Popular messaging and VoIP platform Discord rolled out end-to-end encryption protection for both audio and video calls.
The so-called DAVE protocol protects all your calls across private channels, small group chats, server-based voice channels during conversations in larger groups, and real-time streaming. Messages, however, remain non-encrypted.
The move is set to considerably boost your data security and privacy by preventing third parties from intercepting your private communications. Think about how encrypted messaging apps like Signal work, for example, or security software like the best VPN services. The migration process has already started across Discord's desktop and mobile apps and all you need to do is update your app to the latest version.
"Today, we’ll start migrating voice and video in DMs, Group DMs, voice channels, and Go Live streams to use E2EE. You will be able to confirm when calls are end-to-end encrypted and perform verification of other members in those calls," wrote Discord in a blog post dated September 17, 2024.
Encryption refers to the process of scrambling data into an unreadable form. E2EE specifically ensures that only the sender and receiver can encrypt and decrypt the data in transit – end-to-end.
Discord's DAVE protocol uses the WebRTC encoded transform API to encrypt audio/video communications before being encoded and transmitted, these are then decrypted and decoded on the receiving side. The protocol also uses Messaging Layer Security (MLS) for group key exchange. The company is said to have chosen this method as "it provides a scalable mechanism for groups to update shared keys" to encrypt and decrypt communications.
Without going too deeply into the technicalities, what's very interesting here is that you can perform an out-of-band comparison of the identity keys to ensure you're talking with the right person during the call. These identity keys are ephemeral and change for each pair of users (Verification Code) or group (Voice Privacy Code) across different calls or when somebody re-joins the same call.
The Voice Privacy Code will change as users join and leave a group call. You can compare these with out-of-band codes to ensure everyone in the call is who's claim to be. (Image credit: Discord)
It's worth keeping in mind that messages are excluded from E2E protections.
"Safety is intertwined with our product and policies. While audio and video will be end-to-end encrypted, messages on Discord will continue to follow our content moderation approach and are not end-to-end encrypted," explains the provider.
The team has precisely designed DAVE to be compatible with additional safety features while supporting the E2EE experience.
To develop DAVE, the Discord team collaborated with cybersecurity firm Trail of Bits, which conducted an in-depth review of the protocol's design and implementation.
"When it comes to building a secure and trusted E2EE A/V protocol, transparency is key. To support this, we’re releasing the DAVE protocol whitepaper (discord/dave-protocol) and the libraries our clients use to implement it (discord/libdave). Moving forward, any changes to either the protocol or our code will be reflected in those repositories," said the provider, while inviting anyone wishing to review it to reach out.
As mentioned earlier, Discord is currently rolling out DAVE across desktop and mobile apps only – support for web clients will follow at a later date. You need to update to the latest version to enjoy the new E2EE experience. Remember: all the members must support DAVE for the call to get encrypted.
Continue reading...
The so-called DAVE protocol protects all your calls across private channels, small group chats, server-based voice channels during conversations in larger groups, and real-time streaming. Messages, however, remain non-encrypted.
The move is set to considerably boost your data security and privacy by preventing third parties from intercepting your private communications. Think about how encrypted messaging apps like Signal work, for example, or security software like the best VPN services. The migration process has already started across Discord's desktop and mobile apps and all you need to do is update your app to the latest version.
How Discord's DAVE protocol works
"Today, we’ll start migrating voice and video in DMs, Group DMs, voice channels, and Go Live streams to use E2EE. You will be able to confirm when calls are end-to-end encrypted and perform verification of other members in those calls," wrote Discord in a blog post dated September 17, 2024.
Encryption refers to the process of scrambling data into an unreadable form. E2EE specifically ensures that only the sender and receiver can encrypt and decrypt the data in transit – end-to-end.
Discord's DAVE protocol uses the WebRTC encoded transform API to encrypt audio/video communications before being encoded and transmitted, these are then decrypted and decoded on the receiving side. The protocol also uses Messaging Layer Security (MLS) for group key exchange. The company is said to have chosen this method as "it provides a scalable mechanism for groups to update shared keys" to encrypt and decrypt communications.
Without going too deeply into the technicalities, what's very interesting here is that you can perform an out-of-band comparison of the identity keys to ensure you're talking with the right person during the call. These identity keys are ephemeral and change for each pair of users (Verification Code) or group (Voice Privacy Code) across different calls or when somebody re-joins the same call.
The Voice Privacy Code will change as users join and leave a group call. You can compare these with out-of-band codes to ensure everyone in the call is who's claim to be. (Image credit: Discord)
It's worth keeping in mind that messages are excluded from E2E protections.
"Safety is intertwined with our product and policies. While audio and video will be end-to-end encrypted, messages on Discord will continue to follow our content moderation approach and are not end-to-end encrypted," explains the provider.
The team has precisely designed DAVE to be compatible with additional safety features while supporting the E2EE experience.
To develop DAVE, the Discord team collaborated with cybersecurity firm Trail of Bits, which conducted an in-depth review of the protocol's design and implementation.
"When it comes to building a secure and trusted E2EE A/V protocol, transparency is key. To support this, we’re releasing the DAVE protocol whitepaper (discord/dave-protocol) and the libraries our clients use to implement it (discord/libdave). Moving forward, any changes to either the protocol or our code will be reflected in those repositories," said the provider, while inviting anyone wishing to review it to reach out.
As mentioned earlier, Discord is currently rolling out DAVE across desktop and mobile apps only – support for web clients will follow at a later date. You need to update to the latest version to enjoy the new E2EE experience. Remember: all the members must support DAVE for the call to get encrypted.
Continue reading...