←back to thread

Tailscale raises $100M

(tailscale.com)
854 points gmemstr | 7 comments | 04 May 22 13:17 UTC | HN request time: 0.871s | source | bottom
Show context
arsome ◴[04 May 22 14:39 UTC] No.31261100[source]
I was going to try TailScale but then it seemed the only option to do so as an individual was to login with a 3rd party cloud provider, which I in no way want tied into my networks.

I gave up and just setup wireguard directly instead, I don't trust Tailscale either if that's their attitude towards privacy, it's permanently marred my vision of their product.

replies(10): >>31261128 #>>31261230 #>>31261250 #>>31261558 #>>31261667 #>>31261807 #>>31261815 #>>31261981 #>>31262022 #>>31262899 #
1. web007 ◴[04 May 22 15:25 UTC] No.31261815[source]
Your personal dislike of cloud SSO is not the same as "their attitude towards privacy". Before you do anything "permanently" you should read their reasoning behind that decision:

https://tailscale.com/kb/1013/sso-providers/

> Tailscale works on top of the SSO/IDP/IAM identity provider you or your company already use.

> We don’t support sign-up with email addresses. By design, Tailscale is not an identity provider: there are no Tailscale passwords.

> Using an identity provider is not only more secure than email and password, but it allow us to automatically rotate connection encryption keys, follow security policies set by your team (e.g., 2FA), and more.

You can BYO SAML provider if you like, you'll just have to pay for it: https://tailscale.com/kb/1119/sso-saml-oidc

replies(4): >>31264754 #>>31265776 #>>31270974 #>>31277498 #
2. lupire ◴[04 May 22 19:27 UTC] No.31264754[source]
I can't afford Enterprise "contact us" pricing for personal use or small team.

They don't even give the option to try to debug my own identity provider.

aka the BYO SAML feature does not exist for personal or small team/business users.

But maybe that's the point? TailScale's product is actually an identity integration layer for Wireguard? If you don't need an identity provider, Tailscale doesn't add value over Wireguard?

3. SahAssar ◴[04 May 22 20:58 UTC] No.31265776[source]
Requiring you to disclose info to google, microsoft, okta or onelogin can very clearly be an "attitude towards privacy", right?
replies(1): >>31269500 #
4. yawaramin ◴[05 May 22 04:31 UTC] No.31269500[source]
Not necessarily. It's possible to create a new Google account (e.g.) just for Tailscale, and not use it for anything else. That way the only thing Google can know about it is that it's used to log in somewhere.
replies(1): >>31270044 #
5. SahAssar ◴[05 May 22 05:58 UTC] No.31270044{3}[source]
Google requires a phone number to sign up these days, and you'd need to isolate google & tailscale in a private window or a firefox privacy container. If you use chrome you'd also get auto-logged in to chrome with your google account.

IMO there is no real way to use google in a privacy-protecting way.

6. Aeolun ◴[05 May 22 08:32 UTC] No.31270974[source]
> You can BYO SAML provider if you like, you'll just have to pay for it

Their website makes it seem like you can do SSO/MFA with even the free personal plan though. If you cannot integrate with your SSO provider then that's just marketing bullshit.

What they should really put there is "Can only sign in with Google/Github/Microsoft account".

7. ◴[05 May 22 19:29 UTC] No.31277498[source]