I thought the complaint was that the browser was figuring it out directly and then exposing it, such as via the browser's location API, not that the website was figuring it out using non-location network mechanisms provided by the browser.
(FWIW, a website that is given media recording privileges can definitely do that, though, using WebRTC. If you don't have that privilege then you can still use the WebRTC API but it doesn't return alternative candidates. But I also don't think that is what they meant.)
(FWIW, a website that is given media recording privileges can definitely do that, though, using WebRTC. If you don't have that privilege then you can still use the WebRTC API but it doesn't return alternative candidates. But I also don't think that is what they meant.)