Hacker News new | ask | show | jobs
by ithkuil 1303 days ago
Their middle man in the data plane handles encrypted packets so that's not the problem here.

The problem is their control plane that controls the encryption keys. A malicious admin inside TS (or a hack) could grant itself membership in any of their customer's networks. (Or at least this is the worry I read from GP)
1 comments
fudgefactorfive 1303 days ago
That's definitely a concern, but I feel this can be mitigated by running your own network on top of theirs. Anyone in my home is part of my network, doesn't mean they're in the wg network too.

Aside from that, it's definitely a problem that they could include themselves in any customer network, but the accountability still stands. If someone got in without your screw-up, at least you know who to point the finger at once the dust settles.

I'd argue it should be treated as a base to overlay your network on top of. Although admittedly I say that as someone that doesn't use their services for similar reasons.

link
ithkuil 1303 days ago
> If someone got in without your screw-up, at least you know who to point the finger at once the dust settles.

How do you know you didn't screw up? There are so many vulnerabilities in the gazillion or random stuff you run every day on your laptop. I'd argue it's more likely that something like that was breached than Tailscaled was breached or rogue.

link