High-accuracy radio positioning and sensing technologies are crucial for many applications, including tracking hospital patients and identifying victims during emergency calls. However, these techniques present serious privacy concerns since malicious actors might use them to track users’ activities and habits without their consent. This paper provides a systematic overview of the privacy risks posed by high-accuracy radio positioning and sensing, particularly from physical layer perspectives. To demonstrate a typical risk, we develop an intelligent tracking-without-consent model that can follow a target user in a restricted-access building with 94% accuracy reliability for less than 1m. Our research reveals that none of the privacy-enhancing methods, such as channel state information (CSI) obfuscation and beamforming steering, can totally eliminate tracking, especially in coordinated attempts that use radio location and sensing simultaneously. Furthermore, there is currently no commercial implementation of these techniques integrated into civilian wireless chips that would enable users to be informed about ongoing radio-based surveillance, let alone grant them control over terminating the illegal tracking activity or secluding themselves. In addition, accurately detecting tracking activities by malicious actors in shared wireless networks with a high density of sensors or in advanced communication technologies like 6G mmWave/Terahertz beamforming, which utilizes rich CSI data, continues to pose a challenge. Given the difficulties of totally avoiding signal-based tracking threats, efficient signal encryption and access control mechanisms at the physical layer will be critical research topics for the coming years.