Frequently Asked Questions
¿Tor debe ejecutarse para usar CoyIM?
Not necessarily. You can run CoyIM without Tor by removing the tor-auto proxy from the connection settings. Nevertheless, it is recommended to use CoyIM with Tor.
¿Qué significa 'no auditado aún'?
‘Not yet audited’ means that CoyIm is still under active development. There have been no security audits of the code, and you should not currently use this for anything sensitive.
Quiero aprender más sobre cómo esto funciona. ¿A dónde puedo ir?
Here are some useful resources to learn about what CoyIm uses:
Here are some useful resources to learn more about security:
I forgot my configuration password, can I recover it?
Sadly no. The password for your configuration file is directly used to generate the encryption parameters that store the configuration file in a safe way. For this reason you will not be able to recover a lost password. Any other choice would not be secure, since if you can recover the password, someone else could also recover it.
We recommend the use of a password manager such as KeePassXC to store all your passwords in a safe way. That way, you reduce the risk of losing access to your configuration.
Will you implement feature X?
We often get requests to implement various features in CoyIM. And while we understand that most of these requests would be useful to many of our users, we will often say no, since most features would decrease the security of the application. Please take a look at the documentation about what features we won’t have for a more in-depth explanation of this issue.
If you do want to propose a feature, you can do so in our issue tracker here. Before submitting a new issue, we recommend that you do a quick search among previous issues to see if your request have been discussed before.
Will you create a mobile CoyIM?
We regularly get the request to make CoyIM run on mobile devices. For several technical reasons, this is not really possible. The features of CoyIM and the way they are implemented and the philosophy of the product are all incompatible with a mobile device implementation. So, we will not create such an application.
We do believe that some of the ideas behind CoyIM might be useful in a mobile setting, but that would involve a completely new project, designed from the ground up for the mobile environment. It might happen in the future, but we do not have any immediate plans for it.
How strong should my password be for the configuration file?
When you choose to encrypt your CoyIM configuration file, we will ask you to choose a password for this. The password will be run through an algorithm called SCrypt which will spend a lot of processor time to generate an encryption key, that will then be used to actually encrypt the file. This is a powerful technique which means that anyone trying to brute-force the password will have to use the same process to test whether the password is correct. In practice, testing one password against a CoyIM configuration file can take between 0.5 to 3 seconds, depending on your computer. This means that trying even just a few hundred passwords would take a long time for an attacker. So, the answer to this question is that the password doesn’t have to be extremely strong. It should not be “1234”, but it doesn’t have to be “pPfxIutXV3qUFt7kzbxAiAuhXYgNzrAgpToElLUamz8Q5fYFKhXYd57DI3ckX2Cktv2MeQ” either.
Is it really safe to store passwords in the configuration file?
Yes, it should be completely safe. We encrypt the configuration file using a standard method which protect the information in it significantly better than other applications out there. This does assume that you have not turned off the option to encrypt the configuration file.
Will you support OMEMO?
We get this question quite often, and for the reasons outlined here we don’t believe that supporting any other encryption protocol is a good idea for CoyIM. If you are interested in reading more about our perspective specifically about OMEMO, you can find several issues in our issue tracker about it here.
Where is the configuration file located?
Your configuration file will be stored in different locations depending on the operating system. It will also have different names depending on whether it is encrypted or not. All of the below examples will assume that your username is “testuser”.
OS | Encrypted | Not encypted |
---|---|---|
Linux | /home/testuser/.config/coyim/accounts.json.enc |
/home/testuser/.config/coyim/accounts.json |
macOS | /Users/testuser/.config/coyim/accounts.json.enc |
/Users/testuser/.config/coyim/accounts.json |
Windows | C:\Users\testuser\AppData\Roaming\coyim\accounts.json.enc |
C:\Users\testuser\AppData\Roaming\coyim\accounts.json |