Cloudflare has made a decisive leap in secure communications by open-sourcing Orange Meets, its group video calling app now equipped

Continue reading
Cloudflare has made a decisive leap in secure communications by open-sourcing Orange Meets, its group video calling app now equipped with robust end-to-end encryption (E2EE) based on the Messaging Layer Security (MLS) protocol[1][2][3]. This move positions Orange Meets as a transparent, standards-driven alternative for privacy-conscious developers, researchers, and encryption enthusiasts.
A New Standard for Video Call Security
Unlike most group video platforms that rely on a central Selective Forwarding Unit (SFU)—which can potentially access unencrypted media—Orange Meets encrypts all audio and video entirely on the client side using MLS, an IETF-standardized group key exchange protocol[1][2][3]. This ensures that even Cloudflare’s own infrastructure cannot access call content, closing a major privacy gap in scalable video conferencing.
Technical Innovations: MLS and the Designated Committer Algorithm
Orange Meets leverages a Rust-based MLS implementation, compiled to WebAssembly for browser compatibility, to provide continuous group key agreement. This enables forward secrecy and post-compromise security, essential for dynamic environments where participants may join or leave at any time[1][4][2][3]. To securely manage these membership changes, Cloudflare introduced the “Designated Committer Algorithm”—a client-side protocol that designates a participant to handle cryptographic updates, verified for correctness using formal TLA+ modeling[1][4][2][3].
Transparency and Trust by Design
Each session displays a unique “safety number” for participants to verify out-of-band, preventing man-in-the-middle attacks and boosting user confidence in the system’s integrity[2][3]. The entire E2EE implementation is open source, allowing independent scrutiny and adaptation by the broader community.
A Prototype, Not a Zoom Rival—Yet
Cloudflare is clear: Orange Meets is a technical showcase and not a consumer-ready rival to Zoom or Teams[4][2]. It lacks many enterprise features and hasn’t undergone extensive security audits. However, as a proof-of-concept, it sets a new bar for open, verifiable E2EE in group video calls and provides a modular foundation for future secure communication tools[4][2][3].
Implications for the Future of Encrypted Communications
Orange Meets’ open, standards-based approach could accelerate adoption of MLS across the industry, offering a blueprint for privacy-first video platforms at a time when trust in centralized infrastructure is waning[4][2][3]. Developers can experiment with the live demo or deploy their own instance using the public codebase, marking a significant step forward for transparent, secure, and scalable group communications.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation