Comment on Meet DAVE: Discord’s New End-to-End Encryption for Audio & Video
mox@lemmy.sdf.org 1 month ago
Discord’s audio and video end-to-end encryption (“E2EE A/V” or “E2EE” for short)
That last bit is a little concerning. E2EE is widely understood to mean full end-to-end encryption of communications, not selective encryption of just the audio/video bits while passing the text around in the clear. If Discord starts writing “E2EE” for short when describing their partial solution, it is likely to mislead people into thinking their text chats are protected, or thinking that Discord is comparable to real E2EE systems. They aren’t, and it isn’t.
We want an E2EE A/V protocol that is publicly auditable
Their use of the word “auditable” here is also concerning. What does it mean for a protocol to be auditable? Sure, it’s nice that they’re publishing their design, but that doesn’t allow independent audit of the implementation that actually runs on their servers and (importantly) our devices. Without publicly auditable code that can be independently, built, run, and used instead of the binaries they provide, there’s no practical way to know that it matches the design that was reviewed. Without a way to verify that the code being run is the code that was inspected, claiming that the system was audited is misleading.
The protocol uses Messaging Layer Security (MLS) for group key exchange
Interesting. This makes me think their motivation for doing this might be compliance with the European Digital Markets Act. If that is the case, perhaps they also have a plan in the works for protecting text chats.
semperverus@lemmy.world 1 month ago
The code is very auditable
pressanykeynow@lemmy.world 1 month ago
Is Discord client code available?
semperverus@lemmy.world 1 month ago
kind of
If you download the client, it’s just an electron app, so all of the bits written in js/css/etc are sitting right there in the client itself. People have used this to repackage it with customizations, such as webcord (nicer user experience on Linux) and others.
As for the compiled bits… well, every binary executable is open source if you’re brave enough