I haven’t used Mullvad through Tailscale personally (because I don’t actively use Tailscale) but that is the impression I got as well. Its unfortunate that integrates well with Tailscale and also gives the full Mullvad experience. Still if you are using Tailscale, it seems like the best compromise, but it is a compromise in some regards.
Oh and wouldn’t Tailscale be able to see the internet traffic?
I don’t believe so, But I’m not the best person to ask.
My understanding is that Tailscale’s servers are for coordination/C&C, your actual connection is P2P and isn’t flowing through Tailscale’s servers (outside of one specific context, but even in that context Tailscale just forwards encrypted data they can’t see). So while I’m sure there are privacy/security tradeoffs, I’m somewhat sure that Tailscale having technical access to your actual internet/network traffic is not one of them.
I’m personally quite interested in Tailscale for my own use, but on the fence about it. I’m thinking about using it for my own glacially evolving self-hosted setup, but like you I have some mild misgivings/concerns.
- I don’t like that they only offer ‘sign in with’ Google, Apple, or Microsoft.
- In the context of self-hosting I’d prefer not to be reliant on closed source 3rd party servers from a mainstream/non-privacy focused company. (not a criticism of the product or the company, not even a privacy concern, just a mild personal preference/discomfort)
- Headscale would require a VPS, and a VPS typically requires more real PII than compared to other services and a payment method. For example Oracle seems to block accounts that use privacy[dot]com cards for payment, and iirc some popular e-mail aliasing services and real name etc.