Comment

Comment on Self-hosting in 2025 isn't about privacy anymore - it's about building resistance infrastructure

Just FYI unless you self-host headscale, tailscale is centralised and not private. They claim it is end to end encrypted but their proprietary centralised control server distributes the keys, so they could very easily MITM you.

Tailscale is good tech and good crypto, but Applied cryptography cannot solve a security problem. It can only convert a security problem into a key-management problem, and tailscale does not do decentralised key management.

source

Sort:hotnew top

fossilesque@mander.xyz ⁨1⁩ ⁨day⁩ ago
headscale.net/stable/

source
- clif@lemmy.world ⁨1⁩ ⁨day⁩ ago
  Glad to see this comment on the chain. I haven’t tried it myself (yet) but I’ve got a friend that does and says it works great.
  
  It’s on my list. Unfortunately, it’s a really long list.
  
  source
fort_burp@feddit.nl ⁨1⁩ ⁨day⁩ ago
Are you serious? I had no idea Tailscale was a “trust me bro” kind of operation. I’ve always heard “serious” people boosting it.

source
- teolan@lemmy.world ⁨1⁩ ⁨day⁩ ago
  Well they are a serious company with serious engineering capabilities. Just know that whoever runs the control server can control your network, and almost everyone uses Tailscale’s centralised control server, so they control the networks of almost all of their customers.
  
  source
  - wabasso@lemmy.ca ⁨1⁩ ⁨day⁩ ago
    Can you help me understand what head/tail scale do? I’m at the “get friends and family on” stage so I’ve been struggling figuring out how to get friendly domain names working through Wireguard.
    
    source
    TunaLobster@lemmy.world ⁨1⁩ ⁨day⁩ ago
    Note: I’m only done this with Tailscale. I have not looked into this with headscale.
    
    You can invite them to your network, or share a machine to their network. The second option is probably more likely what you will do with Tailscale since it is unlimited and the first option has a limited number of users for the free tier. The biggest hurdle will be them getting devices added to their tailnet so those devices can access your machine.
    
    I imagine it’s maybe a little easier with headscale. I haven’t gone down that route yet. I would probably want to have my DDNS point to a VPS and have that be the entry point to my network. I could point it to my ISP IP, but one more layer that isn’t very expensive is probably smarter security wise.
    
    source
    -> View More Comments
- Butterphinger@lemmy.zip ⁨23⁩ ⁨hours⁩ ago
  Like all the “selfhosters” and their Cloudflare proxies lmao.
  
  just use wireguard. :/
  
  source
antrosapien@lemmy.ml ⁨1⁩ ⁨day⁩ ago
Along with headscale, I have also hosted Pangolin instance. Multi network setup with docker

source