Encryption on Discord. Okay, if you say so.
Meet DAVE: Discord’s New End-to-End Encryption for Audio & Video
Submitted 2 months ago by morrowind@lemmy.ml to technology@lemmy.world
https://discord.com/blog/meet-dave-e2ee-for-audio-video
Comments
hal_5700X@sh.itjust.works 2 months ago
mox@lemmy.sdf.org 2 months ago
Discord’s audio and video end-to-end encryption (“E2EE A/V” or “E2EE” for short)
That last bit is a little concerning. E2EE is widely understood to mean full end-to-end encryption of communications, not selective encryption of just the audio/video bits while passing the text around in the clear. If Discord starts writing “E2EE” for short when describing their partial solution, it is likely to mislead people into thinking their text chats are protected, or thinking that Discord is comparable to real E2EE systems. They aren’t, and it isn’t.
We want an E2EE A/V protocol that is publicly auditable
Their use of the word “auditable” here is also concerning. What does it mean for a protocol to be auditable? Sure, it’s nice that they’re publishing their design, but that doesn’t allow independent audit of the implementation that actually runs on their servers and (importantly) our devices. Without publicly auditable code that can be independently, built, run, and used instead of the binaries they provide, there’s no practical way to know that it matches the design that was reviewed. Without a way to verify that the code being run is the code that was inspected, claiming that the system was audited is misleading.
The protocol uses Messaging Layer Security (MLS) for group key exchange
Interesting. This makes me think their motivation for doing this might be compliance with the European Digital Markets Act. If that is the case, perhaps they also have a plan in the works for protecting text chats.
semperverus@lemmy.world 2 months ago
pressanykeynow@lemmy.world 2 months ago
Is Discord client code available?
SnotFlickerman@lemmy.blahaj.zone 2 months ago
The audit details and whitepaper details are far beyond my capabilities to understand. Can anyone with knowledge of the field tell us about the findings?
Good on them for getting an audit and making the code publicly auditable, but I really would like to hear an opinion from some folks who are more involved in cryptography on whether this is Discord being genuine and doing the right thing, or is it Discord trying to use Public Relations and weasel words to make it seem like they’re doing the right thing.
It’s just hard to trust a private company’s motives sometimes, but that doesn’t mean they’re not capable of doing the right thing. Thanks to anyone who can give some input on this.
CosmicTurtle0@lemmy.dbzer0.com 2 months ago
My very cursory glance at the paper is that basically they are encrypting live calls. Basically they are doing what zoom has been doing since the pandemic.
ArtikBanana@lemmy.dbzer0.com 2 months ago
From what I remember, in Zoom the meeting’s host needs to enable E2EE, it’s not automatic, and it disables a lot of Zoom’s features while also limiting the amount of participants.
Juice260@lemmy.world 2 months ago
I’ll admit that I’m skeptical but since I could not get my friends to start using signal after about a year of poking at them I do appreciate it 🤔
morrowind@lemmy.ml 2 months ago
Man, I’d be happy if I could just get past sms
rumschlumpel@feddit.org 2 months ago
Don’t most people have Whatsapp? It’s certainly harder to spy on the content of your messages, it’s just a matter of how much issue you have with giving Meta your metadata.
Zak@lemmy.world 2 months ago
I’m confused by why they would do this, and at the same time, why not for private text messages.
I’m in favor of encrypting as much communication as possible, but I don’t think many of Discord’s users were complaining that their voice chart wasn’t secure. I’d expect more of them to care about text chart, which is less effort to spy on.
subignition@piefed.social 2 months ago
I am WAY too unqualified to understand any of the technical stuff, so I'll be waiting to hear thoughts from experts on this one. It looks like if there are no major flaws in it this is a great thing for the platform overall.
Badeendje@lemmy.world 2 months ago
Discord is already one of the black holes of the internet, where information goes to die.
subignition@piefed.social 1 month ago
Was that supposed to speak to some part of my comment...?
It seems like a complete non sequitur to me.
nailingjello@lemmy.zip 2 months ago
When it goes down can I get an error message that says Dave’s not here?
Dark_Arc@social.packetloss.gg 2 months ago
I wonder how this scales to large voice rooms.
simple@lemm.ee 2 months ago
It’s weird that they’re adding E2EE on voice but not in private DMs, which is probably everybody’s biggest concern when it comes to security on Discord.
morrowind@lemmy.ml 2 months ago
In servers I can see why but yeah not sure about dms
RmDebArc_5@sh.itjust.works 2 months ago
They sell your dms for money. They don’t make money through spying on your calls. I’ll let you figure this one out.