Fortunately, Safari's WebRTC won't silently leak your private IP address or other network info. We've also proposed a new protocol extension that enables peer-to-peer pure data connections in a privacy-aware way.
As a user, I really appreciate how the WebKit team approaches new features in such a measured and careful way. New shiny things to use are great but I’m more than willing to wait if it helps to prevent glaring oversights. There’s no benefit to rushing these things in.
isn’t webrtc by default off on all browsers? aren’t websites asking for permssion before the js is allowed access? and won’t it stay off when you deny the request?
ah, i believe you are referring to the webrtc data channel. it leaks local IPs, but the severity depends on several factors, including whether you're running VPN and what you're using the VPN for, or just running behind a regular local network.
if you're running behind a regular local network then I wouldn't consider the local IP leakage as a "privacy hazard". local IPs are compromised already. everywhere. they are easy to guess. they are easy to obtain in native apps. etc.
there are issues when it comes to places where VPN access is crucial/vital. thankfully, very few VPN providers leak your IP nowadays, and with drafts such as what the poster above mentioned (https://datatracker.ietf.org/doc/draft-ietf-rtcweb-mdns-ice-...) this problem will be history soon enough.
