IFF Tool Showcase #3: CoyIM

Despite the fact that one of the most efficient ways of encrypting communications is OTR with Jabber/XMPP, the clients that support these protocols are either flawed from a security point of view or excessively hard to use. This is the reason why CoyIM is being developed. Based on Adam Langley’s xmpp-client, and written in the Go language to avoid  many common types of vulnerabilities that come from using unsafe  languages, CoyIM is a standalone program that runs on Windows, Linux and OS X and only supports one chat protocol – Jabber/XMPP.


CoyIM tries to be safe and secure by default. The developers’ ambition is that it should be possible for even the most high-risk people on the planet to safely use CoyIM, without having to make any configuration changes. To achieve this, CoyIM has a built-in support for Tor, OTR and TLS. The Tor support allows users to become anonymous when chatting; OTR makes end-to-end encryption of communication possible; and TLS adds another layer of encryption to the communication with the chat servers. These features have been built to be core parts of the application – they are not plugins or extras as in some of the most popular Jabber/XMPP clients.

Started in October 2015, CoyIM is still a very young project. There have been no security audits of the code, and you should currently not use it for anything sensitive. Being at a very early stage of development, the tool still lacks many features that users could expect in a Jabber client. The developers are working eagerly to add the needed functionalities, but for the sake of security and efficiency some other features (like hyperlinks and emoticons) will never be there. With time, CoyIM has good chances of filling an important gap in the range of communication tools that can be used in high-risk contexts.

Related Posts