> force them to use TURN servers that are more centralized and easier to spy on

Webrtc traffic is encrypted as it travels through the TURN servers, isn't it? Sure, you get some which-ip-contacted-which-using-what-service metadata, but any active middleman able to mess with STUN traffic already has that.

It could just be that someone's fucked up a setting somewhere. I mean, the reason WebRTC has loads of options for 'interactive connectivity establishment' is because it's common to see users behind NAT, users whose NAT cant be traversed with STUN, IPv6 being broken, UDP getting blocked, TCP ports other than port 443 getting blocked, etc etc.

If a country's ISPs use CGNAT to avoid giving users precious IPv4 addresses, and world events made the ISPs turn the security settings up to 11, STUN just stops working.