←back to thread

The New Internet

(tailscale.com)
517 points ingve | 1 comments | 26 Jul 24 18:29 UTC | HN request time: 0s | source
Show context
teddyh ◴[27 Jul 24 03:19 UTC] No.41084227[source]
The eternal problem with companies like Tailscale (and Cloudflare, Google, etc. etc.) is that, by solving a problem with the modern internet which the internet should have been designed to solve by itself, like simple end-to-end secure connectivity, Tailscale becomes incentivized to keep the problem. What the internet would need is something like IPv6 with automatic encryption via IPsec, with PKI provided by DNSSEC. But Tailscale has every incentive to prevent such things to be widely and compatibly implemented, because it would destroy their business. Their whole business depends on the problem persisting.

(Repost of <https://news.ycombinator.com/item?id=38570370>)

replies(14): >>41084990 #>>41084996 #>>41085022 #>>41085061 #>>41085166 #>>41085236 #>>41085716 #>>41085987 #>>41086195 #>>41086648 #>>41087141 #>>41087359 #>>41089848 #>>41092877 #
viraptor ◴[27 Jul 24 07:32 UTC] No.41085022[source]
Zerotier does kind of that. It's a tunnel, but also the traffic is direct (unless double Nat is involved) and if you could route the traffic directly to the endpoint IPs, you can skip zt. The location service can be self-hosted if you want. You don't have to use them as a service if you don't want to. Apart from dnssec it's pretty much what you're asking for.
replies(1): >>41085255 #
lockywolf ◴[27 Jul 24 08:37 UTC] No.41085255[source]
Double NAT is now almost everywhere in the world, except maybe USA.
replies(2): >>41085472 #>>41086207 #
1. sulandor ◴[27 Jul 24 12:41 UTC] No.41086207[source]
foreseeable yet still somewhat surprising that having a clean v4 address on the cpe has become a very privileged position.

just the other day i was discouraging a youngster from manually populating his hosts-file in order to circumvent a dmca-related dns block.... what has the world come to.