Popular messaging and VoIP platform Discord has implemented end-to-end encryption protection for audio and video calls.
The DAVE protocol protects all calls made in private channels, small group chats, server-based voice channels during larger group conversations, and real-time transmissions. However, messages are not encrypted.
The move will significantly improve the security and privacy of your data by preventing third parties from intercepting your private communications. Think of how encrypted messaging apps like Signal work, for example, or security software like the best VPN services. The migration process has already begun on Discord’s desktop and mobile apps and all you need to do is update your app to the latest version.
How Discord's DAVE Protocol Works
“Today we'll begin migrating voice and video in DMs, Group DMs, Voice Channels, and Livestreams to use E2EE. You'll be able to confirm when calls are end-to-end encrypted and perform verification of other members in those calls,” Discord wrote in a blog post on September 17, 2024.
Encryption refers to the process of scrambling data so that it cannot be read. E2EE specifically ensures that only the sender and receiver can encrypt and decrypt data in transit, end-to-end.
Discord’s DAVE protocol uses the WebRTC Encoded Transform API to encrypt audio and video communications before encoding and transmitting them, and then decrypting and decoding them on the receiving end. The protocol also uses Messaging Layer Security (MLS) for group key exchange. The company is said to have chosen this method because it “offers a scalable mechanism for groups to update shared keys” to encrypt and decrypt communications.
Without getting too technical, what's really cool here is that you can perform an out-of-band comparison of identity keys. to ensure that you are speaking to the correct person during the call. These identity keys are ephemeral and change for each user pair (Verification Code) or group (Voice Privacy Code) on different calls or when someone rejoins the same call.
It is worth noting that messages are excluded from E2E protections.
“Security is intertwined with our product and policies. While audio and video will be end-to-end encrypted, messages on Discord will still follow our approach to content moderation and will not be end-to-end encrypted,” the vendor explains.
The team has precisely designed DAVE to support additional security features while supporting the E2EE experience.
To develop DAVE, the Discord team collaborated with cybersecurity firm Trail of Bits, which conducted an in-depth review of the protocol’s design and implementation.
“When it comes to building a secure and reliable E2EE A/V protocol, transparency is key. To support this, we are publishing the DAVE protocol whitepaper (discord/dave-protocol) and the libraries our customers use to implement it (discord/libdave). From now on, any changes to the protocol or our code will be reflected in those repositories,” the vendor said, while inviting anyone who would like to review it to reach out.
As mentioned above, Discord is currently rolling out DAVE on desktop and mobile apps only; support for web clients will be coming later. You must update to the latest version to enjoy the new E2EE experience. Remember: all members must support DAVE in order for the call to be encrypted.
