5. Privacy Considerations

WebRTC exposes new information about the user that can have privacy implications.

5.1 IP Address Leakage

In order to establish a direct P2P connection, WebRTC endpoints must exchange IP addresses. This reveals the user's IP addresses (including local intranet addresses) to the remote peer and potentially to the signaling server.

Local IP Addresses: Revealing local IP addresses can allow fingerprinting of the user's device and network location.
Public IP Addresses: Revealing the public IP address allows the remote peer to learn the user's coarse physical location and track them across sessions.

To mitigate this, browsers MAY support modes that limit which IP addresses are gathered (e.g., only relay addresses via TURN [RFC8656]) to hide the user's true IP.

5.2 Persistent Identifiers

WebRTC should not provide new persistent identifiers that allow tracking users across sites without their consent. The DTLS certificates used for WebRTC calls SHOULD be ephemeral and generated per-origin (or even per-call) to prevent them from being used as a super-cookie.

5.3 Device Enumeration

The ability to enumerate available cameras and microphones can also be used for fingerprinting. Browsers SHOULD minimize the information revealed until the user has granted permission.