As in, would they be able to access your server?

  • Unmapped@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    1 month ago

    From what I understand tailscale is basically wire guard but made convenient. And how they do that is by managing you wire guard keys for you. So I would have assumed they could use the keys to access your network. HOWever while trying to look into this just now I found out tailnet lock exist and it says “When tailnet lock is enabled, even if Tailscale infrastructure is malicious or hacked, attackers can’t send or receive traffic on your tailnet.”

  • a1studmuffin@aussie.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    If you’re concerned about privacy I don’t know why you’d use Tailscale over Wireguard directly. The latter is slightly more fiddly to configure, but you only do it once and there’s no cloud middleman involved, just your devices talking directly to each other.

      • czardestructo@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 month ago

        Yes and because wiregurad is stateless you’ll need a script that checks if your DNS endpoint has updated and restart the wireguard interface so it pulls the fresh DNS/updated IP address. I had to make said bash script for my nodes.

      • kadotux@sopuli.xyz
        link
        fedilink
        arrow-up
        0
        ·
        1 month ago

        Nope, just an open port. Works directly with public IP. I guess if some ISPs IP lease time is short and they keep changing it regularly, it might become a hassle.

  • Thomas@discuss.tchncs.de
    link
    fedilink
    arrow-up
    0
    ·
    1 month ago

    If you do not trust Tailscale as a company, here is an open source re-implementation of the server called headscale. Some/all clients are open source as well. So, you can review all components yourself or pay for a professional third-party review. Otherwise, if you take a binary blob from any origin, including Tailscale, and have it run with privileges on your server, there are few limits on what this blob can do. Yes, backdoors are technically possible, but probably bad for Tailscale’s business if that ever came to light.

    • jqubed@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      I’ve never heard of professional third-party review of open source code. That’s a service people offer?