Discord end-to-end encryption: Can you turn it on?

Discord is one of the most widely used chat platforms in the world. It’s popular not just with gamers but with all kinds of online communities. That said, using Discord comes with some trade-offs. The platform collects a lot of user data and generally prioritizes convenience over security.

Unlike many other modern messaging apps, Discord doesn’t offer end-to-end encryption for written messages, meaning all of your private messages can be viewed by the platform. Naturally, this makes it less suitable for highly sensitive conversations.

In this guide, we’ll break down how Discord handles encryption and what you can do to keep your conversations more private.

What is Discord?

Discord is a free voice, video, and text communication app. Originally marketed toward gamers, it’s now used by a wide range of communities. It’s home to everything from gaming clans and study groups to developer hubs and fandom communities.

It offers custom moderation tools and integrations with services like Twitch and Spotify. Discord is available through any browser and also has apps for desktop and mobile devices.

How does Discord work?

Discord operates on a server-based model, with each server acting as a hub for a specific group or community. Within a server, you’ll find channels that organize conversations by topic or activity. These can be text channels for chatting and sharing media or voice/video channels for live calls.

Anyone can create a Discord server and invite others to join as members or moderators. The platform also offers customization options in the form of roles, unique reactions, moderation settings, and notification controls.

All communication on Discord is hosted on the cloud, meaning every message passes through the platform's servers. This is in contrast to the peer-to-peer model, which sees messages going directly between users.

How does Discord handle user privacy?

Discord takes some steps to protect user privacy, but it doesn’t offer end-to-end encryption for written messages. Additionally, it collects a wide range of user data, including your IP address, device details, and information about how you use the service.

Encryption in transit vs. end-to-end encryption

Discord uses encryption in transit to protect your messages as they travel between your device and Discord’s servers. This helps prevent outsiders from intercepting your data. However, Discord doesn’t offer end-to-end encryption (E2EE) for text messages.

While in transit, chats are protected using HTTPS and TLS encryption. This helps prevent outsiders and cybercriminals from reading your chats. But once your messages reach Discord’s servers, they are decrypted and stored in plain text for anyone with access to read.

With end-to-end encryption, in contrast, messages remain unreadable from the moment they are sent until the recipient opens them. Even the company hosting a service with E2EE can’t read users’ messages. Only the sender and recipient have the keys to unlock them.

Discord currently only uses E2EE for audio and video calls. Specifically, it relies on 128-bit AES GCM encryption and ECDSA P256 for creating signature keys. This makes Discord calls more private than chats.

The caveat is that calls will only benefit from E2EE on some of Discord’s apps. If you access Discord through a browser or game console, your calls will only be encrypted in transit.

What data is accessible to Discord?

Discord automatically stores a wide range of data tied to your account and activity. This includes your messages (even those sent in private channels) as well as background data that’s collected automatically. Here’s an overview of what Discord can see:

• Message contents (including metadata such as timestamps, message IDs, etc.).
• Shared media, such as images or files.
• IP address.
• Device information.
• Usage patterns, like when and how often you use the app.
• Connected accounts, such as Twitch, X, Spotify, or Steam.
• Your Discord tag, including username and discriminator (e.g., Username#1234).
• Active session data.
• Friends list and blocked users.
• Payment information.
• Developer-related data (if you run bots or use the developer portal).

How Discord uses your data

Discord collects user data primarily to provide and improve its services, including to promote safety and personalization. It may share this information to fulfill legal requests and contractual obligations. That said, Discord does not sell user data.

Here’s how Discord handles and utilizes user information:

Is Discord really secure?

Discord is generally safe for everyday use, like chatting in servers or joining voice calls. But there are security and privacy risks to be aware of. Nothing shared over Discord is truly private. Scammers and other cybercriminals are also active on the platform.

What security measures does Discord use?

Discord uses encryption in transit, IP location tracking for suspicious logins, and automated systems to detect harmful behavior. Users can protect their accounts with two-factor authentication (2FA), and server admins have access to moderation tools like bans, content filters, and role-based access controls. The platform also screens attachments for malware, though this feature may not always reliably block threats from being distributed.

What are the main security risks on Discord?

Using Discord comes with certain risks, especially for younger users. From scams to data harvesting, here are some of the most common issues to be aware of:

• Leaked chats and server logs: Anyone with access to a server can copy or export chat logs. This makes it easy for another user to leak sensitive conversations without your consent.
• Inappropriate or harmful content: Like any online platform, Discord hosts content that is potentially harmful. Though it is used by children, adult content is widely shared on Discord, and there isn’t a thorough age-verification process. The platform does actively ban users and remove inappropriate content, but, as anywhere, this process is far from perfect.
• Phishing attacks: Cybercriminals make use of Discord to share phishing links. One common trick is to send a link that promises to provide a free month of Nitro but is actually designed to steal the victim’s account information. Given the risks, it’s a good idea to learn how to stay safe from phishing.
• Malware distribution: Files shared on Discord can contain viruses and other threats. These are often disguised as game cheats or tools. Discord Token Grabbers are a common threat that can potentially steal your Discord login info, passwords, and certain browser data.
• Compromised accounts: If someone breaks into your Discord account, they might send spam to your friends or servers you’re in. That could get you banned or flagged, even if you didn’t do anything wrong.

All these threats can lead to your account being compromised and even banned for violating Discord’s terms of service. While it’s possible to try recovering a banned Discord account, it’s far better to avoid the hassle by staying cautious and adopting strong security practices.

What can you do to improve your security on Discord?

Though there’s no way to add full end-to-end encryption to Discord, there are some cybersecurity tips you can follow to lower your risk profile and keep your account and conversations more private.

Enable two-factor authentication (2FA)

Turning on two-factor authentication will add an extra layer of security to your Discord account. Once enabled, you’ll need to provide both your password and a secondary code, often sent to your phone or generated by an app, to log in.

This means even if someone steals your password, they still won’t be able to access your account without that second code. It won’t make your conversations more private by itself, but it will provide a defense against someone trying to hack into your account in order to view your private messages or impersonate you.

Use strong passwords

A strong password is long, hard to guess, and unique to your Discord account. Avoid reusing the same password across different sites. ExpressVPN Keys makes this easier thanks to a customizable password generator. It also comes with autofill and top-of-the-line encryption so you can safely store and deploy passwords.

Adjust privacy settings

Discord gives you control over who can message you, add you as a friend, or see your online status. It’s a good idea to tighten these settings, especially if you’re active in public servers. You can block direct messages from non-friends, limit who can send you friend requests, and manage who can see your current status or connected accounts.

Use a VPN for additional encryption

While the platform encrypts data in transit, it’s wise to use a VPN with Discord whenever possible. ExpressVPN adds an extra layer of security by hiding your real IP address and encrypting your entire internet connection. Using a VPN adds protection at the network level, helping reduce the chances of being tracked or targeted. If you connect through one, Discord also won’t be able to track your real IP address.

Can you enable end-to-end encryption on Discord?

Currently, the platform doesn’t offer end-to-end encryption for text messages, only for voice and video communications. If you want to have conversations protected with E2EE, you’ll need to restrict yourself to voice/video calls or use a different platform.

Using encrypted channels

Video and audio channels within a server operate under Discord’s DAVE system, which uses end-to-end encryption. Be aware that if you access Discord through a browser or console rather than the desktop and mobile apps, you won’t benefit from this feature.

Secure alternatives for sensitive communication

Due to Discord’s lack of universal E2EE, you're better off using a privacy-focused app for sensitive conversations. Services like Signal and WhatsApp ensure only you and the person you’re messaging can read what’s sent. Even if a hacker breaks into the system, your messages will still be private.

Alternatively, some users encrypt their files or messages before sending them using third-party tools like DiscordCrypt. But this isn’t built into the platform, so it takes extra effort. Both the sender and receiver need to use the same tool and share encryption keys, which makes it harder to use casually or in larger communities.

Common misconceptions about Discord encryption

There’s a lot of false information and incorrect assumptions parroted online about Discord. To maximize your safety, you’ll want to disabuse yourself of these myths.

Discord is fully encrypted

As you know by now, Discord is lacking when it comes to encryption for text messages. These are encrypted while in transit but are stored in plain text once they reach Discord’s servers.

Admins can’t see your chats

While Discord employees will always have access to your chats, the same isn’t always true for users serving as admins for specific servers. Discord splits conversations into server channels and direct messages, and visibility rules differ for each. Here's how it breaks down:

• In public or private servers: Yes, server admins and moderators can see your messages in any channel they have access to. They don’t need special tools because they can simply visit the channel, even if it’s a private or invite-only server.
• In DMs (direct messages): No, server admins cannot see your direct messages with other users. These are private and not visible to the public unless they are leaked.
• In private channels within a server: Only the users (including admins or mods) who have been given permission to access a channel can see content posted there. If you’re in a hidden or staff-only channel, others can’t view it unless granted access.

Discord employees can’t read my chats

Discord employees can access your messages (including DMs) at any time. The platform uses this ability to investigate abuse reports, respond to legal requests, and enforce rules. While it generally doesn’t actively monitor all conversations, the fact that it can means that Discord can’t be considered a private platform.

Using Discord is like using Signal

No, using Discord is not like using Signal, especially when it comes to privacy and security. Signal is a privacy-first messaging app that uses E2EE by default for all messages, calls, and media. This means only you and the person you're talking to can read or hear your messages, not Signal, your internet provider, or any third party. With Discord, only voice and video calls get this level of protection, and only if you use the desktop or mobile client.