3 posts
cloudflare Bringing more transparency to post-quantum usage, encrypted messaging, and routing security 2026-02-27 David Belson Mingwei Zhang André Jesus Suleman Ahmad Sabina Zejnilovic Thibault Meunier Mari Galicer Cloudflare Radar already offers a wide array of security insights — from ap…
meta Messenger has enhanced the security of its end-to-end encrypted chats by launching key transparency, a system that provides an automated, verifiable record of public encryption keys. By moving beyond manual key comparisons, this feature ensures that users can verify their contacts' identities without technical friction, even when those contacts use multiple devices. This implementation allows Messenger to provide a higher level of assurance that no third party, including Meta, has tampered with or swapped the keys used to secure a conversation. ## The Role of Key Transparency in Encrypted Messaging * Provides a verifiable and auditable record of public keys, ensuring that messages are always encrypted with the correct keys for the intended recipient. * Prevents "man-in-the-middle" attacks by a compromised server by making any unauthorized key changes visible to the system. * Simplifies the user experience by automating the verification process, which previously required users to manually compare long strings of characters across every device their contact owned. ## Architecture and Third-Party Auditing * Built upon the open-source Auditable Key Directory (AKD) library, which was previously used to implement similar security properties for WhatsApp. * Partners with Cloudflare to act as a third-party auditor, maintaining a public Key Transparency Dashboard that allows anyone to verify the integrity of the directory. * Leverages an "epoch" system where the directory is updated and published frequently to ensure that the global log of keys remains current and immutable. ## Scaling for Global Messenger Traffic * Manages a massive database that has already grown to billions of entries, reflecting the high volume of users and the fact that Messenger indexes keys for every individual device a user logs into. * Operates at a high frequency, publishing a new epoch approximately every two minutes, with each update containing hundreds of thousands of new key entries. * Optimized the algorithmic efficiency of the AKD library to ensure that cryptographic proof sizes remain small and manageable, even as the number of updates for a single key grows over time. ## Infrastructure Resilience and Recovery * Improved the system's ability to handle temporary outages and long delays in key sequencing, drawing on two years of operational data from the WhatsApp implementation. * Replaced older proof methods that grew linearly with the height of the transparency tree with more efficient operations to maintain high availability and real-time verification speeds. * Established a robust recovery process to ensure that the transparency log remains consistent even after infrastructure disruptions. By automating the verification of encryption keys through a transparent, audited directory, Messenger has made sophisticated cryptographic security accessible to billions of users. This rollout represents a significant shift in how trust is managed in digital communications, replacing manual user checks with a seamless, background-level guarantee of privacy.
discord Discord’s September 2024 update centers on transforming the platform into a more interactive entertainment hub while significantly hardening its security infrastructure. By centralizing third-party integrations through a new App Launcher and implementing end-to-end encryption for audio and video, the platform aims to balance expanded developer functionality with robust user privacy. ### The App Launcher and Interactive Activities * The newly launched App Launcher is now available across desktop and mobile, allowing users to search, browse curated collections, and add thousands of apps directly to their accounts for use in chats and voice calls. * Four new Activities have been integrated: *Arena Kingdoms* for cross-server battles, *Echo Chess* for daily puzzles, the Viking-themed *Battletabs*, and the social-focused *Magic Circle*. * New image-editing capabilities allow users to hover over chat images to access the App Launcher for quick modifications, such as adding captions or using Viggle’s “Animate” command to generate motion from static photos. * The developer ecosystem has been expanded to allow third parties to build, launch, and monetize their own Activities, with options to opt-in to platform-wide discovery via the launcher. ### Security and Privacy Enhancements * End-to-End Encryption (E2EE) is being introduced for all audio and video communication, including DMs, Group DMs, voice channels, and Go Live streams, ensuring that stream data is accessible only to participants. * Support for Passkeys has been implemented, allowing users to replace traditional passwords with biometric authentication such as Face ID or Touch ID. * Passkey technology remains localized to the user's device, ensuring that Discord does not have access to sensitive biometric data. ### Platform Performance and Community Resources * Discord’s engineering team reported a significant performance milestone, reducing iOS application crashes by 84%. * The "Discord Dojo" initiative has launched to provide educational content, including videos and blogs focused on message formatting and advanced keybinds for power users. * A new partnership with *Street Fighter 6* introduces themed shop items and a specific Quest that rewards users with a "Battle Field" decoration for their profiles. To maintain the highest level of account safety, users should consider migrating to Passkeys and verifying the encryption status during their next voice or video call. For those looking to increase engagement within their servers, the App Launcher provides a low-friction way to introduce collaborative games and media tools directly into existing conversations.