Sep 23, 2024
Ravie Lakshmanan
Encryption / Data Protection
Exciting news from popular social messaging platform Discord! The company has just announced the rollout of a brand new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls.
The protocol, creatively named DAVE, which stands for Discord’s audio and video end-to-end encryption (“E2EE A/V”), is set to revolutionize the security landscape for voice and video calls on the platform. Voice and video in DMs, Group DMs, voice channels, and Go Live streams will now be protected using this cutting-edge encryption protocol.
Despite this enhancement, it’s important to note that while voice and video calls are now encrypted end-to-end, messages on Discord will still remain unencrypted and will continue to be subject to the platform’s content moderation approach.
Discord has emphasized that safety remains a top priority, stating, “When we consider adding new privacy features like E2EE A/V, we do not do so in isolation from safety. That is why safety is integrated across our product and policies, and why messages on Discord are unencrypted.”
The protocol used, DAVE, is publicly auditable and has undergone a review by Trail of Bits. It utilizes WebRTC encoded transforms and Message Layer Security (MLS) for encryption and group key exchange (GKE), ensuring robust security for all audio and video communications on the platform.
Furthermore, each frame of media is encrypted or decrypted with a per-sender symmetric key, ensuring that only authorized call participants can access the content. Discord’s implementation of MLS also allows for seamless joining and leaving of voice and video sessions without compromising security.
In addition, Discord has retained its existing transport encryption for audio and video communications between clients and its selective forwarding unit (SFU), ensuring that only authenticated call participants can access the transmitted data. The SFU is unable to decrypt the end-to-end encrypted audio and video data, maintaining the privacy and security of the calls.
This development comes on the heels of the GSM Association’s efforts to implement E2EE for messages sent between Android and iOS devices, highlighting a growing trend towards increased security in communication platforms.