aborsy

For me it’s the opposite: I actually don’t mind paying for a great product such as Tailscale (which I really like), but have security and privacy concerns!

Mesh VPNs have substantial control over networks that they manage (they bypass firewalls by having users instal agents from within). They could add hidden nodes to networks, which is a major security concern, and see who is taking to who, how long, what service they are running, etc, which can be a privacy concern. They are targets.

Is there a way to address these concerns, and make them “really” (not just on website) zero trust or at least minimal trust? Will Wireguard preshared keys as an option help (a maliciously added public key lacks a secret key exchanged among peers out of band)?

What are the implications of the substantial control that Tailscale has?

Or we have no way, but to trust someone? Looking at events of the past decade, I don’t have a good feeling about this!

topdancing
Just deploy https://github.com/slackhq/nebula somewhere and voila - you have your own completely self-hosted version of Tailscale.