Discord end-to-end encryption (E2EE) is rolling out today for both audio and video calls. You can update to the latest mobile and desktop apps to get access to the privacy protection today.
There are, however, some exceptions to strong encryption, which result from a mix of technical limitations and Discord policy …
E2E encryption for audio and video calls
Discord made the announcement in a blog post. It said the E2EE protocol used, dubbed DAVE (Discord Audio & Video Encryption), has been independently audited.
Today, we’ll start migrating voice and video in DMs, Group DMs, voice channels, and Go Live streams to use E2EE. You will be able to confirm when calls are end-to-end encrypted and perform verification of other members in those calls […]
We collaborated closely with Trail of Bits, a renowned independent cybersecurity firm, to conduct a thorough review of both the design and implementation of DAVE in our code base. With DAVE’s launch, Trail of Bits is publishing their findings from both the design review and implementation review.
New keys are generated anytime anyone leaves or joins a call.
During E2EE A/V calls, no one but the participants can access the contents of ongoing audio and video conversations. Outsiders, including Discord itself, never know the media encryption keys.
E2EE media encryption keys are different for each call, and for each specific group within the call at a point in time. When the participants join or leave a call, keys are changed and members cannot decrypt media that was sent before they joined or after they left.
Two key exceptions
Discord reminds users that text messages in DMs do not use E2EE, and that’s a deliberate policy.
Safety is intertwined with our product and policies. While audio and video will be end-to-end encrypted, messages on Discord will continue to follow our content moderation approach and are not end-to-end encrypted.
The other exception, which is a technical limitation, is web-based calls in some browsers.
To transmit real-time audio and video, Discord uses WebRTC. When it comes to web clients, we are limited by the WebRTC API availability in browsers, which poses a unique challenge to supporting E2EE A/V. This is why DAVE leverages the WebRTC encoded transform API with a codec-aware send-side transform, which creates compatibility with WebRTC’s handling of Discord’s supported codecs.
The company says E2EE should be supported by all Discord clients by some point next year.
Image: Discord
FTC: We use income earning auto affiliate links. More.