[schoolornot]

A few issues I have with these NoVPN products:

* They are entirely proprietary or are proprietary extensions on top of open source software

* The clients are mostly proprietary and the distribution channels are limited. I'm guessing no .DMG is offered for macOS due to Apple's insane restrictions on OS-integrated VPN clients.

* There is usually a hard dependency on the provider for the connection, negotiation, or key exchange with no uptime guarantees.

* Pricing is not competitive with the alternatives including proprietary offerings from the big clouds.

* They all cite "Google BeyondCorp" without an understanding of what it is. Hardly do any of these products offer anything to do with inventory, device health checks, or MDM.

[pot8n]

The real raison d'etre with these new wave of commercial NoVPN products like this one and Tailscale is to build a high margin SaaS business without really having the infrastructure liabilities of SaaS businesses. The problem with these kinds of products is that they are, from a security perspective, a disaster. Not only your entire network is compromised if they get hacked or if even they want to get into your network whenever they want which is an unlimited power I've never seen in any SaaS product, also your network becomes prisoner to their services, so if their services go down for any reason, you and everyone in your network will be unable to connect to your network even if it's perfectly working.

At least Twingate doesn't try to do sanke oil advertising like Tailscale and sells itself as an "open source" (go have a look at their Github open issues, it's a complete disaster) while it is not. Also the other thing is, if you have a relatively small company of 50 people you will end up actually paying MORE than those seemingly overpriced yet established products like Zscaler ZPA.

For me, the only serious alternative to expensive products like ZPA are Zerotier and Pritunl. They are as transparent as open source yet still viable as businesses without being greedy or captive to VC money to extract every single dollar out of you.

[alexmensch]

These are all valid points, and we’re keenly aware that trust is central to our offering. On the subject of trust, I’d love to get your take on my response to hlieberman’s comment as I agree that it’s very important.

On the pricing front, our goal is to make the service cost-competitive when you take into account the positive security externalities, but in particular the huge time sink that teams and companies put into deploying, distributing and managing a typical VPN solution. This is a big reason why we’re so focused on ease of use.

Re:BeyondCorp, I brought it up as a comparison point in my blog post, but I don’t want to appear to be making claims that our product is currently a 1:1 BeyondCorp replacement. One of the next things on our roadmap is to start exposing device inventory and posture checks as management options in the product to start getting closer to a full BeyondCorp-like offering.

However, a key insight we had in working with early beta customers is that there is significant pain to address even without getting all the way to a full zero trust / BeyondCorp state. That’s a big reason we decided to launch our product now, even before we’ve had the opportunity to add functionality we know will need to be added in the future.