Cloudflare Releases a Fully End-to-End Encrypted Version of Its Video Calling App, Orange Meets

The release of Cloudflare’s Orange Meets video calling app, which is fully end-to-end encrypted, is a big step toward private real-time communication without compromising usability or scalability.

For transparency, Cloudflare has open-sourced the technology and added end-to-end encryption (E2EE) to its video calling service, Orange Meets.

No modifications are needed to Cloudflare’s media-forwarding infrastructure, as the solution solely utilizes client-side encryption via the Messaging Layer Security (MLS) protocol.

Since the internet giant released the application as a demo for Cloudflare Calls (now Realtime) last year, it has been accessible.

Users seeking robust cryptographic guarantees should look into Orange Meets as a basis for safe video calling in research or prototyping scenarios now that E2EE has been introduced and numerous trust and verification issues have been resolved.

The development comes after the release of the open-source video app Orange Meets and Cloudflare Realtime (previously known as “Cloudflare Calls”) in 2024. This central routing strategy usually presents a privacy tradeoff, allowing the SFU to possibly watch or analyze the unencrypted content, even though the platform already provides scalable video calls via a Selective Forwarding Unit (SFU). By integrating true end-to-end encryption (E2EE) into Orange Meets through a standards-based, client-only methodology, Cloudflare has now overcome this restriction.

Design of E2EE encryption

Orange Meets uses Messaging Layer Security (MLS), a group key exchange protocol specified by the IETF, to enable end-to-end encryption.

Continuous group key agreement, which enables safe group key exchange, forward secrecy, post-compromise security, and scalability, is made possible by the Rust-based MLS implementation on Orange Meets.

Cloudflare or the Selective Forwarding Unit (SFU) serves as a forwarding intermediary that does not have access to sensitive communication data because WebRTC handles all of the encryption on the client side.

A “Designated Committer Algorithm” has also been added by Cloudflare to securely manage dynamic group membership changes, such as when a user joins or exits a video call.

By automatically choosing a new designated committer depending on the group’s current state, this method essentially identifies a particular member as the party who controls MLS updates in a completely client-side manner.

Lastly, a “safety number” that represents the group’s cryptographic state is displayed throughout each video conference session, and participants are urged to confirm this outside of the platform.

By doing this, “Monster-in-the-Middle” (MitM) attacks are avoided, in which a malevolent server replaces important content.

In order to catch small edge-case bugs, Cloudflare officially modeled the Designated Committer Algorithm in TLA+, a specification language that is used to quantitatively validate that the protocol operates correctly under all possible scenarios.

Having said that, it is important to stress that Orange Meets is not a finished consumer product but rather an open-source prototype and technological presentation.

It hasn’t been extensively examined or put to the test yet, and it lacks some of the features and ease of use of Zoom, Google Meet, Signal, or Microsoft Teams.

The tool from Cloudflare is more suited for developers interested in cryptography and MLS integration, as well as privacy enthusiasts and interested users who wish to experiment with open-source E2EE video calling. Researchers or engineers assessing MLS implementations can also use it.

Orange Meets has an online live demo, so there’s no need to install it in order to test or use it.

As an alternative, users can use the source code found on this GitHub repository to create their own instance.

Protocol-level privacy

Video conferencing needs a more effective encryption strategy because of real-time and high bandwidth limits, in contrast to text-based communication apps, where messages can be encrypted numerous times for each participant. The IETF-standardized group key exchange protocol, MLS, was used by Cloudflare as the basis for protecting participant communications.

The encryption system is developed solely on the client side using Rust code that has been compiled by WebAssembly (WASM). Before being transmitted, WebRTC audio and video frames are processed by a specialized encryption worker, who then decrypts them after receiving them.

The implementation uses a method described by Discord’s DAVE protocol to keep certain unencrypted byte headers in each frame in order to maintain compatibility with popular codecs like VP8.

Three essential components form the foundation of Orange Meets:

• Client: The encryption and decryption mechanism is locally executed by each user.
• Orange Meets Server: The lightweight coordination service developed using Cloudflare Workers is in charge of controlling room states, such as participant lists and mute status.
• Cloudflare Realtime SFU: Media streams are forwarded without content inspection or modification.

Crucially, the SFU does not care whether the contents of UDP-based video or audio packets are encrypted or not; it is agnostic to encryption.

“Designated Committer” algorithm

Managing dynamic membership securely is a technological challenge in encrypted group video chats, particularly when people join or exit during a call.

Cloudflare created a lightweight mechanism known as the designated committer in place of centralized control or changing the coordination server.

One current participant (the designated committer) receives cryptographic material from new users upon joining, and this person creates and distributes MLS group updates. If users disconnect, the committer’s role changes dynamically, and group state maintains continuity. By avoiding the backend server in cryptographic processes, this method maintains transparency and decentralization.

The method was explicitly modeled and validated using TLA+, a specification language and model checker, to guarantee accuracy and manage edge cases. In situations involving membership churn, this verification procedure assisted in identifying and resolving subtle racial problems.

Ensuring authenticity

Orange Meets puts a cryptographic safety number on the screen to prevent “monster-in-the-middle” attacks, in which a hacked server inserts malicious key material. It is recommended that participants verify this number through an external, trusted channel, like a Signal group chat. This method discourages tampering with user keys and is similar to best practices found in encrypted messaging apps.

In order to protect against malicious JavaScript delivery, a known vulnerability in browser-based encryption configurations, Cloudflare is looking into Web Application Manifest Consistency, Integrity, and Transparency, similar to its Code Verify effort for WhatsApp.

A viable starting point for other developers looking to introduce E2EE to group video communication is Cloudflare’s implementation, which is open-source, modular, and flexible enough to fit into any WebRTC-based infrastructure.

The fundamental system is functional and ready for deployment right now; however, more developments, such as improved identity verification with OpenPubkey, are planned.