A team at Karlsruhe Institute of Technology has shown that beamforming feedback information from Wi-Fi signals can be used to identify people walking through a radio field with 99.5 percent accuracy in a controlled study. The work is not a claim that every home router is already naming every person in every room. It is sharper than that. The researchers demonstrated that a feature built into modern Wi-Fi can leak a biometric-like signal through normal wireless operation, and that the leak is strong enough to support identity inference in a lab study with one of the largest datasets used in Wi-Fi identification research.
Table of Contents
The claim is narrower and more serious than the headline sounds
The paper, titled “BFId: Identity Inference Attacks Utilizing Beamforming Feedback Information,” was written by Julian Todt, Felix Morsbach, and Thorsten Strufe from KASTEL Security Research Labs at KIT. KIT’s repository lists the work as a CCS 2025 paper presented at the 32nd ACM SIGSAC Conference on Computer and Communications Security in Taipei, and the abstract states that the team evaluated the first identity inference attack based on BFI using Wi-Fi recordings of 197 individuals.
The technical phrase matters. BFI is not the same as reading someone’s Wi-Fi traffic, stealing a password, joining a network, or tracking a phone MAC address. It is information that Wi-Fi devices send so an access point can steer radio transmissions toward clients more effectively. Because that feedback is sent over the air unencrypted, a nearby listener can record it and analyze how the physical environment has shaped the signal. The researchers argue that this makes BFI a more accessible privacy risk than older channel state information methods, which have usually needed custom firmware and narrow hardware support.
That is the reason the paper has attracted attention beyond the academic wireless sensing community. A camera sees faces and bodies through light. A Wi-Fi sensing system reads changes in radio propagation. The result is not a photograph, but it can still encode behavioural and physical patterns that distinguish one person from another. A person does not need to carry a phone. The target does not need to connect to the Wi-Fi network. The environment only needs active Wi-Fi communication that creates measurable radio changes.
The measured number, 99.5 percent, came from the study’s test set for normal walking sequences. It should be read with the study design in mind: controlled recording area, repeated walking paths, known training data, selected hardware, and experimental traffic patterns tuned to generate enough BFI. Those limits do not make the result harmless. They tell us where the boundary sits between a real finding and a surveillance panic. The central news is not that routers are already omniscient. The central news is that an ordinary communications protocol is leaking a sensing layer that was never treated like biometric infrastructure.
The research behind BFId
BFId stands for an identity inference attack based on beamforming feedback information. In the paper, the authors define the privacy harm as identity disclosure by linking separate Wi-Fi signal recordings of the same person across time. That framing matters because the attacker may not know a target’s name at first. The attack can still break anonymity if it can say, “the person recorded here is the same person recorded earlier.” The authors compare this to recognizing a familiar commuter without knowing their legal identity, then later connecting that pattern to other information.
The dataset is central to the paper’s weight. The researchers recorded 197 participants walking through a Wi-Fi field, with multiple walking styles and multiple perspectives. The paper says the usable subsets were 170 participants for CSI and 161 for BFI, due to technical reliability issues. Participants walked normally, fast, with a backpack, while carrying a bottle crate, and through a turnstile-style path. The study was approved by KIT’s ethics commission and the data collection happened in November 2024.
The team used recurrent neural networks rather than a heavily engineered, domain-specific pipeline. They say that choice was deliberate: the goal was not to squeeze every possible point of accuracy from handcrafted signal processing, but to estimate the lower bound of the privacy risk when an attacker has enough data and a fairly ordinary machine-learning approach. The model used an LSTM followed by fully connected layers, with training and test splits repeated across independent runs.
The result for BFI was 99.5 percent accuracy, plus or minus 0.38, when identifying samples in the normal walking test set. The paper also compared BFI against CSI under the same general study setup. BFI outperformed CSI, which reached 82.4 percent in the authors’ direct comparison. That result surprised the authors because BFI is a compressed, lower time-resolution derivative of channel information. Their interpretation is that the compression may remove noise, and that the BFI representation carried more spatial features per time point in their setup.
The research does not say that a router can identify any stranger without a prior reference. A system that recognizes someone must first have training data or a previous recording to compare against. The privacy risk grows when a person repeatedly passes through radio-covered spaces: a workplace, a campus, a station concourse, a café corridor, a protest route, a hospital, a school, a hotel lobby. The attack turns “seen before” into a radio-level identity marker. That is less cinematic than facial recognition, but in some settings it could be harder to notice and harder to avoid.
The paper’s public discussion has focused on the words “ordinary Wi-Fi,” and that phrase needs careful handling. The experiment used commodity Wi-Fi equipment, including TP-Link Archer BE800 access points and Intel AX210 Wi-Fi network interface cards. It was not a purpose-built military radar. The method exploits a normal Wi-Fi feature, not a hidden hardware implant. Yet the lab still used a controlled configuration and traffic generation. Commodity hardware does not mean casual deployment is trivial. It means the barrier is lower than earlier sensing work that relied on rare cards or modified firmware.
Beamforming feedback is the privacy leak
Beamforming was added to Wi-Fi to improve communication. Instead of spraying radio energy in a rough omnidirectional pattern, an access point with multiple antennas can steer transmissions toward a client device. To do that, the access point needs information about the radio channel between itself and the client. The client measures the channel and sends feedback. In Wi-Fi 5, also known as 802.11ac, beamforming became part of the performance story for faster, more directional wireless links. Cisco’s overview of 802.11ac describes beamforming as a technology that sends transmissions directionally rather than 360 degrees, using multiple antennas to aim the signal.
The KIT paper explains the mechanics more closely. The access point initiates a channel sounding procedure. The client, called the beamformee, uses training fields in the packet to calculate feedback matrices for subcarriers. The feedback is compressed into beamforming angles and sent back to the access point. Those angles are what the paper calls BFI. The access point uses them to compute a steering matrix for better transmission.
The privacy problem sits in the return path. BFI is broadcast over the air unencrypted. A listening device does not need to decrypt the user’s internet traffic to capture it. The attacker only needs to be within radio range and able to monitor the relevant Wi-Fi frames. Because the beamforming feedback is based on the physical channel, it contains traces of the objects and bodies that shaped the signal. A moving human body changes reflections, absorption, scattering, and multipath patterns. Those changes are not meant to be a biometric record, but they can behave like one when processed over time.
Channel state information, or CSI, has long been used in Wi-Fi sensing research. CSI is richer in many ways because it describes amplitude and phase shifts across subcarriers at the receiver. It can support tasks such as activity recognition, gesture recognition, localization, respiration sensing, and person identification. The BFId authors note that CSI has a practical obstacle: extracting it has often required specific network cards and modified firmware. BFI is different because it is already sent as part of the beamforming procedure and can be captured more easily from commodity devices.
That difference changes the security model. A CSI attacker may need to place a compatible receiver in the communication path or use specialized tools. A BFI attacker can potentially listen to feedback from legitimate clients already talking to an access point. The BFId paper states that a single malicious node can record multiple BFI perspectives between an access point and legitimate clients as long as it is within broadcasting range. That multi-perspective capture is one reason BFI is more worrying than its compressed format suggests.
This is a classic engineering trade-off turning into a privacy question. The feature was designed to make Wi-Fi work better. It was not designed as a human sensor. Yet the same measurements that help a router aim radio energy also describe the room. The failure is not that engineers forgot privacy entirely. It is that a low-level network feature was treated as harmless because it was not user content, even though physical-layer metadata can reveal people, movement, and identity.
The standard-router detail changes the threat model
The phrase “standard Wi-Fi routers” is doing heavy work. Many wireless sensing papers are impressive but distant from everyday deployment because they rely on custom radar hardware, software-defined radios, lab-grade antennas, or old Wi-Fi cards with research firmware. BFId is different because it focuses on a data source linked to beamforming, a mainstream wireless feature. The paper says beamforming was introduced in Wi-Fi 5 and that the feedback is available through common-off-the-shelf hardware.
That does not mean every router owner can install an app tonight and identify passersby. The experiment used a prepared setup, repeated walking sequences, traffic generation, and a trained model. A reliable attack still needs collection, labeling, model training, and enough comparable samples. Many real spaces are noisy. People move in groups. Furniture changes. Doors open. Access points use different channels, bands, antennas, firmware, and traffic patterns. Even the paper says its traffic pattern was tuned to maximize the number of channel sounding procedures and that everyday traffic might lower sampling frequency and reduce attack accuracy.
The serious shift is that the attack no longer depends on the target carrying a device. Phone-based tracking depends on a device identifier, probe request, Bluetooth beacon, app SDK, cellular metadata, or location permission. Wi-Fi sensing can treat the body itself as the disturbance in the signal. ScienceDaily’s report based on KIT’s release quotes Professor Thorsten Strufe saying radio waves can create an image of surroundings and present persons, like a camera using radio waves instead of light, and that carrying a Wi-Fi device is not necessary.
A passive listener also may not need to join the network. That distinction matters for cafés, offices, hotels, public buildings, apartment corridors, and retail spaces. Many people understand that connecting to a public Wi-Fi network exposes some metadata. Fewer understand that the mere existence of a nearby Wi-Fi network can create a signal field in which their body becomes measurable. Even fewer can tell which routers are using beamforming, how often beamforming reports are sent, whether BFI is being captured, or whether a third-party device is listening.
Standard hardware also affects regulation. A specialized surveillance camera is visible, named, purchased, installed, and often covered by signage rules. A Wi-Fi access point is ordinary infrastructure. If it becomes a sensor by software, firmware, or passive capture, the line between network equipment and surveillance equipment blurs. That is why BFId is not only a cybersecurity paper. It is a standards-governance paper in disguise.
Radio sensing has been building toward this point
BFId did not appear from nowhere. Wi-Fi sensing has been a research field for years, driven by a simple fact: wireless signals change when they pass through and around bodies. Earlier work used Wi-Fi channel information to detect motion, recognize activities, infer gestures, estimate breathing, count people, localize bodies, and identify individuals. The KIT paper’s related work section lists many CSI-based sensing tasks, including activity recognition, gesture recognition, object recognition, human tracking, respiratory rate estimation, and human counting.
One influential line of work showed that Wi-Fi can support person perception. The Person-in-WiFi paper, published at ICCV 2019, argued that fine-grained person perception can be achieved with Wi-Fi antennas rather than cameras, using two sets of antennas arranged like household router hardware. The authors described Wi-Fi signals as a one-dimensional input that penetrates and reflects from bodies, furniture, and walls, then used deep learning to estimate body segmentation and pose.
Another line used radio frequency signals for re-identification over time. In RF-ReID, presented at CVPR 2020, researchers at MIT introduced a method for person re-identification using RF signals rather than camera appearance. The paper argued that radio signals can pass through clothes and reflect off the human body, making them useful for features such as body size and shape across days and lighting conditions.
More recently, WhoFi proposed person re-identification through Wi-Fi channel signal encoding. The arXiv paper says biometric features are extracted from CSI and processed through a deep neural network with a Transformer-based encoder. It reports experiments on the NTU-Fi dataset and frames Wi-Fi re-identification as a complement to visual methods that suffer from lighting, occlusion, and camera angle limits.
The pattern is clear. The research community has moved from detecting that “someone is present” toward estimating “what a person is doing,” “where a person is,” and “which person this probably is.” Surveys of Wi-Fi-based human identification now describe machine-learning methods that analyze Wi-Fi signal fluctuations caused by human presence. A 2024 Sensors survey calls Wi-Fi-based human identification a field of recent practical implementations and machine-learning methods.
BFId advances the privacy debate because it shifts attention from what can be sensed in principle to what can be sensed through a routinely broadcast Wi-Fi feature. Earlier Wi-Fi identification research was already privacy-relevant. BFId says the attack surface may be closer to normal network operation than many people assumed.
BFI outperformed CSI for reasons that should worry standards bodies
At first glance, BFI should have been worse than CSI. BFI is compressed, lower in time resolution, and derived from channel measurements rather than exposing the richer raw channel state. CSI appears to hold more information. The KIT team expected CSI to beat BFI in several scenarios. Their results contradicted that expectation: BFI reached 99.5 percent in the normal-walking test, while CSI reached 82.4 percent in the direct comparison.
The paper offers two possible explanations. First, compressing the feedback matrix into angles may act as a kind of pre-processing or noise removal. Second, the channel sounding procedure may provide higher spatial resolution. In their setup, BFI had 740 features per time point compared with 212 for CSI. That means a “smaller” or more compressed signal source can still be better for identity inference if it preserves the right spatial structure.
That point is uncomfortable for standards work. A common privacy instinct is to reduce precision. If the data is lower resolution, sampled less often, or compressed, it feels safer. BFId challenges that instinct. The researchers tested reduced sample rates and found only small effects on BFI identification accuracy. They concluded that simple time-coarsening appeared ineffective as a mitigation.
The deeper lesson is that privacy cannot be assessed by asking whether a data field looks human-readable. BFI does not look like a face image. It does not obviously expose a name, voice, fingerprint, or location pin. Yet a model can learn patterns that distinguish a gait or body interaction with radio waves. A dataset can be personal even when no human can inspect one record and understand it. That principle already applies to many forms of machine-learning telemetry; BFId brings it into the physical layer of wireless networking.
Standards groups tend to reason about confidentiality around payloads, authentication, link access, and protocol integrity. Those remain necessary. They are not enough for sensing. A payload can be encrypted while the physical channel leaks body movement. A network can have strong password protection while management or feedback information remains observable. A device can keep a user’s content private while still broadcasting measurements that describe the room.
That is why BFI is a hard policy object. Encrypting it would be a straightforward privacy instinct but a messy engineering change. The paper notes that encrypting beamforming information would require changes to the Wi-Fi standard and may create compatibility problems. Noise injection may harm beamforming alignment and network performance. Reducing sounding frequency may not do enough. The finding moves BFI from a performance detail into the category of data that may need privacy engineering at the standard level.
The attack does not need a face, a phone, or visible light
Most people understand camera surveillance because cameras resemble human seeing. Wi-Fi identification works through a stranger mental model. It does not need a face. It does not need visible light. It does not need the person to hold a phone. It watches the radio field, not the body directly. Still, the body is what changes the field.
The BFId paper says a human in a signal path causes different reflection, refraction, and transmission properties. Those signal alterations can be analyzed to infer information about the environment. Earlier Wi-Fi sensing applications used the same broad principle for motion, activity, and localization. BFId applies it to identity.
This creates a hard consent problem. A person can choose not to connect to a café Wi-Fi network. A person can turn off a phone. A person can avoid a visible camera if signage and layout allow it. A person cannot easily choose not to interact with radio waves in a Wi-Fi-covered public room. The sensing surface is ambient. It is present because other devices are communicating.
The paper’s authors explicitly frame Wi-Fi identity inference as a privacy attack, even though other research has described RF-based re-identification as more privacy-preserving than cameras. That conflict is worth taking seriously. A radio system may avoid capturing face images, clothing, or written documents visible in a room. In medical or elder-care contexts, that can reduce some privacy harms compared with video. Yet once radio patterns become identity-linked, radio sensing can expose routine, presence, movement, activity, and bodily patterns in a way that cameras cannot always match.
The privacy risk grows because the signal can work in darkness and around occlusions. RF-ReID’s authors describe radio signals as useful under occlusion and poor lighting. WhoFi is motivated in part by limits of camera-based re-identification under lighting, occlusion, and angle changes. BFId’s threat model extends the concern to common Wi-Fi environments.
This does not mean Wi-Fi identification beats cameras in all settings. A camera can capture rich visual evidence. A face recognition system can match a person to a government ID database if such data exists. A Wi-Fi system may need prior radio samples from the same person in similar conditions. The risk is different: Wi-Fi identification may be less obvious, less regulated, and harder for ordinary people to detect.
The 99.5 percent figure needs careful interpretation
The number is real within the study, but it is not a universal field guarantee. The researchers trained and tested on data collected under controlled conditions. Participants followed planned walking paths. The lab captured repeated sequences. Clothing restrictions were used to avoid gait obstruction. The authors acknowledge that those restrictions may overestimate the identification potential of BFI, while also reducing clothing diversity in a way that could make the task harder.
The model also used a closed-set classifier. That means the system was tested on people who were part of the known identity set. The authors say they could not test how the model generalizes to individuals outside the training data because they used a softmax classifier for comparability with prior work. This is a major difference from open-world surveillance, where a system must decide whether a person is known, unknown, or similar to someone known.
Population scale also matters. A 161-person usable BFI dataset is large by Wi-Fi sensing standards. It is small compared with city-scale identity systems. The paper says datasets with thousands of identities would be desirable for studying large organizations or smart-city contexts. That caveat matters because classification becomes harder as the number of possible identities grows.
The environment matters too. A clean lab route is not a crowded metro station. Real rooms contain overlapping bodies, furniture movement, doors, pets, reflections from appliances, changes in humidity, and network congestion. People walk side by side. They stop, turn, sit, lean, carry bags, push strollers, or use mobility aids. A real attacker would need to handle all of that. BFId should not be read as proof that public Wi-Fi networks can already identify every passerby at 99.5 percent accuracy in the wild.
Still, dismissing the result because it is controlled would be a mistake. Controlled demonstrations often mark the beginning of a capability curve. Cameras, face recognition, fingerprint sensors, voice biometrics, and wireless localization all moved from constrained settings toward messier deployments over time. The paper shows that BFI contains enough identity signal to make the question urgent. The next studies will test scale, cross-environment transfer, multi-person scenes, longer time gaps, and adversarial countermeasures.
The most honest reading is this: 99.5 percent is not a consumer-router warning label. It is a research result showing that BFI can carry strong identity information under favorable conditions. That is enough to demand privacy protections before Wi-Fi sensing becomes a default feature in mainstream infrastructure.
The experiment was built to separate biometric signal from session noise
One of the most useful parts of BFId is that the authors tried to test whether the model was learning actual human features rather than accidental session artifacts. A machine-learning model can cheat in subtle ways. It might learn a time stamp pattern, a device state, a room drift, a traffic artifact, or a recording quirk rather than a person. If so, the headline result would look impressive but say less about biometric risk.
The paper describes an empty-room test. The researchers used models trained on normal walking and tested them against recordings of the empty room before or after participants. They used top-2 accuracy because many empty-room recordings sat between two participants. The BFI model reached only 2.34 percent top-2 accuracy in that empty-room test, which the authors interpret as support for the idea that the relevant identification signal came from the person walking through the setup rather than hidden session information.
That test does not prove the model has a clean, human-readable understanding of gait. The authors admit that it remains unclear exactly how human gait influences beamforming reports and that a deeper semantic understanding of BFI features is missing. It does, however, weaken a simple dismissal that the system merely memorized recording sessions.
The study also tested walking-style transfer. The model trained on normal walking was used on other walking styles without retraining. The authors report that BFI still identified people reliably across the tested styles, while CSI dropped more sharply under fast and turnstile conditions. That is relevant because a real person does not walk exactly the same way every day. A surveillance method that only works under one repeated lab gait would be less worrying. A method that survives some changes in walking pattern deserves closer review.
The use of multiple perspectives adds another layer. The authors recorded from four perspectives, including line-of-sight and non-line-of-sight arrangements. Prior work often used fewer perspectives. A passive BFI listener may collect feedback linked to multiple legitimate clients in different positions, which could supply a richer view than one isolated receiver.
The experimental design is not perfect, and no academic study is. The authors’ limitations section is candid about dataset scale, controlled conditions, model generalization, and missing feature semantics. That candor strengthens the paper. The study is best read as an evidence-led warning, not as a finished surveillance product.
Standardization could move Wi-Fi sensing from research into infrastructure
IEEE 802.11bf is the standards track that makes this debate bigger. The IEEE 802.11 Task Group BF describes WLAN sensing as the use of PHY and MAC features of IEEE 802.11 stations to obtain measurements useful for estimating features of objects in an area of interest, including range, velocity, angle, and motion, with objects including humans, animals, and environments such as homes, enterprises, and vehicles.
NIST’s 2023 overview says Task Group IEEE 802.11bf was formed to develop an amendment that would improve support for Wi-Fi sensing and applications such as user presence detection, environment monitoring in smart buildings, and remote wellness monitoring. A separate IEEE Communications Magazine article describes Wi-Fi sensing procedures for sub-7 GHz and 60 GHz bands and says 802.11bf supports sensing measurement design elements, including sensing by proxy.
Industry has clear reasons to want this. Wi-Fi sensing can turn installed access points into motion sensors. It can support home security, elder care, energy management, occupancy analytics, device wake-on-approach, gesture controls, and network troubleshooting. The Wireless Broadband Alliance says Wi-Fi sensing enables motion detection, gesture recognition, and biometric measurement using existing Wi-Fi signals and creates markets in home security, health care, enterprise, and building automation.
Those uses are not imaginary, and some are genuinely useful. A home system that detects a fall without a camera could help older people live independently. A building system that senses occupancy without installing new sensors could reduce wasted energy. A laptop that locks when the user walks away could improve security. A hospital room that monitors respiration without a wearable could be valuable under strict controls.
The problem is that the same infrastructure that supports benign sensing can support silent identification. Standards can make a capability interoperable, reliable, and cheap. They can also normalize it before privacy rules catch up. If sensing APIs, measurement reports, and firmware hooks become standard router functions, the question is not whether a research team can build a demo. The question becomes who controls the sensing data, who can access it, how consent works for bystanders, and whether people can opt out without leaving modern indoor spaces.
The BFId authors argue that planned Wi-Fi sensing standardization should strongly consider effective privacy protection or abandon beamforming entirely. That is a strong statement. It reflects their view that existing mitigation approaches are not enough for BFI-based sensing and that there is no straightforward path to neutralize the threat without protocol-level changes.
Commercial Wi-Fi sensing has a privacy bargain to make
The commercial pitch for Wi-Fi sensing often sounds privacy-friendly because it avoids cameras. That claim has some truth. A radio-based fall detector may be less intrusive than a video camera in a bedroom. A motion sensor that does not capture faces may be preferable in bathrooms, care homes, or private homes. Wi-Fi sensing can reduce hardware cost by using infrastructure already installed for connectivity. The Wireless Broadband Alliance lists elder care, energy management, home monitoring, troubleshooting, and biometric high-resolution sensing as use cases.
The bargain changes when sensing becomes identity-capable. Motion detection asks whether someone moved. Occupancy sensing asks whether a space is used. Activity recognition asks what someone is doing. Identity inference asks who the person is, or at least whether the person is the same one seen before. The jump from presence to identity is the jump from automation to surveillance.
Companies will be tempted to blur those categories. A router vendor may market “home awareness.” A broadband provider may offer “smart security.” A building-management platform may sell “occupancy intelligence.” A workplace vendor may pitch “space use analytics.” Each use can be described as aggregate and helpful. Yet the raw signal or model embeddings may still support person-specific tracking if stored, linked, or repurposed.
This is where privacy engineering needs to be designed into products rather than added through policy language. A safer Wi-Fi sensing product would minimize raw signal retention, process locally when possible, separate motion detection from identity-bearing representations, avoid storing reusable biometric templates, give clear user controls, and provide visible indicators when sensing is active. In shared spaces, it would also need rules for visitors and bystanders who never accepted a router’s terms of service.
The harder cases are multi-tenant and public spaces. A private home owner can choose a camera or Wi-Fi sensing device, though guests still deserve notice. In a workplace, employees may face pressure to accept monitoring. In a café, passersby may never see a disclosure. In a school or hospital, sensitive populations are involved. Consent is weakest exactly where ambient infrastructure is strongest.
Wi-Fi sensing businesses will argue that identity inference is not their product. That may be true. But privacy risk comes from capability, not only stated intent. A dataset collected for fall detection may later support routine profiling. A motion log may become a worker attendance record. A troubleshooting tool may become a presence analytics product. BFId shows why product categories must be separated technically, not only contractually.
BFI creates a different problem from phone tracking
Phone tracking has been debated for years. Retailers, airports, advertisers, and analytics firms have used Wi-Fi and Bluetooth signals to estimate foot traffic and repeat visits. Modern devices have added MAC address randomization and permission controls, though the arms race continues. The target in those systems is usually the device.
BFI-based sensing shifts attention to the person’s body. Turning off a phone may not remove the body from a Wi-Fi field. Not connecting to Wi-Fi may not prevent the environment from carrying identity-relevant signal changes. A person can be a passive target because other clients are communicating with the router. ScienceDaily’s KIT-based report says nearby wireless devices connected to the network can generate enough signal activity for the system to work, and turning off a smartphone is not enough to avoid detection in the researchers’ framing.
This does not make phone privacy controls useless. Device identifiers still matter. App location permissions still matter. Bluetooth beacons still matter. Phone tracking can link a person to an account, ad ID, payment profile, or real-world identity faster than radio gait inference. But body-based radio sensing removes a major user defense: leaving the device out of the equation.
That matters for public protest, domestic abuse, labor organizing, clinics, places of worship, and political meetings. A person might leave a phone at home to avoid cellular tracking. A person might use cash. A person might cover their face or avoid cameras. None of those measures necessarily stop ambient radio sensing if the environment is instrumented. BFId’s authors explicitly mention political and authoritarian surveillance risks, including the possibility of linking people recorded near a protest route to later benign appearances.
There is also a psychological gap. People increasingly assume phones are trackers. They do not assume routers are biometric observers. That false sense of normality is part of the threat model. Wi-Fi access points are trusted background objects. They hang from ceilings and sit on shelves without the social meaning of a camera. A router does not look like a witness. That is precisely why router-based sensing needs stronger disclosure rules.
The privacy harm starts before a legal name is attached
Some defenders of radio sensing may argue that a Wi-Fi model does not know your name, passport number, or account. That argument misses the privacy point. Pseudonymous tracking can still be harmful. If a system can recognize the same person across visits, it can build a profile before it knows who that person is. If another data source later links the radio profile to a badge swipe, payment card, face image, car plate, phone signal, or booking record, the profile becomes identifiable.
The BFId paper defines identity disclosure as linking independent recordings of the same individual. It says that breaking anonymous presence in public can cause privacy harm even without a direct mapping to a real-world identity. The authors also note that linking to a real identity through auxiliary information is generally possible later and would amplify the harm.
That is consistent with modern data protection thinking. The GDPR defines personal data as information relating to an identified or identifiable natural person, including indirect identification through identifiers or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity. It defines biometric data as personal data from technical processing of physical, physiological, or behavioural characteristics that allow or confirm unique identification.
Under that logic, a radio-derived gait or body-interaction pattern used to distinguish a person could be highly sensitive even if it is not a face template. The exact legal classification would depend on jurisdiction, purpose, implementation, and whether unique identification is intended. But the policy direction is clear: radio biometrics should not escape scrutiny because they do not look like traditional biometrics.
California’s privacy guidance says personal information includes data that identifies, relates to, or could reasonably be linked to a person or household, directly or indirectly. It also lists biometrics, like facial recognition, as sensitive personal information. Wi-Fi identity templates may not be named in every statute, but the underlying privacy logic applies when a business can link behavior to an individual or household.
The risk is not only “the router knows your name.” It is that the router or a nearby listener may learn that the same unknown person comes to a union office, a fertility clinic, a therapist, a political campaign office, or a competitor’s building at certain times. Repeated recognition is often enough to become surveillance.
Remote biometric identification law may have to cover radio signals
European AI law already treats remote biometric identification as a special category. The European Commission’s AI Act Service Desk says a remote biometric identification system is defined functionally as an AI system intended to identify natural persons without their active involvement, typically at a distance, by comparing biometric data with a reference database, regardless of technology or type of biometric data.
That technology-neutral wording is important. It suggests that the regulatory concern is not limited to faces. If a radio signal-derived representation is biometric data used to identify a person at a distance without active involvement, it may raise similar concerns. Legal analysis would still need to examine the system’s design and purpose, but radio-based identity inference fits the policy problem that remote biometric rules were built to address.
The EU AI Act’s Article 5 limits real-time remote biometric identification in publicly accessible spaces for law enforcement, subject to narrow objectives and prior authorization requirements. The text focuses heavily on law enforcement and public spaces, but the broader message is that live biometric identification in public is a high-rights-impact activity, not a routine analytics feature.
Wi-Fi sensing complicates enforcement because it may not produce a face match or a visible camera feed. A regulator may need to inspect firmware, access logs, signal processing, model embeddings, and network telemetry. A bystander may not know a system is active. A building owner may buy a “presence detection” service without realizing it creates identity-capable measurements. A vendor may claim raw BFI never leaves the device while derived embeddings do.
The law also needs to distinguish authentication from identification. A device that unlocks when its owner approaches is different from a building system that identifies everyone passing through a hallway. Recital 17 of the AI Act distinguishes biometric verification for a claimed identity from remote biometric identification of people without active involvement. That distinction maps directly onto Wi-Fi sensing product design.
Regulators should avoid overreacting by banning every ambient sensing use. They should also avoid underreacting by treating radio measurements as mere network diagnostics. A practical legal test should ask whether the system creates reusable person-specific representations, whether those representations can identify or re-identify people, whether bystanders are captured, and whether people can refuse sensing without losing access to ordinary spaces.
Existing Wi-Fi security does not solve this leak
WPA2, WPA3, and encrypted web traffic protect important things. They do not automatically protect physical-layer side channels. A Wi-Fi network may have strong password security and still send management or feedback information that reveals environmental patterns. A user may browse through HTTPS and still be sensed as a body moving through a radio field.
The BFId paper is clear that BFI is sent unencrypted as part of beamforming feedback. Earlier BFM sensing work also states that compressed beamforming feedback is transmitted without encryption and can be overheard by third parties in the environment. BFMSense, a 2024 NSDI paper, showed that beamforming feedback matrix data can be used for fine-grained sensing, including respiration sensing and human trajectory tracking, and stressed that BFM is available on newer commodity Wi-Fi cards without special firmware or drivers.
LeakyBeam, presented at NDSS 2025, pushed the privacy warning in another direction: occupancy detection. The paper says BFI packets are unencrypted and can retain movement information even through walls, allowing attackers to infer occupancy at a distance. It reported true positive and true negative rates of 82.7 percent and 96.7 percent in a real-world evaluation at 20 meters.
Together, these papers show that the issue is not a single lab curiosity. BFI and related beamforming feedback data are becoming a general sensing source. One paper uses it for respiration and trajectory. Another uses it for occupancy detection through walls. BFId uses it for identity inference. The common thread is that Wi-Fi performance metadata can become human telemetry.
Security teams often separate confidentiality, integrity, and availability from privacy. BFI shows why that separation is too narrow. A network can be secure against unauthorized data access while still leaking information about people nearby. The attacker may not steal a packet payload. The attacker may not compromise the router. The attacker may only listen to legally receivable radio emissions and run a model.
That is hard to explain to consumers. It is also hard to patch through user behavior. People can update router firmware, use WPA3, disable guest networks, and avoid unknown Wi-Fi. Those are still good practices. But they do not necessarily stop a neighbor’s router, a café’s access point, or a compromised IoT device from creating or capturing sensing data. The remedy has to live closer to device design, protocol standards, and deployment policy.
The hardest mitigation is the one users cannot do themselves
The paper’s mitigation discussion is sobering. Reducing the number of beamforming reports sounds like an obvious defense. The authors tested lower sample rates and found the impact on BFI identification accuracy was very limited. Injecting noise into CSI might degrade BFI, but because BFI is derived through compression and transformations, the effect is uncertain. Inaccurate BFI can also harm beamforming alignment, causing packet loss and worse network performance. Encrypting BFI would require changes to the Wi-Fi standard and could create device incompatibility.
That means ordinary users have few direct controls. A person walking past a public Wi-Fi network cannot ask the access point to encrypt BFI. A guest in an apartment building cannot control every neighbor’s router. An employee cannot inspect workplace access point firmware. A café visitor cannot know whether a nearby laptop is passively capturing feedback frames.
Router administrators may be able to reduce risk in limited ways: turn off optional sensing features, disable beamforming if the router supports it and performance impact is acceptable, keep firmware current, isolate untrusted IoT devices, restrict management access, and monitor for rogue devices. Yet these are partial defenses. Disabling beamforming can reduce network quality. Not all routers expose a usable setting. Some mesh and enterprise systems depend on beamforming for performance.
The stronger defenses require industry action. Standards bodies could define encrypted or authenticated feedback mechanisms. Chip vendors could limit raw feedback exposure. Operating systems could restrict monitor-mode capture of sensitive feedback frames. Router vendors could add clear sensing controls and physical indicators. Enterprise Wi-Fi controllers could produce audit logs for sensing-capable features. Regulators could require disclosure when Wi-Fi infrastructure is used for sensing.
There is also a product-design route: keep sensing models task-specific and non-identifying by construction. A fall detector does not need to store reusable person identities. An energy system does not need individual tracking. A troubleshooting tool may only need coarse occupancy. Vendors should prove that their systems do not create re-identifiable embeddings if they claim to be non-identifying.
The challenge is verification. A privacy claim is easy to write and hard to test. Regulators and independent labs will need technical evaluation methods for ambient sensing systems. The WBA has already worked on Wi-Fi sensing test methodology and performance metrics; privacy testing needs the same rigor.
BFI, CSI and camera surveillance compared
| Method | Data source | Target cooperation | Main privacy concern | Practical barrier |
|---|---|---|---|---|
| BFI-based sensing | Beamforming feedback sent during Wi-Fi operation | No | Passive identity or activity inference from ambient radio fields | Standard-level protections are weak |
| CSI-based sensing | Channel state measurements at receiver | No | Fine-grained movement and identity inference | Often needs specific hardware or modified firmware |
| Camera surveillance | Visible-light images or video | No | Face, body, clothing, behavior and context capture | Visible deployment and stronger existing rules |
This comparison shows why BFI deserves attention even though it produces no image. Its danger is not visual detail; its danger is low-friction capture from communication metadata that was not designed as a biometric control surface.
Wi-Fi sensing may become useful before it becomes safe
A blunt ban on Wi-Fi sensing would ignore real benefits. Camera-free fall detection is useful. Passive respiration monitoring can help in care settings. Occupancy-aware heating and cooling can save energy. Gesture controls can improve accessibility. Device proximity sensing can improve security. The research and market interest exist because Wi-Fi is already installed, already powered, and already networked. That makes it an attractive sensing platform.
The safety problem is not sensing by itself. The problem is unbounded sensing. A room-level motion detector is different from a person-specific identity tracker. A local fall alert is different from a cloud platform that stores movement profiles. A system controlled by a resident is different from one controlled by a landlord, employer, retailer, or government agency. The same physics can support different governance choices.
Health care offers the clearest example. An elder-care Wi-Fi sensing system may reduce the need for cameras in intimate spaces. But older adults, patients, and disabled people are also vulnerable to over-monitoring. A care system could become a compliance tool that scores daily routines, flags “deviations,” or shares data with insurers, landlords, or family members without clear consent. In that setting, privacy is not a luxury. It is part of care quality.
Workplaces are another pressure point. Occupancy sensing can improve space planning and safety. Identity inference can become attendance surveillance, productivity monitoring, union-risk analysis, or disciplinary evidence. Employers may present sensing as aggregate analytics while retaining enough raw or derived data to reconstruct individual behavior. A strong policy should draw the line at person-level identification unless there is a narrow, lawful, transparent, and necessary purpose.
Public venues are the hardest. A retail store may want footfall analytics. A transit hub may want crowd flow. A city may want occupancy estimates. But public-space identity sensing through Wi-Fi would create a hidden layer of tracking beneath everyday movement. The EU AI Act’s concern with real-time remote biometric identification in public spaces shows why this category needs extra scrutiny.
Wi-Fi sensing can become safer if products are designed around data minimization, local processing, narrow purpose, opt-out controls, visitor notice, and independent testing. Without those constraints, the commercial incentive will push toward richer data, longer retention, and cross-service linking.
The public-space scenario is the real alarm bell
The most alarming scenario is not a curious homeowner. It is a network of ordinary spaces that recognize bodies as they pass. A café Wi-Fi network records a person in the morning. A nearby office lobby records a similar BFI-derived pattern in the afternoon. A public building records the same pattern next week. A data broker, employer, security contractor, or state agency links those records. The person may never have joined any of the networks.
BFId’s authors describe this risk in terms of broken anonymous presence. Their protest example is deliberately political: an oppressive state could record people on the way to a protest via Wi-Fi infrastructure and later recognize them in a benign context.
A democratic society should not treat that as a fringe concern. Surveillance tools often migrate from exceptional use to ordinary administration. Camera networks began as security systems and became analytics infrastructure. License-plate readers began as policing tools and became broad location databases. Mobile ad IDs began as advertising aids and became a tracking ecosystem. Ambient radio identification could follow the same path if the first deployments arrive as “smart building” features rather than surveillance systems.
Public-space radio sensing also evades social notice. Cameras are not always obvious, but people know what a dome camera is. A Wi-Fi access point mounted on a ceiling is invisible as a privacy symbol. A Raspberry Pi in a backpack or a compromised IoT device is even less visible. The BFId paper’s adversary model includes passive capture and notes that many Wi-Fi-enabled devices are poorly maintained and could be taken over, lowering the barrier to large-scale and long-term tracking.
The policy answer should focus on capability thresholds. A network that detects anonymous occupancy for fire safety is not the same as a network that links repeat visitors. A router that improves signal quality is not the same as a router that exports BFI to an analytics engine. A sensing product that deletes raw data instantly is not the same as one that stores embeddings. Public rules should ask: does the system identify, re-identify, classify sensitive attributes, or enable repeated tracking?
That threshold-based approach avoids both extremes. It does not panic over every radio measurement. It does not let identity-capable systems hide behind technical opacity.
Workplaces face a quiet monitoring temptation
Offices, factories, warehouses, campuses, and hospitals already use Wi-Fi networks as operational infrastructure. They also use badge systems, cameras, access logs, productivity software, and building sensors. Wi-Fi sensing fits neatly into that stack. It can detect occupancy without new sensors. It can measure room use. It can help troubleshoot coverage. It can improve safety alerts. In the wrong deployment, it can also create a body-level monitoring layer.
The temptation will be strongest in hybrid offices and large campuses. Employers want to know which spaces are used, which teams come in, how meeting rooms perform, and whether leased real estate is wasted. Aggregate occupancy data can answer some of that. Identity-capable sensing can answer much more: who arrived, where they walked, which informal gatherings formed, who visited a union organizer, who entered a clinic, who took breaks, who avoided certain spaces.
Some of this is already possible through badges and cameras. Wi-Fi sensing adds a less visible path and may cover spaces where cameras are absent. The BFId finding makes a specific warning: if Wi-Fi signal patterns can identify people across walking styles and perspectives, then a workplace system designed for occupancy could become identity-capable with enough training data.
Workplace privacy rules should demand separation between network management and people analytics. Network teams need telemetry to maintain service. Employers do not automatically need identity-level movement inference. A strong workplace policy would ban the use of Wi-Fi sensing for individual performance, discipline, union monitoring, health inference, or covert attendance tracking unless a narrow legal basis exists and workers have enforceable rights.
Employee consent is often weak because of power imbalance. A pop-up notice or handbook clause should not be enough for ambient biometric sensing. The default should be aggregate, non-identifying, short-retention sensing. Anything beyond that should trigger strict review, works council involvement where applicable, and independent audit.
Vendors can support this by refusing to expose identity features in workplace products unless explicitly certified for a lawful high-risk use. They can also document what data is collected, where it is processed, whether raw BFI is retained, and whether embeddings can re-identify people. Security buyers should ask those questions now, before sensing becomes a checkbox in enterprise Wi-Fi controllers.
Homes and apartment buildings create bystander problems
Home Wi-Fi sensing is often framed as owner-controlled. A resident buys a service to detect motion, monitor an older relative, protect against intruders, or automate lights. That framing misses two groups: guests and neighbors.
Guests may not know a home’s Wi-Fi network is being used as a sensor. A babysitter, cleaner, nurse, delivery worker, repair technician, friend, or relative may be recorded as movement data. If the system can distinguish repeat visitors, it can create a pattern of presence. If it can infer activity, it may reveal routines. If it can identify people by gait, it becomes a domestic biometric system.
Apartment buildings add complexity. Wi-Fi signals cross walls. LeakyBeam showed that BFI can retain movement information even through walls and used leaked packets outside a residence to infer occupancy. That was an occupancy attack, not BFId’s identity attack, but the shared theme is that radio boundaries do not match property boundaries.
A neighbor’s router may create or expose sensing signals that pass into another unit. A compromised device may listen. A landlord’s managed Wi-Fi system may cover hallways and shared spaces. A building-wide mesh network may produce detailed signal coverage across private and semi-private zones. The person affected by sensing may not be the person who bought the router.
Domestic abuse and stalking risks deserve special attention. Occupancy inference can reveal whether someone is home. Movement patterns can reveal routines. Repeat recognition can reveal visits. A stalker does not need perfect identification across a city to cause harm; knowing that a target entered or left a residence may be enough. The NDSS LeakyBeam paper explicitly discusses occupancy privacy risks such as burglaries or stalking.
Home-product rules should require clear sensing indicators, guest notices, local processing by default, and easy disabling. For multi-unit buildings, managed Wi-Fi sensing should not be deployed in shared or private-adjacent spaces without strong governance. The smart home cannot be allowed to become a sensor network for everyone who crosses its radio field.
Retail and hospitality will see analytics value
Retailers, cafés, hotels, airports, and malls care about repeat visits, dwell time, queue length, store layout, and conversion patterns. They already use cameras, Wi-Fi analytics, Bluetooth beacons, point-of-sale data, loyalty apps, and mobile ad data. Wi-Fi sensing offers a new analytics layer that may work even when a person does not connect to the network.
For businesses, the attraction is obvious. Existing Wi-Fi infrastructure is already present. Sensing can be pitched as lower-cost than cameras and more privacy-friendly because it does not store images. It can detect movement in places where lighting is poor or cameras are unwelcome. It can support security, staffing, cleaning schedules, room use, and customer flow.
The risk is function creep. A hotel could use sensing to detect room occupancy for energy savings, then extend it to staff productivity or guest behavior. A café could use it to measure foot traffic, then identify repeat visitors. A mall could combine it with camera analytics and payment data. A venue could sell aggregated insights that quietly remain re-identifiable. Retail analytics has a long history of turning “anonymous” signals into profile-building.
BFId does not prove that a store can reliably identify every shopper tomorrow. It does show that radio fields can carry identity-relevant patterns. Retail and hospitality operators should treat Wi-Fi sensing as sensitive by default, not as harmless infrastructure analytics. Any deployment that stores person-level signal representations should be reviewed like biometric monitoring.
Notices will need to be more specific than “we use Wi-Fi.” Customers understand that phrase as internet access. They do not understand it as radio-based body sensing. A sign that says “this venue uses Wi-Fi sensing for occupancy and safety analytics” is clearer, though not sufficient by itself if identity-level processing occurs. In high-risk uses, consent may not be practical in public spaces; the safer route is to avoid identity capability.
The market will likely separate into two product classes. One class will promise privacy-preserving occupancy sensing. Another will offer richer behavioral analytics. Regulators, journalists, buyers, and civil society groups should ask which class a product truly belongs to.
Law enforcement interest would raise the stakes
Any technology that can identify people at a distance without active cooperation will interest law enforcement and intelligence agencies. That does not mean BFId is already deployed by police. It means the capability maps onto familiar surveillance goals: locating suspects, identifying protest participants, tracking repeat presence, monitoring borders, protecting facilities, and reconstructing movement through public spaces.
Radio-based identification has a different evidentiary profile from video. It may not show a face or an act. It may produce a probabilistic match from signal patterns. Courts and oversight bodies would need to understand error rates, training data, environmental limits, sensor placement, model drift, and false matches. A 99.5 percent lab result cannot be carried into legal proceedings without context. A match score from Wi-Fi should never be treated as a simple identity fact.
The EU AI Act’s restrictions on real-time remote biometric identification in publicly accessible spaces for law enforcement reflect the rights impact of such systems. Wi-Fi identity inference may test whether laws written with cameras in mind are truly technology-neutral in practice.
Law enforcement use also raises secrecy concerns. A camera network may be visible or discoverable through procurement records. Passive Wi-Fi collection could be covert. A small listening device near a route may collect BFI without network access. A compromised router could become a sensor. Intelligence agencies might argue that because BFI is broadcast, collection is less intrusive. That argument should be rejected when the purpose is biometric identification or repeated tracking.
Any public-authority deployment should require clear statutory basis, necessity, proportionality, judicial authorization for targeted use, public reporting, deletion rules, independent testing, and strict limits on database creation. Dragnet radio identification in public spaces should be treated as a democratic rights issue, not a network engineering experiment.
The risk is not only wrongful identification. It is chilling effect. People behave differently when they believe ordinary infrastructure may recognize them. Worse, with Wi-Fi sensing, they may not know enough to change behavior or challenge collection. Invisible biometric sensing is especially corrosive because it removes notice before it removes privacy.
Standards groups now face a design choice
The strongest privacy protections will not come from end-user advice. They must come from standards, chipsets, firmware, operating systems, and certification rules. IEEE 802.11bf and related Wi-Fi sensing work should treat BFId as a stress test. The question is not whether sensing can be made useful. It can. The question is whether sensing can be made rights-respecting before it becomes routine.
A standard can require or encourage privacy controls in several layers. At the protocol layer, feedback data that enables sensing could be encrypted or access-controlled. At the device layer, raw measurement export could be restricted. At the API layer, sensing outputs could be purpose-limited and audited. At the certification layer, products could be tested for re-identification risk. At the user layer, sensing could require visible notice and a real off switch.
There will be engineering costs. Beamforming exists to improve performance. Encryption and authentication add complexity. Noise or obfuscation can reduce network quality. Backward compatibility is hard. The BFId paper notes that BFI encryption would require Wi-Fi standard changes and could affect compatibility.
Yet standards bodies have handled hard privacy problems before. MAC address randomization was imperfect but necessary. Protected management frames addressed earlier management-frame abuse. WPA3 improved wireless security expectations. The existence of legacy devices cannot be a permanent excuse for leaving a biometric side channel open.
A useful standards process would separate two questions that are often blended. First, what measurements are required for communication performance? Second, what measurements are exposed for sensing or analytics? Performance-critical feedback may need to exist, but it does not need to be broadly accessible to passive listeners or third-party apps. Sensing features may be useful, but they should not be silently on by default.
The BFId finding gives standards groups a rare advantage: a warning before mass deployment. The wrong response is to wait until identity-capable Wi-Fi sensing is already embedded in routers, phones, laptops, TVs, smart speakers, and enterprise access points.
Security researchers need bigger, messier datasets
BFId’s dataset is large for Wi-Fi identification research, but the next stage needs harder tests. The authors themselves call for datasets with thousands of identities to study organizational or smart-city contexts. They also call for more real-world collection scenarios and a deeper understanding of how gait influences BFI.
Future work should test multi-person scenes. Most real spaces do not contain one person walking cleanly through a path. They contain groups, queues, furniture, carts, bags, pets, and moving doors. A system that performs well on single-person sequences may struggle when multiple bodies alter the same radio field. Or it may learn to separate them better than expected. Either result matters.
Cross-environment generalization is another open question. Can a model trained in one room recognize a person in another room? Can it transfer across routers, bands, antenna heights, firmware, and building materials? Can it handle months of gait change, injury, aging, shoe differences, winter clothing, or mobility aids? WhoFi and RF-ReID raise related questions about long-term representation and non-visual re-identification.
Researchers should also study defenses as first-class systems, not afterthoughts. Can BFI be transformed so beamforming still works but identity inference fails? Can routers detect suspicious passive collection? Can sensing outputs be made differentially private? Can hardware enclaves process feedback without exposing raw data? Can certification labs measure re-identification risk under controlled attack models?
The research community also needs language discipline. Calling identity inference “privacy-preserving” because it avoids cameras is no longer acceptable without careful limits. BFId’s authors push back on that framing and explicitly treat Wi-Fi identity inference as a privacy attack.
The best future work will test both capability and harm. It will not only ask, “Can we identify people?” It will ask, “Under what conditions does identification fail? Which mitigations work? Which claims are unsafe? Which deployments should never happen?”
The camera comparison helps but also misleads
Wi-Fi sensing is often compared with cameras. The comparison helps because both can observe people without contact. It also misleads because the modalities expose different kinds of information.
Cameras capture visible context. They show faces, clothing, documents on a desk, visitors, gestures, and sometimes intimate details. People can often see cameras and understand the direction of observation. Existing legal and social rules already address video in many spaces, though imperfectly.
Wi-Fi sensing captures radio interactions. It may not reveal face or clothing. It may work in darkness, through some occlusions, and across areas where cameras are absent. It may be harder for people to notice. It may also cover spaces in a more diffuse way, because radio waves reflect and pass through materials differently from light.
The privacy claim that Wi-Fi is safer than cameras should therefore be limited. Wi-Fi may be safer for some tasks if it is designed to detect only anonymous events and if raw data is not retained. A fall detector that produces a local alert and deletes signal data may be less intrusive than video. But a Wi-Fi system that identifies people and links their routines can be more covert than a camera and harder to contest.
The RF-ReID paper described radio signals as more privacy-preserving than photos and videos in certain domains because they avoid visual personal detail. That may be true for a narrow medical or assistive use. BFId shows the other side: when radio signals become identity-bearing, their lack of visible imagery does not make them harmless.
A policy framework should avoid ranking sensing methods as simply “more private” or “less private.” Privacy depends on purpose, data granularity, identifiability, retention, access, notice, and power relationships. A low-resolution sensor can be invasive if it tracks identity over time. A high-resolution camera can be acceptable in a narrow, transparent, short-retention safety use. The technology matters, but governance matters just as much.
The business impact will land first on router and chipset vendors
Router vendors, chipset makers, enterprise Wi-Fi providers, broadband operators, and smart-home platforms will be the first commercial actors forced to answer questions about BFI privacy. They build the hardware and software layers where mitigations must live. They also stand to profit from Wi-Fi sensing services.
For chipset vendors, the issue is measurement exposure. Which drivers and firmware allow BFI capture? Which debug tools expose raw or compressed feedback? Which APIs can third-party software access? If commodity devices can capture BFI in monitor mode, vendors need to decide whether restrictions are possible and how they affect legitimate research, diagnostics, and security testing.
Router vendors face product-level transparency. Do their devices support beamforming? Can users disable it? Do they offer sensing features? Is sensing off by default? Are raw measurements processed locally or in the cloud? Are derived embeddings stored? Does the vendor share data with broadband providers, insurers, security companies, or analytics partners?
Enterprise Wi-Fi vendors face governance. Large customers will ask for occupancy and space-use analytics. Vendors should separate aggregate network analytics from identity-capable sensing. They should give security and privacy teams controls to disable sensing, audit access, set retention, and prevent export of raw feedback.
Broadband providers may see a new subscription category: home security or elder-care sensing through the router they already supply. That business could be legitimate if built carefully. It could also become a privacy liability if subscribers discover that a connectivity device became a body sensor without clear notice.
The strongest vendors will treat BFId as a chance to lead. They will publish sensing privacy white papers, add controls, support standards fixes, and invite third-party testing. The weakest will bury the issue under vague claims about anonymization. In a market where every router may become a sensor, trust will belong to vendors that can prove restraint.
Enterprise buyers should update procurement checklists
Organizations buying Wi-Fi systems should not wait for final standards battles. Procurement teams can begin asking concrete questions now.
A responsible buyer should ask whether the product captures BFI, CSI, BFM, or other radio measurement data; whether sensing features are present or planned; whether any person-level analytics are supported; whether raw measurements leave the access point; how long data is retained; whether cloud processing is involved; whether embeddings can identify repeat individuals; and whether there is independent testing for re-identification risk.
Security teams should also ask whether monitor-mode devices on the premises can capture feedback frames, whether wireless intrusion detection systems can flag suspicious sniffers, whether IoT devices could be compromised to collect BFI, and whether guest networks create extra sensing surfaces. No single control will solve the issue, but awareness changes architecture.
Privacy teams should classify Wi-Fi sensing outputs by identifiability. Anonymous occupancy counts belong in one category. Activity recognition belongs in a higher category. Identity or repeat-visitor recognition belongs in a high-risk category. Health or biometric measurement belongs higher still. The classification should be based on what the data can do, not what the vendor calls it.
Legal teams should review employee notice, visitor notice, data protection impact assessments, biometric laws, surveillance rules, union and labor obligations, and sector-specific confidentiality duties. Health care, education, housing, and public-sector deployments need extra caution.
Operational teams should ask whether the organization actually needs sensing. Many proposed uses can be solved with less intrusive sensors or coarser data. The best privacy control is not collecting identity-capable data in the first place.
Deployment risks and safer design choices
| Setting | Tempting use | Main risk | Safer design choice |
|---|---|---|---|
| Home care | Fall detection and routine monitoring | Visitor and caregiver profiling | Local alerts with no identity templates |
| Workplace | Occupancy and space analytics | Employee tracking and labor surveillance | Aggregate counts with strict retention |
| Retail | Repeat-visitor analytics | Covert customer profiling | No re-identification, clear signage |
| Public sector | Security monitoring | Remote biometric tracking | Legal warrant, narrow purpose, audit trail |
| Network operations | Troubleshooting and coverage mapping | Repurposed movement telemetry | Separate diagnostics from people analytics |
The table’s core point is simple: the acceptable version of Wi-Fi sensing is usually the least identifying version that can solve the stated problem.
Ordinary users have limited but not zero options
People cannot fully defend themselves against ambient radio sensing by changing phone settings. Still, some practical steps reduce exposure in personal spaces. At home, router owners can review whether beamforming or sensing features are enabled, update firmware, avoid unnecessary cloud analytics, separate guest and IoT networks, and replace routers from vendors that do not provide privacy controls. In some routers, beamforming can be disabled, though performance may suffer and the setting may not exist.
Users can also be careful with smart-home security services that promise motion detection through Wi-Fi. Before enabling such features, ask whether the system identifies individuals, stores raw signal data, processes data locally, sends telemetry to the cloud, or shares with third parties. If the answers are vague, treat the feature as higher risk.
Guests and tenants have less control. They can ask about sensing in private homes, workplaces, and managed buildings, but social power may make that hard. That is why product and legal safeguards matter. Privacy should not depend on a visitor interrogating every access point in a room.
For people facing elevated risk, such as activists, journalists, abuse survivors, or targeted communities, the situation is difficult. Avoiding visible cameras and leaving a phone behind may reduce some tracking paths but not ambient radio sensing. Meeting organizers may need to consider RF environments, not only device policies. That could include choosing spaces with controlled network infrastructure, turning off local Wi-Fi equipment when feasible, and watching for unknown devices. These are imperfect measures and may be unrealistic in many public places.
The broader public action is political and market pressure. Users can demand router controls. Employees can ask workplace representatives to review Wi-Fi sensing. Tenants can ask landlords about building-wide wireless analytics. Buyers can choose products with clear privacy commitments. Journalists can investigate deployments. Regulators can ask vendors for technical documentation.
The individual cannot solve a standards-level side channel alone. But users can refuse the fiction that Wi-Fi sensing is too technical for public debate.
The media framing should avoid both panic and minimization
The headline “Wi-Fi routers can identify people with 99.5 percent accuracy” is true enough to be newsworthy and incomplete enough to be misunderstood. A good public reading needs four points at once.
First, the research is real. It comes from a serious security venue, uses a large dataset for the field, and includes direct comparison between BFI and CSI. The 99.5 percent figure is in the paper’s evaluation.
Second, the system is not magic. It was trained and tested under controlled conditions. It does not automatically know names. It needs prior recordings or labeled data. It has not been proven at city scale. The authors themselves describe limits around dataset size, controlled clothing conditions, open-set generalization, and feature semantics.
Third, the standard hardware angle is serious. BFI is part of normal beamforming feedback, not a custom camera feed. That lowers the barrier compared with CSI-heavy research and raises standards questions.
Fourth, the privacy issue is about future infrastructure as much as current attack code. IEEE 802.11bf and industry Wi-Fi sensing work could normalize sensing use cases in routers, phones, laptops, and access points.
Bad coverage will take one of two shortcuts. Panic coverage will imply every router is already a secret person scanner. Minimizing coverage will say the study is only a lab demo and therefore irrelevant. The better view is that BFId is an early warning about a capability moving from research into commodity wireless infrastructure.
That warning is actionable. Standards can change. Certification can change. Vendors can change APIs. Regulators can define biometric radio sensing. Buyers can demand controls. Researchers can test defenses. Public debate can happen before the technology becomes invisible.
BFI also exposes a larger problem with metadata
The internet policy world has spent years learning that metadata is not harmless. Phone metadata can reveal relationships. Location metadata can reveal religion, health, work, and politics. Browser metadata can reveal interests. Network metadata can reveal behavior even when content is encrypted.
BFI extends that lesson into physical space. It is not message content. It is not a web page. It is not a username. It is a signal-quality feedback mechanism. Yet it can encode how bodies shape radio waves. The lesson is that metadata about communication can become data about the world around the communication.
This will matter beyond Wi-Fi. Future wireless systems, including 6G research, are increasingly interested in joint communication and sensing. The BFId paper mentions joint communication-and-sensing approaches planned for 6G and beyond. The same antennas that carry data may also sense environments. That convergence could support robotics, transport, safety, health, and automation. It could also create pervasive sensing by default.
The old privacy model separated communications networks from sensor networks. Phones, routers, and base stations moved bits; cameras, microphones, radar, and wearables sensed bodies. That separation is eroding. Wireless networks can be both communication infrastructure and environmental perception infrastructure. The governance gap sits right there.
If communication metadata becomes sensing data, then network privacy rules must expand. Payload encryption remains necessary but incomplete. Access control remains necessary but incomplete. Transparency reports should include sensing capabilities. Security audits should include side-channel privacy. Standards should treat physical-layer measurements as sensitive when they can infer people.
BFId is not only about routers. It is about the future of ambient computing. The room is becoming legible to the network. The policy question is who gets to read it.
A safer path for Wi-Fi sensing products
A safer Wi-Fi sensing ecosystem would begin with purpose limitation. Products should state whether they perform connectivity management, anonymous occupancy sensing, activity recognition, biometric measurement, or identity inference. These are different products and should not be bundled under vague “awareness” language.
The next principle is local processing. If a home fall detector can run locally, it should not upload raw signal histories. If an access point can produce an anonymous occupancy count, it should not export reusable embeddings. If cloud processing is needed, the vendor should justify why and document retention, encryption, access, and deletion.
The third principle is non-identification by design. A system built for energy management should not preserve person-specific patterns. A system built for troubleshooting should not store movement trails. A system built for gesture recognition should not link gestures to identities unless the user explicitly requests authentication.
The fourth principle is visible control. Sensing should have a clear on/off state, ideally with a physical or software indicator that ordinary users can understand. Router apps should not hide sensing in advanced menus. Enterprise dashboards should separate wireless performance from sensing analytics.
The fifth principle is independent testing. Vendors that claim their systems are anonymous should let credible labs test re-identification risk. Privacy claims should be falsifiable. A system that can identify repeat individuals under reasonable attack conditions should be labeled accordingly.
The sixth principle is bystander respect. Homes have guests. Workplaces have visitors. Stores have shoppers. Public buildings have citizens. A person affected by sensing is often not the account holder. Product design and law must account for non-users.
The final principle is restraint. Just because Wi-Fi can sense something does not mean it should. The commercial market will reward richer analytics. The public interest requires limits.
The research community should stop treating “no camera” as enough
Many non-visual sensing papers present radio as privacy-preserving because it does not capture images. That argument is incomplete. It may be true for narrow tasks and carefully constrained systems. It is false as a general claim when the system identifies people, recognizes activities, or infers health patterns.
BFId’s authors explicitly challenge earlier descriptions that present Wi-Fi identity systems as privacy-preserving or not privacy-invasive. They say they consider identity inference via Wi-Fi sensing a privacy attack because Wi-Fi is pervasive, can sense through walls and non-line-of-sight scenarios, and can operate without explicit consent.
That should become a norm in research writing. Papers should include threat models, misuse analysis, consent limits, dataset governance, and mitigation discussion. Claims of privacy should be scoped: privacy compared with what, for whom, in which deployment, with what retention, and under what adversary model?
Dataset publication also needs care. BFId’s authors say they make the dataset available to interested researchers. That can support reproducibility and defense research, but identity-related wireless datasets can be sensitive. Access controls, ethics review, participant consent, and limits on redistribution matter. A gait-like radio signature may not be a face image, but it can still be a biometric-like record.
Conferences and reviewers can push the field. A Wi-Fi sensing paper that improves identification accuracy should be expected to discuss privacy risk. A paper that proposes a sensing standard should discuss bystander consent. A paper that claims anonymity should test re-identification. A paper that uses health or elder-care examples should discuss vulnerable users.
Research shaped this capability. Research can also shape the defenses.
Journalists should ask better questions about router sensing
The next wave of Wi-Fi sensing stories will likely come from product launches, standards announcements, security papers, and smart-home services. Journalists covering them should avoid the easy binary of miracle versus nightmare. The useful questions are more specific.
Does the system identify people or only detect presence? Does it distinguish repeat individuals? Does it process raw BFI, CSI, or other radio measurements? Does it retain raw data? Does it create embeddings? Can those embeddings be exported? Does it work when the person carries no device? Does it capture bystanders? Is processing local or cloud-based? Can users disable it? How are guests informed? Has an independent lab tested re-identification risk?
For public deployments, journalists should ask who authorized the system, which law applies, whether a data protection impact assessment was done, whether law enforcement can request access, and whether data is shared with third parties. For workplaces, ask whether employees can refuse, whether unions or worker councils were consulted, and whether the data can be used in discipline.
For standards stories, ask whether privacy protections are mandatory or optional. Ask whether feedback frames are encrypted. Ask whether sensing APIs are gated. Ask how legacy devices are handled. Ask whether the standard permits identity inference and what controls exist.
The BFId paper gives journalists a benchmark. Any vendor claiming that Wi-Fi sensing is anonymous should be asked how its system avoids the kind of identity inference demonstrated by BFId.
The policy debate should not wait for a scandal
Technology policy often arrives after harm. Data brokers were regulated after location scandals. Facial recognition bans came after deployments. Spyware controls followed abuses. Wi-Fi sensing still has a chance to be governed earlier.
That requires regulators to understand the capability before it is packaged as a consumer feature. Data protection authorities should issue guidance on radio-based biometric and behavioral sensing. Consumer protection agencies should watch claims that Wi-Fi sensing is anonymous or privacy-preserving. Labor regulators should examine workplace deployments. Housing regulators should consider landlord use. Health regulators should examine care settings.
Standards bodies should document privacy threat models alongside performance requirements. Certification programs should include sensing privacy tests. Public procurement rules should require disclosure of Wi-Fi sensing capabilities. Schools, hospitals, libraries, and public agencies should avoid identity-capable Wi-Fi sensing unless a strict legal basis exists.
Civil society groups should update surveillance maps to include non-visual sensing. Privacy advocates should not focus only on cameras and phones. Wireless infrastructure is becoming a sensor layer, and that layer needs public visibility.
Companies should not wait for enforcement. A router vendor that ships sensing features without clear controls risks reputational harm. A workplace analytics vendor that quietly uses Wi-Fi identity inference risks legal and labor backlash. A broadband provider that turns customer routers into sensing subscriptions without strong consent risks losing trust.
The cheapest time to protect privacy is before the architecture hardens. BFId is a warning at exactly the right moment: after the capability is proven, before it is fully normalized.
The technical uncertainty cuts both ways
Some uncertainty makes the threat look smaller. BFId has not proven city-scale recognition. It has not solved open-set identification. It has not shown long-term cross-building transfer. It used controlled walking conditions. It relied on training data. It tuned traffic patterns.
Other uncertainty makes the threat look larger. The authors used a fairly straightforward model and little pre-processing. Better architectures, more data, more perspectives, and richer traffic may improve attacks. BFI performed better than expected. Reducing sample rate did little. Multiple related papers show BFI or Wi-Fi sensing can support occupancy, respiration, trajectory, pose, and re-identification.
That is why “wait and see” is weak policy. Waiting may clarify real-world accuracy, but it also lets products and standards spread. A sensible response can be proportional: treat identity-capable Wi-Fi sensing as high-risk, require transparency for sensing features, demand privacy-preserving defaults, and fund defensive research.
A nuanced response does not need to claim that every router is a spy. It only needs to recognize that a communication feature has crossed into biometric territory under credible experimental conditions. That is enough to change the default assumptions.
Technical uncertainty should guide research priorities, not delay governance. Ask what fails. Ask what transfers. Ask what defenses work. Ask who is harmed first. Ask what data must never be stored. Those questions are better than waiting for the first covert deployment scandal.
The next router may need a privacy label
Consumers are used to Wi-Fi labels about speed, coverage, bands, mesh support, and security. They may soon need labels about sensing. A router privacy label could state whether the device supports Wi-Fi sensing, whether sensing is enabled by default, whether beamforming feedback can be captured or exported, whether the vendor uses sensing data, whether cloud processing is involved, and whether identity recognition is supported or prohibited.
Such a label would not solve passive third-party capture of unencrypted BFI. That requires deeper technical controls. But it would improve market transparency. Consumers should know whether a router is only a communications device or also a sensing platform.
Enterprise products need a stronger version: a sensing data sheet. It should describe data types, APIs, access controls, logs, retention, cloud flows, model outputs, re-identification testing, and compliance mapping. Buyers already ask for security certifications. They should ask for sensing privacy documentation as well.
Certification bodies could create tiers. A basic tier might allow anonymous occupancy only. A higher-risk tier might cover biometric or health sensing with strict local processing. Identity-capable sensing could require explicit labeling and legal review. Standards groups and industry alliances could define terminology so vendors cannot hide behind marketing words.
The Wireless Broadband Alliance has helped define use cases and test methodology for Wi-Fi sensing. The next step should be a parallel privacy and identifiability framework.
Without labels, the market will blur everything. A customer will buy “smart home awareness” without knowing whether it means motion detection, respiration monitoring, or repeat-person recognition. A router that senses bodies should not be sold like a router that only routes packets.
The privacy engineering target is unlinkability
The most important design goal is not secrecy for every radio fluctuation. It is unlinkability. A system may need to detect motion, but it should not be able to link the same person across time unless that is the explicit, lawful, and necessary purpose. Unlinkability protects anonymity in shared spaces.
BFId is powerful because it breaks unlinkability. The attack links independent recordings of the same person. That is the heart of identity disclosure in the paper.
Privacy-preserving Wi-Fi sensing should therefore be evaluated by asking whether an attacker, vendor, administrator, or downstream partner can connect two sensing events to the same individual. If the answer is yes, the system should be treated as identity-capable even if it does not store names. If the answer is no under realistic attack tests, the system is safer.
Achieving unlinkability may require technical sacrifices. Some models may need to discard fine-grained gait features. Some raw data may need immediate deletion. Some outputs may need aggregation. Some feedback may need encryption. Some sensing tasks may be incompatible with strong privacy in shared spaces.
That is not a flaw. It is the definition of privacy engineering: choose what the system cannot do. A product that can do everything can also be misused for everything. A safer product narrows its own power.
For occupancy sensing, the output could be a count range rather than individual tracks. For fall detection, the output could be an event alert rather than a person profile. For energy management, the output could be zone occupancy rather than movement history. For device wake-on-approach, the processing could stay local and avoid cloud identifiers.
The BFId result suggests that if raw BFI or rich derived features are stored, unlinkability may already be lost. That should shape retention rules. Data that can become a biometric template should not be kept merely because storage is cheap.
The role of AI is real but not mysterious
BFId uses machine learning, but the story is not “AI made routers spy.” The radio channel already contains information. AI makes patterns extractable. That distinction matters because the privacy risk is shared between physics, protocol design, data collection, and model training.
The model can learn subtle temporal and spatial signatures that humans cannot hand-code easily. In BFId, the authors used an LSTM architecture, a common sequence model, and trained it on BFI and CSI sequences. WhoFi uses a Transformer-based encoder for CSI re-identification. IdentiFi, a 2025 Sensors paper, uses self-supervised and semi-supervised learning to extract identity-specific representations from CSI data in multi-user smart environments.
The AI component affects governance in three ways. First, it makes non-obvious data sensitive. A BFI sequence may look meaningless until a model extracts identity. Second, it creates transfer risk. A dataset collected for one purpose can train a model for another. Third, it weakens intuitive anonymization. Removing names from radio data does not prevent identity inference if the signal itself carries identity.
AI regulation should therefore include sensor-derived embeddings and physical-layer data when they are used for person identification. A model that compares radio-derived biometric signatures to a reference database should not receive lighter treatment than a model that compares faces merely because the input is invisible.
At the same time, AI can support defenses. Models can detect when sensing outputs become identity-rich. Privacy filters can remove features correlated with identity while preserving coarse motion. Adversarial training can try to keep useful task features while suppressing person-specific features. Independent red-team models can test whether a supposedly anonymous sensing product can be re-identified.
The point is not to demonize AI. It is to stop pretending that AI only creates privacy issues when the input data is obviously personal. AI turns weak signals into classifications. That is exactly why BFI matters.
The strongest argument against complacency is compatibility
The engineering difficulty of fixing BFI privacy is itself a reason to act early. The BFId authors say encrypting BFI would require Wi-Fi standard changes and could cause incompatibility. That is not a small patch. Wi-Fi succeeds because devices from many vendors interoperate across generations. Once a feature is widely deployed, changing its privacy properties becomes harder.
Legacy compatibility can freeze privacy mistakes. If millions of routers and clients transmit feedback in ways that passive listeners can capture, later standards may only protect newer devices. Mixed networks may fall back to weaker behavior. Vendors may avoid changes that hurt performance. Consumers may keep old routers for years. Enterprises may delay upgrades because access point fleets are expensive.
That pattern has repeated across security history. Weak protocols linger. Optional protections remain disabled. Backward compatibility becomes an attacker’s friend. The lesson for Wi-Fi sensing is that privacy protection should be mandatory before sensing becomes a mass-market feature.
A standards fix could be phased. New devices could support protected feedback. Certification could require privacy-preserving sensing defaults. Routers could warn when legacy clients force weaker modes. Enterprise systems could expose risk scores. Researchers could test downgrade attacks. None of this is easy, but it is easier before the market builds business models around unprotected feedback.
The cost of inaction is not only technical. Once companies invest in sensing analytics, they will resist restrictions. Once customers buy services, they will expect features. Once law enforcement explores use cases, secrecy claims may appear. The window for clean privacy design closes when a capability becomes revenue.
The article behind the article is a standards warning
The public story is that researchers identified people through ordinary Wi-Fi routers with 99.5 percent accuracy. The underlying story is that wireless standards are becoming sensing standards. Communication systems are being asked to perceive their environments. That shift is technically exciting and politically sensitive.
Wi-Fi sensing can be built well. It can also be built badly. The difference will not come from the radio waves. It will come from rules, defaults, architecture, and incentives.
BFId’s strongest contribution is not the percentage alone. It is the demonstration that beamforming feedback, a routine part of modern Wi-Fi performance, can become a high-accuracy identity signal under controlled conditions. That finding should change how engineers classify BFI, how vendors expose it, how standards bodies protect it, how regulators define biometric sensing, and how buyers evaluate router features.
The safest future is not a world with no Wi-Fi sensing. It is a world where sensing is explicit, narrow, local when possible, non-identifying by default, auditable, and legally constrained when it touches identity. The dangerous future is one where sensing slips into infrastructure as a performance side effect and only becomes visible after people have been tracked.
Ordinary routers were designed to connect rooms to the internet. The next fight is whether they will also be allowed to quietly identify the people inside those rooms.
Questions readers are asking about Wi-Fi identification
Yes, under controlled research conditions, the KIT BFId study identified people from beamforming feedback information with 99.5 percent accuracy in a normal-walking test set. That does not mean every router can identify every person in real-world spaces today.
No. The point of Wi-Fi sensing is that a body changes the radio field. Other devices communicating with a router can create the signal activity that makes sensing possible.
The BFId risk comes from passively capturing unencrypted beamforming feedback over the air. The attacker is not necessarily joining the network or reading internet traffic.
BFI is compressed feedback sent by Wi-Fi clients to an access point so the access point can steer transmissions more effectively. Because it reflects the radio channel, it can contain information about people and objects in the environment.
No. CSI is channel state information measured at the receiver and has long been used in Wi-Fi sensing research. BFI is derived from channel measurements for beamforming and is easier to capture in some standard Wi-Fi settings.
The researchers suggest BFI compression may remove noise and that BFI carried more spatial features per time point in their setup. The result surprised the authors because CSI appeared richer at first.
Not necessarily. Turning off a phone may reduce device-based tracking, but it does not remove your body from nearby Wi-Fi radio fields generated by other devices.
Most consumer routers are not marketed as identity systems, and BFId was a controlled research attack. Still, Wi-Fi sensing features and beamforming feedback deserve privacy scrutiny, especially in smart-home and managed-router products.
BFId focused on identity inference in a controlled setup. Related work such as LeakyBeam has shown BFI-based occupancy detection can retain movement information through walls, which raises adjacent privacy concerns.
No. It can support fall detection, occupancy-aware energy management, device security, and health monitoring without cameras. The risk rises when systems identify, re-identify, or profile individuals.
Sometimes, for narrow tasks where no identity data is stored. But if radio signals are used to identify people or track routines, the lack of images does not make the system harmless.
They could be tempted to. Workplace Wi-Fi sensing should be limited to aggregate, non-identifying uses unless a narrow lawful basis exists and workers have enforceable protections.
The capability would interest law enforcement because it supports remote identification without active cooperation. Any such use should face strict legal limits, independent authorization, testing, and public oversight.
No. Wi-Fi security protects many network communications, but BFId concerns physical-layer or management-related feedback that can remain observable even when payload traffic is protected.
Some risk can be reduced with settings, API restrictions, and sensing controls. The hardest fixes, such as protecting BFI itself, may require changes to Wi-Fi standards and device compatibility.
Some routers expose beamforming settings, but many do not, and disabling it may reduce wireless performance. It is a partial control, not a complete public-space defense.
They should state whether they detect motion, infer activity, measure biometrics, identify people, store raw radio data, create embeddings, process in the cloud, or share data with third parties.
If radio-derived data identifies or can identify a person, GDPR principles may apply. If it is processed to allow or confirm unique identification through behavioural or physical characteristics, biometric data rules may become relevant.
The biggest unresolved question is whether strong defenses can protect BFI privacy without breaking Wi-Fi performance and compatibility. BFId suggests easy mitigations are not enough.
Standards bodies, vendors, regulators, and researchers should treat Wi-Fi sensing as a privacy-sensitive capability now, before identity-capable sensing becomes a default infrastructure feature.
Author:
Jan Bielik
CEO & Founder of Webiano Digital & Marketing Agency
This article is an original analysis supported by the sources cited below
BFId: Identity Inference Attacks Utilizing Beamforming Feedback Information
KITopen repository entry for the BFId paper by Julian Todt, Felix Morsbach, and Thorsten Strufe, including abstract, publication details, DOI, venue, and institutional affiliation.
BFId: Identity Inference Attacks Utilizing Beamforming Feedback Information PDF
Open-access full paper describing the BFI-based identity inference attack, dataset, methodology, results, limitations, and mitigation discussion.
ACM DOI page for BFId
ACM publication record for the CCS 2025 paper on identity inference attacks using beamforming feedback information.
Ordinary WiFi can now identify people with near perfect accuracy
ScienceDaily report based on Karlsruhe Institute of Technology’s release, summarizing the public-facing privacy warning around ordinary Wi-Fi sensing.
Researchers identify people through ordinary Wi-Fi routers with 99.5% accuracy
News report summarizing the BFId finding, the role of BFI, and the standard-router relevance for a broader technology audience.
IEEE 802.11bf: Enabling the Widespread Adoption of Wi-Fi Sensing
NIST publication page describing IEEE 802.11bf and its role in supporting Wi-Fi sensing applications such as presence detection, environment monitoring, and remote wellness monitoring.
IEEE P802.11 Task Group BF WLAN sensing update
IEEE 802.11 working group page defining WLAN sensing and listing measurement features, target objects, and areas of interest for sensing work.
IEEE 802.11bf-2025 standards page
IEEE Standards Association page for IEEE 802.11bf-2025 and related wireless LAN standards context.
Wi-Fi Sensing
Wireless Broadband Alliance resource describing Wi-Fi sensing, its use cases, standardization gaps, and commercial relevance.
Wi-Fi Sensing 101: An Introduction
Wireless Broadband Alliance explainer covering Wi-Fi sensing use cases including home monitoring, energy management, elder care, gesture recognition, and biometric sensing.
Wi-Fi Sensing – Test Methodology and Performance Metrics, 2024 Edition
Wireless Broadband Alliance resource on test methodology and performance metrics for Wi-Fi sensing systems.
BFMSense: WiFi Sensing Using Beamforming Feedback Matrix
Research paper showing that beamforming feedback matrix data can support fine-grained Wi-Fi sensing, including respiration sensing and human trajectory tracking.
Lend Me Your Beam: Privacy Implications of Plaintext Beamforming Feedback in WiFi
NDSS 2025 paper introducing LeakyBeam and analyzing privacy risks from plaintext BFI, including occupancy detection through leaked Wi-Fi signals.
Wi-Fi Sensing Based on IEEE 802.11bf
IEEE Communications Magazine article explaining the 802.11bf Wi-Fi sensing framework, sensing procedures, and measurement design.
WhoFi: Deep Person Re-Identification via Wi-Fi Channel Signal Encoding
arXiv paper proposing a Wi-Fi CSI-based person re-identification pipeline using deep neural network methods.
Learning Longterm Representations for Person Re-Identification Using Radio Signals
CVPR 2020 paper introducing RF-ReID and explaining how radio signals can support long-term person re-identification across clothing, lighting, and occlusion changes.
Person-in-WiFi: Fine-grained Person Perception using WiFi
Research paper showing that Wi-Fi antennas and deep learning can support fine-grained person perception such as body segmentation and pose estimation.
WiFi-Based Human Identification with Machine Learning
Sensors survey article covering recent methods, systems, and machine-learning approaches for Wi-Fi-based human identification.
WiFi-Based Human Identification with Machine Learning PubMed record
PubMed bibliographic record for the 2024 Sensors survey on Wi-Fi-based human identification.
Self-Supervised WiFi-Based Identity Recognition in Multi-User Smart Environments
Sensors paper proposing IdentiFi, a Wi-Fi CSI-based identity recognition system using self-supervised and semi-supervised learning.
What is 802.11ac?
Cisco technical explainer describing 802.11ac, Wi-Fi 5, and beamforming as a directional transmission technology.
Art. 4 GDPR Definitions
Reference page reproducing GDPR Article 4 definitions, including personal data, profiling, and biometric data.
Recital 17 of the EU Artificial Intelligence Act
European Commission AI Act Service Desk page explaining the functional definition of remote biometric identification systems.
Article 5 of the EU Artificial Intelligence Act
Reference page presenting Article 5 rules on prohibited AI practices and restrictions around real-time remote biometric identification in publicly accessible spaces.
What is personal information?
California Privacy Protection Agency guidance explaining personal information and sensitive personal information under California privacy law, including biometrics.
