Encrypted chat

When talking to someone in real life, we can usually be quite certain that no-one is listening to our conversations. But in the digital world, it is not so easy. The simplest way to make a chat application exposes everything you say to almost the whole world. Luckily, the situation is not that bad with most modern chat applications. Instead, most applications will encrypt your content, but only to the server and back. This means that someone with access to the server can see what you’re saying. None of this is very similar to what you would expect from a real-life conversation. And what’s even worse, other applications do encrypt everything between you and your contact, but in such a strong way that you leave mathematical proof of everything you say. This means that if you talk to someone, they can later take that conversation and show it to someone else. But not only the text of what you said, but also the cryptographic signatures, which proves that no-one else could have said it. Once again, that’s not how the real world works, and that’s not how you expect conversations to function. The technical world has confused users enough, and we should try to go back to conversations that are safe, secure and private, but at the same time deniable.

CoyIM does this using the Off-the-Record (OTR) messaging protocol. We use the latest released version of the protocol, which is version 3. OTR allows you to transparently set up an encrypted channel to another user, and then just talk as usual. The only requirement is that the other person is using a chat client that also supports OTR. There are many of those out there, so you can talk in a safe and secure way with any of the people that have any of those clients - although we believe that CoyIM is safer than the alternatives.

When you start a conversation in CoyIM with someone, the application will automatically try to start an encrypted chat with the other person. Once that’s done, you can simply talk. It is possible to manually start and stop the encrypted chat, but that should usually not be necessary. By default, CoyIM will also stop you from saying anything when no encrypted channel is possible. You can turn off this behavior if you want, but keeping it on makes you safer - there’s less risk of you sending something in the open.

Encrypted chat with CoyIM is extremely easy to use. It’s basically just there. However, one small wrinkle does exist, and that is authentication. We will take a closer look at this issue in the next section.