Cloudflare has launched an end-to-end encrypted version of its video calling app Orange Meets. The new feature uses the Messaging Layer Security (MLS) protocol for client-side encryption, allowing users to make private real-time communications without compromising scalability or usability. This marks a significant step toward securing group video chats.
The implementation addresses a common limitation in scalable video calls, where the central routing model introduces privacy tradeoffs. Cloudflare’s solution integrates true end-to-end encryption into Orange Meets using a standards-based approach, preserving unencrypted byte headers to maintain compatibility with common codecs.
Orange Meets is built on three key components: client-side encryption and decryption logic, a lightweight coordination service, and an SFU that forwards media streams without inspecting or modifying content. The SFU remains agnostic to encryption, forwarding UDP-based video/audio packets regardless of their encrypted status.
To manage dynamic membership securely, Cloudflare introduced the “Designated Committer” algorithm. This approach dynamically shifts the designated committer role when users disconnect, ensuring group state continuity and decentralization.
The implementation ensures authenticity by displaying a cryptographic safety number on the screen, which participants must confirm via an external channel to prevent “monster-in-the-middle” attacks. Cloudflare’s solution is open-source, modular, and adaptable to any WebRTC-based infrastructure, making it a promising foundation for developers aiming to bring E2EE to group video communication.
Users can try the encrypted version of Orange Meets at e2ee.orange.cloudflare.dev or self-host their own instance using the available codebase on GitHub.
Source: https://cyberinsider.com/cloudflare-debuts-end-to-end-encrypted-video-chat-with-orange-meets-e2ee