Meet DAVE: Discord’s New End-to-End Encryption for Audio & Video

mox , 1 hour ago (edited 9 minutes ago)

Discord’s audio and video end-to-end encryption (“E2EE A/V” or “E2EE” for short)

That last bit is a little concerning. E2EE is widely understood to mean full end-to-end encryption of communications, not selective encryption of just the audio/video bits while passing the text around in the clear. If Discord starts writing “E2EE” for short when describing their partial solution, it is likely to mislead people into thinking their text chats are protected, or thinking that Discord is comparable to real E2EE systems. They aren’t, and it isn’t.

We want an E2EE A/V protocol that is publicly auditable

Their use of the word “auditable” here is also concerning. What does it mean for a protocol to be auditable? Sure, it’s nice that they’re publishing their design, but that doesn’t allow independent audit of the implementation that actually runs on their servers and (importantly) people’s devices. Without publicly auditable code that can be independently, built, run, and used instead of the binaries they provide, there’s no practical way to know that it matches the design that was reviewed. And without a way to verify that the code being run is the code that was inspected, any claim giving the impression that the system was audited is misleading at best.

During the rollout phase, a single non-supporting member being present forces the call to transport-only encryption. The call will automatically “upgrade” to E2EE if that member disconnects.

This sort of thing has historically been ripe for abuse. (See also: downgrade attack.) I hope they are very careful about how they implement it.

The protocol uses Messaging Layer Security (MLS) for group key exchange

Interesting. This makes me wonder if their motivation might be eventual compliance with the European Digital Markets Act. If that is the case, perhaps they also have a plan in the works for protecting text chats?

My early impression, based on what they wrote:

This won’t fix Discord’s major fundamental flaws. However, if their E2EE A/V design holds up to scrutiny, and if they were to fix their problematic language and provide truly auditable client code, the protection offered for audio & video could at least reduce Discord users’ exposure to unwanted collection of voice & face samples. A step in the right direction, and a timely one, given that biometric data collection and AI impersonation are on the rise.

subignition , 1 hour ago

I am WAY too unqualified to understand any of the technical stuff, so I'll be waiting to hear thoughts from experts on this one. It looks like if there are no major flaws in it this is a great thing for the platform overall.

simple , 1 hour ago (edited 1 hour ago)

It’s weird that they’re adding E2EE on voice but not in private text DMs, which is probably everybody’s biggest concern when it comes to security on Discord. Better than nothing I guess.

morrowind OP , 59 minutes ago

In servers I can see why but yeah not sure about dms

RmDebArc_5 , 53 minutes ago

They sell your dms for money. They don’t make money through spying on your calls. I’ll let you figure this one out.

morrowind OP , 44 minutes ago

They sell your dms for money

This is a very large claim. Do you have a source?

morrowind OP , 43 minutes ago

They sell your dms for money

This is a very large claim. Do you have a source?

SnotFlickerman , 2 hours ago (edited 1 hour ago)

The audit details and whitepaper details are far beyond my capabilities to understand. Can anyone with knowledge of the field tell us about the findings? If you would be so kind, please and thank you.

Good on them for getting an audit and making the code publicly auditable, but I really would like to hear an opinion from some folks who are more involved in cryptography on whether this is Discord being genuine and doing the right thing, or is it Discord trying to use Public Relations and weasel words to make it seem like they’re doing the right thing.

It’s just hard to trust a private company’s motives sometimes, but that doesn’t mean they’re not capable of doing the right thing. Thanks to anyone who can give some input on this.