Greetings,

I have read some of the tickets here and I would like to know what is the contribution policy conducted at CoyIM.

Specifically, I would like to know whether it would be worth to work on new features or improvements which function flawlessly and merge them into the project.

For example:

• Better VoIP.
• Extra VoIP features.
• More encryption systems.
• etc.

Hi,

Sorry for taking time to respond to this issue, and thank you for the interest.

In general, new features and improvements are definitely appreciated, however, they need to match with the focus of CoyIM, which is documented on the website: https://coy.im - specifically, we want to have as small an attack surface as possible. For those reasons, we have no planned to add neither VoIP nor other encryption features. We prefer to have one protocol that works well, rather than several.

Thanks

I think your argument is indeed good, when a default is a consideration.

Had a plugin system be added, people would add extra features on their own.

CoyIM uses the (decentralized) XMPP protocol after all, and some organizations (companies and governments) would surely find a good use to it, as the XMPP protocol is prevalent, but the preferences and needs of different organizations may differ, and therefore, a plugin system would be a viable feature to implement.

Look at Gajim, as an example.
Gajim, which used to be an unstable software over a decade ago, and was lesser popular than Psi, has got very popular due to its better stability and also its plugin system which allowed to people to be free to add features that work for them.

Before the plugin system, the Gajim groupchat had 20 - 40 participants (and 70 at most), and today it has 300.

Do consider this.

Well, we have actually considered it. On the same website I linked to earlier, it's explicitly described why a plugin system is a bad idea if you want a secure messenger. The reason why we felt CoyIM was necessary was because of the large attack surface of alternatives such as Gajim and Pidgin. A plugin system adds a lot of complexity and increases the attack surface - something that a secure messenger should not do.

The term large attack surface is interesting, and might be so, but I doubt it.

Does the fact that Monal is intended for a proprietary platforms mean that it extends the attack surface on Dino and Kaidan on open source and free platforms such as postmarketOS?

Maybe so.

Would the alternative of not having Monal be good?

No, because then it would require people who use postmarketOS to install proprietary messaging clients on their open system, in order to communicate to people who use the proprietary platforms that Monal supports today.

Installing proprietary messaging clients on open source platforms would be considered an even larger attack surface.

So Monal is good and, despite being intended to a proprietary platform, is one of the most important XMPP clients there are, because Monal prevents additional sorts of attack surface on other platforms, including DivestOS, postmarketOS, Replicant and other open source and privacy respecting platforms.

So are OpenPGP, OMEMO and other niche features.

I predict, if the GUI and memory consumption are reasonably good, that this project will, eventually, be forked with OMEMO and OpenPGP integrated by default.

You can try to convince and persuade, but take into account that the XMPP community is formed by strong experts and professionals, and people with great awareness to ownership, privacy and self-reliance.

By experts I refer to programmers and also people who are not programmers, such as consultancy firms, investment houses, lawyers, soldiers, police forces, government intelligence, private security firms who rely on encryption of type OpenPGP and also OMEMO and who use XMPP for their own communication.

I hope this would convince you.