There is a risk that the authentication servers of Tailscale are compromised, or Tailscale goes rouge, and malicious public keys are added to a network. This could even happen without malicious devices showing up in web admin console

How to mitigate this risk? Can I set it up such that I don’t have to trust Tailscale?

Hi. Just wanted to point out another recent thread on this topic. In particular, @danderson’s reply here:

Yes, exactly the same question.

• With a malicious device, Wireguard encryption in between all devices is decrypted for that device, right?

• How well is the coordination server secured currently against hackers and governments?

It’s a small start up and could be a target.

• Can an additional layer of encryption in between devices be added to protect against a malicious node? For example, installing VPN on a NAS.

Some answers to your questions:

1. If you have one malicious device, it can still only see traffic that was directed to that device. Every device has its own private key and that key never leaves the device, so only a given device can decrypt traffic that was directed toward it.

2. “How well is the coordination server secured” is unfortunately an unanswerable question. We’ll be publishing some whitepapers later with more details of our production policies, but these are not available yet as we go through various certifications, pentests, etc.

3. Yes, if you want an additional layer of encryption between your devices, you can still do that. You could treat your devices as if they are all directly exposed to the Internet (the worst case scenario), and secure all your connections with ssh and TLS. Tailscale would be helping you with connectivity in that case still, even if you don’t trust its security.

Hope this helps.