Audio and video calls on Discords are now end-to-end encrypted

Popular messaging and VoIP platform Discord has rolled out end-to-end encryption security for both audio and video calls.

The so-called DAVE protocol protects all your calls via private channels, small group chats, server-based voice channels during larger group conversations and real-time streaming. Messages, however, remain unencrypted.

The move will significantly improve the security and privacy of your data by preventing third parties from intercepting your private communications. Think of how encrypted messaging apps like Signal work, or security software like the best VPN services. The migration process has already begun on Discord’s desktop and mobile apps, and all you need to do is update your app to the latest version.

How Discord’s DAVE Protocol Works

“Today we’re beginning to migrate voice and video in DMs, Group DMs, voice channels, and Go Live streams to use E2EE. You’ll be able to confirm when calls are end-to-end encrypted and perform verification from other members in those calls,” Discord wrote in a blog post dated September 17, 2024.

Encryption refers to the process of scrambling data into an unreadable form. E2EE specifically ensures that only the sender and receiver can encrypt and decrypt the data in transit – end-to-end.

Discord’s DAVE protocol uses the WebRTC Encoded Transformation API to encode audio/video communications before they are encoded and transmitted, which are then decoded and decrypted at the receiving end. The protocol also uses Security of the message layer (MLS) for group key exchange. The company is said to have chosen this method because “it provides a scalable mechanism for groups to update shared keys” to encrypt and decrypt communications.

Without going too deep into the technical details, what is very interesting here is that you can perform an out-of-band comparison of the identity keys to ensure that you are talking to the right person during the call. These identity keys are volatile and change for every pair of users (Verification Code) or group (Voice Privacy Code) during different conversations or when someone re-joins the same conversation.

The Voice Privacy Code changes when users join or leave a group call. You can compare these to out-of-band codes to ensure that everyone in the call is who they say they are. (Image credit: Discord)

Please note that messages are excluded from E2E security.

“Security is woven into our product and policies. While audio and video will be end-to-end encrypted, messages on Discord will be our content moderation “The data is sent via another source and is not end-to-end encrypted,” the provider explains.

The team designed DAVE to be compatible with additional security features while supporting the E2EE experience.

To develop DAVE, the Discord team partnered with cybersecurity firm Trail of Bits, which conducted an in-depth review of the protocol’s design and implementation.

“When it comes to building a secure and trusted E2EE A/V protocol, transparency is key. To support this, we are releasing the DAVE protocol whitepaper (discord/dave-protocol) and the libraries our customers use to implement it (disagreement/libdave“From now on, any changes to the protocol or our code will be reflected in those repositories,” the provider said, inviting anyone interested in reviewing the code to get in touch.

As mentioned, Discord is currently rolling out DAVE to desktop and mobile apps only. Web client support will follow at a later date. You will need to update to the latest version to enjoy the new E2EE experience. Remember: all members must support DAVE in order to encrypt the conversation.

Related Post