CoyIM

Complementary security tools for CoyIM

Fri, 18 Feb 2022 00:00:00 +0000

The 0.4 version of CoyIM is ready to be released, and we are currently in the process of preparing everything for this to happen. And while we are very happy with this version of CoyIM, it is also worth remembering that CoyIM by itself can’t necessarily protect you against everything. We do the best we can, but there are always limits. In this article we want to talk about some complementary tools and techniques you can adopt in order to increase your general security, and specifically, make your usage of CoyIM even more secure. We usually talk about most of these ideas as security hygiene - things that most people simply should do, because no matter what your situation is, these tips will significantly increase your security, while having a very low cost in terms of time or complexity. Basically, just as you should use soap when washing your hands, and brush your teeth every day, you should apply these tips to your daily life. If you happen to be in a high risk group, these pieces of advice will set the baseline from where you can start adopting even stronger security measures. Even if you just apply two or three of these ideas, you will already have better security than almost everyone on the planet.

Let’s begin with Tor. In general, CoyIM will automatically use Tor if you have it installed, and it will give you instructions on how to install it, if it can’t detect an installation of Tor. And you can actually turn off this behavior and use CoyIM without Tor, it is strongly discouraged. Basically, Tor significantly improves the security of CoyIM. It does this in a few different ways. First, remember that with XMPP you will have one or several accounts on a server - or different servers. When you connect CoyIM it will connect to each one of the servers for the different accounts. All your communication will go through these servers where your accounts belong. But we still don’t want these servers to know more than necessary about us. So we use end-to-end encryption with OTR in order to make sure that the server can’t read any of the content in the messages we send.

But what about our information? Since the account is defined in the server, so you can’t hide the account name. For this reason it’s a good idea to not reveal any personal information in your account name. The server can also see your IP address when connecting, which means that they can connect your account name to a physical location in the world. This is not great. But if you only use Tor to connect to the server, the server will never actually see your real IP address. And if you’re only ever talk using end-to-end encryption, and the people you talk to are as careful, the server won’t really be able to find out anything useful. Tor basically helps guard your anonymity. This is important not just for your privacy. If you don’t have anonymity it also becomes easier for an adversary to identify you for targeted attacks. And this is where the other benefit of Tor comes in.

Fundamentally, when you connect to a server, the communication will always be encrypted with TLS. But Tor adds several more layers of encryption to the connection. If you are also using an onion service, this encryption is in place all the way from your machine to the server. Encryption is important to stop anyone from being able to read your communication, but it is also protects the integrity of your messages, which means that no-one can modify the communication. One of the main ways attackers can execute an attack is to inject into regular communication, protecting the integrity in several layers is important. Of course, all these benefits can also be helpful with other applications, so if you decide to use Tor, configure as much as possible of your computer to use it. That way, you reduce the risk of someone attacking other parts of your computer.

If you want to use Tor for other things you do, the most important one would probably be for your browsing. Most of us spend most of our lives browsing, and this behavior also means that we are connecting to many different services on the internet. Here is where Tor can be an additional help. But since this is such a specialized purpose, the Tor project has a browser specifically configured to work well with Tor. It’s called the Tor Browser Bundle, and it’s a good idea to use it for your browsing. Not only does it use Tor for all connections, it also contains a large number of other protections that help your security.

One of the most important security measures anyone can take is to encrypt their hard drives. These days, most mobile phones come with this protection enabled by default, but on computers this is still not the case. If someone steals your computer, they would have access to all the content on your computer by just connecting the hard drive to another computer, or booting the computer from some kind of removable media. You might think that your computer is protected because it asks for a username and password before you get in to it. But the truth is that this process is basically completely useless unless you also encrypt the content of the harddrive. This is the kind of protection that you can simply turn on and forget. The only difference will be that you need ta password to start up the computer - and you have to be extremely careful to never forget this password, since it is what opens up the computer. With this protection, all your data is secure - not just the configuration file for CoyIM. This is a great complement to the security that CoyIM gives you, since it reduces the risk of attack in a large number of ways.

Since we are talking about passwords, let’s move on to the next tool you should integrate in your life. The truth is, almost everyone have terrible passwords, and even worse practices. Most people use the same password everywhere, or use small variations between different services. But most people also know that this behavior is not safe. Research show that this is still one of the largest risks out there. And what’s worse, when someone manages to break your password, you will often not see the result - or you will see it long after the event. So you don’t get real feedback about how dangerous this practice is. In CoyIM, you will use passwords to connect to your different accounts, and you will also need a password for the configuration file if you choose to encrypt it (which we strongly recommend). You can choose to save the account passwords in the configuration file, if you want - so you only need to remember the main password for the configuration file. But even that might be a bit annoying. One more password to add to your life. And you should get in the habit of using good passwords everywhere. If you don’t, you are limiting the security you can get from all the other tools and techniques around you.

The good news is that this is an easy problem to solve. There exists free tools out there called password managers, that simply remembers passwords for you. Instead of remembering your own passwords, you put them in this program, and you can forget them. Or even better, when you need a password - for example to set up CoyIM for the first time - you ask your password manager to generate a new password for you. Then you simply copy this into CoyIM. The password manager will save it, and you will never even need to know it. The absolutely only password you will need to remember is the password to the manager itself. All other passwords you can store inside it. By using this approach, you can stop worrying about passwords as a problem. You can have different passwords for every single place. You can have stronger passwords everywhere, since you won’t have to remember them. It really is a fantastic tool that drastically reduces your exposure. And there exists many different ones out there. We would recommend starting with an open source version such as KeePassXC. But many others are good as well. Our only caveat is that you should avoid the ones that store your passwords centrally in some way. It’s significantly safer to store your passwords locally.

If you’ve gotten this far, you’re off to a great start. In our opinion, Tor, encrypted hard drives and a password manager are the most important complementary tools and techniques for CoyIM. But you can go further if you want. For example, if you are using an encypted chat client, doesn’t it make sense to also use encrypted email? In general, encrypted email isn’t necessary as secure as encrypted chat, but it’s still a huge step up. And in the same way as we are protecting confidentiality, encrypted email can also be important to protect the integrity of emails. And in this day and age where viruses are often distributed using email attachment, ensuring the integrity of the attachments using encrypted email is not a bad idea.

And what if you find ourself in a situation that requires a higher level of security? What if you want to make sure everything you do goes through Tor? What if you want to simplify the setup of all these things? One place for that would be the operating system Tails. You can put it on an USB drive, and boot from it. It will make sure everything goes through Tor, and it already comes configured with a large amount of different security tools. And CoyIM runs great on Tails. In fact, one of the authors of this article uses CoyIM on Tails every single day.

Finally, when talking about good security practices, now that you have CoyIM to help you with secure messaging, you should be careful about using other kinds of messaging. And this is especially true for phones. Because of how mobile technology works, there are some risks that mobile messenger clients simply can’t protect against. This is why CoyIM was designed for desktops and nothing else. So be careful with mobile messengers in the future.

As you can see, CoyIM is part of an ecosystem of tools and techniques. And while using CoyIM on its own is already a good improvement in security, when combined with other tools, you have the possibility of radically increasing your security with very low effort. The new 0.4 release of CoyIM will be another step forward for security. Take the chance to try these tools as you try the new version of CoyIM!

CoyIM compared to other chat clients

Thu, 17 Feb 2022 00:00:00 +0000

The CoyIM team is getting ready to release version 0.4 of CoyIM. This is our largest release ever and we are very proud of it. A lot of work has gone in to improve and polish this program. Our hope is that many new people will find out about CoyIM and be interested in trying it out. But a normal question as part of this is how CoyIM is different from other chat clients out there. So in this article we want to provide some short and specific differences between CoyIM and some of the most well known alternatives. Of course, there are hundreds of chat clients out there, and we would never be able to cover them all. And most clients have a huge amount of differences from each other - and it wouldn’t really be useful for anyone if we tried to write up all these differences. So instead, we will try to only cover the most important differences according to the aspects that we as the CoyIM developers find the most important. While reading this, it is useful to remember that CoyIM was not created to be a general purpose messenger that can do anything and everything. We want CoyIM to first and foremost be a secure messenger. So the biggest difference compared to all of the alternatives in this list is one based on features and philosophy. All of these clients have more features than CoyIM. And all of them are focused on gaining more users by adding more features. So if you only want the biggest difference, this is it. Otherwise, let’s jump in and look at some specific examples. These come in no particular order.

On the surface, the most important difference between CoyIM and WhatsApp is that WhatsApp is primarily for mobile phones, while CoyIM only runs on desktops. WhatsApp does have support for a desktop client that uses your mobile phone account. The technology used for this desktop version uses browser technologies that make it easy to create an attractive experience, but also leads to a large attack surface. CoyIM is written without use of these technologies to reduce the risk. Outside of this, there are a few major aspects between CoyIM and WhatsApp that radically impact the security. First, WhatsApp is proprietary. This means that we can’t inspect the source code and we have no way of knowing what it actually is doing. We don’t know whether it implements things correctly, whether it has back doors or other security problems, and we don’t know what else it can do. WhatsApp is owned by Meta (the company formerly known as Facebook), and the closed nature of the product makes it hard to feel comfortable in trusting the application for anything sensitive.

WhatsApp does use end-to-end encryption for all messages. Or, it says that it does. We don’t actually know, because we can’t see the source. There might exist ways in the application to turn off or weaken this encryption, which we can’t see. The end-to-end encryption that WhatsApp uses is based on the Signal protocol which in general is very good. There have been some minor problems relating to deniability, but nothing major. The cryptographic algorithms used in this protocol are actually stronger than what is used in the version of OTR that CoyIM uses. WhatsApp also allows users to verify their contacts if they want. All of this is good. Sadly, all of this work is diminished by the fact that WhatsApp will log all your messages and often insist that you turn on backups of these logs. These backups are not encrypted, which means that WhatsApp will still have access to all your messages if you turn this on.

WhatsApp is a centralized system, which relies on phone numbers for accounts. In comparison, CoyIM uses accounts where the name can be almost anything. You can create accounts on different servers and still talk inbetween them. And you can have more than one account on the same machine. What this means is that in order to talk to someone with WhatsApp you have to reveal your phone number. It also means that the WhatsApp servers are a single point of failure. In comparison, with CoyIM you can create a completely anonymous account for talking to someone, and you won’t have to reveal any personal information with this account. And since XMPP is federated, even if some servers go down, you will still be able to chat using CoyIM - assuming that your own server and the server of your contact is still available. CoyIM and XMPP does not have a single point of failure. Finally, related to anonymity - using Tor on a mobile phone is not very easy, and it’s not clear whether it’s even possible to run WhatsApp over Tor. That means the WhatsApp servers will always know your IP address and your phone number.

In summary, even though WhatsApp has end-to-end encryption, the other aspects of the chat client means that WhatsApp does not protect you in any meaningful way, while CoyIM does the opposite.

Signal

Out of all the mobile phone messaging applications, Signal is the one we would recommend if you have to use a mobile phone. Just as WhatsApp, it uses the Signal protocol for end-to-end encryption, but in comparison, it is open source, which means we can be reasonably comfortable that the encryption does what we think it should do. In Signal, there doesn’t exist a way to send messages unprotected, which is great. On the other hand, just as with WhatsApp, Signal does require a phone number for an account, and the infrastructure for Signal is also centralized. This leads to the same problems as with WhatsApp, which CoyIM in comparison does not have.

Signal started out being very focused on the security of the experience, but over time more and more features have been added that sometimes make us uncomfortable. The last big one was support for a crypto-currency inside of the application. While this might be useful in some situations, adding this kind of complexity to the chat application means that using the application gets more and more risky.

When comparing to CoyIM, the most important differences relates to Signal being a mobile application while CoyIM is for desktops. Secondly, Signal uses phone numbers for accounts, while CoyIM supports any kind of XMPP account - and you can use as many accounts as you want inside one application. And finally, Signal is centralized while CoyIM is federated, meaning that Signal has a single point of failure that CoyIM doesn’t have.

When it comes to mobile applications to be wary of, Telegram is at the top of the list. It shares many fundamental problems with WhatsApp and Signal - most importantly being that it is centralized, and that it requires a phone number as an account identifier. And while the mobile application itself is open source, the server side infrastructure is not. And while all these are problems, the biggest issue with Telegram is really that it is not end-to-end encrypted by default. This is something quite surprising to many people. For some reason, the idea that Telegram is encrypted is a very common misconception. Telegram does have support for end-to-end encryption with your contacts, but it’s not turned on. You have to manually turn it on for each person you want to talk with securely. And worse, Telegram doesn’t use an established protocol for this encryption. Instead, the developers came up with their own protocol. And while this protocol doesn’t have any obvious issues, the design of it is strange, in a way that makes cryptographers quite uncomfortable.

So, while CoyIM is fully open source, only parts of Telegram are open. CoyIM allows you to create any kind of XMPP account and use more than one, while Telegram is restricted to one account based on the phone number. As mentioned above, CoyIM is federated and does not have a single point of failure, while Telegram is completely centralized. Finally, CoyIM uses a well-established protocol for end-to-end encryption, which is turned on for every conversation by default, while Telegram uses a strange homegrown protocol, and only when you explicitly turn it on - otherwise the content is completely unprotected.

Pidgin

Out of all the options in this comparison, Pidgin is probably ony of the closest options you can get to CoyIM. In fact, as we described in another article, problems with Pidgin were exactly what lead to the creation of CoyIM. Pidgin is a desktop program with support for all major platforms. And also as CoyIM, Pidgin allows you to use XMPP for your accounts. And you can install a plugin to support OTR for end-to-end encryption. You can also configure Pidgin to run over Tor. And finally, Pidgin is open source, just as CoyIM. From these perspectives, it might look like Pidgin and CoyIM are very similar. But there exists some important differences. As you can see from the above, all the different security measures that CoyIM provides out-of-the-box are things you will have to install and configure yourself with Pidgin. This means that by default, users will have very low security, unless they manage this situation themselves.

The other big difference is in the implementation choices. Pidgin is a fairly large C program. It supports a huge amount of functionality, and it has a plugin system. This leads to a large amount of complexity, and also an increased attack surface. This was really the main reason why CoyIM is something that had to be written from scratch, instead of just changing Pidgin a little bit.

In summary, Pidgin has many similarities in what is ultimately possible, but the difference here is that you’ll have to make those choices yourself. And even if you make the correct choices in all possible places, Pidgin is written in a fundamentally insecure environment and with a philosopgy that leads to a huge attack surface.

Gajim

In many ways, Gajim is similar to both CoyIM and Pidgin. It runs on all the major platforms. It is open source. And it allows you to use XMPP. Several years ago, Gajim had support for end-to-end encryption using OTR, but this support has now been removed. Instead, Gajim supports two other technologies for end-to-end encryption. One of these is openpgp, which reuses protocols for email encryption in a chat environment. And while this might work, it also has some issues. In practice, it is not used by a large amount of people. The other alternative is called OMEMO, which is based on the Signal protocol. The encryption in this protocol is stronger, but once again, the protocol has some design issues which to the CoyIM developers seem questionable. For this reason, we choose OTR instead of OMEMO.

Gajim is written in Python, which is a memory safe language - just as Golang is (which is the language CoyIM is written in). That means that it is certainly a safer application than Pidgin, since many of the security issues are simply not possible. On the other hand, Gajim has a similar philoshopy to Pidgin in terms of functionality. Gajim supports several different communication protocols, and many other features. It is a general purpose messenger, not one with a security focus. And you might wonder about the support for several different end-to-end encryption protocols. This is managed using a plugin system. Which once again mean that the user has to make the choice, and configure things before they have a secure setup.

Just as in the comparison with Pidgin, this lack of security by default, and a focus on adding more features, are the two biggest differences in comparison with CoyIM. In addition to that, the choice of encryption systems is also different. Just as with Pidgin, you can configure Gajim to use Tor, but it doesn’t happen by default.

Matrix / Element / Riot

In later years, Matrix has become one of the largest replacements for XMPP out there. Several clients exists for different platforms, including mobile applications. And while Matrix is primarily focused on group chat of different kinds, it does also support one-to-one conversations. In general, Matrix is an open protocol. It is decentralized. The implementations are mostly open source, and it’s available for all major platforms. Finally, you can use Tor with the regular clients, just as you can with CoyIM. The big difference is that once again you have to configure it yourself.

Matrix does support end-to-end encryption. The protocol is based on the Signal protocol, and there are some innovative improvements in how you can verify your peers. All good in theory. In practice, our team has never been able to get it working well. Over and over there are synchronization problems and other issues that lead to unreadable messages and full resets of cryptographic keys. We have even seen worse things. This means that for us, the encryption has basically been too problematic to use.

The main desktop client for Matrix is based on web technology, just as some of the earlier options. This brings in a lot of complexity and an increase in attack surface. Finally, Matrix clients tend to add a lot of support for various optional things, in order to provide a better user experience. This also increases the attack surface. And while it would certainly be possible to build a new client for Matrix without these problems, the current ecosystem seems more focused on attracting users than to build from a secure-by-default foundation.

In summary, while in theory the Matrix end-to-end encryption should be as good or even better than what CoyIM issues, in practice we have seen many issues with the implementations, making it almost useless. The implementation choices once again emphasizes features instead of security, and that’s also seen in the choice of implementation technology. Finally, some security options are available, and you can make it more secure - but this is something the user has to manage.

Slack

In general, Slack is quite different from CoyIM. It’s mostly focused on channels containing groups of people. It runs on all the major platforms, both desktop and mobile phone. But fundamentally, it serves a very different need than CoyIM. On top of that, it is not open source. It is centralized. And it does not use end-to-end encryption. For all these reasons, it’s not really possible to make a closer comparison between Slack and CoyIM. Almost every aspect is different between the two.

Facebook Messenger

One of the most common ways that people communicat is through Facebook. Facebook allows you to send messages directly through the Facebook website, but also through the Facebook Messenger mobile application. You can send Facebook messages on the desktop using the website. Facebook and Facebook Messenger are both proprietary and closed. By default, they don’t use any kind of end-to-end encryption either, although an optional feature to use it is available. Facebook is centralized and its servers are a single point of failure. Facebook is also specific about their accounts - in theory you are not allowed to create anonymous or pseudonomous users. In practice, some people still do this, but it can lead to problems of various kinds, including the closure of the account. For these reasons, you can’t really communicate in an anonymous way using this technology.

In comparison with CoyIM, Facebook and Facebook Messenger are not end-to-end encrypted by default. They are closed, while CoyIM is open. It has a single point of failure, while CoyIM does not. Finally, anonymous or private accounts are not really possible with Facebook, while CoyIM makes it very easy.

Skype

You might remember that Skype was one of the earliest voice-calling applications. It is still one of the best options out there for calling from a computer to a regular phone number. But Skype also allows you to chat, which is why it’s included in this list of comparisons. As many other of the options on this list, Skype is clsoed source. It is also privately owned and managed by one company (Microsoft). For this reason, it is a centralized system. One of the benefits of Skype is that it allows you to create user accounts with any kind of name, although Microsoft might ask for more information when creating the account. However, compared to some of the other closed systems, it might still be possible to use Skype for private accounts. Up until very recently, Skype did not support end-to-end encryption, but this was finally added in the end of 2018, by using the Signal protocol. However, just as with many other alternatives, you have to turn it on. And since the clients are closed source, it is not possible to verify that it is done correctly and without back doors.

In summary, most of the negatives in comparison with CoyIM are very similar to many of the earlier comparisons. The only thing that makes Skype slightly better is the potential for creating users in a slightly more anonymous way, but even this is not as powerful as CoyIM where new anonymous accounts are just a few clicks away.

Summary

Most alternatives out there are centralized and proprietary. CoyIM is open and federated, meaning that we don’t have a central point of failure. It also means that you if you want, you can verify that CoyIM does exactly what it’s supposed to do. Because CoyIM is federated, there are no restrictions on the kinds of accounts you can create. It is completely open for you to make a hundred different anonymous users for communicating with all your friends.

In the case of the closest alternatives to CoyIM, the biggest difference is found in the implementation philosophy which leads to a large amount of features, lots of code complexity and a huge attack surface, while at the same time forcing the user to make the decisions on how to improve their security, instead of just defaulting to the most secure behavior.

As CoyIM has existed for 7 years at the time of writing, and the 0.4 release is coming soon, it is still clear that the alternatives out there simply can’t protect you as well as CoyIM. We really wish that this would be different - we would like there to be many applications out there with the same philosophy as us, since that would mean everyone would be better protected. But so far, this doesn’t seem to be the case.

What's new in v0.4 - Multi-user Chat (MUC)

Wed, 16 Feb 2022 00:00:00 +0000

Version 0.4 of CoyIM is coming in February 2022. When you read this, it might already be out there! This release contains many important improvements and new functionality. And one of the largest additions is that for Multi-user chat.

CoyIM has traditionally been a chat client focused on chats between two parties. We have tried to be as secure as possible within that setting, including support for encryption and other privacy preserving measures. At the same time, we know that group chat is something that many people want, and not providing that in CoyIM is something that limits what you can use it for. Group chat is a part of the XMPP protocol, and not having support in CoyIM was becoming a glaring omission.

For all these reasons, we are very happy to announce that in version 0.4, CoyIM supports the most important aspects of the XMPP Multi-user Chat protocol. For the moment, this support follows the protocol quite closely, which means that it will sometimes look a little bit different than in other messenger applications. Specifically, the metaphor used in CoyIM is that of rooms. You create a room on a server, and then other people can join, administrate and moderate that room. The XMPP protocol supports many advanced features related to rooms, and CoyIM supports many of them as well.

Many chat clients with support for XMPP often end up with support for multi-user chat that is directly using the names, concepts and behaviors from the specification. This generally leads to an experience that works fine for technically minded people, but can be harder to come to grips with for non-technical users. The goal for CoyIM has always been that it should be easy to use even if you have no technical background, and with the work on Multi-user Chat we kept this focus. You will notice that our group chats does not necessarily look the same as other XMPP group chats. Throught the development of these features we focused on usability, simplicity and having a pleasant experience through the whole process. And we can say we are very proud of the result.

That all said, the support for Multi-user Chat is not complete. There are more features we would like to add in future versions. Much of this involves advanced features related to moderation and administration of different aspects of rooms. And while useful, these features are not as widely used as those we decided to prioritize for this release. Everything you need to create your own rooms or join and use existing ones is already there in CoyIM version 0.4. You can get started immediately.

It is important to mention one caveat. Multi-user Chat in CoyIM is not end-to-end encrypted. One of the important guidelines for CoyIM has always been interoperability. We want to use XMPP in order to give chat functionality using a protocol that already exists and works from other applications. And while we believe that CoyIM is a great client for XMPP, we know that some people make different choices. You should still be able to talk to them. An open standard based on interoperability and an ecosystem on top of this federated system is core to our beliefs about how technology should work. But that also means that we sometimes are limited in what protections we can give. And since the XMPP Multi-user Chat standards don’t have support for end-to-end encryption, we can’t add it either. What’s more, end-to-end encryption for group chats is actually a complicated problem, and we still don’t have a good solution to it in general. What this means is that rooms in CoyIM are not end-to-end-encrypted. However, our connection to the server is still protected. The connection between servers is still protected. And our implementation choices also reduces the risk of you being attacks. Our usage of Tor still means that your privacy and anonymity are protected. But at the end of the day, there are some things CoyIM can’t protect against when it comes to Multi-user Chats. For this reason, you will notice a warning when you enter such a room with CoyIM. You will also see other warnings for other potentially problematic aspects of Multi-user Chats.

It might seem weird to add a feature where encryption is not possible to CoyIM. But we believe that the addition of a well-designed implementation of Multi-user Chat in an application with the kind of security mentality that CoyIM has, is something that outweighs the risks. Frankly, we think that MUC is a great new addition - even with the limitations on security.

In summary - the latest version of CoyIM comes with many great new features, where group chat in the form of Multi-user Chat rooms is one of the largest and most important. We urge you to download the new version and try it out. We think it’s great, and hopefully you will too!

CoyIM v0.4 released!

Wed, 16 Feb 2022 00:00:00 +0000

We are very happy to announce that today version 0.4 of CoyIM has been released. This release has been in the works for a very long time. The last release was in April 2019, so a lot has happened since then. This version a large amount of new features, and we are comfortable saying it is the best release of CoyIM ever.

There are some significant improvements in this release. Over the last few days we have published some articles describing the most important ones in more detail. You can read about Multi-user Chat, encrypted file transfer, improved installers, the improved security features and new translations. There are other improvements as well - you can find a full list in the release notes.

As we prepared to release CoyIM, we decided we also wanted to take a step back and describe why CoyIM was created in the first place. We wrote four articles that you can find here:

We are immensely proud of this release. A lot of blood, sweat and tears went in to it. We encourage you all to download and try it out!

What's new in v0.4 - Improved installation on Windows and macOS

Tue, 15 Feb 2022 00:00:00 +0000

Version 0.4 of CoyIM is coming in February 2022. When you read this, it might already be out there! This release contains many important improvements and new functionality. One of the smaller improvements from a technical standpoint has to do with improving the experience of installing CoyIM. And while it’s not necessarily a big change internally, it’s something that makes a big difference for users, since it’s the first part you will see.

Many open source and free software tools start in the Linux world. Often, the early versions require people to compile the tool in order to use it. And then, successively, it might be added to some of the main package managers. Often, it just stops there - and the tool is not even available for other platforms. But in some cases, the tools get ported to be available on other operating systems as well. Sometimes, they end up looking quite weird, and the installation process will often just be a downloadable zip-file that you will have to extract somewhere. In later versions of macOS, this might be very tricky to manage, because of the security features in the operating system. The right way to solve this problem is to distribute your application in the App Store. However, because of Apples model, this is simply not possible for most open source projects. It costs a decent amount of money, and often you might not be able to follow your own release schedule. There are also often technical limitations which are not compatible with open source projects.

With CoyIM, we started with a similar model for distribution. In general, you can download the exeutable or a zip file. At some point we added a Disk Image (DMG) file for installation on macOS. However, the design of this file was non-existing. It looked bad, and at the end of the day, it didn’t change the experience very much. For Windows, we also offered a zip-file and nothing else.

In the 0.4 version, we have finally changed all that. Sadly, we still haven’t been able to get around the limitations with the Apple App Store. However, we have redesigned the process for creating a disk image, making it significantly more attractive and idiomatic. We have also made smaller changes to the behavior of CoyIM running on macOS so it looks and behaves more like a native application. Of course, if you are technically minded, you can still download the pure executable for macOS and run it directly.

For Windows, the main difference we have made is that we now have an actual installer. In practice, this simply means that the process of getting started with CoyIM on Windows will be significantly easier. And as usual with Windows installers, you also get an uninstaller for free, making it easier to manage CoyIM.

These improvements will make the experience of getting started with CoyIM on macOS and Windows much more pleasant. But it’s also just the beginning. We want to continue working on this aspect of the tool. We believe that it is important to give a good first impression, and making it as easy as possible to get started means more people can take advantage of the security benefits that CoyIM can give. Keep your eyes peeled for more work in this direction.

What's new in v0.4 - Encrypted file and directory transfer

Mon, 14 Feb 2022 00:00:00 +0000

Outside of sending and receiving messages from other people, one of the most common things you might want to do in a messenger is to send files of different kinds. And of course, if you are using a messenger client that allows you to encrypt all your communication, you would also imagine that you should be able to send files and directories in a safe and secure way. Sadly, the protocols used in CoyIM (primarily XMPP) does not have good support for sending encrypted content. And there exists no standard for how to encrypt files and directories using OTR. So, CoyIM did not actually support any kind of file transfer for a long time. The reason for this was that we did not want to add an insecure way of sending files and directories, and in that way fooling our users - especially not when there exists ways of doing it that should be compatible with XMPP.

Many of the clients that support OTR also had support for file transfer. But without warning to the user, the files would be transferred completely in the clear. I myself, and many other security conscious individuals, had to come up with a method where we first encrypted the file with an outside program, such as GPG, and then send this encrypted file, and finally sent the key in the main conversation window, making sure it was encrypted. But we could only use this method because we know what we were doing. This kind of approach is simply not possible for most people, leaving a dangerous security hole in most desktop clients.

In the new version of CoyIM, version 0.4 - which is coming in February 2022, we have added complete support for sending files. But not only that, we also allow the transfer of directories. That might not sound very revolutionary, but none of the existing desktop clients allow you to do this. If you are talking to a person on another client, that does not support the transfer of directories, CoyIM will automatically create a zip file with the content of the directory, and send that. In this way, even a person that does not have a client that supports directories can still receive them - and the hassle of having to do the operations manually is removed.

CoyIM uses XMPP for chat, and we use the same protocol to implement file transfer, which means that it is compatible with other clients that support file transfer. We have one slow method (known as IBB) which all clients and servers will support, but we also support a significantly faster method for transfer called bytestream proxies. This method will only be used if the server supports it. But all of this is completely transparent to the user. CoyIM will choose the right method to use. One additional detail - some clients have trouble with their implementation of bytestream proxies - so that you might end up revealing your own IP address by using this feature. In CoyIM we still use Tor for this transfer, avoiding this kind of risk as well.

If you know anything about XMPP, you might be aware that there exists two completely different ways of doing file transfer. The old method is called Stream Initiation (SI) and the new one is called Jingle. In CoyIM we decided to implement Stream Initiation, and not Jingle. This might sound like a weird choice - why wouldn’t we use the new standard? The answer is simple: complexity. Jingle is a significantly more complex standard, and we would have to add much more code to support it. But we wouldn’t have gained any additional functionality compared to SI. So, as always with CoyIM, when we can choose to reduce the amount of complexity for a feature, we do it. If this choice would have meant that you would be restricted in what clients you could transfer files to, we might have made a different choice. But the truth is that all XMPP clients out there actually support Stream Initiation, so we are not limiting ourselves with this choice.

So what about encryption? Well, this is where things get a bit complex. As mentioned above, no-one seems to have made a client that supports file transfer with encryption using OTR. But this ended up being quite simple. Technically speaking, we use the “extra symmetric key” feature of OTR (which can be found in the “Extra symmetric key” section in the protocol description here: https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html), which allows you at any point in a conversation to get key material that is derived from the current state of the conversation - and which the other side in the conversation can recover as well. This key can be used to encrypt material, and then the other side can decrypt it, using their copy of the symmetric key. In order to preserve all the security properties of OTR, we encrypt the file using AES in CTR mode, and then run an HMAC-SHA256 over the content. The AES key and the HMAC key are both derived from the symmetric key. Then, as a final step, we also reveal the MAC key, in order to retain deniability.

This might sound complicated. But the gist of it is that you can comfortable send and receive files and directories using CoyIM, and the material will be safe, secure and private in the same way. In fact, CoyIM will automatically recognize when it can use encryption to send material. And if it can’t, it will first warn the user and ask for confirmation that you want to send the material in the clear. Overall, the file transfer experience has been designed to be as easy to understand and use as possible. You shouldn’t have to work as a security professional to safely transfer files.

This feature is one of the most important ones in the new version of 0.4. It is something we are extremely proud of, and we urge you to try it out. At the same time, we want to give a word of warning. Don’t send files with other clients unless you are absolutely sure they do it in a safe and secure way.

What's new in v0.4 - Improved security features

Sun, 13 Feb 2022 00:00:00 +0000

Version 0.4 of CoyIM is coming in February 2022. When you read this, it might already be out there! This release contains many important improvements and new functionality. Many of these large improvements are obviously significant, but as we have worked on a few of these big features we have also worked hard on improving the basic security features of CoyIM. In this post we’ll take a look at some of these additions and improvements.

The goal of CoyIM was always to create a messenger client that was more secure and privacy preserving than the alternatives. The goal was also to make this the default, so that anyone turning on the application would immediately get a secure experience. We accomplish this primarily with three major features. The automatic recognition, configuration and use of Tor. The integration of the OTR protocol for end-to-end encryption. And the choice of a programming language that minimizes the risk of vulnerabilities. But outside of these major features, CoyIM also includes a myriad smaller security related aspects. Some are simply related to how we implement things, while others are direct security features. One thing to keep in mind with CoyIM is that we always have to balance different types of features based on their complexity, the risk that they could be exploited in some way, and whether they might have an impact on any of the security properties of CoyIM. In some cases we have to look extra carefully at how a feature might reveal information about a user in different ways, breaking their anonymity.

While most of the features described in this post are directly related to security, the first one is more indirect. Specifically, it has to do with improvements in testing. While automated testing doesn’t automatically lead to improved security, there can definitely be benefits to it. CoyIM has always had a test suite covering parts of the implementation, but in version 0.4 we have covered almost everything in the program outside of the pure graphical user interface aspects. In the process we found some smaller issues here and there as well. The process of writing comprehensive tests really help think through what code is supposed to do. And while we didn’t find any actual security issues, we did improve the code in many places, and making sure that our tests check that it’s doing what it’s supposed to be doing. On top of that, we are strong believers in automated testing. For this purpose we use continuous integration, making sure that our test suite is run every time we push new code. We also make sure to run it on all the Golang versions we support. But one problem has been that it’s been quite hard to run this same suite on Windows and macOS. And in fact, we noticed that many tests were failing on Windows, for various reasons. We have now remedied this situation and every single commit on CoyIM will be tested on Windows, macOS and Linux. This means we have a significantly higher certainty that our code does what we want it to do. At the same time, it reduces the complexity of the code, making it less likely that bugs are hiding in strange corners of the application.

As mentioned above, CoyIM adds many different kinds of protections and security features. And while we do have end-to-end security for all chats (unless you turn it off), and while we will automatically use the Tor network for all connections, we also want to encrypt the communication between your machine and the server. In fact, we require this encryption. We use the TLS standard for this kind of protection. And we have done this for a long time. But TLS can be quite complex. It supports many different ways of encrypting and securing your connection. Our configuration here is conservative and only uses the best versions possible. But one feature that is new in CoyIM version 0.4 is support for the newest version of TLS, called 1.3. This upgrade simplifies and speeds up the connection while improving security as well.

One problem with the XMPP standard is that by default it requires you to connect without encryption and then upgrade the connection to use TLS. This is a standard procedure and used by all servers and clients. However, it does leave a small window of vulnerability where the connection is not protected. In the new version of CoyIM we protect against this by supporting something called direct TLS using SRV lookup. What this actually means is that an XMPP server can advertise in the global domain name system that it wants you to connect directly using TLS. CoyIM will look up this advertisement and use a direct TLS connection if the server so indicates. In this way, another potential attack vector is removed.

When connecting to a server you always have to authenticate in some way. The standard way to do this with XMPP is with a password. But how does the client actually send the password to the server? Since the connection is protected with TLS, it might make sense to just send the password as is. And this is exactly what many clients do. However, the problem is that it forces the server to store the password as well. Other methods exist to reduce these kinds of security risks as well. The most used one is called SCRAM. This involves the server sending a challenge to the user and the user responding to this challenge in a way that shows they have the password. CoyIM has supported SCRAM for a long time, but what we have added in the new version is support for more advanced and stronger versions of the protocol, using larger and more recent versions of the hash primitives. We also added support for something called channel binding, which ties together the SCRAM authentication with the current TLS session. In this way, it becomes harder for an attacker to replay or use the SCRAM challenge in a different connection. All of these are incremental improvements, but they move the CoyIM state of security forward.

CoyIM has a list of XMPP servers that we recommend. This list also contains the address for a large amount of servers that are reachable using Tor onion services. Onion services are basically a method that Tor offers that improves the security of the connection even more than the regular Tor connection does. Fundamentally, when connecting using an onion service, your traffic will never leave the Tor network at all, before reaching the server. However, not all XMPP servers offers support for onion services, and it can sometimes be hard to find the information for those that do. For this reason, CoyIM shipped with a list of known onion services, and the application will automatically use the onion service if one is available for your service. However, these onion services were based on version 2 of the onion service protocol, and this protocol has been deprecated by the Tor network. For this reason, we have now moved over to using the version 3 onion services instead. This version is more powerful and significantly more secure, and you will get the benefit of it without doing anything at all. With the new version of CoyIM, it will simply do the right thing.

In CoyIM we use the OTR protocol for providing end-to-end encryption. We use our own implementation of this protocol, called otr3. Overall, this implementation has been quite stable for a long time. During the development process of CoyIM v0.4 we felt it was time to have a security audit done of this library. Radically Open Security helped us with this audit. You can read the report on the CoyIM website, but basically it says that there were some smaller issues to fix - which we have done - but nothing major. So, the 0.4 version of CoyIM will ship with a cryptographic library that has been thoroughly reviewed by an outside organization, and all their findings have been fixed. This means that you can comfortable rely on the security of the encryption in CoyIM.

On top of all these specific things, we have also resolved a large number of bugs in the program. In general, these did not have any security impact, but it’s still nice to know that the quality of the code base has improved significantly. Overall, CoyIM v0.4 is the largest release we have ever made, and at the same time it significantly improves on the security of the system, which has always been the most important aspect of our work.

What's new in v0.4 - New languages

Sat, 12 Feb 2022 00:00:00 +0000

During a large part of the development process, CoyIM was made completely in English. But we also knew that sooner or later we would want to make it available to other audiences around the world. And frankly, having the development happen in Ecuador and not having a Spanish translation always felt a bit weird. So, as part of the development process, we made sure to diligently mark all the places where we would need to do translation later. This is something that translation tools can use to significantly reduce the work for actually translating an application.

What this means is that once we decided to start translating CoyIM, we could simply begin, and be reasonably certain we would be able to cover everything. With this in place, we managed to get translations done for Spanish, Portuguese, French and Swedish. The choice of languages was really mostly based on the availability of translators. But what is important is that now that we have the tool support in place, adding new languages will be quite easy - we simply need contributions from people that can translate other languages.

Technically speaking, the process of managing languages was a bit restricted because we use the GTK toolkit for graphical presentation. That also means we needed to use the translation support in GTK. This can often be very easy, depending on what kind of application you use. Often, GTK applications are distributed using installers and using the traditional frameworks for managing this kind of installation on free software systems. The most important aspect of these systems is that you have to install the translation files on the file system, since the underlying translation system only reads physical files. But CoyIM is a differenty type of application. We believe that having to install files in various places on the harddrive is not necessarily the right kind of thing to do. Especially not if you are running from read-only media, or in situations where you don’t want to leave any traces of executing an encrypted chat client.

So how did we solve this in CoyIM? In order to support this kind of translation, we will automatically unpack the translation files into a temporary place where GTK can read them. We keep track of the version of the translation files so that we can update them whenever they have been changed. This means that CoyIM is still a single-executable in almost all situations. Everything the application needs to run is available inside the application. On Linux, you can simply download the program and run it.

This doesn’t necessarily mean much for most users. The end result is the same. CoyIM will automatically use the language defined in your operating system, assuming it’s one of the languages we support. So, you will simply see things in your own language. As time goes on, we hope that we will be able to add more translations as well. CoyIM is meant for people in every part of the world - not just the western world.

One final word. If you would like to support CoyIM and you happen to have knowledge in a language that we are currently not supporting, please visit https://hosted.weblate.org/engage/coyim/ to see if you can help. We use Weblate for managing translations, and it has been a huge boon for us. So contributions there will automatically be available to us in a format that can be quickly integrated in the next release.

Why CoyIM was created - Too Many Features in Other Applications

Fri, 11 Feb 2022 00:00:00 +0000

We are very close to release version 0.4 of CoyIM. In fact, at the time of writing this article, we are scheduled to release this version two weeks from now. And as we have detailed in many different articles, the release contains a huge number of improvements, new features and fixes. And while we are extremely proud of all this work, it is also important to look back at the origins of CoyIM to understand why it exists and why we have made some unconventional choices, both in this release and in previous versions. Specifically, we are very proud of all these improvements and new features. But we are also very proud of the features we have not added.

That might sound weird. The general paradigm out there is that you measure your worth based on the amount of features you have. And if that is your measure, CoyIM will absolutely disappoint. If you compare CoyIM to other similar applications, basically all of them have a huge number of features that CoyIM lacks. As a small example, when considering how to add file and directory transfer for this release, we wanted to evaluate the options in order to minimize the amount of features we added. To implement it we decided to use a part of XMPP called Stream Inititation. And if you have read the article describing what’s new in CoyIM with a focus on file transfer, you might remember that we could have added file transfer in two ways - either using Stream Initiation, or using something called Jingle. Most other applications would likely have chosen to implement Jingle, since that is the newer standard. And in fact, most XMPP applications out there do implement Jingle. They also implement Stream Initiation. Because why not? Better to have both implemented, right? Well. We as the developers of CoyIM believe this is the wrong way of thinking. And more specifically, it is a problematic approach when dealing with high security situations. So, in this case, we chose to implement the older standard and not the newer standard. The logic was quite simple. The older standard is smaller, and easier to implement in a consice way that doesn’t add a lot of complexity. The Jingle standard contains many more moving elements, meaning that the implementation would have been larger - and the attack surface would have increased as well. So when choosing between the two, the older standard came with a lower risk for our users. And implementing both of them would have meant even more complexity, for no real benefit to our users. The more code, the more risk. The more complexity, the more risk. And the more things that can interact in different ways, the larger the attack surface.

As we described in the post about how CoyIM came about, one of the main alternatives for secure messaging at that time was Pidgin. But one of the reasons we felt quite uncomfortable with Pidgin was exactly that it contained a large amount of functionality. In fact, Pidgin supports many different communication protocols, not just XMPP. It supports a huge range of standards. It supports all kinds of media types, including emojis. In fact, it is so complicated that it has a complete plugin system which allows users to install custom functionality of various kinds. Now, complexity is not only about each individual piece of functionality but also about how they can interact with each other. It’s the combinatorial explosion that leads to a huge increase in attack surface. And the way Pidgin is built leads to exactly this.

In CoyIM, we decided early that we would only implement whatever was absolutely necessary. This means that the basic communication is done only in text. We don’t support more fancy communication methods. We don’t allow users to highlight text or change the font or anything along those lines. And we only support XMPP as a communication protocol and OTR as an end-to-end encryption protocol. This is to minimize the risk of combinations leading to unexpected interactions and more possibilities of attack. This is why we do not want to add other encryption protocols - since that would mean a multiplication of interactions.

In the same manner, we do not implement all the different extensions to XMPP that are available. In some cases, we decided against them because they reveal information about the user. In other cases, we felt that implementing them was not worth it, compared to the extra functionality for the user. We also do not support plugins for extra functionality. Of course, all of these things have value for the user, but they also bring complexity, making it less likely that we can protect you well. This is incidentally related to our decision to make CoyIM a completely separate application using GTK for drawing the windows. These days, most applications of this type are done using different kinds of web technology. Sometimes, they run directly in the browser, and sometimes they make their own windows but under the covers still use the browser. But a browser comes with a huge amount of functionality, and an attack surface that is hard to control. For this reason, we made the choice to not use this kind of technology for CoyIM, in an effort to try to reduce and manage the risk for our users.

In summary. CoyIM will never have some features that you might find in other chat applications. CoyIM might not look as fancy as some others. We will not support sending emojis or inlines images. We will never support other communication protocols. Fundamentally, this is done to reduce the complexity of the application and minimize the attack surface. CoyIM v0.4 has many improvements, but that’s nothing compared to everything we decided not to do. We will continue making decisions this way - we believe it’s the only responsible way to manage a security-focused application.

Why CoyIM was created - Security by Default

Thu, 10 Feb 2022 00:00:00 +0000

As we have talked about in previous posts here, we are very close to releasing version 0.4 of CoyIM. This is a very large release that contains a lot of improvements and new features. And while we are very happy about all these changes, it’s also important to keep in mind the reasons why CoyIM was created in the first place. These reasons are still as valid today - especially since we are not really seeing other tools taking inspiration from our choices here. And at the end of the day, for us to have secure tools, things have to change in many ways. In this and previous posts, we want to detail some of the reasons why we felt that it was necessary to create CoyIM. In this article we will specifically cover the subject of security by default.

There are many applications out there that have support for security in various ways. Browsers allow you to connect securely to websites. Email clients allow you to encrypt emails. Operating systems allow you to encrypt your hard drives. But in general, these kinds of decisions are not the default. When you install a new version of Windows, the hard drive will not be encrypted. If you open up your email client and send an email, chances are good that it won’t be encrypted. If you open a browser and type in an address, it will be secure by default. But a few years ago, this wasn’t the case - then, the basic connection would be unencrypted and you had to specifically ask for it to be secure. There are many reasons for all these situations - but the end result is the same: you are not protected by default.

And what about the chat clients that CoyIM was created as an alternative to? Sadly, the situation was often very much the same. You could turn on security features of various kinds. You could install plugins to give you access to extra functionality. You could install other programs and then configure the combination to protect you. But you had to do all of this manually, and you had to know exactly what to do to configure these improvements. To a large degree, when you started these chat programs, you would start out with the least secure version of the configuration.

As we talked about before, there are many reasons why this happened. Mostly, the real answer is that these programs were general purpose programs that were not particularly interested in making things as secure as possible - especially if that had the impact of making things slightly more complicated for users. This is an understandable point of view. Anything that drives away users can be a real problem for reaching larger numbers of adoption. But at the same time, even for general purpose programs, we believe this is the wrong path. It will always be the developers of a product that knows best the kinds of choices you can make to improve the security. Putting that responsibility on the user means that you invert this relationship. The person who knows less about the security choices in your product will have to improve the situation - from the outside. All the while, every application out there is a target for attack. Anything you install on your computer can be used to attack you in some way. If you open up an image someone sent you, it is possible that the file contains an attack against the program you use to display the image. And so on. This means that when creating an application - any kind of application - you really have a responsibility to your users to think about security from the start. Otherwise, you will be creating a new attack surface that will make your users less secure when installing it.

For us, when developing CoyIM, this meant having security by default. There are a hundred places in the program where it would have been possible to make different security choices. In all of these places, we always made the choice we believed was the one that would protect our users better. In some cases, we exposed this choice as configuration, so it would be possible for the user to change this option. But we always made it so that the user would have to choose to decrease their security, not choose to increase it. In many cases, we also decided to not even expose the option to the user. Many studies have shown that giving options for everything in a program does not lead to a good user experience for most people. So, often we decided to just make the choice and always have it be there. Only when we could see there could exist good reasons for changing a security decision did we expose this as an option.

What kind of security choices are we talking about? Well, the simplest one is probably that we include end-to-end encryption by default, and for every person you add as a contact, CoyIM will require that end-to-end encryption is started before sending any kind of message. This means that it is impossible for a user to send a message without encryption, unless they change the configuration. Of course, if they try to talk to someone that doesn’t have encryption at all, they won’t be able to send a message to this person. But this choice means that at least, we won’t expose someones information unless they make absolutely sure this is what they want.

When an account is added in some way, it will always be configured to use Tor. Of course, not everyone wants to use Tor, or they might want to configure their own proxy which is more appropriate for their environment. For us, Tor is the conservative and more secure choice. But if the user feels they know better, they can change this choice.

Most applications support TLS, but almost none expose the possibility of pinning certificates. This is really an additional security on top of the regular TLS protections, which make sure that you can control whenever a certificate changes in various ways. For really high security settings, you might want the option to manually inspect a new certificate before using it. So CoyIM makes this the default, and allows you to set a policy for how to manage certificates going forward.

Another example is how most applications assume that local storage is trusted. Basically, the idea is that you can just store private keys and sensitive configuration in plain text, because if someone has access to your hard drive, you’re lost anyway. But there are many shades of nuance here, which this reductive idea doesn’t take into account. First, not everyone will have encrypted hard drives. And it’s much easier to see a possibility where an attacker copies a hard drive, rather than putting malicious things on the hard drive. But if you say that you’ve already lost if someone can read your hard drives, that means you’re conflating the two possibilities. So, for this reason, CoyIM always gives you the option of securely encrypting your configuration file. It does this in a way which is compatible with password managers. It uses a method which means that even bad passwords will give decent protection. And everything sensitive of any kind is stored inside this configuration file, minimizing the risk of any kind of information leak.

As we mentioned, there are many kinds of features like this in CoyIM. Describing them all doesn’t make sense - but hopefully this overview gives you a feeling for the kinds of protections that CoyIM will give you which no other client will. The point of security by default is that it will always be easier for a user to decrease their security than to make their own choices on how to increase their security. So an application should start out in the most secure mode, and then allow the user the levers necessary to customize this behavior. If more applications were built from the ground up using this philosophy, we believe that the technological world would be significantly less vulnerable.