Heck, even Ecobee remote temperature sensors can do this.
Reminds me of the story about how the Google Nest smoke detector had a microphone in it. [1]
0 - https://www.amazon.com/b?node=23435461011&tag=googhydr-20&hv...
1- https://www.reddit.com/r/privacy/comments/asmusq/google_says...
Not even the biggest privacy issue of using Alexa devices. I think listening you 24/7 is a bigger potential issue.
Not sure if Alexa has this, but cheap mm-wave wideband multi-GHz sensors(or radars more accurately) now enable more finely grained human presence detection and also human fall detection[1] with the right algos, so you can for example detect if grandma in the nursing home fell down and didn't get back up, but in a privacy focused way that doesn't resort to microphones or cameras. Neat.
>Reminds me of the story about how the Google Nest smoke detector had a microphone in it.
Vapes have microphone arrays in them to detect when you're sucking and light up the heating element. Cheap electronics have enabled a new world of crazy.
[1] https://www.seeedstudio.com/MR60FDA2-60GHz-mmWave-Sensor-Fal...
It was listed in the features for the 2nd gen units. https://support.google.com/googlenest/answer/9229922#zippy=%...
Edit: That article isn't about the Nest Protect (smoke detector), it's about the Nest Secure, an alarm system.
The phone actually records audio and sends it remotely to someone else.
https://medium.com/@mmrahman123/how-a-bug-in-android-and-mic...
> By collecting this data, images of people can be generated from multiple perspectives, allowing individuals to be identified. Once the machine learning model has been trained, the identification process takes only a few seconds.
> In a study with 197 participants, the team could infer the identity of persons with almost 100% accuracy – independently of the perspective or their gait.
So what's the resolution of these images, and what's visible/invisible to them? Does it pick up your clothes? Your flesh? Or mosty your bones?
If you want to do advanced sensing, trying to identify a person, I would postulate you need to saturate a space with high frequency wifi traffic, ideally placed mesh points, and let the algo train on identifying people first by a certain signature (combination of size/weight, movement/gait, breath / chest movements).
Source: I worked on such technologies while at Signify (variants of this power Philips/Wiz "SpaceSense" feature).
More here: https://www.theverge.com/2022/9/16/23355255/signify-wiz-spac...
This approach relies solely on the "unencrypted parts of legitimate traffic". The attacker does not need to send any packets or "generate" their own traffic; they simply "listen" to the natural communication between an access point and its clients.
BFI is much more complex than simple signal strength. RSSI is an aggregation of information that the researchers describe as "not robust" for fine-grained tasks In contrast, BFI is a high-resolution, compressed representation of signal characteristics. This rich data allows the system to distinguish between 197 different individuals with 99.5% accuracy, something impossible with basic RSSI.
While older CSI methods often focused on walking directly between a specific transmitter and receiver (Line-of-Sight), BFI allows a single malicious node to capture "every perspective" between the router and all its legitimate clients.
Also CSI requires specialized hardware and custom firmware, this one isn't, just wifi module in monitor mode.
Gait analysis is complete fiction. Especially with a non-visual approach like this.
Answer: no need, if it had been cured, it would be cured. And it is not.
My point being that many publications saying "towards X" may mean that we are making some progress towards X, but they don't mean at all that X is possible.
> The results for CSI can also be found in Figure 3. We find that we can identify individuals based on their normal walking style using CSI with high accuracy, here 82.4% ± 0.62.
If you're a person of interest you could be monitored, your walking pattern internalized in the model then followed through buildings. That's my intuition at practical applications, and the level of detail.
The researchers never claimed to generate "images," that's editorializing by this publication. The pipeline just generates a confidence value for correlating one capture from the same sensor setup with another.
[Sidenote: did ACM really go "Open Access" but gate PDF download behind the paid tier? Or is the download link just very well hidden in their crappy PDF viewer?]
Any sub-meter precision or presence detection does not really matter, if these companies have all your other questions, queries, messages, calendars, browse history, app usage, and streaming behaviour as well.
Second, it is a logical leap to assume Google knows everything already. They could for example build this nearby Wi-Fi based location querying API with privacy in mind, by purposefully making it anonymous without associating it with your account, going through relays (such as Oblivious HTTP), use various private set intersection techniques instead. It is tired and lazy to argue that just because some Big Tech has the capability of doing something bad therefore they must already be doing it.
In which world are you living?
> It is tired and lazy to argue that just because some Big Tech has the capability of doing something bad therefore they must already be doing it.
It has the capability of doing something bad, and it has a history of doing it. Better not forget the last part.
No matter what you think, no stranger on the internet can convince to ignore my own lived experience.
Or Google being fined for abuse of their dominant position [2]?
Do you think that when you make an LLM request, it uses full homomorphic encryption not to disclose your information?
I guess I don't even have to give an example for Amazon, do I?
> It’s frankly not even hard to find Google authors of RFCs that meaningfully contribute to Internet privacy.
Well I didn't want to say that Google employees are malevolent, or that Google doesn't create good technology. But Big Tech (including Google) clearly regularly abuse their dominant position.
Back to "Google knows everything". Would you say that Google Search is built in a way that the Google servers cannot associate an IP to its search requests? Would you say that Gmail is built in a way that the Google servers don't have access to all the emails? What about calendar, documents, drive? Google maps requests? How does Google offer information about what's happening "nearby" without knowing the location of the device?
And now back to the location in particular: what about the "Find Hub" / "Find my device"? You can go on the website and ask Google where your device is, after you click a popup that says you allow Google to retrieve this information. Doesn't this obviously show that Google has access to it? They could access it without asking the permission, couldn't they?
So to the question: "do we need to develop a new WiFi technology and deploy it in order to have the technical capability of mass surveillance?", the answer is "no, we have the technical capability already". And by "we", we mean "Big Tech".
[1]: https://cybersecuritynews.com/track-android-users-covertly/ [2]: https://www.techspot.com/news/109360-eu-fines-google-35-bill...
Irrelevant.
> Or Google being fined for abuse of their dominant position
Also irrelevant. You are talking about antitrust. I’m talking about privacy.
> Do you think that when you make an LLM request, it uses full homomorphic encryption not to disclose your information?
Irrelevant. I never said anything about LLMs. No one has made LLMs work with homomorphic encryption, but at least I’m glad you know this technique and it is very close to being used in other Google technologies.
> Would you say that Google Search is built in a way that the Google servers cannot associate an IP to its search requests?
I never said anything about Google Search either.
Look, at this point I just stopped reading your comment because it’s a mumbo-jumbo of irrelevant facts.
> It is tired and lazy to argue that just because some Big Tech has the capability of doing something bad therefore they must already be doing it.
Irrelevant. The comment never said it was "doing something bad", they just said "they know already". Which is most likely to be true. When the user sends a list of nearby WiFis to Google and Google responds with a location, then Google knows where the user is.
> To allow for an unobstructed gait recording, participants were instructed not to wear any baggy clothes, skirts, dresses or heeled shoes.
> Due to technical unreliabiltities, not all recordings resulted in usable data. For our experiments, we use 170 and 161 participants for CSI and BFI, respectively. [out of 197]
I wish they had explained what the technical unreliabilities were.
The window to embed privacy protections into the IEEE 802.11bf standard is closing. Once this is ratified without safeguards, retrofitting privacy will be much harder.
The paper says, in a somewhat contrived scenario, with dozens of labelled walkthroughs per person, they can identify that person from their gait based on CSI and other WiFi information.
This is a long way from identifying one person in thousands or tens of thousands, being able to transfer identifying patterns among stations (the inference model is not usable with any other setup), etc.
All the talk of "images" and "perspectives" is journalistic fluffery. 2.4Ghz and 5Ghz wavelengths (12cm & 6cm) are too long to make anything a layperson call an "image" of a person.
What creepy thing could you actually do with this? Well, your neighbor could probably record this information and tell how many and which people are in your home, assuming that there is enough walking to do a gait analysis. They might be able to say with some certainty if someone new comes home.
That same neighbor could hide a camera and photograph your door, or sniff your WiFi and see what devices are active or run an IMSI catcher and surveil the entire neighborhood or join a corporate surveillance outfit like Ring. Using the CSI on your WiFi and a trained ML model is mostly cryptonerd imaginiation.
> a study with 197 participants, the team could infer the identity of persons with almost 100% accuracy – independently of the perspective or their gait.
The paper seems to make it clear that the technique still depends on gait analysis, but claims it's more robust against gait variations.
Yet, it's pointless when people VOLUNTEER they private information to corporate actors who happily give EVERYTHING to the highest bidder or, when they have to, for free to governments who ask.
So... sure, be worried of that, be worried of networks of cameras but and more if you ALREADY give everything away, don't be worried, just embrace it! I'm not even being sarcastic here.
Highly unlikely and would be a waste of effort and resources. In the real world we are already well surveilled by cameras, microphones, satellites, cell phones, televisions, modern vehicles with a large number of cameras, web enabled doorbell cameras, refrigerators, AirTags, robot vacuum cleaners that map our home and monitor us, anything bluetooth enabled and that is even before actual spy devices like laser microphones that can turn most windows into a giant microphone.
All of these methods are far more attainable without trying to recreate microwave imaging that has been used by the feds for ages and the feds use a handheld device vs. this complex lab setup and this is even before we talk about advanced high resolution milspec FLIR which some companies have managed to get into serious trouble for selling to sanctioned countries for ITAR violations.
The truth is that it's cool research that currently has zero use-case. But a) journalists would not write about that and b) researchers may try to use examples to explain what their research does. Probably researchers are tempted to find a cool use-case of course, because it's better for them if journalists write about their research.
This sounds like cool research that is not remotely close to becoming an invisible mass surveillance system.
"Xfinity using WiFi signals in your house to detect motion", 500 comments, https://news.ycombinator.com/item?id=44426726#44427986
"Wi-fi signal tracks heartbeat without wearables", 80 comments, https://news.ycombinator.com/item?id=45488908
2022 laptop demo of respiration sensing, https://www.intel.com/content/www/us/en/research/respiration... | https://community.intel.com/t5/Blogs/Tech-Innovation/Client/...
2025 biometric signature, https://www.theregister.com/2025/07/22/whofi_wifi_identifier...
> Researchers.. developed.. a biometric identifier for people based on the way the human body interferes with Wi-Fi signal propagation.. CSI in the context of Wi-Fi devices refers to information about the amplitude and phase of electromagnetic transmissions.. interact with the human body in a way that results in person-specific distortions.. processed by a deep neural network, the result is a unique data signature.. [for] signal-based Re-ID systems
https://hueblog.com/2025/09/23/step-by-step-guide-setting-up...
https://hueblog.com/2025/12/01/next-step-for-hue-motionaware...
The first iPad did not have GPS module. It has location system, though. It worked by listening to WiFi and knowing the location of the routers. The list of them updated over the air.
That a super impressive! I wonder how that would be at scale, with a few millions people. I’m don’t think that would remain as accurate
Has tech changed. I'd use it over my wifi setup if its was fast.
My understanding is that it has improved in some circumstances, but if the connection ends up "hopping" through your breaker you get back to garbage speeds.
In theory you can get 2 Gbps speeds, but in practice it seems like still around 500 Mbps. I don't know if the loss has improved but it was a significant problem before, since even a low loss will render a connection unusable.
At university over a decade ago, we were looking at using Bluetooth/WiFi signals to create live room maps for military applications.
Since then, the tech has only got better.
My cheapo Amazon desk is steel framed, and the monitors have all sorts of metal and signals running through them. I know it impacts wifi because my wifi-connected printer gets crappy signal on one side and decent signal on the other. Good luck getting a positive ID via wifi when I'm sitting at it.
Likewise I don't see how this survives in the real world for a mass surveillance application. Any "signature" will be in constant flux as environments change, in terms of everything from crowds to weather. I'll need to see a demo outside of a controlled environment before I start trying to obfuscate my signature or remodel my house to run Ethernet everywhere.
Nothing says "out of touch with reality" like 'murcan media.
As someone in the RF world, there are way more concerning emerging threats that are much harder to mitigate.
https://www.ieee802.org/11/Reports/tgbf_update.htm
Task Group bf is expected to develop an amendment that defines modifications to the IEEE 802.11 medium access control layer (MAC) and to the Directional Multi Gigabit (DMG) and enhanced DMG (EDMG) PHYs to enhance Wireless Local Area Network (WLAN) sensing (SENS) operation in license-exempt frequency bands between 1 GHz and 7.125 GHz and above 45 GHz.
---
- Stations to inform other stations of their WLAN sensing capabilities
- Request and setup transmissions that enable WLAN sensing measurements to be performed
- Exchange of WLAN sensing feedback and information
The concept sounds not unlike like the multispectral imaging produced by Geordi's visor in TNG.
Seems conceptually possible, but likely too much computing power and observing time (to build up and learn each individual's pattern in that part of the RF band), at least in current times.
I'm sure it could be developed to work in the field, but what is the use case where it pays off to make the silly-money investment to make it happen? Especially so when it's far easier to simply notice pings and get better data when approximately everyone always carries their mobile phone.
I mean you could even jam a microwave oven door open, turn it on, and then measure how much energy loss there was through certain paths. That's essentially all beamforming in Wifi requires -- a really sophisticated way of measuring paths that cause energy loss, and a really sophisticated antenna design that allows you to direct the signal through paths that don't cause energy loss. The first problem is what's facilitating surveillance because humans cause signal loss because our bodies are mostly water, and 2.4 GHz radio waves happen to get absorbed really well by water. This causes measurable signal loss on those paths and the beamforming antennae use that information to route around your body. But they could also just log that information and know where you are relative to the WAP.
Already is and widely used for exactly what the article worries about
Philips WiZ bulbs: https://www.wizconnected.com/en-us/explore-wiz/spacesense
Alarm.com also supports such sensors: https://poweredbyalarm.com/eventresources/wp-content/uploads...
The devices that reported BFI information were also stationary, and there were no extra devices transmitting information that would be conflicting.
A single camera would be much more effective.
Even Xfinity has motion detection in homes using this technique now:
https://www.xfinity.com/hub/smart-home/wifi-motion
> Researchers in Italy have developed a way to create a biometric identifier for people based on the way the human body interferes with Wi-Fi signal propagation.. can re-identify a person in other locations most of the time when a Wi-Fi signal can be measured. Observers could therefore track a person as they pass through signals sent by different Wi-Fi networks – even if they’re not carrying a phone.. their technique makes accurate matches on the public NTU-Fi dataset up to 95.5 percent.
Wi-Fi uses long wavelengths, you can cancel out the noise with one person but crowds are all distorting the same very weak signal here. 5Ghz = 6cm, visible light is 380 to about 750 nanometers.
Off the top of my head, I bet body composition combined with gait analysis would be enough to uniquely identify an individual.
From my minimal research, it could be pushed a lot further.
What I'm particularly interested in is the edge case scenario of duplexes and apartments, where neighbors are unwittingly subjected to surveillance. There is little more to their routers than firmware to impart these capabilities. No reason to think it won't become common, and there are a handful of other companies basically offering just this as a service.
Strange times.
Edit: I should have mentioned the obvious, that pesky thing no one wants to address... When AI is added to this tech, it will get grotesque. Gait recognition, behavioral patterning, etc. Not something to sneeze at.
Possibly what was used to watch Maduro, along with synthetic aperture radar etc.
Let's say you visit a friend in a different city, the same ISP controlling their router, can use your mac, but even if you turn off your wifi or leave your phone in your car, your volume profile and gait can betray you. how you sit, how you lean, how you turn. I'd wager, if 6-10 distinct "points" can be made out and associated with a person, that's all that's needed to uniquely identify that person after enough analysis of their motion, regardless of where they go in the world.
Imagine if they're not using one AP, but using your neighbors AP as well, two neighbor APs and your own can triangulate and refine much better.
But all of the masked rioters and agitators trying to hide their identity should be IDed and prosecuted
China is a huge place with a population larger than the entire western world combined, so I don't doubt something like that could be happening somewhere. Maybe it was a tech demo?
However in general that is not a thing. If you pick any of China's megacities and walk down a street it will take you all of 5 seconds to realize how absolutely not a thing that is. Jaywalking is rampant, so obviously there's efforts to crack down on it, but I've yet to see anyone be shy about it around cameras*.
* And cameras really are everywhere. Though I suspect a lot are closer to a decorative prop for deterrence than a surveillance tool.
What a colossally bad thing to do for personal privacy. Yes let's give governments the ability to spot and pick up anyone they want for any reason under the guise of 'criminality'. ICE or the SS would have a field day.
I guess people better keep their mouth shut if they know what is good for them??
But then we can talk about all the millimeterwave signals that are bouncing around everywhere.
Your resolution limit is about 30mm as a result.
WiFi presence detection is a completely different problem. If the WiFi environment is changing past a threshold, return a boolean yes or no. It can't actually tell if someone is present or if the environment is just changing, such as a car driving close enough to reflect signals back in a certain way.
Doing mass surveillance where you detect individual people in a random home environment isn't the same thing at all. All of these "could" claims are trying to drawn connections between very different problems.
With gait analysis for example, it's only looking at a handful of data points, the way we walk is very unique. lip-reading, i can see how that's a stretch, but out movement patterns and gait are disturbances in radio waves. If you're using just one person's wifi, that sounds difficult, but if you're collecting signal from multiple adjacent wifi access points, it's more realistic to build a very coarse motion representation, perhaps with a resolution no finer than 1 cubic ft, but even with more coarse representations, gait can be observed.
Even gait aside, the volume profile of a person and their location in the house alone are important data points, couple that with the unique wifi identifier or IP, you can make a really good guess at who the person is, and what room they're in.
there is a working group at 3gpp, an EU-funded research group (6th sense, Open6GHub), universities (NCSU, Bristol), and many companies working very hard right now on proposals to include "integrated/joint sensing and communication" (ISAC/JCAS) in the 6G spec.
ISAC means adding mmWave to 6G (ostensibly for speed, but also) to build a high-fidelity 3d realtime "digital twin" of the real world that can see through walls, owned and operated by your telecom provider.
> A very exciting innovation that 6G will bring to the table would be its ability to sense the environment. The ubiquitous network becomes a source of situational awareness, collating signals that are bouncing off objects and determining type and shape, relative location, velocity and perhaps even material properties. With adequate 6G solutions for privacy and trust, such a mode of sensing can help create a “mirror” or digital twin of the physical world in combination with other sensing modalities.
https://www.nokia.com/about-us/newsroom/articles/nokias-visi... https://www.bell-labs.com/institute/blog/building-network-si...
there's been a testbed deployment in a German hospital for "non-invasive" monitoring of vitals; which sounds to me like it can literally see a heartbeat.
https://www.nokia.com/about-us/news/releases/2024/12/17/noki...
truth is, this is the nature of wireless radios. we can't keep improving bandwidth and latency without also turning the radio into a camera. i'm disturbed by the inevitability.
"See through walls"
There used to be a great video on youtube of a very high power 60GHz signal being blocked by a door. Sad I can never find it. E Band isn't much better.
IIRC the 60GHz radio is being left out of a lot of 5G deployments because the slight benefits don't outweigh the cost.
This is a pretty common thing for mmWave (or near mmWave) to be deployed with massive fanfare and then be slowly phased out of existence. I am decidedly not writing this on a WiGig docking station.
I dont see telcos wanting to constantly broadcast extra mmWave for little to no added benefit, especially not in all directions. Likewise, regulators are going to choke on that. And the class/band license schemes would have to be updated, to remove interference from devices already using those bands as they are about to have a constant background level of interference. E-Band PTP users, of which there are many, wont give up their high capacity links to weird 6G omni broadcasts without a fight.
I tell you what however, having a button you can press that would map the environment for alignment sounds like a maybe use case here. Better than a camera for detecting new obstructions when links go down.
They might also add more bands to the whole automatic MIMO backhaul trick they have been pursuing.
it won't start as a mass deployment -- just focused on stadiums, airports, government buildings, etc.; maybe some authoritarian states will attempt mass deployments, but the cost will be an obstacle. also, my read is that western telcos aren't interested in owning a surveillance tool because they know their governments won't let them keep it.
hopefully 6G won't be the end of physical privacy. but it will prototype the end of physical privacy -- and i think it will end up being just a matter of time from that point on, unfortunately.
Which is probably the target case here. 4G had light adoption by smaller telcos, 5G has some self installable repeaters, but most of the plans for 5G to spread to self installed / class license hardware were all vapourware. 6G might have some backing pushing them into trying to find more ways to sell 6G devices, and having put up a bunch of 6G certified (but class license only) devices in your home, it would be cool if you could see some biometrics, and hook the system into home automation for surveillance and determining whether the lights go on.
But without that in home capability, and massive spread of deployed devices I just dont see the surveillance utility. Especially if your town has lots of awnings and trees.
Given a tightly controlled environment and enough training data, you can use a lot of things as sensors.
These techniques are not useful for general purpose sensing, though. The WiFi router in your home isn't useful for this.
These demos use machine learning to train against a known environment.
Basically, pattern matching changes in the signals against a very controlled set of training data.
You can use WiFi signals to detect that something is changing in the environment, but without the machine learning with controlled input data you don't know what it actually means. This is how WiFi presence detection works, but it won't tell you if it's a person moving through the house or your cat walked in front of the router.
LLMs were useless back in 2021.
And based on that I could imagine with a combination of a camera and this method, you could train the model on data where both the camera and this method is seeing the individual and then continue to track them with the wifi sensing + the trained model even where the camera cannot see them anymore.
But yea real world is noisy, so it could be very challenging.
Right, that's what your eyes do. Radio is much longer wavelength than visible light (~5-10cm). So at best it offers extremely crappy resolution unless - you're doing something clever with second order information.
Would not be surprised to see this get more traction right now due to the political climate.
We've seen it before with things like taking photos around corners.
And no, it isn't like the Wright flyer and a bit crap now but in 40 years we have jet planes. This will never get significantly better.
You could for example flag a location (house) and get a list of all of the comings and goings over the last x months, then look them up by identity. You could also flag when an individual was in proximity to another, or when someone turned on, off or switched phones.
I’m sure it amounted to illegal surveillance and would be inadmissible if any of it was done without a warrant, but it would be beautiful for parallel construction. (How is that even constitutional???)
It apparently relied on some kind of infrastructure deployment that consisted of “traffic cameras” and “satellites” ( I’m certain not of the spacecraft type) that I assume were just small receivers mounted on street lights, since the streetlights were almost completely replaced at the same time as the cameras were put in, by the same out of state contractor.
I was there to change out a bad SSD and do a RAM upgrade on one of the servers. I don’t imagine the technology has become less invasive.
If you have a phone or carry active Bluetooth devices, assume you are 100 percent tracked 100 percent of the time.