By Sagar Shankaran, Founder of CallSphere
Default WebRTC ICE gathering still leaks private LAN IPs to remote peers. mDNS obfuscation, host candidate filtering, and STUN/TURN forced relay close the gap for production AI voice apps.
Key takeaways
Default WebRTC ICE gathering still leaks private LAN IPs to remote peers. mDNS obfuscation, host candidate filtering, and STUN/TURN forced relay close the gap for production AI voice apps.
When a browser opens an RTCPeerConnection, ICE gathering enumerates every local IPv4/IPv6 address on every interface and sends it to the remote peer in SDP. Pre-mDNS, that meant 192.168.x.x, 10.x.x.x, and even VPN tunnel IPs leaked to anyone who could see the offer/answer. In 2026, modern detection systems combine WebRTC IP data with timing patterns and ICE candidate counts to fingerprint users across sessions, incognito, and VPNs (Security.org). For a voice AI vendor, that is a HIPAA, GDPR, and customer-trust catastrophe — internal hostnames and private subnets are reconnaissance gold for attackers.
Chrome, Edge, and Safari now replace host candidates with random <uuid>.local mDNS names by default; Firefox exposes media.peerconnection.ice.obfuscate_host_addresses. Production hardening adds three more layers: (1) set iceTransportPolicy: "relay" on every RTCPeerConnection that does not need direct LAN paths, forcing TURN; (2) sanitize SDP server-side to strip any non-mDNS host candidates that slip through; (3) ban enumerateDevices() calls before user permission to kill the second leak vector.
flowchart TD
A[Browser RTCPeerConnection] --> B{iceTransportPolicy}
B -- relay --> C[TURN only · public IP only]
B -- all --> D[Host candidates gathered]
D --> E{mDNS enabled?}
E -- yes --> F[uuid.local opaque name]
E -- no --> G[Real LAN IP leaks]
F --> H[SDP sanitizer strips non-mDNS]
C --> H
H --> I[Safe SDP to remote peer]
CallSphere runs 37 production agents · 90+ tools · 115+ Postgres tables · 6 verticals · HIPAA + SOC 2 aligned. Every browser-side voice session uses iceTransportPolicy: "relay" against our hardened TURN fleet, mDNS is required, and an SDP munger drops any candidate whose connection-address is not a .local hostname or our public TURN IP. The Real Estate vertical "OneRoof Pion Go gateway 1.23" terminates Pion-based WebRTC inside the VPC so realtor LAN ranges never reach the cloud. Plans: $149 Starter / $499 Pro / $1,499 Scale, 14-day no-card trial, 22% recurring affiliate Year 1.
iceTransportPolicy: "relay" on RTCPeerConnection--enable-features=WebRtcHideLocalIpsWithMdns).local host candidates from SDPenumerateDevices until getUserMedia resolvesDoes relay-only kill p2p latency? Adds ~10-30 ms vs direct host. Trivial for voice; never noticeable in PSTN-style flows.
Hear it before you finish reading
Talk to a live CallSphere AI voice agent in your browser — 60 seconds, no signup.
Will mDNS break my SFU? No — SFUs do not need host candidates. They use server-reflexive (STUN) or relay (TURN).
What about IPv6 leaks? Same fix. mDNS obfuscates v6 host candidates too.
Is mDNS enough for GDPR? Combined with TLS, DTLS-SRTP, and SDP sanitization, yes. Document it in your DPIA.
Can I detect leak in CI? Yes — spin headless Chrome, capture SDP, regex-fail on bare RFC1918 addresses.
WebRTC IP Leak Prevention with mDNS for AI Voice Agents in 2026 ultimately resolves into one engineering question: when do you use the OpenAI Realtime API versus an async pipeline? Realtime wins on latency for live calls. Async wins on cost, retries, and structured tool reliability for callbacks and SMS flows. Most teams need both, and the routing layer between them becomes the most load-bearing piece of the stack.
The big fork is managed (OpenAI Realtime, ElevenLabs Conversational AI) versus self-hosted on GPUs you operate. Managed wins on cold-start, model freshness, and zero-ops; self-hosted wins on unit economics past a certain conversation volume and on data residency for regulated verticals. CallSphere runs hybrid: Realtime for live calls, self-hosted Whisper + a hosted LLM for async, both routed through a Go gateway that enforces per-tenant rate limits.
Still reading? Stop comparing — try CallSphere live.
CallSphere ships complete AI voice agents per industry — 14 tools for healthcare, 10 agents for real estate, 4 specialists for salons. See how it actually handles a call before you book a demo.
Latency budgets are non-negotiable on voice. End-to-end target is sub-800ms ASR-to-first-token and sub-1.4s first-audio-out; anything beyond that and turn-taking feels stilted. GPU residency in the same region as your TURN servers matters more than choosing a slightly bigger model.
Observability is the unglamorous backbone — every conversation produces logs, traces, sentiment scoring, and cost attribution piped to a per-tenant dashboard. HIPAA + SOC 2 aligned isolation keeps healthcare traffic separated from salon traffic at the storage layer, not just the API.
Is this realistic for a small business, or is it enterprise-only? 57+ languages are supported out of the box, and the platform is HIPAA and SOC 2 aligned, which removes most of the procurement friction in regulated verticals. For a topic like "WebRTC IP Leak Prevention with mDNS for AI Voice Agents in 2026", that means you're not starting from scratch — you're configuring an agent template that's already been hardened across thousands of conversations.
Which integrations have to be in place before launch? Day one is integration mapping (scheduler, CRM, messaging) and prompt tuning against your top 20 real call transcripts. Day two through five is shadow-mode running, where the agent transcribes and recommends but a human still answers, so you can compare side-by-side. Go-live is the moment your eval pass-rate clears your internal bar.
How do we measure whether it's actually working? The honest answer: it scales until your tool catalog gets stale. The agent is only as good as the integrations it can actually call, so the operational discipline is keeping schemas, webhooks, and fallback paths green. The platform handles the rest — observability, retries, multi-region routing — without your team owning the GPU layer.
Want to see how this maps to your stack? Book a live walkthrough at calendly.com/sagar-callsphere/new-meeting, or try the vertical-specific demo at urackit.callsphere.tech. 14-day trial, no credit card, pilot live in 3–5 business days.
Written by
Sagar Shankaran· Founder, CallSphere
Sagar Shankaran is the founder of CallSphere, where he builds production AI voice and chat agents deployed across healthcare, hospitality, real estate, and home services. He writes about agentic AI, LLM engineering, and shipping voice agents that handle real calls in production.
See how AI voice agents work for your industry. Live demo available -- no signup required.
BrowserStack offers 30,000+ real devices; Sauce Labs ships deep Appium automation. Here is how AI voice agent teams use both for WebRTC mobile QA in 2026.
WebTransport is Baseline as of March 2026. Media Over QUIC ships in production within the year. Here is what changes for AI voice agents — and what stays the same.
Inside NVIDIA OpenShell — the open-source secure runtime for autonomous desktop agents. Sandboxing, policy enforcement, and why it matters in 2026.
How to build a safety eval pipeline that runs known jailbreak corpora, prompt-injection attacks, and tool-misuse scenarios on every release — and gates merges on it.
Stop the agent BEFORE it does the wrong thing. How to wire input and output guardrails in the OpenAI Agents SDK with cheap classifiers and an eval suite that proves they work.
On May 4 2026 OpenAI published its Realtime stack rebuild — split-relay plus transceiver edge. Here is what changed and what it means for production voice agents.
© 2026 CallSphere LLC. All rights reserved.