[HN Gopher] Dave: Discord's New End-to-End Encryption for Audio ...
___________________________________________________________________
Dave: Discord's New End-to-End Encryption for Audio and Video
Author : hampus
Score : 49 points
Date : 2024-09-17 16:27 UTC (6 hours ago)
(HTM) web link (discord.com)
(TXT) w3m dump (discord.com)
| derelicta wrote:
| I don't really understand the reasoning between implementing E2EE
| for video and audio but not for chats in themselves. I feel like
| for those things, its either all or nothing, otherwise its mostly
| useless.
| jacoblambda wrote:
| I'd argue it's because there's a lot of problematic content
| that gets shared in text that just isn't really much of an
| issue (or isn't viable to detect) in audio/video.
| ronsor wrote:
| I'd argue the opposite somewhat: there's a lot of problematic
| content that's an issue with audio/video, but like you said,
| it's not viable to detect at scale, so it's better to close
| the door.
| DrillShopper wrote:
| The cynic in me agrees with you here - this is likely a way
| for them to go "oh no, we couldn't see that information,
| it's *encrypted* so we have no liability, legal or
| otherwise, to stop any sort of abuse on our platform since
| we can't see it"
| ronsor wrote:
| Well, this is why Signal is fine while the Telegram boss
| is in jail. As long as you haven't done anything illegal
| (and aren't explicitly trying to enable illegal
| activity), it's perfectly fine to just say "we can't do
| this." I'm really for this; being able to inspect users'
| data should be a liability.
| boneitis wrote:
| > so it's better to close the door.
|
| I don't feel convinced of this takeaway, at least in the
| context of being applied across the board.
|
| I help administer a semi-large, public studygroup community
| that sees its share of trolls and the like joining the
| channels and causing disruptions (up to and including
| exposing themselves and masturbating/helicoptering) for
| shock value, etc.
|
| If anything, I find Discord's moderation tools for server
| administrators painfully lacking. Discord is not Signal.
|
| I would have liked to see this in some form closer to an
| assignable privilege to send out/upload E2EE data
| granularly grantable to server regulars, while new people
| start out without the privilege.
|
| This press release going into cool technical details in
| order to tout E2EE and namedropping one of the most
| reputable consultants in the biz feels a little tonedeaf.
| boneitis wrote:
| I would ordinarily have thought the same, but what immediately
| came to mind was the TOS update that they "generally do not
| store the contents of video or voice calls"[0]. (I've since
| forgotten what it looked like before that but remember a big
| reaction in the userbase.)
|
| I wonder if those terms would be practically nullified in any
| way if the E2EE is enabled.
|
| Though, maybe they would attempt to implement something like
| Apple's offline CSAM policing that almost (IIRC?) came to be.
| There is also the Whatsapp method (albeit for text-based
| messages) that the app client of the user reporting you will
| send decrypted messages to Facebook.
|
| [0]: https://discord.com/privacy
| ronsor wrote:
| Your other comment got auto-killed because m*sturbating is a
| flagged word.
|
| That aside, I was only referring to private communications.
| Moderation in a public server is different, and there should
| be more visibility for server admins. With that said, Discord
| has been improving moderation tools, and I'm not sure how
| trolls can be stopped as long as making (or stealing) an
| account is easy. Remove that aspect, and half the reason for
| using Discord is gone.
| boneitis wrote:
| Totally fair, even if I'd argue that Discord far and away
| aims to be a social platform (that should be prioritizing
| straightforward and intuitive control for server/guild
| administrators) over a private messenger. And admittedly,
| I'll complain to no end about those moderation tools beyond
| the point of fruitful discussion.
|
| Thank you for pointing out the dead post; it's good to know
| for future reference (and looks like a guardian angel has
| since revived it :)
| lynndotpy wrote:
| The video and audio is ephemeral and only for parties which are
| present. Chats are expected to be stored and available to
| people who are not available. That's the big thing. Once you've
| sent a packet of video/audio, you don't need to use it ever
| again.
|
| People expect to join servers and have the history available to
| them to search. E2EE means that history is not available, and
| all indexing happens client-side, all messages are stored
| client-side, etc.
| legitster wrote:
| Both parties have to consent to start a call. Chats can be
| unwanted/unprompted.
|
| They are pretty transparent that they want Discord to be a
| moderated platform to prevent harassment and the like.
| ivraatiems wrote:
| I've been watching a slow enshittification of Discord over the
| last few years and preparing to move to the Next Thing in a year
| or two, but this actually seems like a great move, and
| technically interesting. Is there a downside/drawback I'm not
| seeing?
| slashink wrote:
| The goal here has been for this to be transparent to users and
| "just work", hopefully you should see no downsides to this! If
| you do, let us know!
| Akashic101 wrote:
| This does seem a nice feature and definitely a step in the
| right direction but why use e2ee for video and audio but not
| chat? That's afterall where most of Discords activity is
| happening
| DrillShopper wrote:
| Cool, how about you let me use this with an open source client so
| I know the client isn't phoning the decrypted data home now.
| ronsor wrote:
| No, because half their premium features are dependent on them
| controlling the client. Even excluding relatively new things
| like client theming, a custom client could enable custom emojis
| everywhere, or make it easy to offload storage to another site
| to avoid paying for nitro. As long as a service is free(-to-
| play), there will always be a somewhat adversarial relationship
| between the user and the company.
| mrinfinitiesx wrote:
| Ah yes, the selling of emojis and simple file storage.
|
| I miss the GameSurge IRC and caleague with Mumble days.
| LelouBil wrote:
| Did you read the article ?
|
| > To that end, the protocol is detailed in our whitepaper[0]
| and open-source library[1]
|
| [0] https://github.com/discord/dave-protocol
|
| [1] https://github.com/discord/libdave
| rcxdude wrote:
| That doesn't mean much when the discord TOS forbids use of
| anything but the official client to connect to their
| services. They seem to turn a blind eye to the various
| unofficial clients mostly, but also do occasionally ban a
| subset of their users occasionally despite no other TOS
| violations.
| RadiozRadioz wrote:
| I'm so tired of this. It's really simple:
|
| If the client is proprietary and controlled by the vendor, E2EE
| is meaningless.
|
| Last I checked, Discord is a proprietary application that updates
| itself on startup with freshly baked proprietary blobs straight
| from Discord Inc. They can say all they want about how great the
| encryption itself is, sure I believe them, but as long as
| alternative clients are forbidden and Discord's proprietary self-
| changing software exists on either end, it doesn't matter.
| lxgr wrote:
| It's not meaningless at all at least to the vendor.
___________________________________________________________________
(page generated 2024-09-17 23:01 UTC)