Discord has introduced a new end-to-end encryption (E2EE) protocol called DAVE (Discord Audio & Video Encryption) for its audio and video communications. The DAVE protocol ensures that the content of these calls is encrypted at the source and can only be decrypted by the intended recipients, preventing access by any intermediaries, including Discord itself[1][3][5].
The DAVE protocol leverages the WebRTC encoded transform API and Message Layer Security (MLS) for encryption and group key exchange. Each frame of the audio and video is encrypted with a per-sender symmetric key, which is known to all participants but unknown to outsiders. New encryption keys are generated whenever someone joins or leaves a call, ensuring that new participants cannot decrypt media sent before they joined, and leaving members cannot decrypt media sent after they left[2][3].
Users can verify that a call is end-to-end encrypted through a new privacy tab in the call details, which displays a green label indicating E2EE and a Voice Privacy Code. This code can be compared out-of-band to ensure no one in the call is being impersonated. Additionally, pairwise verification codes for each user in the call can be used for further verification[4].
