History of CoyIM
CoyIM was born from the frustration of trying to teach good operational security, and as part of that work trying to help non-technical people learn how to install an chat client and configure it to actually be reasonably secure. Sadly, this process is quite long, since modern chat clients require a lot of configuration and installation of extra tools to actually be safer to use. And on top of that, the most common ones are written in unsafe code, and includes a huge amount of extra features which creates a very large attack surface.
During this time frame, some technically minded security people were using a project called xmpp-client
to communicate
in a secure way. The project was small, the code was simple and written in a safe programming language, eliminating a
lot of attack surface but also many other possibilities for vulnerabilities. The client only did the minimum necessary
to do encrypted end-to-end chat over XMPP
. However, the project had at least two major problems. First, it didn’t
support the latest version of OTR
, which added several important security improvements. And second, it was a command
line tool which required you to use the terminal and remember what commands to type to make something happen. And while
that suits a segment of technical people, it is not so helpful for most people that would actually need this kind of
product.
So, in 2015, the STRIKE team at ThoughtWorks in Quito, Ecuador, decided to start working on making xmpp-client
more
approachable to a general audience. The first step was to update the OTR
implementation to the newest standard. This
project rapidly changed and reworked the code base completely, and the project became
OTR3. Once this project was done, the larger work of integrating it into xmpp-client
while also building a graphical user interface started. From this was born CoyIM. Over the years, a large number of
people have worked on this project. The STRIKE team were the team that initially created the project. Later, the TIGER
team, also from ThoughtWorks, continued working on the code base. People from the company Subgraph in Canada also
contributed substantial features to the system. In 2017, Centro de Autonomía Digital took over development, and this
work continued in Brazil, Germany and later returning to Quito, Ecuador.
In October 2021, the 0.4 version was released, containing the largest update to the client until now.