Cloudflare has added end-to-end encryption to its video chat service Orange Meets and opened its code, positioning the app as a prototype for cryptographically secure calls. The solution is built on the MLS protocol, which supports post-compromise security and forward secrecy.
Orange Meets runs over WebRTC, and encryption is implemented entirely on the client side — not even the Forwarding Unit (SFU) server sees your data. Sessions are based on the Messaging Layer Security (MLS) protocol, an IETF group key exchange algorithm written in Rust.
To manage group dynamics (user login/logout during a call), Cloudflare has implemented the Designated Committer Algorithm, which selects a “responsible committer” to update the cryptographic state. The security of such changes is formally verified using TLA+, a mathematical model that detects bugs at the logic level.
Orange Meets is more of a demo than a finished product. It was created as part of the Cloudflare Calls initiative (now **Real-time**). Compared to Zoom, Signal, or Teams, Orange Meets is not yet fully functional and has not been fully audited.
But for researchers, developers, and encryption enthusiasts, it is a unique open-source tool for testing MLS. It works without installation via an online demo or via a GitHub repository. Despite its rawness, Orange Meets is a breakthrough in open E2EE for group video calls, with transparent cryptography and independent verification. The solution could give a new boost to trust in MLS in a world where encryption often remains closed or opaque.
