Well, it's a complicated answer, I think.<p>Generally, it's not an additional risk over how screwed you generally are. If you're taking precautions against existing attacks, then yeah.<p>Question is, can it be fixed? The WebRTC SDP's for getting a peer-to-peer connection, so the general case seems to need to share IP addresses..<p>But that's not really needed, if you're normally behind a NAT, you're going to be behind a NAT this time, and don't need to share your real IPs -- just STUN/ICE data. If you're not behind a NAT, they already have your IP address.
This is really scary that it can be used as a very reliable fingerprinting technique.<p><a href="http://tools.ietf.org/html/draft-ietf-rtcweb-security-05#section-4.2.4" rel="nofollow">http://tools.ietf.org/html/draft-ietf-rtcweb-security-05#sec...</a><p>It doesn't seem like the issue is addressed in the webrtc draft.
I'm not getting anything on the page linked to in this article: <a href="http://net.ipcalf.com/" rel="nofollow">http://net.ipcalf.com/</a><p>On Chrome I get nothing, on Firefox, I get a printed out shell command.