any, is available for the hotspot. If there’s no overhead, the hotspot won’t allow a connection. The two networks are completely independent of each other with your personal connection having absolute QoS prioritization over the public hotspot.

              Any use of the hotspot doesn’t count towards your data rate or your data cap. The public facing IP address is completely different and activity is logged on the account of the person who signed in.

          1. You really should do some research…
            There are xfinity wifi logins and passwords floating around for ALL xfinitywifi enabled modems.

            IF I KNOW what brand of modem YOU HAVE…. odds are I CAN get on your network.
            oh look xfinitywifi, rather small list of comcast supplied modems to toss the standard login/password at. because as I stated above most people have no clue how to setup their home networks…. including changing their modems default password.

            Broadcasting an xfinitywifi hotspot? well.. it makes it easier for a potential hacker to get on your private network.

            you connect to xfinitywifi? great.. now your device has saved that SSID. Next time you see xfinitywifi… your device AUTOMATICALLY connects. (To the spoofed xfinitywifi network on a hackers laptop) good job, you gave your login/password for Comcast to a hacker who now uses your login to download child porn etc.

            Comcast has been sued for making the system opt-out, it should have been opt-in. Picking on Comcast here, but AT&T and TWC both do it as well.

            Leave it on if you want, but it compromises your security. Use it if you want when out of your house/town if you want.. just remember that spoofing the SSID is extremely easy.

            Article on it from PCWorld, seems middle of the road on it, but pay attention to a few paragraphs.

            http://www.pcworld.com/article/2363389/to-xfinity-wifi-were-all-hotspots-but-you-dont-have-to-be.html

            “But whether that person will be able to access other devices on your network, including your hard drive, is a separate question. And Comcast’s response isn’t reassuring.

            Comcast encourages users to set strong passwords, and it supplies antivirus software to its customers. If the company does detect an unusual amount or source of traffic, such as a customer who may have been infected by a virus and turned into a zombie, or ‘bot,” that customer will be notified.

            That doesn’t answer the question of whether an elderly customer blissfully surfing away on an unprotected PC will be unduly exposed by Xfinity WiFi. Comcast recommends that customers use antivirus protection plus a firewall and take advantage of its gateway’s 128-bit WPA and WPA2 encryption. “If a consumer doesn’t put the in the necessary precautions, to at least take some of these steps, they’re not doing everything they can to protect their account,”

            Because it IS possible… rare yes, easy no..
            Again, goes back to my point that people do NOT know how to setup their networks and computers to be safe. they just assume they are safe cause the nice Comcast man set their computer up for them.

            1. “You really should do some research…”

              I have, and have problem written some of the articles you’re misquoting.

              “There are xfinity wifi logins and passwords floating around for ALL xfinitywifi enabled modems.

              No, there are passwords for many Xfinity modems, but certainly not all, specifically most newer ones, and even more specifically the ones that have hotspot functionality. Even those that were compromised have firmware updates… not unlike those from any other vendor.

              IF I KNOW what brand of modem YOU HAVE…. odds are I CAN get on your network.

              You cap-lock weird. Look, if you’re arguing that there are reasons to own a 3rd party modem, yes, there sure are, but don’t kid yourself in thinking they’re more secure, or that it takes any effort to identify what modem your using.

              If you want better security, put a router with a firewall between your network and the modem, but whether you do this or not, it makes no difference on whether you have the hotspot enabled or not.

              Anyone who sees Xfinity being broadcast as an SSID and could hack into your network (as opposed to the hotspot) wouldn’t be slowed down one bit by having a different SSID being broadcast from the same modem, or having the SSID not being broadcast at all.

              “I stated above most people have no clue how to setup their home networks”

              That’s nice and I agree with you, but it has nothing to do with having the hotspot enabled. The hotspot enabling is not an attack vector. If anything it’s just the opposite. Someone who would otherwise hack just to get access is now presented with free access, and that access provides no entry into the personal network. The whole point that the two are separate is the case for the problems that are the basis of this article.

              “Broadcasting an xfinitywifi hotspot? well.. it makes it easier for a potential hacker to get on your private network.”

              No, it doesn’t. It’s not any easier than saying that you can hack into your neighbor’s private network if you both have Xfinity as your ISP.

              “Comcast has been sued for making the system opt-out,”

              You mean, a lawsuit has been filed, not that Comcast lost a lawsuit, as obviously they and others continue to do this. People file lawsuits for all kinds of frivolous reasons. In this case, the basis of the lawsuit isn’t security, privacy, or any other such issue… it’s that there must be some increase level of electricity use when people are connected to the hotspot and the customer pays for that electrical use. We’ll see how far that lawsuit goes.

              The rest of your comment all really has nothing to do with the hotspot feature (as does much before). Yes, most customers don’t know how to set up their equipment (nor should they be expected to), but none of this has anything to do with the hotspot. Having the hotspot feature enabled doesn’t impact the private network one way or the other.

              Have just the Xfinity modem with “password” as the password and “the password is password” as the SSID? That’s going to be a problem whether or not the hotspot is enabled.

              Have a strong rotating WPA2 password and secondary firewall with a 3rd party router? That’s great, and the hotspot can still be enabled without any risk. The two are separate.

              “Because it IS possible… rare yes, easy no..”
              Show me one case of someone getting into the private network on an Xfinity modem simply because the hotspot was enabled.

            2. continue to live in your dream world where everything is secure because comcast told you it is.

              OLD info and probably fixed, but proof you have no F’ing clue.
              http://dynobin.com/xfinity-router-login-hack/

              And you still have not even read what others have said.. xfinity uses the SAME SSID. All you have to do is run any spoofing software setup to broadcast the xfinitywifi SSID and EVERYONE that has auto join turned on and has previously joined an xfinitywifi hotspot prior… WILL CONNECT and transfer the login/password.

              THIS is one of the major problems.

            3. You have a real problem with focusing on what the argument is.
              “And you still have not even read what others have said.. xfinity uses the SAME SSID.”

              Yes, and take a look at the top of the comments, I was the first person to say that here.

              “all you have to do is run any spoofing software setup to broadcast the xfinitywifi SSID”

              What exactly does this have to do with the security of my private network because the hotspot is enabled???

              And this security issue has nothing to do with Xfinity using the same SSID. They could use a unique SSID for every hotspot. It wouldn’t matter. As long as someone has the credentials to log in, they’d be transferring them to the spoofed network regardless of whether or not it was a unique SSID.

              “OLD info and probably fixed, but proof you have no F’ing clue.”

              What did I just say about this? Hint: this doesn’t work on the newer modems, specifically none that are hotspot enabled. If you understood what you were reading, you’d understand this.

              You’re Googling terms to support your argument without understanding the search results. If you want to prove your argument, simply find one single case of where someone got into the private network due to the hotspot being enabled.

              Hint: you can’t.

  3. I have no problems with this. I have three Xfinity hotspots close enough that I can connect but not close enough that I can actually use them. One of my devices may occasionally connect to one by accident but this happens once or twice a year.

    I also use Xfinity at home and my modem defaulted to Hotspot off.

    BTW, if anyone is interested, iStumbler is a handy utility for monitoring local WiFi networks. Comes in handy if a close neighbor winds up on the same channel.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.