Hacker News new | past | comments | ask | show | jobs | submit login
Let's Reverse Engineer Discord (medium.com)
305 points by Pneumaticat 5 days ago | hide | past | web | favorite | 109 comments





This is common and necessary for WebRTC SFUs, which perhaps is why Discord does it to support the least common denominator of their web browser based clients.

Edit: Yep, I thought I remembered reading this. Their voice servers are WebRTC SFUs. So this is basically state-of-the-art when it comes to voice over WebRTC. End to end encryption in WebRTC is not possible if you are using a SFU. https://blog.discordapp.com/how-discord-handles-two-and-half...


End to end encryption in WebRTC is indeed possible even if you are using an SFU, this is achieved via Privacy Enhanced RTP Conferencing (PERC).

[1]. https://www.callstats.io/blog/2018/06/01/examining-srtp-doub...


No, it’s not, because PERC is a proposal and is not implemented in any browsers.

That does not mean it isn't possible; the implementation simply has not occurred.

> That does not mean it isn't possible; the implementation simply has not occurred.

You can say that about almost anything.

The question is: is it possible today where it has an impact today in actual browsers today.

Future technology does not matter when there is no implementation


That’s a pretty unique definition of “possible!”

You can just admit you googled it and didn’t realize it was not something you can do today in browsers, it’s ok :)


You must be new here ;)

Didn't know what an SFU was. https://webrtcglossary.com/sfu/

For convenience:

> SFU stands for Selective Forwarding Unit.

> At times, the term is used to describe a type of video routing device, while at other times it will be used to indicate the support of routing technology and not a specific device.

> An SFU is capable of receiving multiple media streams and then decide which of these media streams should be sent to which participants.


This transport mode is also publicly documented here: https://discordapp.com/developers/docs/topics/voice-connecti...

Why don't SFUs support end-to-end encryption? Is it just a missing feature in the WebRTC protocol or am I missing some fundamental reason?

Yes its simply missing in the WebRTC spec. webRTC defines end-to-end encryption between two peers. But if you want to transmit data to many peers you need a server which is doing the fanout so the encryption is client1<->server and server<->client2.

This is true for all WebRTC implementations/services. They all state having end-to-end encryption but dont tell you that it means something different in WebRTC contexts.

PERC will solve this one day, but its sadly just a draft: https://webrtcglossary.com/perc/


As I understand, Discord server doesn't need to do audio processing, all mixing is done on the clients. So it would benefit from the "one-to-many" encryption, because currently it has to decrypt from one p2p connection and to encrypt to several p2p connections when someone talks (which breaks the end-to-end).

Yes, that is what SFU is except there is apparently not support for one-to-many end-to-end encryption yet in the WebRTC protocol.

I don't think Discord makes any claims that the audio is P2P encrypted. There are legitimate reasons why Discord might be dropping malformed packets, apart from an indication that they are spying on you (they may be doing that too).

1) to improve audio quality.

2) to help prevent RCE attacks on the destination client.

3) re-encoding at lower bitrates for low bandwidth clients.

I don't really see the issue here unless Discord claimed they do not decrypt the audio.



That's from 2017, it is entirely possible that was true in 2017 but not now.

3) is most certainly at play here, as Discord allows clients to set their preferred bitrate (RX&TX), which would not be possible in multi-party calls without re-encoding.

Could they not just drop the quality of the whole call down to the lowest bandwidth allowed by a user? I feel that would reduce a computational burden on Discord's end, while allowing the lowest client-to-client latency

Keep in mind that a major use case for Discord is open voice chats (e.g, for gaming groups), not just organized person-to-person calls. Having the quality for a whole chat drop just because someone joined from a mobile phone would be a really disappointing user experience.

This is absolutely something that Discord does, though. I've had friends just drop the bitrate slider as low as possible in Discord just to make the whole channel sound awful

That's a channel-specific option though. You can set per-channel bitrate, but it's not something Discord does automatically to accommodate lower throughput clients.

They could, but if you have 4 people in a call and 3 can receive high bandwidth audio, lowering it just for the 1 person with low bandwidth is the best user experience.

Otherwise people with good networks who have their call quality dragged down will just think Discords voice chat is bad.


Wouldn’t it be possible to send a stream cipher encrypted packet of audio to a hub server where the codec has a “progressive” decoding mode? If I’m not mistaken, Opus can already do something like this. That way a client could set their desired bitrate and the server would truncate the packets before passing them off and doesn’t need to be re-encoded. This only works with a stream cipher though.

Maybe an audio engineer or cryptographer could chime in?


It looks like Ogg Vorbis has theoretical support in the spec for something called "Bitrate Peeling"[1], but there is no functional implementation for this yet, and there's been an open bounty on it since 2004.[2]

This is a really neat idea though. Truncating the packet to change the bitrate per client without re-encoding.

[1]: https://en.wikipedia.org/wiki/Bitrate_peeling

[2]: https://wiki.xiph.org/index.php?title=Bounties&diff=196&oldi...


Peeling has been a goal for many audio/video codecs in the past. Nobody's been able to make it work acceptably, though -- either the low-bitrate version sounds awful, or the high-bitrate version increases in size to the point that it might as well just have a low-bitrate version alongside it.

So in that case you could peel off whichever stream you don’t need, but you waste some upload bandwidth over simply negotiating a bitrate in advance.

The channel bitrate is just a client hint as far as i know (at least for now).

Bots are able to send whatever bitrate they want to the channel, and other clients received as is.

The server simply relay opus data without re-encode it.


> Discord allows clients to set their preferred bitrate (RX&TX)

Where? All I see is setting bitrates on channels, but not on the client/app as a whole.


Discord specifically stated that they will not implement e2ee so they can continue to spy on their users, because “Think of the children!”

https://www.reddit.com/r/discordapp/comments/8nzb5d/why_is_d...


In their Terms and Agreements it's clearly stated that all data created is owned by Discord and can be used in commercial purposes.

3 is tens of megahertz of one CPU core per re-encode, clearly out of the question with todays norm being ~ 4GHz 8 core CPUs, that or they are spyi^^^ recording everything for 'metrics/analytics'.

CPU time is irrelevant for re-encoding due to bandwidth reasons though. If a client requests 64kbps voice, sending it packets at 128kbps and letting it re-encode once it has them is pointless.

4) Maybe they are doing remuxing when multiple clients are on the same chat? Would definitely lower bandwidth.

ToS certainly allows it.

The problem is... There still isn't a clear business model for discord, the advantages of having premium (nitro) are almost non-existing. That's not an excuse for privacy, I know...

They tried to create a small competitor to Steam's game marketplace but it didn't work out. They're back to the drawing table. Honestly, that's actually really good for free users, like myself, because we can simply use discord's wide array of functionalities for free: Seamless audio and video sharing, wide extensibility of the platform through APIs and bots, simple file-sharing, chat persistency, mobile clients + web client, ability to pick server location, codecs, moderation tools...and the best feature in my opinion...their amazing changelogs popups.

Honestly security wise it might not be very clear, as per this article, where they stand today, I am still super stoked about every other aspect.


I'm not sure why they haven't tried the business communications angle with an alternate branded Slack competitor.

As a remote worker on an almost entirely remote team, we would benefit from a sort of voice channel huddle on-demand or even just watercooler chatting. There is something more casual about jumping into a premade voice channel where people may already be chatting than starting a Webex or initiating a Slack call that could introduce more "togetherness".

Something with this functionality was on my list when we were evaluating SaaS for our team and I really wanted something similar to Discord.

Of course no one would go for it as its branded, but having a forked version that doesn't bear any resemblance should be doable with minimum work.


Yeah my company has the worst time with Skype, but nobody takes you seriously if you mention Discord even though it’s much more reliable and has more features.

What enterprise support plans exist for Discord? Is there a support person you can call if something goes down during a business-critical timeframe? Can HR or other staff access chat logs of their employees? If so, how far back do the chat logs go? A day? A month? Forever? How long will it take to train staff on using this software? Some people get really freaked out by a new UI - they don't think about what they're doing, they just memorize button clicks. So if you change from Skype to Discord, they need to re-memorize the button clicks / patterns / flows, which can take weeks. Some employees really are that slow. Does discord work with existing VOIP phones the company has purchased? Or will those assets need to be retired early due to not being compatible?

There's more to choosing enterprise software than just the features and reliability. My guess is that Skype was included for free in an existing Microsoft contract (Windows 10 PC's, or Office), whereas discord would require an entirely new contract.


Good thing we're not an enterprise.

Sounds like you just manufactured a bunch of problems for yourself with no benefit. Talk about an enterprise state of mind.


Bring up Microsoft Teams maybe.

Teams is pretty good (and I suspect partly ripped off from Discord), but I don't believe it has the casual voice channel feature the parent wanted. You still have to manually initiate calls, like with Skype.

-> Teams is pretty good (and I suspect partly ripped off from Discord)

I think Teams is much closer to a Slack ripoff than a Discord ripoff.


True. I think it might take inspiration from both, though.

They are vehemently against this. There is still no way to turn ON email notifications once you "unsubscribe".

I'm not sympathetic to Discord,but talk about (probably) shooting yourself in the foot.

> Of course no one would go for it as its branded, but having a forked version that doesn't bear any resemblance should be doable with minimum work.

Exactly this. I'd likely pay for a corporate branded Discord software that was named different and didn't use my personal Discord ID.


Discord trying to take on Epic and Steam to create a marketplace was perhaps the worst move I've seen in the past few years. Steam is entrenched and Epic is printing money.

Discord needs to capitalize on its greatest asset: a massive community. To me, the obvious path forward is doing Patreon like features for servers and perhaps trying to break into the streaming market.


When Discord was making that move, Epic store did not exist, the period when both stores existed was rather short and unevnentful, discord's being on clear decline, epic's not even bare bones and tossing money on any and all early access games in sight.

They were announced within months of each other [1][2]. That means both companies were planning their stores at the same time. I find it hard to believe Discord did not have any idea about Epic's store, considering they were simultaneously raising a funding round and talking to VCs about their plans (who you would think would be aware of Epic's move). I suppose it's possible Epic played their cards close to the chest though.

[1] Discord Announcement https://blog.discordapp.com/the-discord-store-beta-9a35596fd...

[2] Epic Announcement https://www.unrealengine.com/en-US/blog/announcing-the-epic-...


Why isn't Epic buying Discord?

What would that get them? It's already clear that Discord's community doesn't translate into success for an associated game distribution platform.

They have added more streaming features in recent months, so perhaps this is their pivot.

Their idea of patrons is boosting servers for perks which is sort of similar but the price of boosting is far higher than Patreon sponsorship and there's no way afaik for servers to customise what the booster gets as reward (the whole server gets the reward)


I have noticed them pushing the streaming features, and I think it's a brilliant play. Cut Twitch out of the equation entirely, stream and monetize your community directly in Discord. I think it's also interesting in that Discord servers can be private so you open up the possibility of allowing content that Twitch shuns due to its public broadcast nature (e.g. adult content).

They already have Patreon-like features for servers where you can "boost" a server with tokens you get from your Nitro (premium) subscription. These "boosts" allow the whole server to get more stuff.

Honestly I'm surprised they didn't try to enter the space by buying an existing competitor. GoG, or Humble maybe.

It might also be possible they're trying to build critical mass to get bought by some gaming company. Perhaps Amazon for Twitch integration? MS in some bold attempt to buy a userbase for their PC game store?


Realistically, I don't think they could have purchased either of those.

GOG is a rather niche store with a strategy contrary to Epic Games (in fact, there is this popular item on a functionality wishlist: https://www.gog.com/wishlist/site/do_not_get_bought_by_epic_...). For most customers, GOG is a secondary store mostly due to its DRM policy which I don't see a chance of Epic Games keeping if they were to purchase the store (if anything, due to Fortnite). GOG isn't really profitable currently, but selling it to Epic Games of all companies would risk PR and could cause skilled developers to leave CD Projekt. It wouldn't make sense for both Epic Games and CD Project.

Meanwhile, Humble Store does pretty well, and I don't think IGN is interested in selling it.


I don't think it's possible for them to buy GoG or Humble. GoG is was created by and is owned by CD Projekt, and Humble is owned by IGN.

Pay-once-per-user has always seemed like a perfectly clear business model to me. Maybe not one that can properly fund the company, but a reasonable one. In comparison every Slack I use is filled with nag messages scolding us for not paying a per-user fee just to have casual chats about meeting up at local restaurants, as their business model is 'earn $200/mo for every person who uses our service because they have to join multiple slacks'

Due to the fact that I'm on one for work, Slack is already earning more off me than Discord is but they still want more. It makes it impossible for me to like them. Discord having lower friction for joining multiple small servers is a plus here too, because it means I'm not stuck joining a big poorly-moderated community just to chat with a small group of friends.

It's not game-changing but I also think things like 'high quality group video calling', 'screen sharing', and 'high quality group audio calls' are perfectly reasonable things for Discord to sell. IIRC some stuff like that is currently gated behind Nitro. The ability to use emotes cross-server is also quite popular so I see many people buying Nitro just for that. I personally have a small Discord server for my family and I use it for my personal collection of cross-server emotes.


The benefit of paid Slack is more for the company than the user, hence why the company pays for a workspace.

But how can you remain super stoked by features of a service that may be decrypting your communication in real time? Does that sour the whole thing for you? If they can decrypt our communications I would think the 3 letter agencies would want to get access to it as well.

This is actually a good indicator for understanding the issue of privacy/surveillance. There are enough hackers and engineers who care little about being spied, despite understanding some of the inner workings of how the spying is done - as long as the benefits of a free service outweigh the slight privacy-violating annoyances.

Now try to understand why the average person cares even less.


I don't think this is a reliable indicator. When you take a look at the target market of discord, it becomes pretty clear why no one really cares about the data being decrypted. The main audiences for discord are gamers and massive open communities. The first group is unlikely to discuss any sensitive topic via discord and it's not unlikely that a lot of discord users even stream their sessions publicly. The majority of conversations are likely to be game-related and not of private nature. For the huge open communities, encryption doesn't help to improve privacy when everyone can join anyways. If you want to grow a big and healthy community where everyone can join, the 3-letter agencies might as well join the voice channel rather than being the mitm.

I haven't met anyone who is using discord as an alternative for WhatsApp, Telegram, etc., from my experience, discord is mainly used for on-topic discussions rather than private communications.

And as other comments suggest, there are legitimate reasons why discord might want to decrypt the communications on their end. Plus, I have never seen any claims by discord to be p2p encrypted.


There is a massive political community on discord, there are other groups on there such as dooxers, trolls and irl shitposters and other odd groups that are doing naughty things.

Depends on what you use it for.

Gmail has excellent reliability, deliverability, & spam filtering. On the other hand Google gets to read all my email. Naturally then, I use Gmail for somethings- not for others.


Not OP but I've never used Discord for any private communication. I'm on servers with hundreds of people and anyone can listen to any voice channel whenever they want. It's not really something you think of as private anyway.

I'm fairly certain that this is the default behavior of WebRTC SFUs? (all that I've seen at least) (SFU = Selective Forwarding Unit)

Unless Discord claimed they were P2P encrypted this shouldn't be a witch hunt. It's the default behavior for most WebRTC systems.

The clients establish (encrypted) connections to the SFU(s). The SFU then reads incoming data and forwards it to whichever other clients are supposed to be receiving it. However, they maintain state per client and possibly do things like transcoding audio and video if the receiving client can't handle the source quality.


Just because invalid encrypted data is being dropped doesn't automatically mean the server is decrypting the data. It's possible to verify an encrypted message is valid without seeing it's content.

It's not possible to validate a message without decrypting it. You can verify a signed message, if that's what you mean?

This proves parsing or filtering is happening on Discord's end to the decrypted message.


Yikes

> We tested this malformed audio packet dispatch at various points during a voice call and consistently watched all malformed audio packets dropped by the server, which means that Discord servers are actively decrypting and inspecting all audio/video communications in real-time and not just some.


I'm not sure what drives you to expect privacy from a communications platform fueled with venture capital money. I wouldn't be surprised they're trying to do at least two things:

1. Applying a censor to voice depending on server/user DM configuration. I know they've got some kind of OCR that tries to identify and block offensive words contained in images, such as the N word, when people are not friends and at least one side hasn't changed the “safe direct messaging” option down to “I live on the edge”. 2. Store records at least temporarily for law enforcement.

And the obvious other things are keeping for post-processing and derive user interests for advertising, or batching and forwarding the information to intelligence agencies.

It's hard to tell, realy.


Could be transcoding for people with different bandwidths on the same chat

I don't understand why Discord doesn't just work on a copy of the stream and send the original through. Would have prevented anyone from ever knowing.

and lowered latency drastically.

fuck.

Is it really too much to ask for/expect a modicum of decency with these services?


When you are paying $0.00 for the service? And in this case they are dropping malformed data, which could easily protect their users from malware that exploits weaknesses in the media codecs.

I find this notion that you should be absolved of all responsibilities just because you give it away for free to be completely wrong. They should still be transparent about what they are doing.

This notion also does not translate very well to things which are not related to IT. I use a very large number of things in my daily life which I am not paying for but I still expect them to work and be safe. Or would be it be fine if I take an elevator and it falls down and kills me? Or whoops, I got a free candy which turned out to contain toxins. I guess I didn't pay for the service so why do I have some expectations for it to work or be safe?


> Or would be it be fine if I take an elevator and it falls down and kills me? Or whoops, I got a free candy which turned out to contain toxins. I

Those things are paid for by someone who is expressively giving you rights to those goods/services. Just because Method Gaming is paying for their discord server so you can enjoy your free service, doesn't mean they are necessarily aware that you are using their paid-for server resources. OTOH, if I am renting an apartment from a building (which I pay for) and someone comes to visit me in the elevator, I expect that the elevator cost I pay for through my rent is safe enough for you travel in.

> guess I didn't pay for the service so why do I have some expectations for it to work or be safe?

Safe != privacy. The issue is not necessarily security (although there is an implication there as well), but more so it's privacy.


How is Discord not being transparent here? They never claimed they were E2E encrypted, and the WebRTC spec doesn’t support one to many encrypted streams.

It doesn’t seem fair to burn Discord at the stake for a feature they never claimed to provide.


If we're going to wander off into metaphor, this seems more analogous to a doorman refusing to allow you to bring your 800lb gorilla (sneakily dressed as your child) onto the elevator.

I guess I could have been more clear. I was not primarily discussing this particular case of what Discord is doing. Instead of I was against the notion that I cannot have any expectations because something is free.

If you want to argue that Discords measure in this case are fair then I'm fine with that, but just something like "STFU the service is free" is not enough when it comes to these companies with massive impact on society, IMO at least.

Edit: After thinking about this a bit more, I guess the point is that if they are just dropping (potentially) malicious data, or in your case not letting a gorilla through the door. This does not have anything to do with the service being free as far as I can see, they can be argued for independently.

Instead I see people defending questionable behavior by pointing out that the service is free. And the point I tried to make originally was that I would like to at least be informed about the questionable behavior, so I have a chance to take this extra "cost" into account when I select a product.


I don't think people are defending the service just because it's free.

We simply cannot expect something to be had for free without making money to support the service. Unfortunately, one way to monentize the service is to sell user data.


I think a better one would be the postman unsealing and re-sealing your mail.

It's (mostly) a broadcast service. Them metaphor in this case, it's the radio station boosting your signal ...

Did they ever claim that they wouldn't listen to and exploit your communications for profit? Hmm, what does the GDPR say about this, already?

Lots of people are paying $5 or $10 a month.

It's not a free service if the service provider is selling personal data.

nothing is "free" if you're not paying with money for some service you're paying with something else

Discord privacy policy:

In an ongoing effort to better understand and serve the users of the Services, we may conduct research on our customer demographics, interests and behavior based on the information collected. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregate data with our affiliates, agents and business partners. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

For example, they could do sentiment analysis on corporate chat, track it over time, and see which companies show patterns indicating trouble. Then they could short the stock, buy put options, or suggest to their "current and prospective business partners" that low-ball acquisition offer would be appropriate.


Is discord known to be used in corporate sector? I think so far it's dominated by Slack and Discord is mostly used by games/communities.

I'm sure there are some businesses using Discord, but they aren't the target audience. The branding and feature set of Discord all make it very clear that it's targeted at PC gamers.

There are a lot of smaller open source projects that are using Discord instead of IRC. I am a member of Reshade, C# OpenTK and general programming servers.

I actually know many opensource projects that moved from the clunkyness of Slack to Discord.

In all fairness, though, the recent releases of Slack made it pretty snappy.


My 70 kb/s connection disagrees. I was barely able to get slack to load, when it did load.

I work in an office with poor reception and it is quite annoying that these apps don't really work unless you are on 3G or better.

I know political campaigns are using it... foolishly, I'd say.

fwiw, the approach we're looking at in Matrix is to have E2E-encrypted SFUs, as per https://github.com/matrix-org/matrix-doc/blob/matthew/msc235...

This is exciting! I like Jitsi in general, but I would much prefer native conferencing.

Do you know if there are plans to support Discord-style persistent voice rooms?


Wasn't skype originally P2P? I wish there was a simple windows voip client that was doing p2p voip.

I often experience cuts with skype and discord, I think their servers can have a hard time handling low latency properly.


It was and because of that a lot of people were hacked, since skype could be used to run remote code by leveraging a couple of bugs existed in skype application.

That is one of two reasons why Microsoft switched to server-client model instead of p2p connection.

Other being having control of the service and with call and message history makes more money of course.


That is an interesting perception of history. What it looked like legally was p2p was working great and skype was massively rising in popularity. But the US federal government could not stand encrypted peer to peer communications. So they told their good friends over at eBay to buy the company. eBay messed it up and only bought the license for the name and not the actual code and p2p backend. Things continued working well for a while. But the feds still weren't happy. So they had their other friends at Microsoft actually purchase the technology and then immediately destroy it and switch to a centralized model.

You can read the story at: https://arstechnica.com/information-technology/2018/09/skype...

>For the second time, Zennström and Friis cashed in on selling Skype. That's because, instead of giving eBay the critical base technology that kept Skype going (the P2P system known as "Global Index"), Zennström's and Friis's company Joltid still owned it—they simply licensed it to Skype. The whole situation devolved into threats of litigation until a 2009 settlement gave Zennström and Friis a chunk of Skype ownership, which made them even more money when Microsoft bought the company.


You could try Jami. It’s fully distributed and improves over Skype and Discord by respecting its users’ freedom. Calls should work fine with it, but text messaging outside of them can be unreliable.

https://jami.net/


Jami is missing group text conversations. It's a major work-in-progress.

they pretty much claim ownership for anything and everything you submit to them. they need it in some useable format, which "encrypted" is not. what they use their data for is not our concern, since we no longer own it

from their ToS:

"Any data, text, graphics, photographs and their selection and arrangement, and any other materials uploaded to the Service by you is “Your Content.”"

"By uploading, distributing, transmitting or otherwise using Your Content with the Service, you grant to us a perpetual, nonexclusive, transferable, royalty-free, sublicensable, and worldwide license to use, host, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display Your Content in connection with operating and providing the Service"


The article links to https://github.com/tenable/DiscordClient but this has been deleted. Does someone have a mirror?

Not sure if this is the same as what was on the link you sent, but you can take a look at the Discord Data Mining project [0].

[0] https://github.com/DJScias/Discord-Datamining


I'm confused. The link in your comment leads to a live repo.

It's working for me, too. When I wrote my comment, there was just a 404. Maybe it was restored?

I keep reading this title, and thinking that it's going to propose a final solution to the vim vs emacs debate, or tabs vs spaces, or one of the other fonts of engineer discord.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: