- From: Jan-Ivar Bruaroey via GitHub <noreply@w3.org>
- Date: Mon, 18 May 2026 21:53:14 +0000
- To: public-webrtc@w3.org
jan-ivar has just created a new issue for https://github.com/w3c/webrtc-pc:
== mDNS ICE trips Local Network permission prompt on macOS ==
On macOS 26+, any use of RTCPeerConnection [triggers](https://jan-ivar.github.io/dummy/gum_chat.html) the OS _"Local Network"_ permission prompt due to mDNS, _unless_ I run `[gUM first]`.
_(If not prompted, you've allowed or denied it in the past and you won't see it again. See System Settings / Privacy & Security / Local Network)_
This is surprising, as no attempt is made to connect over the LAN. WebRTC simply uses mDNS to obfuscate local IP addresses as a privacy measure (which explains why it only happens sans gUM access).
This permission isn't withheld from websites [yet](https://github.com/WICG/local-network-access/blob/main/explainer.md#integration-with-webrtc), but once that happens, we can expect a lot more prompts. So we might want to prepare.
This seems to happen in all browsers, so I'm filing here to look for common solutions.
### Approaches to discuss
**OS-side:**
- macOS's Local Network permission seems scoped to prevent finding devices on the LAN. It might be worth exploring whether WebRTC's use of mDNS fits that threat model, or if benign patterns can be identified.
**UA-side:**
- UA could defer mDNS resolution until a pair is selected for a connectivity check, so an early srflx/relay connection avoids the multicast.
- UA could abandon pending mDNS resolutions once any pair reaches `succeeded`.
**API surface:**
- If we can't fix the above, do we need to reconsider `{iceTransportPolicy: "public"}` https://github.com/w3c/webrtc-pc/pull/544?
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/3109 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 18 May 2026 21:53:15 UTC