This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/Few_Definition9354 on 2025-04-20 07:25:34+00:00.
TL;DR - Sure tailscale don’t touch my private keys. But what’s stopping them from injecting their public key into my devices?
Hi everyone,
I'm considering using Tailscale for my personal network, but I have some security concerns and would love to get some feedback from those familiar with its architecture and security model.
My main worry is about key management. Specifically, I'm concerned that Tailscale could potentially inject their own public key into one of my devices, creating a backdoor that allows them to access my network traffic.
Isnt' it essentially a backdoor?
I've read about Tailscale's use of WireGuard and their claims of end-to-end encryption, but I'm hoping someone could clarify how the system is protected against the company itself (or a malicious actor within the company) from tampering with the security setup.
Any insights or explanations would be greatly appreciated!
Thanks in advance!
Edit: I am talking on the premise that I trust the client app (it’s open source so externally auditable ). Many have misinterpreted so might as well add that here to avoid confusion.