Heh, that's my PR. Initially I thought it would be a trivial change, but then I realized I hadn't considered how it should interact with MDM / device posture functionality - these aren't features I'm personally using with the Android client, but are understandably important to enterprises.
I still hope to get back to that and try to get it to a state where it can be merged, but I need to figure out how to test the MDM parts of it properly, and ideally get a bit of guidance from the tailscale team on how it should work/is my implementation on the right track (think I had some open questions around the UI as well)
Let's stop moving the goalposts. Open source has a specific definition, and "they merge whatever code I want them to" isn't part of it. Just fork the client, compile it, and run it yourself.
“Each Tailscale agent in your distributed network streams its logs to a central log server (at log.tailscale.com). This includes real-time events for open and close events for every inter-machine connection (TCP or UDP) on your network.”
They know what you're doing, when, from where, to where, on your supposedly “private” network. It's possible to opt out on Windows, on *nix systems, and when using the non-GUI client on macOS by enabling the FUD-named “TS_NO_LOGS_NO_SUPPORT” option: https://tailscale.com/docs/features/logging#opt-out-of-clien...
For an example of how invasive this is for the average user, this person discovered Tailscale trying to collect ~18000 data points per week about their network usage based on the number of blocked DNS requests for `log.tailscale.com`: https://github.com/tailscale/tailscale/issues/15326
I'd love to have someone else chime in on this because I did some spelunking and am not sure if this comment is true.
I checked my DNS logs and saw zero attempts to resolve `log.tailscale.com` having ran tailscale for many years (I added it to a blocklist anyway).
From their admin panel, it appears "networking logging" requires paying for Premium[0], so it's not being used for free users (or Personal Pro).
Also, from looking at some source code (because the docs don't include this), I discovered you can disable logging for the macOS App Store client by doing:
Pretty much this. DNS, SNI, and otherwise plaintext traffic sniffing. That together with user/device 'fingerprinting' (a much more amorphous concept), and that's why such-and-such thing you were just talking about with so-and-so pops up on your screen/feed/whatever, sometimes only minutes later.
I highly doubt any of this can actually be opted-out of. How else would they stay in business?
The `TS_NO_LOGS_NO_SUPPORT` option opts out of all log collection, and says in the name why it is collected in the first place. Tailscale has support for all users, including free, and having access to logs has to be how they can provide free support. Having quick access to logs reduces the time it takes to handle tickets, so they can help more people quickly and don't need to limit support to only paying users.
The core client code is open source, feel free to inspect it yourself.
They specifically avoid sending traffic through tailscale servers whenever possible. That’s how the free tier stays free. Most connections are direct, P2P.
The traffic that does go through their servers is encrypted, and bandwidth limited on the free plan. Any snooping on client behavior would have to be done client side, and the clients are all open source. To some extent the coordination server might be able to deduce some metadata about connections; but definitely not snoop all plaintext traffic.
I think they do have some “service detection” which can basically port-scan your devices to make services visible in the web UI. But that is easy to disable. And premium/enterprise tiers can intentionally log traffic statistics.
> To some extent the coordination server might be able to deduce some metadata about connections; but definitely not snoop all plaintext traffic.
Metadata is as good as data for deducing your behavior. Think what conclusions can be drawn about a person's behavior from a log of their network connections, from each connection's timestamp, source, destination, and port. Think about the way each additional thing-which-makes-network-requests increases the surveillance value of all the others.
Straight away, many people's NTP client tells the network what OS they use: `time.windows.com`? Probably a Windows user. `time.apple.com`? Probably Mac or iOS. `time.google.com`? You get the idea. Yeah, anyone can configure an NTP client to use any of those hosts, but the vast vast majority of people are taking the default and probably don't even know what NTP is.
Add a metadata point: somebody makes a connection to one of the well-known Wi-Fi captive portal detection hosts around 4PM on a weekday? Maybe somebody just got home from school. Captive portal detection at 6PM on a weekday? Maybe somebody just got home from work. Your machines are all doing this any time they reconnect to a saved Wi-Fi network: https://en.wikipedia.org/wiki/Captive_portal#Detection
Add a metadata point: somebody makes a network connection to their OS's default weather-widget API right after the captive-portal test, and then another weather-API connection exactly $(DEFAULT_INTERVAL} minutes later? That person who got home is probably still home.
I don’t mean P2P in the same sense that BitTorrent or something is P2P. (Splitting one connection into many distributed ones) But more like how a game that does P2P multiplayer has the clients connect directly instead of through a centralized service.
Ironically I like Blades a lot more on OG XBOX (the JX720 theme for XBMC). Its 360 iteration got really crowded when MS added the Live blade and all the ad units. The NXE (what this site emulates) was Peak 360 IMO :)
“I would argue that…” is a weaker statement, because it ends with an implied “…but since I don’t care that much, I’m not ‘seriously’ arguing that.” It’s not at all equivalent to the strong statement “I argue that…”, which has no such qualifier.
Why cure yourself of useful conversational nuance?
Not entirely true; there are at least the lease, rental, and commercial fleet markets supplying predictable inventory of used cars to the public market.
reply