Armadillo Server
Unlike other technology companies, Armadillo offers you the ability to truly own your data. By purchasing your own Armadillo server, you control all communications and infrastructure used by your Armadillo products. This means that your data is stored and routed through a server that you control, not us. This not only gives you greater control, but also transparency: you can be sure that your data is not stored insecurely and the server has no open access.
You can use your Armadillo Server with both your Armadillo Phone and the Armadillo Chat application. The Armadillo Server includes services for secure instant messaging, file transfer, audio and video calls, installation of new applications, network time, DNS and more.
Decentralised networks are inherently more difficult to attack. Attackers are more attracted to a single target with a lot of sensitive data than to many targets with less data. This is the same reason why hackers often prefer to target servers (which store the data of many users) rather than individual devices. Decentralisation provides resilience - attacks only affect a single server, rather than the entire network. It also allows you to compartmentalise access - with multiple decentralised servers, your administrators only have access to a limited number of users rather than all of them.
​
We design all our networks to be zero trust. This means that the server never has access to sensitive user data, such as unencrypted messages or passwords. All connections to the Armadillo server use the strongest possible encryption: TLS 1.3 with high strength cipher suites. When you use the official Armadillo software, your TLS certificate is set directly in the application, which prevents many types of interception attacks. TLS 1.3 provides encryption for your connection to the server; however, all sensitive data is also encrypted using end-to-end encryption that protects your data from being read by the server. Passwords are stored encrypted using the well-tested Scrypt algorithm, which is designed to be extremely difficult to crack computationally.
​
Traditionally, each protocol uses its own unique "network port" to make a connection. For example, email uses a different network port than web traffic. Each connection also needs a "domain", such as exempo.com, which identifies where the traffic is going. The network port and domain information is sent unencrypted, this type of information is called "metadata". Metadata allows mass surveillance people to see what kind of data you are sending to where. So they can block it, intercept it or spy on your connection more closely. Attackers can also use metadata to identify individual users with timing analysis attacks.
​
The Armadillo Server uses "TLS multiplexing" to make all connections to the same port, using the same domain. All traffic is encrypted identically using TLS 1.3, making it impossible to detect which protocol is being used. This allows you to eliminate metadata and makes time stamping attacks more difficult. Multiplexing also allows you to bypass corporate or national firewalls designed to block communication by pretending to be normal web traffic.
​
Armadillo Server divides each of its internal software components into separate "containers" that are highly restricted and run independently. Containers limit the impact of an attack, because if an attacker compromises a container, they only have access to the data in that container and not the entire server. In addition, it allows us to keep the server's TLS encryption key in a container separate from the rest of the software. This way, even if all the other containers are compromised, your server's encryption key remains secure.
​
Although Armadillo servers can communicate with each other by default, you can disable this if you wish, along with other configuration options.
SECURITY NETWORK
DECENTRALISED
Instead of relying on us to host your accounts, you can run your own Armadillo server. Your Armadillo server can host secure communications, new applications to download and encrypted Internet infrastructure (such as DNS and NTP). You can run Armadillo Phones on your own network offline.
CONTAINERIZED
All Armadillo Server services are separated by their own containers. This blocks attacks by restricting individual containers to only the permissions and data that are needed. It minimizes the impact of an attack, since compromising a single container grants a minimal amount of privileges.
MULTIPLEXING
Armadillo phones connect all protocols (HTTP, XMPP, DNS, etc.) to the Armadillo server on the same port, with the same domain, and encrypt all connections identically. To an attacker intercepting the connection, it all looks like encrypted HTTPS traffic. This prevents leakage of protocol metadata, which could be used to identify users with timing attacks. It also allows connections to bypass firewalls and mitigate mass surveillance.