Discord has introduced end-to-end encryption (E2EE) for audio and video chats.
Known as the DAVE protocol, this new feature aims to provide users with a more secure communication experience without compromising the platform’s renowned quality and performance.
A Commitment to Privacy
Discord, a platform with over 200 million monthly users, has long been a hub for communities centered around gaming and shared interests.
With the introduction of E2EE for voice and video calls, Discord is taking a significant step in ensuring that user conversations remain private.
The company emphasizes that during E2EE calls, only the participants have access to the content of their conversations.
Outsiders, including Discord itself, will not have access to the media encryption keys. The DAVE protocol ensures that encryption keys are unique for each call and change dynamically as participants join or leave.
This ensures that no one can access media from before they joined or after they left a call. Discord’s commitment to transparency is evident as it has released a whitepaper detailing the protocol and made its libraries publicly available for audit.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
Technical Implementation and Collaboration
The development of the DAVE protocol involved collaboration with Trail of Bits, an independent cybersecurity firm, which conducted thorough design and implementation reviews.
This collaboration underscores Discord’s dedication to building a secure and trusted E2EE protocol.
The technical backbone of DAVE involves using WebRTC-encoded transforms, which allow for encryption after encoding on the send side and decryption before decoding on the receive side.
This ensures that only participants in the call can decrypt the media, keeping it inaccessible to outsiders.
The protocol uses Messaging Layer Security (MLS) for group key exchange, which provides a scalable mechanism for updating shared keys among participants.
Discord assures users that their experience will remain seamless despite the introduction of sophisticated encryption technology.
The transition to E2EE will be automatic, with no need for users to manage identity keys or select primary devices. The platform’s high-quality voice and video services will continue uninterrupted, maintaining low latency and robust performance.
Discord’s latest desktop and mobile clients already support this upgrade, and compatibility across all platforms will be extended by next year.
The company acknowledges challenges posed by WebRTC API availability in browsers but has implemented solutions to ensure compatibility with existing codecs.
As Discord rolls out E2EE across its platform, it aims to make this feature the default for all voice and video communications in direct messages (DMs), group DMs, voice channels, and Go Live streams.
The company is also introducing user interface changes to help users verify participants through Verification Codes, ensuring that all members are who they claim to be.Â
Discord’s approach balances privacy with usability by offering options like persistent identity key pairs for those who prefer enhanced verification experiences.
This opt-in feature allows users to maintain consistent identity verification across multiple calls while keeping privacy as a default setting.
Discord’s introduction of end-to-end encryption marks a pivotal advancement in user privacy on its platform.
By combining robust security measures with an emphasis on user-friendly experiences, Discord sets a new standard for secure online communication in community-driven environments.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial