As in, would they be able to access your server?

  • Thomas@discuss.tchncs.de
    link
    fedilink
    arrow-up
    49
    ·
    2 months ago

    If you do not trust Tailscale as a company, here is an open source re-implementation of the server called headscale. Some/all clients are open source as well. So, you can review all components yourself or pay for a professional third-party review. Otherwise, if you take a binary blob from any origin, including Tailscale, and have it run with privileges on your server, there are few limits on what this blob can do. Yes, backdoors are technically possible, but probably bad for Tailscale’s business if that ever came to light.

    • jqubed@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      2 months ago

      I’ve never heard of professional third-party review of open source code. That’s a service people offer?

    • Tinkerer@lemmy.ca
      link
      fedilink
      arrow-up
      4
      ·
      2 months ago

      I’ve always wanted to do this however do I understand it correctly that I need to host headscale on a vps server that is not in my tailnet/home network?

      • uzay@infosec.pub
        link
        fedilink
        arrow-up
        5
        ·
        2 months ago

        It can be on your home network, but it needs to be reachable via HTTPS through the internet. So yeah, a vps is probably the best option.

      • Lemongrab
        link
        fedilink
        arrow-up
        2
        ·
        2 months ago

        I dont think so. It would just require some ports open.