Discord has taken a significant step towards improving user privacy by introducing DAVE (Discord's Audio and Video End-to-End Encryption), a custom protocol designed to secure audio and video calls on the platform. This new feature is being rolled out across various communication channels, including direct messages, group chats, voice channels, and Go Live streams, marking a substantial upgrade in Discord's security infrastructure.
The DAVE protocol leverages WebRTC encoded transforms for encryption and Message Layer Security (MLS) for group key exchange, ensuring that media frames are encrypted after encoding and decrypted before decoding on the receiver's end. This approach guarantees that only participants in a call have access to the encryption keys, effectively preventing outside parties, including Discord itself, from accessing the content of conversations.
While this development significantly enhances privacy for voice and video communications, it's important to note that text messages on Discord will remain unencrypted. The company cites the need for content moderation as the reason for this decision, maintaining its ability to enforce safety policies on the platform. This partial implementation of end-to-end encryption highlights the ongoing challenge of balancing user privacy with platform safety and moderation capabilities.
To ensure transparency and security, Discord has made the DAVE protocol publicly auditable and had it reviewed by cybersecurity firm Trail of Bits. The company has also released a whitepaper detailing the protocol's functionality and opened its libraries for public scrutiny. This move towards greater transparency in security implementation sets a positive precedent in the industry and demonstrates Discord's commitment to user privacy while maintaining an open dialogue with the security community.
The DAVE protocol leverages WebRTC encoded transforms for encryption and Message Layer Security (MLS) for group key exchange, ensuring that media frames are encrypted after encoding and decrypted before decoding on the receiver's end. This approach guarantees that only participants in a call have access to the encryption keys, effectively preventing outside parties, including Discord itself, from accessing the content of conversations.
While this development significantly enhances privacy for voice and video communications, it's important to note that text messages on Discord will remain unencrypted. The company cites the need for content moderation as the reason for this decision, maintaining its ability to enforce safety policies on the platform. This partial implementation of end-to-end encryption highlights the ongoing challenge of balancing user privacy with platform safety and moderation capabilities.
To ensure transparency and security, Discord has made the DAVE protocol publicly auditable and had it reviewed by cybersecurity firm Trail of Bits. The company has also released a whitepaper detailing the protocol's functionality and opened its libraries for public scrutiny. This move towards greater transparency in security implementation sets a positive precedent in the industry and demonstrates Discord's commitment to user privacy while maintaining an open dialogue with the security community.