Thursday, December 5, 2024
Homecyber securityDiscord Announces End-to-End Encryption for Audio & Video Chats

Discord Announces End-to-End Encryption for Audio & Video Chats

Published on

SIEM as a Service

Discord has introduced end-to-end encryption (E2EE) for audio and video chats.

Known as the DAVE protocol, this new feature aims to provide users with a more secure communication experience without compromising the platform’s renowned quality and performance.

A Commitment to Privacy

Discord, a platform with over 200 million monthly users, has long been a hub for communities centered around gaming and shared interests.

- Advertisement - SIEM as a Service

With the introduction of E2EE for voice and video calls, Discord is taking a significant step in ensuring that user conversations remain private.

The company emphasizes that during E2EE calls, only the participants have access to the content of their conversations.

Outsiders, including Discord itself, will not have access to the media encryption keys. The DAVE protocol ensures that encryption keys are unique for each call and change dynamically as participants join or leave.

This ensures that no one can access media from before they joined or after they left a call. Discord’s commitment to transparency is evident as it has released a whitepaper detailing the protocol and made its libraries publicly available for audit.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

Technical Implementation and Collaboration

The development of the DAVE protocol involved collaboration with Trail of Bits, an independent cybersecurity firm, which conducted thorough design and implementation reviews.

This collaboration underscores Discord’s dedication to building a secure and trusted E2EE protocol. 

The technical backbone of DAVE involves using WebRTC-encoded transforms, which allow for encryption after encoding on the send side and decryption before decoding on the receive side.

WebRTC Encoded Transforms(source: Discord)
WebRTC Encoded Transforms(source: Discord)

This ensures that only participants in the call can decrypt the media, keeping it inaccessible to outsiders.

The protocol uses Messaging Layer Security (MLS) for group key exchange, which provides a scalable mechanism for updating shared keys among participants.

Discord assures users that their experience will remain seamless despite the introduction of sophisticated encryption technology.

The transition to E2EE will be automatic, with no need for users to manage identity keys or select primary devices. The platform’s high-quality voice and video services will continue uninterrupted, maintaining low latency and robust performance. 

Discord’s latest desktop and mobile clients already support this upgrade, and compatibility across all platforms will be extended by next year.

The company acknowledges challenges posed by WebRTC API availability in browsers but has implemented solutions to ensure compatibility with existing codecs.

As Discord rolls out E2EE across its platform, it aims to make this feature the default for all voice and video communications in direct messages (DMs), group DMs, voice channels, and Go Live streams.

The company is also introducing user interface changes to help users verify participants through Verification Codes, ensuring that all members are who they claim to be. 

Call Privacy Codes(source:Discord)
Call Privacy Codes(source:Discord)

Discord’s approach balances privacy with usability by offering options like persistent identity key pairs for those who prefer enhanced verification experiences.

This opt-in feature allows users to maintain consistent identity verification across multiple calls while keeping privacy as a default setting.

Discord’s introduction of end-to-end encryption marks a pivotal advancement in user privacy on its platform.

By combining robust security measures with an emphasis on user-friendly experiences, Discord sets a new standard for secure online communication in community-driven environments.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...