Discord launches end-to-end encryption for audio and video chats

The online service is now introducing end-to-end encryption (E2EE) so that only senders and recipients can hear and see the content of audio and video chats conducted via Discord. The developers have created the "Discord Audio & Video End-to-End Encryption" (DAVE) protocol for this purpose.

According to the company, 200 million users worldwide use the online service to exchange audio, text and video chats on a wide range of topics such as computer games. According to a statement from Discord, the E2EE is to be introduced with immediate effect. Text messages will remain unencrypted for moderation reasons. In an article, the developers explain how to recognize whether E2EE is active.

Background

Correctly implemented end-to-end encryption guarantees that only the sender and recipient can decrypt the content and therefore hear and see the sound and image. This means that even the provider of a service, in this case Discord, cannot listen in. To ensure this, the private keys are stored locally, among other things. E2EE is primarily intended to protect privacy.

In order to do justice to this, however, the encryption code must not be a black box in which providers build in back doors, for example. Accordingly, the Discord developers have published the DAVE whitepaper and the libdave library code on Github.

Security check

The developers also had DAVE checked by IT security service provider Trail of Bits as part of a security audit before it went live. The security researchers discovered several vulnerabilities in the protocol that could break the encryption, among other things. For example, the encryption of AV1-encoded content was broken. The researchers state that the security problems have now been solved.

They also examined the code for starting points for attacks and found a few here too. These vulnerabilities have now also been closed.

(des)