Discord Launches End-To-End Encryption For Audio & Video Chats

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

Discord has announced the rollout of end-to-end encryption (E2EE) for audio and video chats on its platform.

This new feature dubbed the DAVE protocol, ensures that only the participants in a call can access the contents of ongoing audio and video conversations, keeping them secure from outsiders, including Discord itself.

The DAVE protocol, which stands for Discord’s Audio and Video End-to-End encryption, has five key goals: truly private conversations, an open and effective protocol, broad platform support, transparency to users, and scalability and performance.

To achieve these goals, Discord collaborated with Trail of Bits, a renowned independent cybersecurity firm, to conduct a thorough review of both the design and implementation of DAVE.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

The new protocol uses WebRTC encoded transforms to encrypt and decrypt audio and video frames, ensuring that only participants in a call can access the media encryption keys.

Additionally, Discord has adopted Messaging Layer Security (MLS) for group key exchange, which provides a scalable mechanism for groups to update shared keys.

This means that when participants join or leave a call, the group moves to a new “epoch,” and all per-sender keys change, preventing new members from decrypting media sent in previous epochs and leaving members from decrypting media sent in future epochs.

Discord E2EE for Audio & Video

To support the implementation of E2EE A/V, Discord is rolling out user interface changes to help users verify when voice and video calls are end-to-end encrypted.

A new Privacy tab in the call details view displays a Voice Privacy Code, which is an exported secret from the underlying MLS group.

This code changes as users join and leave the call, and it can be compared out-of-band to ensure that nobody on the call is being impersonated.

The introduction of E2EE A/V does not compromise the high-quality, robust, and low-latency voice and video experience that Discord users are accustomed to. The transition to E2EE is seamless, and users will not notice any call disruptions.

Discord’s commitment to protecting user privacy is evident in its decision to make E2EE A/V the default for voice and video in DMs, Group DMs, voice channels, and Go Live streams.

The company has also made the DAVE protocol whitepaper and open-source library available for public review and feedback.

This significant update underscores Discord’s dedication to user privacy and security, making it a more secure platform for its 200 million monthly users.

As the company continues to invest in safety features and technologies, users can expect even more future enhancements to their privacy and security.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial