How to Disable Comcast Xfinity Public Wi-Fi

Those who use Comcast's Xfinity-branded residential-gateway broadband routers, which combine a cable modem with an Ethernet and wireless router, could find themselves becoming mules for the company's publicly available network. Comcast can turn on a second Wi-Fi signal in its customers' home routers that could be used by anyone with an Xfinity account — even total strangers who happen to be driving by.

The company has already activated this feature on hundreds of thousands of routers all around the United States. It intends to turn on millions of these hotspots in the coming months.

MORE: 12 Things You Didn't Know Could be Hacked

Comcast states on its website that the feature is not available to those subscribed to Comcast's Economy Internet package.

A Comcast Internet technical-support representative told us after this story was first published that the Arris TG862G and Technicolor TC8305 models support the public Wi-Fi hotspot feature, while Cisco and SMC models do not as of yet. While the Cisco devices do have two antennas, they're only for dual-band Wi-Fi in the home, said the tech-support rep. The SMC models have only one antenna.

If you use one of the affected models, you might want to turn the home hotspot feature off. While we don't expect there to be severe security risks with the second network being opened up, it is likely that more people using your hotspot could slow your overall Internet connection.

Prevent that from happening by tuning off the home-hotspot feature. Make sure your Comcast username and password are handy, and follow these easy steps to turn off the second signal in your Comcast router. You can also check Comcast's website for a more comprehensive how-to in case you have a newer router.

1. Go to

2. Log into your account.

3. Select Users & Preferences from the top navigation bar.

4. Click "Manage Xfinity WiFi" under the Service Address section.

5. Select "Disable Xfinity WiFi Home Hotspot" in the dialog box that pops up. If you don't see the option to enable or disable the home hotspot, the feature may not have been activated in your area, or your modem/router combination may not be compliant.

6. Save your changes.

Follow Cherlynn Low at @CherlynnLow and on Google+. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

Cherlynn Low

Cherlynn is Deputy Editor, Reviews at Engadget and also leads the site's Google reporting. She graduated with a Master’s in Journalism from Columbia University before joining Tom's Guide and its sister site LaptopMag as a staff writer, where she covered wearables, cameras, laptops, computers and smartphones, among many other subjects.

  • rgd1101
    or just buy your own. It cheaper in the long run.
  • derekullo
    So when your neighbor pirates your wifi and torrents 1 terabyte of data and sends you way over your data cap, Comcast gets mad at you for Comcast enabling free public wifi?
  • billgatez
    or just buy your own. It cheaper in the long run.

    Most ISP's don't give you a choice. You are forced to used these combo units.
  • falchard
    I don't think the article writer understands how the internet works.
    First, Comcast will not be able to activate this on Arriss, Cisco, or SMC routers because they don't have the necessary hardware to do so.
    Second, I am pretty sure these routers are specifically developed to allow multiple WiFi networks in order to enable better public WiFi. Right now, routers let you setup a guest wifi, 2.4ghz wifi, and over 5ghz wifi. So making one dedicated to Comcast public wifi is totally possible. However, this will treat that access point as a completely different IP.

    The only security risk is that a person has all but 1 set of numbers for your IP address. However, at any time your whole IP address can be reference over the internet.

    It won't eat at your connection or consume your bandwidth. Cable connections use Channel bonding where they can connect to 4-16 channels. Each one allows for 30mb/s of speed. Something tells me these ones will be on their own separate channel.

    I think what they will probably do is offer to not rent out your router for being a hotspot, or allow you access to the free hotspot without a subscription fee. That's usually the hurdle most cable companies have with giving away equipment. The monthly rental fee.
  • schwatzz
    What a scam. They just want to charge you for bandwidth that you aren't actually using.
  • rocket_sauce
    Wow! This should be criminal on Comcast's part. I know we all sign agreements, but dang... This kind of stuff should be in BOLD print and not buried in the literature.
  • razor512
    To start off (will get more into it later) comcast is rarely ever able to offer customers with the speed they are paying for, for for virtually all users, any additional user using their network will cause a slowdown regardless of what comcast says.

    Keep in mind that wifi radios are not 100% efficient in handling multiple users. If your wifi radio can do 100mbit/s on clieent, then if you add an additional client and both want full speed, then both will not get 50mbit/s under a completely fair que. The overhead of dealing with more than one client will cause the sppeeds for both clients to be less than 50mbit/s, you will be more likely to see around 45Mbit/s or less. The only way to avoid this will be to have a completely separate wifi radio and antenna running on a completely different non overlapping channel in roder to prevent the public network from impacting the home user's wifi.

    Furthermore the CPU will have to be significantly faster. (as you create more network activity, pingtimes slow down. If you have a program such as ixchariot, you can demonstrate this yourself. Have a rate limited benchmark go between 2 systems, and then have 2 other systems on the same network start their own rate limited transfer, even if you are only using 25% of the available network capacity, ping times will increase as the router is doing more work. On enterprise networking hardware, it is negligable, but for home routers, especially less powerful ones, it becomes more noticable and you can easily add a few extra milliseconds to your ping times if a hotspot user decides to create a constant connection, even if the throughput needed is low, if there are many connections, it will impact the performance of the hom user. Furthermore, traffic shapping will open the door for denial of service. Even on a router such as the WRT1900 AC, that dual core 1.2GHz CPU will struggle to maintain 400mbit/s while using QOS, and from my experience with doing QOS benchmarks with ixchariot on consumer routers, even a low bandwidth datacenter style workload (lots of cmall packets stressin different priority levels, will cause the router to work really hard to manage the traffic, and thus you can get a high CPU load with only a small amount of traffic)

    One issue that seems to not be getting enough attention, How many comcast customers are getting the ful upload and download speed that they are paying for? (most do not and in those cases, allowing a hotspot user to get even 1KB/s will mean 1KB/s less that you can use for your home network because they are already unable to provide you with your full speed.

    If I were stuck with something like this and was unable to opt out, I would either buy my own modem and not use theirs, or I would take it apart and physically cut the PCB trace going to the wifi amplifier to make sure that the the wifi network cannot be used.

    PPS can a comcast customer in the effected area try loggint into one of those hotspots and see if the WAN IP is any different, if not then this means that some people can have fun going to the homes of people they do not like, or choose random homes, and then do things like have personal challenges "how fast can I break every single rule on this side, and get the account banned, and the make many more accounts until they decide to do an IP ban (and can it be done for the most popular websites)

    Or if you know that the person loving in the target home is a gamer, then see if they play on any servers that use some form of ban link, and and just wreak havoc.

    Overall, this is 100% bad for the customers stuck hosting those hotspots. For all, it will mean a drop in performance (PS if the same wifi radio is used, see if 802.11b is still supported :) many routers like to really slow things down and drop QAM levels when a legacy user connects :) ). For users with ample capacity (to a point wherre they get 100%+ of what they pay for consistently 24/7, then they will only get overhead related slowdowns from the router having to manage more clients and possibly deal with the QOS. For everyone else, on top of th eoverhead, any throughpt that the hotspot user is able to get, will directly slow the home connection because they are in a position where comcast is already overloaded and unable to provide then with the speed they are paying for.
  • razor512
    Sorry for typos, I cant find any edit function for toms guide
  • razor512
    Forgot to mention, I have my router overclocked. (the R7000 CPU can be overclocked, but the RAM cannot, any attempt to increase it, bricks the router, sending it into a boot loop (scared me the first time it happened as it was boot looping before it would finish loading the board data, I eventually got lucky and it made it far enough to catch the error and reset the clock speeds :) (all in all, do not overclock the RAM)

    Since additional processing takes place for pretty much all network traffic, even low bandwidth usage on wifi will negatively impact the WAN performance of wired computers.

    The only way that I can see this as acceptable, is if they are able to implement it in a way where hotspot usage will have no measurable impact on the home users performance (meaning even enterprise test equipment should be 100% unable to measure any impact at all) (meaning they have to make a consumer networking device that exceeds even backbone level bandwidth providers in their ability to manage network traffic).
  • eklipz330
    i really hope that that merger doesnt pan out and both companies evaporate.