Discord Deploys End‑to‑End Encryption for All Voice and Video Calls, Securing 200 M Monthly Users
What Happened – Discord announced that, as of March 2026, every voice and video call on its platform is protected by default with end‑to‑end encryption (E2EE) using the open‑source DAVE protocol. The rollout spans desktop, mobile, web browsers, PlayStation, Xbox and Discord SDKs; only stage‑channel broadcasts remain unencrypted.
Why It Matters for TPRM –
- E2EE eliminates a major data‑in‑transit risk for any third‑party that relies on Discord for internal or client communications.
- The upgrade demonstrates Discord’s commitment to privacy, reducing supply‑chain exposure for organizations that embed Discord widgets or use its SDKs.
- Vendors must verify that the new encryption does not break existing integrations or compliance controls (e.g., recording, monitoring).
Who Is Affected – Gaming & creator communities, enterprise teams, and any organization that uses Discord for voice/video collaboration (technology, media, education, and professional services sectors).
Recommended Actions –
- Review contracts and security addenda to confirm Discord’s E2EE coverage aligns with your data‑protection requirements.
- Validate that your organization’s monitoring, logging, and compliance tooling can still capture necessary metadata despite encryption.
- Update risk registers to reflect the reduced exposure and note the remaining exception (stage channels).
Technical Notes – Discord extended the DAVE protocol (built on WebRTC transforms, MLS group key exchange, and ephemeral identity keys) to all client platforms. No new CVEs were disclosed; the change is a hardening measure rather than a remediation. Source: BleepingComputer