September 18, 2024 at 06:09PM
Discord has launched the DAVE protocol to secure audio and video calls with end-to-end encryption. Developed with cybersecurity experts, DAVE will protect one-on-one and group calls across various channels. Discord plans to migrate calls to E2EE and make the protocol open-source, emphasizing transparency and security for its 200 million users. The rollout will initially cover desktop and mobile apps.
The meeting notes indicate that Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to safeguard audio and video calls on the platform from unauthorized interceptions. DAVE was developed with the support of cybersecurity experts at Trail of Bits and has undergone code and implementation audits for security.
This new system will encompass one-on-one audio and video calls in private channels, small group chats, server-based voice channels, and real-time streaming. The platform plans to start migrating voice and video in various channels to use E2EE, and users will be able to confirm when their calls are end-to-end encrypted and verify other members in those calls.
Discord has decided to make the protocol and its supporting libraries open-source, and a whitepaper with complete technical information has been published, demonstrating transparency to the community.
Regarding the technical aspects, DAVE uses the WebRTC encoded transform API for encryption and employs the Messaging Layer Security (MLS) protocol for secure and scalable group key exchanges. The protocol also utilizes the Elliptic Curve Digital Signature Algorithm (ECDSA) for generating identity key pairs and has implemented methods for resistance to persistent tracking through the use of ephemeral identity keys.
The implementation of DAVE will be rolled out in stages, with the migration process underway and the expectation that it will take some time before all users have full access to the new E2EE system across all devices and channels. Users will need to upgrade to the latest client application, as outdated clients will be limited to transport-only encryption.
The initial roll-out will cover Discord’s desktop and mobile apps, with support for web clients to follow in the future.