History of CoyIM

CoyIM was born from the frustration of trying to teach good operational security, and as part of that work trying to help non-technical people learn how to install an chat client and configure it to actually be reasonably secure. Sadly, this process is quite long, since modern chat clients require a lot of configuration and installation of extra tools to actually be safer to use. And on top of that, the most common ones are written in unsafe code, and includes a huge amount of extra features which creates a very large attack surface.

During this time frame, some technically minded security people were using a project called xmpp-client to communicate in a secure way. The project was small, the code was simple and written in a safe programming language, eliminating a lot of attack surface but also many other possibilities for vulnerabilities. The client only did the minimum necessary to do encrypted end-to-end chat over XMPP. However, the project had at least two major problems. First, it didn’t support the latest version of OTR, which added several important security improvements. And second, it was a command line tool which required you to use the terminal and remember what commands to type to make something happen. And while that suits a segment of technical people, it is not so helpful for most people that would actually need this kind of product.

So, in 2015, the STRIKE team at ThoughtWorks in Quito, Ecuador, decided to start working on making xmpp-client more approachable to a general audience. The first step was to update the OTR implementation to the newest standard. This project rapidly changed and reworked the code base completely, and the project became OTR3. Once this project was done, the larger work of integrating it into xmpp-client while also building a graphical user interface started. From this was born CoyIM. Over the years, a large number of people have worked on this project. The STRIKE team were the team that initially created the project. Later, the TIGER team, also from ThoughtWorks, continued working on the code base. People from the company Subgraph in Canada also contributed substantial features to the system. In 2017, Centro de Autonomía Digital took over development, and this work continued in Brazil, Germany and later returning to Quito, Ecuador.

In October 2021, the 0.4 version was released, containing the largest update to the client until now.