Audio and video calls on Discords are now end-to-end encrypted

Messages are excluded from E2EE protections

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Popular messaging and VoIP platformDiscordrolled out end-to-end encryption protection for both audio and video calls.

The so-called DAVE protocol protects all your calls across private channels, small group chats, server-based voice channels during conversations in larger groups, and real-time streaming. Messages, however, remain non-encrypted.

The move is set to considerably boost your data security and privacy by preventing third parties from intercepting your private communications. Think about how encrypted messaging apps likeSignalwork, for example, or security software like thebest VPNservices. The migration process has already started across Discord’s desktop and mobile apps and all you need to do is update your app to the latest version.

How Discord’s DAVE protocol works

“Today, we’ll start migrating voice and video in DMs, Group DMs, voice channels, and Go Live streams to use E2EE. You will be able to confirm when calls are end-to-end encrypted and perform verification of other members in those calls,” wrote Discord in ablog postdated September 17, 2024.

Encryptionrefers to the process of scrambling data into an unreadable form. E2EE specifically ensures that only the sender and receiver can encrypt and decrypt the data in transit – end-to-end.

Discord’s DAVE protocol uses theWebRTC encoded transform APIto encrypt audio/video communications before being encoded and transmitted, these are then decrypted and decoded on the receiving side. The protocol also usesMessaging Layer Security (MLS)for group key exchange. The company is said to have chosen this method as “it provides a scalable mechanism for groups to update shared keys” to encrypt and decrypt communications.

Without going too deeply into the technicalities, what’s very interesting here is that you can perform an out-of-band comparison of the identity keysto ensure you’re talking with the right person during the call. These identity keys are ephemeral and change for each pair of users (Verification Code) or group (Voice Privacy Code)across different calls or when somebody re-joins the same call.

It’s worth keeping in mind that messages are excluded from E2E protections.

“Safety is intertwined with our product and policies. While audio and video will be end-to-end encrypted, messages on Discord will continue to follow ourcontent moderationapproach and are not end-to-end encrypted,” explains the provider.

The team has precisely designed DAVE to be compatible with additional safety features while supporting the E2EE experience.

To develop DAVE, the Discord team collaborated with cybersecurity firm Trail of Bits, which conducted an in-depth review of the protocol’s design and implementation.

“When it comes to building a secure and trusted E2EE A/V protocol, transparency is key. To support this, we’re releasing the DAVE protocol whitepaper (discord/dave-protocol) and the libraries our clients use to implement it (discord/libdave). Moving forward, any changes to either the protocol or our code will be reflected in those repositories,” said the provider, while inviting anyone wishing to review it to reach out.

As mentioned earlier, Discord is currently rolling out DAVE across desktop and mobile apps only – support for web clients will follow at a later date. You need to update to the latest version to enjoy the new E2EE experience. Remember: all the members must support DAVE for the call to get encrypted.

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Undermining your privacy? Session says no and leaves Australia

Are online dating and data privacy an incompatible match?

Warhammer 40,000: Darktide is coming to PS5 with PS5 Pro support at launch