Security

Security is at the core of CoyIM. It’s the main reason why CoyIM is necessary, and it’s something that is absolutely central to all the work we do. In this section we will talk about some issues related to the security of CoyIM. Some parts of this section will contain some technical details, in order to make it completely clear what is happening. But even if you are not a technical person, there exists a lot of important information for you here.

We will start by talking about the end-to-end encryption that CoyIM uses. We have already looked a little bit at it in the overview section, but we will dive a bit deeper into it here. When talking about end-to-end encryption, it’s also important to see how security works for multi-user chat rooms, and the limitations which make it impossible for us to have end-to-end encryption there.

CoyIM tries to protect your configuration as much as possible, especially since it contains all the keys and fingerprints for your contacts. This makes it the basis for the security of the rest of the application. So, we offer you the possibility to encrypt the configuration file.

As mentioned in the overview, CoyIM has support for sending and receiving files and directories using an encrypted channel. This is a new feature, developed especially for CoyIM, so we will document it a bit more in the next section.

Security auditing is a very important topic, especially for applications focused on security and privacy. And while CoyIM as a whole has not yet been audited, our end-to-end encryption library implementing OTR has been. The following section will detail the results of this audit and talk a little bit about what it means.

Finally, an application like CoyIM has to make it as easy as possible for a user to be sure that they actually download the correct version of the software, and that no malicious modifications have happened to it - either in transit, or on the build servers. Basically, you need to be absolutely certain that the code you are reading in our repository is the same code as was used to generate the binary you are running.

The information in this chapter is definitely slightly more technical, but it’s also important to understand in order to use and work with CoyIM properly.