Things are much more unscrupulous than potentially ceasing to be free tomorrow. Nobody who values their privacy would ever route their network traffic through a 'free' service.
Tailscale is not marketed as an "anonymity VPN". You're still using the devices in your Tailnet.
Tailsacle provides managed, policy-driven secure connectivity, where the network admin controls access, and where packet payloads are end-to-end encrypted between their nodes using device-to-device links that are WireGuard-based. Their TCP relay system (DERP) helps connectivity when direct peer-to-peer isn’t possible, but traffic through DERP still remains end-to-end encrypted.
They need to know how/where to route your outbound traffic. That inherently includes plaintext DNS, TLS handshakes, and otherwise plaintext traffic (like HTTP for example).
Anybody wanting to see what Tailscale is able to see can simply sniff any router interface passing outbound traffic before it enters the WireGuard tunnel interface.
eddyg|10 days ago
Tailsacle provides managed, policy-driven secure connectivity, where the network admin controls access, and where packet payloads are end-to-end encrypted between their nodes using device-to-device links that are WireGuard-based. Their TCP relay system (DERP) helps connectivity when direct peer-to-peer isn’t possible, but traffic through DERP still remains end-to-end encrypted.
nickburns|3 days ago
jon_adler|11 days ago
nickburns|11 days ago
Anybody wanting to see what Tailscale is able to see can simply sniff any router interface passing outbound traffic before it enters the WireGuard tunnel interface.