Discord, the platform beloved by gamers – and some startups looking for a free Slack alternative – has rolled out end-to-end encryption (E2EE) for audio and video, built on the open Messaging Layer Security protocol.
Discord, which has some 200 million monthly active users, said on September 17 that it will “start migrating voice and video in DMs, Group DMs, voice channels, and Go Live streams to use E2EE” this week.
DMs will remain plaintext and messages will “continue to follow our content moderation approach” the company explained on September 17.
Discord encryption: Big Dave’s approach
Discord is using an E2EE protocol that it has dubbed “Dave”. It published both the protocol and the library its clients use to implement it. It also shared the findings of an audit (design, implementation) by the security consultancy Trail of Bits, along with a detailed blog and whitepaper.
"In 2025 all official Discord clients will support the protocol and it will be an enforced requirement to connect to the end-to-end encryption eligible audio/video session types listed above” the protocol’s GitHub repo notes.
Notably, those using Discord clients that don’t yet support “Dave” will have a knock-on privacy-annulling effect, said engineer Stephen Birarda.
“Every member of the call must support the E2EE protocol. During the rollout phase, a single non-supporting member being present forces the call to transport-only encryption. The call will automatically ‘upgrade; to E2EE if that member disconnects. We’ve built new user experience flows to show when calls are end-to-end encrypted and when they are not.”
Will encrypting/decrypting voice and video trigger glitchy performance?
“We want to deliver decoded media to call participants as quickly as possible. However, negotiating a shared key through a multi-party key exchange takes time. We aim for the “initial time-to-media” from E2EE to be as small as possible, in the ballpark of a few hundred milliseconds for a reasonably sized Discord call” Birarda said in a September 17 blog.
He added: “We selected an MLS ciphersuite with Elliptic Curve Digital Signature Algorithm (ECDSA) signature keys, for compatibility with WebCrypto and to enable a future improvement to our persistent key storage: non-extractable keys provided by Trusted Platform Modules.”
See also: RFC 9420 aka Messaging Layer Security (MLS) – An Overview
Cryptographer Raphael Robert, who was involved in the creation of MLS, noted: “I’m really happy to see another large scale MLS deployment. It shows the technology is fit for purpose, demonstrably so. Discord uses MLS for key negotiation in group calls with really fine-grained Forward Secrecy and Post-Compromise Security: A new member of the group cannot decrypt any media sent in the previous epochs, and a leaving member of the group cannot decrypt any media sent in future epochs.”
One immediate flaw in Discord’s implementation is its use of C++, a memory unsafe language; Trail of Bits’ (admittedly time-bound and scope-bound) audit immediately uncovered some memory safety issues and whilst recognising that Discord chose C++ for “external requirements” (e.g. the need to target games consoles) urged it to shift off it eventually.
Discord not-infrequently blogs in detail about its technology decisions.
Discord engineer Bo Ingram, for example, earlier in 2023 detailed how it swapped a high-maintenance Cassandra database for ScyllaDB and went from “running 177 Cassandra nodes to just 72 ScyllaDB nodes….”
“Our tail latencies have also improved drastically” as a result of that decision, he wrote in 2023: “For example, fetching historical messages had a p99 of between 40-125ms on Cassandra, with ScyllaDB having a nice and chill 15ms p99 latency, and message insert performance going from 5-70ms p99 on Cassandra, to a steady 5ms p99 on ScyllaDB.
“Thanks to the aforementioned performance improvements, we’ve unlocked new product use cases now that we have confidence in our messages database” Ingram added in that blog. (Cassandra advocates who suspect that this was just a really badly run deployment, look away now.)
With improved performance and now E2EE, all it needs to do now is overhaul that shocking UX.
