There is a risk that the authentication servers of Tailscale are compromised, or Tailscale goes rouge, and malicious public keys are added to a network. This could even happen without malicious devices showing up in web admin console
How to mitigate this risk? Can I set it up such that I don’t have to trust Tailscale?