Discord has recently introduced the DAVE protocol [3], an end-to-end encryption (E2EE) solution for audio and video calls [1] [2] [3], enhancing user privacy and data security [2].

Description

Named after Discord’s end-to-end encryption for audio and video (E2EE A/V) [4], DAVE ensures that only the sender and receiver can encrypt and decrypt data [3]. This protocol [1] [3] [4] [5], audited by Trail of Bits [5], utilizes WebRTC for encryption and decryption of audio/video communications [1] [3], as well as Messaging Layer Security (MLS) for group key exchange [1] [5]. Ephemeral identity keys are also employed, changing for each pair of users or group [3]. Media frames are encrypted after encoding and decrypted before decoding [4] [5], maintaining privacy for call participants [5]. The update applies to private channels [2], group chats [2], server-based voice channels [2], and real-time streaming [2], with messages remaining unencrypted [2]. It is important to note that Discord’s content moderation approach still applies to unencrypted messages on the platform, ensuring safety measures alongside privacy features like E2EE A/V [5]. DAVE is designed to be compatible with additional safety features and has been reviewed by cybersecurity firm Trail of Bits [3]. The selective forwarding unit (SFU) retains transport encryption for authenticated call participants [5], preventing unauthorized access to audio and video data [5]. Users must update their apps to the latest version to use this feature [2], aligning Discord with other secure messaging platforms like Signal [2]. Discord is currently implementing DAVE across desktop and mobile apps [3], with support for web clients coming later [3]. All participants in a call must support DAVE for encryption to be enabled [1].

Conclusion

The implementation of the DAVE protocol by Discord marks a significant step towards enhancing user privacy and data security in audio and video calls. With features like E2EE A/V [5], group key exchange [1] [3] [4] [5], and selective forwarding unit [4] [5], Discord is ensuring that user data remains secure and protected. Moving forward, the adoption of DAVE across all platforms and the requirement for all call participants to support encryption will further strengthen Discord’s commitment to user privacy and security.

References

[1] https://londonreviews.co.uk/audio-and-video-calls-on-discords-are-now-end-to-end-encrypted/
[2] https://www.businessupturn.com/usa/audio-and-video-calls-on-discords-are-now-end-to-end-encrypted/53114/
[3] https://www.techradar.com/computing/cyber-security/audio-and-video-calls-on-discords-are-now-end-to-end-encrypted
[4] https://www.techidee.nl/discord-introduceert-dave-protocol-voor-end-to-end-encryptie-in-audio-en-videogesprekken/14436/
[5] https://thehackernews.com/2024/09/discord-introduces-dave-protocol-for.html