I just run a WebRTC leak test at https://browserleaks.com/webrtc
In the main report it doesn't contains my local IP, that's good.
But when I looked carefully into the SPD log, surprisingly, I find my local ipv6 address is leaked in the SPD log:
v=0
o=- 100775639648217646 2 IN IP4 127.0.0.1
s=-
t=0 0
a=group:BUNDLE 0 1 2
a=extmap-allow-mixed
a=msid-semantic: WMS
m=audio 6267 UDP/TLS/RTP/SAVPF 111 63 9 0 8 13 110 126
c=IN IP4 103.156.242.224
a=rtcp:9 IN IP4 0.0.0.0
a=candidate:366078193 1 udp 2113937151 7bfb0f9a-68de-4774-92b7-c162e8131e84.local 63729 typ host generation 0 network-cost 999
a=candidate:1168470881 1 udp 1677729535 103.156.242.224 6267 typ srflx raddr 0.0.0.0 rport 0 generation 0 network-cost 999
a=ice-ufrag:FoOS
a=ice-pwd:...
...
in a=candidate:, 7bfb0f9a-68de-4774-92b7-c162e8131e84.local is my local ipv6 address.
As far as I know, the browser needs my permission of audio or video to get my local address. So how can the browser get my local IP without my perssion?
Could anyone explain it to me? Thanks in advance!
7bfb0f9a-68de-4774-92b7-c162e8131e84.local is not a local IPv6 address, it is a locally resolvable MDNS hostname. https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates explains the rationale behind this.