Comment by michaelt
11 hours ago
> force them to use TURN servers that are more centralized and easier to spy on
Webrtc traffic is encrypted as it travels through the TURN servers, isn't it? Sure, you get some which-ip-contacted-which-using-what-service metadata, but any active middleman able to mess with STUN traffic already has that.
It could just be that someone's fucked up a setting somewhere. I mean, the reason WebRTC has loads of options for 'interactive connectivity establishment' is because it's common to see users behind NAT, users whose NAT cant be traversed with STUN, IPv6 being broken, UDP getting blocked, TCP ports other than port 443 getting blocked, etc etc.
If a country's ISPs use CGNAT to avoid giving users precious IPv4 addresses, and world events made the ISPs turn the security settings up to 11, STUN just stops working.
The traffic is encrypted, but this makes it a lot easier to acquire if you have some way to break it.
And metadata plus encrypted traffic fingerprinting is enough to provide huge signal to an intelligence agency.