derelicta 3 days ago | next |

I don't really understand the reasoning between implementing E2EE for video and audio but not for chats in themselves. I feel like for those things, its either all or nothing, otherwise its mostly useless.

lynndotpy 3 days ago | root | parent | next |

The video and audio is ephemeral and only for parties which are present. Chats are expected to be stored and available to people who are not available. That's the big thing. Once you've sent a packet of video/audio, you don't need to use it ever again.

People expect to join servers and have the history available to them to search. E2EE means that history is not available, and all indexing happens client-side, all messages are stored client-side, etc.

mystified5016 3 days ago | root | parent |

You know it's possible to store and serve encrypted data, right? It's not a one time use will-self-destruct-in-30-seconds deal. The data is still decryptable after it's been sent.

Novosell 3 days ago | root | parent | next |

Except not really with proper E2EE. Go and join a new Signal or WhatsApp group. You'll notice they're empty. As you were not around for a key exchange when the messages were initially sent.

Encryption ≠ E2EE.

okdood64 2 days ago | root | parent | prev | next |

> It's not a one time use will-self-destruct-in-30-seconds deal.

Except it kinda is. You need new keys for every participant. This is why the true E2E messaging apps have user limits and no history.

tomjakubowski 3 days ago | root | parent | prev |

Bringing up the ephemerality of A/V chats is not about security, it's about the user experience.

> People expect to join servers and have the history available to them to search. E2EE means that history is not available

It's more acceptable to Discord users for video and audio chats to be E2EE because Discord has always offered them as an ephemeral experience: unlike text chats, they never offered audio/video chat history as a feature for users.

boneitis 3 days ago | root | parent | prev | next |

I would ordinarily have thought the same, but what immediately came to mind was the TOS update that they "generally do not store the contents of video or voice calls"[0]. (I've since forgotten what it looked like before that but remember a big reaction in the userbase.)

I wonder if those terms would be practically nullified in any way if the E2EE is enabled.

Though, maybe they would attempt to implement something like Apple's offline CSAM policing that almost (IIRC?) came to be. There is also the Whatsapp method (albeit for text-based messages) that the app client of the user reporting you will send decrypted messages to Facebook.

[0]: https://discord.com/privacy

ronsor 3 days ago | root | parent |

Your other comment got auto-killed because m*sturbating is a flagged word.

That aside, I was only referring to private communications. Moderation in a public server is different, and there should be more visibility for server admins. With that said, Discord has been improving moderation tools, and I'm not sure how trolls can be stopped as long as making (or stealing) an account is easy. Remove that aspect, and half the reason for using Discord is gone.

boneitis 3 days ago | root | parent |

Totally fair, even if I'd argue that Discord far and away aims to be a social platform (that should be prioritizing straightforward and intuitive control for server/guild administrators) over a private messenger. And admittedly, I'll complain to no end about those moderation tools beyond the point of fruitful discussion.

Thank you for pointing out the dead post; it's good to know for future reference (and looks like a guardian angel has since revived it :)

legitster 3 days ago | root | parent | prev | next |

Both parties have to consent to start a call. Chats can be unwanted/unprompted.

They are pretty transparent that they want Discord to be a moderated platform to prevent harassment and the like.

jacoblambda 3 days ago | root | parent | prev |

I'd argue it's because there's a lot of problematic content that gets shared in text that just isn't really much of an issue (or isn't viable to detect) in audio/video.

ronsor 3 days ago | root | parent |

I'd argue the opposite somewhat: there's a lot of problematic content that's an issue with audio/video, but like you said, it's not viable to detect at scale, so it's better to close the door.

DrillShopper 3 days ago | root | parent | next |

The cynic in me agrees with you here - this is likely a way for them to go "oh no, we couldn't see that information, it's *encrypted* so we have no liability, legal or otherwise, to stop any sort of abuse on our platform since we can't see it"

ronsor 3 days ago | root | parent |

Well, this is why Signal is fine while the Telegram boss is in jail. As long as you haven't done anything illegal (and aren't explicitly trying to enable illegal activity), it's perfectly fine to just say "we can't do this." I'm really for this; being able to inspect users' data should be a liability.

boneitis 3 days ago | root | parent | prev |

> so it's better to close the door.

I don't feel convinced of this takeaway, at least in the context of being applied across the board.

I help administer a semi-large, public studygroup community that sees its share of trolls and the like joining the channels and causing disruptions (up to and including exposing themselves and masturbating/helicoptering) for shock value, etc.

If anything, I find Discord's moderation tools for server administrators painfully lacking. Discord is not Signal.

I would have liked to see this in some form closer to an assignable privilege to send out/upload E2EE data granularly grantable to server regulars, while new people start out without the privilege.

This press release going into cool technical details in order to tout E2EE and namedropping one of the most reputable consultants in the biz feels a little tonedeaf.

boneitis 3 days ago | root | parent |

too late to edit, but:

> granularly grantable to server regulars

more sensibly, and of which i would be really receptive to (as a server/guild administrator), granular setting on a per-channel basis.

of course, this sentiment largely takes for granted that there is any open-facing mission on Discord's part to facilitate community moderation; i definitely tend to lean privacy-first in general.

DrillShopper 3 days ago | prev | next |

Cool, how about you let me use this with an open source client so I know the client isn't phoning the decrypted data home now.

ronsor 3 days ago | root | parent | next |

No, because half their premium features are dependent on them controlling the client. Even excluding relatively new things like client theming, a custom client could enable custom emojis everywhere, or make it easy to offload storage to another site to avoid paying for nitro. As long as a service is free(-to-play), there will always be a somewhat adversarial relationship between the user and the company.

mrinfinitiesx 3 days ago | root | parent |

Ah yes, the selling of emojis and simple file storage.

I miss the GameSurge IRC and caleague with Mumble days.

Gigachad 2 days ago | root | parent |

What do you want them to sell? Personally I’m glad the paid features are trivial rather than core functionality.

LelouBil 3 days ago | root | parent | prev |

Did you read the article ?

> To that end, the protocol is detailed in our whitepaper[0] and open-source library[1]

[0] https://github.com/discord/dave-protocol

[1] https://github.com/discord/libdave

rcxdude 3 days ago | root | parent | next |

That doesn't mean much when the discord TOS forbids use of anything but the official client to connect to their services. They seem to turn a blind eye to the various unofficial clients mostly, but also do occasionally ban a subset of their users occasionally despite no other TOS violations.

arielcostas 2 days ago | root | parent | prev |

How can I possibly trust the Discord client is actually using that library and not a modified version that calls home? The whole point of using open source is being able to see the entire code of the program, and compile it yourself

RadiozRadioz 3 days ago | prev | next |

I'm so tired of this. It's really simple:

If the client is proprietary and controlled by the vendor, E2EE is meaningless.

Last I checked, Discord is a proprietary application that updates itself on startup with freshly baked proprietary blobs straight from Discord Inc. They can say all they want about how great the encryption itself is, sure I believe them, but as long as alternative clients are forbidden and Discord's proprietary self-changing software exists on either end, it doesn't matter.

rcxdude 3 days ago | root | parent | next |

It's not meaningless (such applications are quite heavily inspected for signs of malfeasance by many parties that would stand to benefit from widely publicizing any backdoor), but it does substantially reduce the value, especially if your threat model includes being specifically targeted for a bypass.

RadiozRadioz 2 days ago | root | parent | next |

The whole point of all this fancy encryption is to make it mathematically impossible for the vendor to read your messages. It doesn't matter if it's mathematically impossible for them to read messages on the server if it's operationally trivial for them to extract them from the client.

It's end-to-end encrypted, but both ends are wide open for Discord to do what they like. If not them, someone doing a supply chain attack on their frivolously & opaquely updating proprietary clients.

WhatsApp has E2EE, but how do you think they found CSAM on people's devices? Because they control the endpoints.

7jjjjjjj 2 days ago | root | parent | prev |

You really think someone is out there reverse engineering and debugging every inch of the behemoth that is Discord, any part of which could leak the keys, or compromise them in some non-obvious way? In every release? Yeah, right.

Also, you should rethink "many parties ... would stand to benefit from widely publicizing any backdoor." A new bugdoor is found in WhatsApp every six months and nobody cares.

ivraatiems 3 days ago | prev | next |

I've been watching a slow enshittification of Discord over the last few years and preparing to move to the Next Thing in a year or two, but this actually seems like a great move, and technically interesting. Is there a downside/drawback I'm not seeing?

slashink 3 days ago | root | parent |

The goal here has been for this to be transparent to users and "just work", hopefully you should see no downsides to this! If you do, let us know!

Akashic101 3 days ago | root | parent |

This does seem a nice feature and definitely a step in the right direction but why use e2ee for video and audio but not chat? That's afterall where most of Discords activity is happening

Gigachad 2 days ago | root | parent |

Because E2EE causes an absolute ton of friction to the chat experience. Stuff that you expect to just work like chat history and searching no longer works.

Akashic101 2 days ago | root | parent |

Isn't WhatsApp e2ee as well? You can search that one just fine

Ukv 2 days ago | root | parent |

Haven't used WhatsApp but presumably it indexes client-side. On Discord people want to search large servers including messages since before they joined, so this approach wouldn't really work.

That said, it could potentially work for DMs.