With the introduction of E2EE and the resolution of various trust and verification issues, users interested in strong cryptographic assurances can explore Orange Meets as a foundation for secure video calling in research or prototyping contexts. Orange Meets implements end-to-end encryption using Messaging Layer Security (MLS), an IETF-standardized group key exchange protocol. Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency. Cloudflare has also introduced a "Designated Committer Algorithm" that handles dynamic group membership changes (user joins/leaves a video call) securely. The Rust-based implementation of MLS on Orange Meets enables continuous group key agreement, which supports secure group key exchange, forward secrecy, post-compromise security, and scalability. Cloudflare's tool is more geared towards developers with an interest in MLS integration and cryptography, as well as privacy enthusiasts and curious users who want to tinker with open-source E2EE video calling. Cloudflare formally modeled the Designated Committer Algorithm in TLA+, a specification language used to mathematically verify that the protocol behaves correctly under all possible conditions, thereby catching subtle edge-case bugs. The encryption is handled entirely on the client side using WebRTC, so Cloudflare or the Selective Forwarding Unit (SFU) acts as forwarding intermediaries that do not have access to sensitive communication data. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Finally, each video conferencing session displays a "safety number" representing the group's cryptographic state, which participants are encouraged to verify outside the platform. This system practically designates a specific member as the party that governs MLS updates in a fully client-side fashion, automatically selecting a new designated committer based on the group's state. All that being said, it is essential to emphasize that Orange Meets is more of a technical showcase and open-source prototype than a polished consumer product. Orange Meets does not require installation to test or use, as a live demo is available online. The application has been available since last year when the internet giant launched it as a demo for Cloudflare Calls (now Realtime).
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 29 Jun 2025 16:10:18 +0000