Coy-fish

CoyIM is a standalone chat client that focuses on safety and security. It is a self-contained program that runs on Windows, Linux and macOS, and that is safe from the moment ir is started up. CoyIM only supports one chat protocol - XMPP (sometimes known as Jabber). CoyIM has carefully picked and chosen the features that are necessary to create a good chat experience, while keeping the attack surface of the system to a minimum.

It also has built-in support for Tor, OTR and TLS. The Tor support allows users to become anonymous while chatting, OTR makes end-to-end encryption of communication possible, and TLS adds another layer of encryption for the communication with chat servers. These features are built as core parts of the application: they are not plugins or extras in any way.

CoyIM is implemented in Go. Many other implementation languages open up the door for a large number of attacks; we try to minimize those risks by using Go.

Features that set us apart

CoyIM implements lots of features that exist in most other chat clients. There are, however, some things we do differently:

  • Support of the latest version of OTR.
  • Detection of Tor (if installed) and connection through it.
  • Use of Tor Onion Service if it is known by the server in question.
  • Use of separate Tor circuits for each account in order to make it harder to tie accounts together.
  • Insertion of random delays before connecting each account in order to make fingerprinting of connections between them harder.
  • SRV lookup for the server over Tor if available.
  • Import of account settings, OTR settings, fingerprints, and private keys from other clients like Pidgin, Adium, Gajim or xmpp-client.
  • Saving of all your configuration, including OTR fingerprints and keys, in an encrypted configuration file.

Features we want to have

CoyIM wants to add some more features. These are the most important ones but there are many more we want to have (check them at Github issue tracker):

  • Availability in different languages: there is basic support for it, but there are not real translations yet.
  • Creation of a new anonymous random account with one single option.
  • Support of complete reproducible builds.
  • Use of a unified security rating that combines several different measures of security.

Features we won't have

Features have a tendency to result in a larger code base and bugs. For this reason, we will not support some features, like:

  • Use of browser view to render content inside CoyIM or rendering of HTML.
  • Use of clickable links.
  • Use of emoticons or other kinds of extra graphical feature.
  • Exposition of many configuration options.
  • Use of automatic logging.

XEPs we support

These XEPs are fully or partially supported by CoyIM: