←back to thread

Tailscale raises $100M

(tailscale.com)
854 points gmemstr | 2 comments | 04 May 22 13:17 UTC | HN request time: 0.002s | source
Show context
arsome ◴[04 May 22 14:39 UTC] No.31261100[source]
I was going to try TailScale but then it seemed the only option to do so as an individual was to login with a 3rd party cloud provider, which I in no way want tied into my networks.

I gave up and just setup wireguard directly instead, I don't trust Tailscale either if that's their attitude towards privacy, it's permanently marred my vision of their product.

replies(10): >>31261128 #>>31261230 #>>31261250 #>>31261558 #>>31261667 #>>31261807 #>>31261815 #>>31261981 #>>31262022 #>>31262899 #
web007 ◴[04 May 22 15:25 UTC] No.31261815[source]
Your personal dislike of cloud SSO is not the same as "their attitude towards privacy". Before you do anything "permanently" you should read their reasoning behind that decision:

https://tailscale.com/kb/1013/sso-providers/

> Tailscale works on top of the SSO/IDP/IAM identity provider you or your company already use.

> We don’t support sign-up with email addresses. By design, Tailscale is not an identity provider: there are no Tailscale passwords.

> Using an identity provider is not only more secure than email and password, but it allow us to automatically rotate connection encryption keys, follow security policies set by your team (e.g., 2FA), and more.

You can BYO SAML provider if you like, you'll just have to pay for it: https://tailscale.com/kb/1119/sso-saml-oidc

replies(4): >>31264754 #>>31265776 #>>31270974 #>>31277498 #
SahAssar ◴[04 May 22 20:58 UTC] No.31265776[source]
Requiring you to disclose info to google, microsoft, okta or onelogin can very clearly be an "attitude towards privacy", right?
replies(1): >>31269500 #
1. yawaramin ◴[05 May 22 04:31 UTC] No.31269500[source]
Not necessarily. It's possible to create a new Google account (e.g.) just for Tailscale, and not use it for anything else. That way the only thing Google can know about it is that it's used to log in somewhere.
replies(1): >>31270044 #
2. SahAssar ◴[05 May 22 05:58 UTC] No.31270044[source]
Google requires a phone number to sign up these days, and you'd need to isolate google & tailscale in a private window or a firefox privacy container. If you use chrome you'd also get auto-logged in to chrome with your google account.

IMO there is no real way to use google in a privacy-protecting way.