WebRTC IP Leak Prevention with mDNS for AI Voice Agents in 2026

Default WebRTC ICE gathering still leaks private LAN IPs to remote peers. mDNS obfuscation, host candidate filtering, and STUN/TURN forced relay close the gap for production AI voice apps.

The threat

When a browser opens an RTCPeerConnection, ICE gathering enumerates every local IPv4/IPv6 address on every interface and sends it to the remote peer in SDP. Pre-mDNS, that meant 192.168.x.x, 10.x.x.x, and even VPN tunnel IPs leaked to anyone who could see the offer/answer. In 2026, modern detection systems combine WebRTC IP data with timing patterns and ICE candidate counts to fingerprint users across sessions, incognito, and VPNs (Security.org). For a voice AI vendor, that is a HIPAA, GDPR, and customer-trust catastrophe — internal hostnames and private subnets are reconnaissance gold for attackers.

Defense

Chrome, Edge, and Safari now replace host candidates with random <uuid>.local mDNS names by default; Firefox exposes media.peerconnection.ice.obfuscate_host_addresses. Production hardening adds three more layers: (1) set iceTransportPolicy: "relay" on every RTCPeerConnection that does not need direct LAN paths, forcing TURN; (2) sanitize SDP server-side to strip any non-mDNS host candidates that slip through; (3) ban enumerateDevices() calls before user permission to kill the second leak vector.

flowchart TD
  A[Browser RTCPeerConnection] --> B{iceTransportPolicy}
  B -- relay --> C[TURN only · public IP only]
  B -- all --> D[Host candidates gathered]
  D --> E{mDNS enabled?}
  E -- yes --> F[uuid.local opaque name]
  E -- no --> G[Real LAN IP leaks]
  F --> H[SDP sanitizer strips non-mDNS]
  C --> H
  H --> I[Safe SDP to remote peer]

CallSphere implementation

CallSphere runs 37 production agents · 90+ tools · 115+ Postgres tables · 6 verticals · HIPAA + SOC 2 aligned. Every browser-side voice session uses iceTransportPolicy: "relay" against our hardened TURN fleet, mDNS is required, and an SDP munger drops any candidate whose connection-address is not a .local hostname or our public TURN IP. The Real Estate vertical "OneRoof Pion Go gateway 1.23" terminates Pion-based WebRTC inside the VPC so realtor LAN ranges never reach the cloud. Plans: $149 Starter / $499 Pro / $1,499 Scale, 14-day no-card trial, 22% recurring affiliate Year 1.

Build steps

1. Set iceTransportPolicy: "relay" on RTCPeerConnection
2. Force-enable mDNS (Chrome flag --enable-features=WebRtcHideLocalIpsWithMdns)
3. Server-side regex strip non-.local host candidates from SDP
4. Block enumerateDevices until getUserMedia resolves
5. Pen-test with Mozilla Observatory + a WebRTC leak test page

FAQ

Does relay-only kill p2p latency? Adds ~10-30 ms vs direct host. Trivial for voice; never noticeable in PSTN-style flows.

Will mDNS break my SFU? No — SFUs do not need host candidates. They use server-reflexive (STUN) or relay (TURN).

What about IPv6 leaks? Same fix. mDNS obfuscates v6 host candidates too.

Is mDNS enough for GDPR? Combined with TLS, DTLS-SRTP, and SDP sanitization, yes. Document it in your DPIA.

Can I detect leak in CI? Yes — spin headless Chrome, capture SDP, regex-fail on bare RFC1918 addresses.

Sources

• Security.org - WebRTC Leaks: A Complete Guide - https://www.security.org/vpn/webrtc-leak/
• Mozilla - One-time permissions are here to stay - https://blog.mozilla.org/webrtc/one-time-permissions-are-here-to-stay/
• WebRTC Security Study - https://webrtc-security.github.io/
• TrustMyIP - WebRTC IP Leak Test & Fix Guide 2026 - https://trustmyip.com/blog/webrtc-ip-leak-test-fix

## WebRTC IP Leak Prevention with mDNS for AI Voice Agents in 2026: production view WebRTC IP Leak Prevention with mDNS for AI Voice Agents in 2026 ultimately resolves into one engineering question: when do you use the OpenAI Realtime API versus an async pipeline? Realtime wins on latency for live calls. Async wins on cost, retries, and structured tool reliability for callbacks and SMS flows. Most teams need both, and the routing layer between them becomes the most load-bearing piece of the stack. ## Serving stack tradeoffs The big fork is managed (OpenAI Realtime, ElevenLabs Conversational AI) versus self-hosted on GPUs you operate. Managed wins on cold-start, model freshness, and zero-ops; self-hosted wins on unit economics past a certain conversation volume and on data residency for regulated verticals. CallSphere runs hybrid: Realtime for live calls, self-hosted Whisper + a hosted LLM for async, both routed through a Go gateway that enforces per-tenant rate limits. Latency budgets are non-negotiable on voice. End-to-end target is sub-800ms ASR-to-first-token and sub-1.4s first-audio-out; anything beyond that and turn-taking feels stilted. GPU residency in the same region as your TURN servers matters more than choosing a slightly bigger model. Observability is the unglamorous backbone — every conversation produces logs, traces, sentiment scoring, and cost attribution piped to a per-tenant dashboard. **HIPAA + SOC 2 aligned** isolation keeps healthcare traffic separated from salon traffic at the storage layer, not just the API. ## FAQ **Is this realistic for a small business, or is it enterprise-only?** 57+ languages are supported out of the box, and the platform is HIPAA and SOC 2 aligned, which removes most of the procurement friction in regulated verticals. For a topic like "WebRTC IP Leak Prevention with mDNS for AI Voice Agents in 2026", that means you're not starting from scratch — you're configuring an agent template that's already been hardened across thousands of conversations. **Which integrations have to be in place before launch?** Day one is integration mapping (scheduler, CRM, messaging) and prompt tuning against your top 20 real call transcripts. Day two through five is shadow-mode running, where the agent transcribes and recommends but a human still answers, so you can compare side-by-side. Go-live is the moment your eval pass-rate clears your internal bar. **How do we measure whether it's actually working?** The honest answer: it scales until your tool catalog gets stale. The agent is only as good as the integrations it can actually call, so the operational discipline is keeping schemas, webhooks, and fallback paths green. The platform handles the rest — observability, retries, multi-region routing — without your team owning the GPU layer. ## Talk to us Want to see how this maps to your stack? Book a live walkthrough at [calendly.com/sagar-callsphere/new-meeting](https://calendly.com/sagar-callsphere/new-meeting), or try the vertical-specific demo at [urackit.callsphere.tech](https://urackit.callsphere.tech). 14-day trial, no credit card, pilot live in 3–5 business days.