[0x0]

Interesting, maybe browsers should add a permission prompt like they do for web camera access before allowing a webrtc stun request?

[Golgi_SDK]

There is a permission request to access the camera but this is triggered by a call to getUserMedia(). This would be done if setting up a peer connection to transmit voice and/or video. However, if you want to set up a WebRTC data channel no such prompt occurs.

[echeese]

Why would you want to disable STUN requests? Wouldn't they just return the public-facing IP that the server already knows about?

[0x0]

Did you even read the article and click the demo link? :) https://diafygi.github.io/webrtc-ips/

[echeese]

Yeah, but you don't even need a stun server for that. The browser itself provides the local IP addresses.

[0x0]

Oh, I thought it had to read them back from the STUN server negotiation because of javascript limitations.

[AdrianRossouw]

i was under the impression it already does.

[mikeash]

Doesn't look like it. The LAN scanner in another comment didn't put up any prompts for me. It might look like it does because WebRTC is normally used with audio or video, which does require a prompt, but you don't have to use it that way.