Certainly true, but amusing. Presumably the primary rationale for a no-WebRTC policy is to avoid WebRTC leaks? In which case installing Zoom is a case of preferring "the devil you know over the devil you don't know".
> Presumably the primary rationale for a no-WebRTC policy is to avoid WebRTC leaks?
I doubt corporate IT departments even care about "WebRTC leaks" (ie. your LAN IP getting leaked). Knowing that your computer is at 192.168.1.123 doesn't help attackers much. What's far more likely is that their networks only allow TCP connections, because that's all their firewalls/middleboxes/proxies support.
> Knowing that your computer is at 192.168.1.123 doesn't help attackers much
One can reconstruct your subnet scheme with a handful internal IP addresses, allowing them to locate potential targets faster once they get into your network, making attacks more efficient ("oh, so these guys have some vulnerable clients in this /16, it's probably dev, and I see there's another /24, which looks like prod").
What's amusing about that? Preferring a whitelisted set of programs rather than allowing users to run code from any source is precisely how most security policies work.
I doubt corporate IT departments even care about "WebRTC leaks" (ie. your LAN IP getting leaked). Knowing that your computer is at 192.168.1.123 doesn't help attackers much. What's far more likely is that their networks only allow TCP connections, because that's all their firewalls/middleboxes/proxies support.