Coy-fish

CoyIM is a standalone chat client that focuses on safety and security. It is a self-contained program that runs on Windows, Linux and OS X. CoyIM only supports one chat protocol - XMPP (sometimes known as Jabber). CoyIM has carefully picked and chose the features that are necessary to create a good chat experience, while keeping the attack surface of the system to a minimum.

It also has built-in support for Tor, OTR and TLS. The Tor support allows users to become anonymous while chatting. OTR makes end-to-end encryption of communication possible. And TLS adds another layer of encryption for the communication with chat servers. These features are not plugins or extras in any way.

CoyIM is implemented in Go. Many other implementation languages open up the door for a large number of attacks. We try to minimize those risks by using Go.

Features that set us apart

CoyIM implements lots of features that exist in most other chat clients. There are, however, some things we do differently:

  • Support of the latest version of OTR.
  • Detection of Tor (if installed) and connection through it.
  • Use of Tor Onion Service if it is known by the server in question.
  • Use of separate Tor circuits for each account in order to make it harder to tie accounts together.
  • Insertion of random delays before connecting to each account in order to make fingerprinting of connections between accounts harder.
  • SRV lookup for the server over Tor if available.
  • Import of account settings, OTR settings, fingerprints and private keys from other clients like Pidgin, Adium, Gajim or xmpp-client.
  • Saving of all your configuration, including OTR fingerprints and keys in an encrypted configuration file.

Features we want to have

CoyIM wants to add some more features. These are the most important ones but there are many more we want to have (check them at Github issue tracker):

  • Availability in different languages.
  • Creation of a new anonymous random account with one single option.
  • Support of complete reproducible builds.
  • Use of a unified security rating that combines several different measures of security.

Features we won't have

Features have a tendency to make for a larger code base and bugs. For these reason, we will not support some features, like:

  • Use of browser view to render content inside CoyIM or rendering of HTML.
  • Use of clickable links.
  • Use of emoticons or other kinds of extra graphical feature.
  • Exposition of configuration options.
  • Use of logging.