January 6th, 2018
CoyIM – a secure chat client
Over the last years, me and a few colleagues have been working on a tool called CoyIM. It is meant to be a secure chat client. It’s gotten pretty far at this point, and I personally use it as my main communication tool for synchronous communication. But you might ask yourself why we decided to create a new chat client from scratch when there are so many out there already?
Some of it has to do with technical choices. We built Coy from the ground up in Golang, in order to minimize the risk of exploits that come from using memory-unsafe languages. We have been quite careful in implementing new features in Coy – because more features also means a larger attack surface. This is also the reason why we have been quite conservative in our protocol choices. Coy uses XMPP and OTR – and we would like to avoid adding anything else, since that would also result in a much larger attack surface.
Other reasons we decided to create Coy is because we want a tool that is as secure as possible from the start. When thinking about the kind of users we are interested in helping, that would be people at risk but who are not necessarily technically sophisticated. There is this weird idea in the security community that the people at highest risk can deal with complicated technology – but of course this isn’t at all the case. So we want Coy to be as secure as possible for those use cases. This also means we try to always “fail closed”, in order to protect our users. To that end we have made many things a bit different from other chat clients:
- Coy assumes you will be using Tor for all your connections – including when creating your first account.
- Coy will always use TLS with the safest configuration to connect, and will also pin the TLS certificates by default – so if a certificate ever changes, you will find out before finishing a connection
- Coy comes with built in knowledge about the Tor Onion Services for several XMPP services – and will automatically connect to these instead of the regular address
- The Coy configuration file will be encrypted by default
- All communication will be set to require OTR encryption by default
We are also currently working on making sure file transfers will always be encrypted if possible, and several other improvements. All of these things should simply just work for a user, when starting up for the first time. No need to install any plugins, no need to make any configuration changes. You can make changes to reduce your security, if absolutely needed – but you won’t need to change anything in order to improve your security.
Finally, we have also worked hard on the user experience – we have a new way of doing SMP – allowing a friendlier but still secure way of verifying that you are actually in contact with who you think you are. We try to regularly do user testing to check our assumptions, and this feedback goes directly back into our development life cycle.
CoyIM is still in beta – but it would be great if more people could try it out and give us feedback. It is of course completely open source as well.
It’s been an interesting project to work on – I like programming Golang for these kinds of applications, and the interplay of making things both secure and usable is always a great challenge.
Find out more at https://coy.im.