Discord has announced the rollout of a new custom end-to-end encrypted (E2EE) protocol called DAVE, designed to enhance the security of audio and video calls on the platform. DAVE, which stands for Discord's Audio and Video End-to-End Encryption, will be implemented in direct messages, group direct messages, voice channels, and Go Live streams.
It's important to note that while DAVE will secure voice and video communications, messages on Discord will remain unencrypted and subject to the platform's content moderation policies. Discord emphasized that the integration of new privacy features like E2EE A/V is balanced with safety, ensuring that messages can still be moderated for user protection.
DAVE is publicly auditable and has undergone a review by Trail of Bits. It utilizes WebRTC encoded transforms for encryption, along with Message Layer Security (MLS) for group key exchange. This setup allows media frames to be encrypted after encoding and decrypted before decoding on the receiver's end. Each frame is encrypted with a unique per-sender symmetric key, known to all participants but inaccessible to outsiders, including Discord itself.
MLS facilitates dynamic participation in voice and video sessions, ensuring that new participants cannot decrypt media sent before they joined, and those who leave cannot access future media.
Discord retains its existing transport encryption between clients and its selective forwarding unit (SFU), which processes all call packets while keeping the audio and video data end-to-end encrypted and undecryptable by the SFU.
This announcement follows recent developments from the GSM Association (GSMA), which is working towards implementing E2EE for messages across the Android and iOS ecosystems.
Credit:TheHackerNews.
