Tailscale raises $100M

(tailscale.com)

854 points gmemstr | 1 comments | 04 May 22 13:17 UTC | HN request time: 0.345s | source

Show context

arsome ◴[04 May 22 14:39 UTC] No.31261100[source]▶

I was going to try TailScale but then it seemed the only option to do so as an individual was to login with a 3rd party cloud provider, which I in no way want tied into my networks.

I gave up and just setup wireguard directly instead, I don't trust Tailscale either if that's their attitude towards privacy, it's permanently marred my vision of their product.

replies(10): >>31261128 #>>31261230 #>>31261250 #>>31261558 #>>31261667 #>>31261807 #>>31261815 #>>31261981 #>>31262022 #>>31262899 #

aborsy ◴[04 May 22 15:24 UTC] No.31261807[source]▶

>>31261100 #

I don’t understand why these mesh VPN companies don’t take themselves out of the trust loop? For example, by supporting Wireguard preshared keys (if that makes sense).

In light of the recent incidence at Okta, the risk of the VPN company or the identity provider getting compromised, or provided with a gag order by the government, should be accounted for.

replies(1): >>31272536 #

1. PLG88 ◴[05 May 22 12:35 UTC] No.31272536[source]▶

>>31261807 #

You should checkout the opensource project OpenZiti (https://openziti.github.io/). It has its own internal PKI system so you dont need to (but can) like to an external 3rd party. It also allows you to close all inbound ports and link listeners (as every endpoint has embedded identity so makes outbound only connections) and can be embedded directly into apps with SDKs as well as deploy on any popular OS or as a virtual appliance.

Our opinion of zero trust is that you should not have to trust us. Thats why we made is open source and with its own internal identity system. The only things you need to trust are the controller (which uses your CA/PKI) and the code (which you can audit).

↑