Tuesday, November 12, 2024
Homecyber securityDiscord Announces End-to-End Encryption for Audio & Video Chats

Discord Announces End-to-End Encryption for Audio & Video Chats

Published on

Malware protection

Discord has introduced end-to-end encryption (E2EE) for audio and video chats.

Known as the DAVE protocol, this new feature aims to provide users with a more secure communication experience without compromising the platform’s renowned quality and performance.

A Commitment to Privacy

Discord, a platform with over 200 million monthly users, has long been a hub for communities centered around gaming and shared interests.

- Advertisement - SIEM as a Service

With the introduction of E2EE for voice and video calls, Discord is taking a significant step in ensuring that user conversations remain private.

The company emphasizes that during E2EE calls, only the participants have access to the content of their conversations.

Outsiders, including Discord itself, will not have access to the media encryption keys. The DAVE protocol ensures that encryption keys are unique for each call and change dynamically as participants join or leave.

This ensures that no one can access media from before they joined or after they left a call. Discord’s commitment to transparency is evident as it has released a whitepaper detailing the protocol and made its libraries publicly available for audit.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

Technical Implementation and Collaboration

The development of the DAVE protocol involved collaboration with Trail of Bits, an independent cybersecurity firm, which conducted thorough design and implementation reviews.

This collaboration underscores Discord’s dedication to building a secure and trusted E2EE protocol. 

The technical backbone of DAVE involves using WebRTC-encoded transforms, which allow for encryption after encoding on the send side and decryption before decoding on the receive side.

WebRTC Encoded Transforms(source: Discord)
WebRTC Encoded Transforms(source: Discord)

This ensures that only participants in the call can decrypt the media, keeping it inaccessible to outsiders.

The protocol uses Messaging Layer Security (MLS) for group key exchange, which provides a scalable mechanism for updating shared keys among participants.

Discord assures users that their experience will remain seamless despite the introduction of sophisticated encryption technology.

The transition to E2EE will be automatic, with no need for users to manage identity keys or select primary devices. The platform’s high-quality voice and video services will continue uninterrupted, maintaining low latency and robust performance. 

Discord’s latest desktop and mobile clients already support this upgrade, and compatibility across all platforms will be extended by next year.

The company acknowledges challenges posed by WebRTC API availability in browsers but has implemented solutions to ensure compatibility with existing codecs.

As Discord rolls out E2EE across its platform, it aims to make this feature the default for all voice and video communications in direct messages (DMs), group DMs, voice channels, and Go Live streams.

The company is also introducing user interface changes to help users verify participants through Verification Codes, ensuring that all members are who they claim to be. 

Call Privacy Codes(source:Discord)
Call Privacy Codes(source:Discord)

Discord’s approach balances privacy with usability by offering options like persistent identity key pairs for those who prefer enhanced verification experiences.

This opt-in feature allows users to maintain consistent identity verification across multiple calls while keeping privacy as a default setting.

Discord’s introduction of end-to-end encryption marks a pivotal advancement in user privacy on its platform.

By combining robust security measures with an emphasis on user-friendly experiences, Discord sets a new standard for secure online communication in community-driven environments.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...