VPN stands for Virtual Private Network. There are two main goals you might have with such a thing:
- Connect a bunch of your devices together in a distributed network which is also a private intranet (secure access)
- Connect your devices together with some total strangers’ devices so that when some stranger monitors your internet traffic it is har to work out what traffic is you and what is the total strangers. (anonymous access)
The priorities for both are a different. This notebook is about (1) but for (2) see VPNs.
I do not fully understand the security implication of these. Clearly, even if they do what they claim and do not inspect your virtual meshnet traffic, the provider who brokers your all your secure meshnet tunnels will know a lot of about which devices are finding each other and where.
This is an unusual one, and not really designed for anonymity so much as secure access to your private stuff. Tailscale is a kind of mesh VPN provider, in that they do not actually provide an anonymising internet browsing VPN proxy but instead concentrate on purpose number 1 for VPNs: connecting distributed devices securely together. They automatically plug in phone and laptops and servers, which looks really useful. Their method depends on you authenticating with some kind of faceless corporate identity provider like Microsoft or Google. I am not qualified to comment on how vulnerable this technology leaves you to these extra trusted parties.
Apenwarr’s introductory blog post is extremely interesting for the context oc the actual problem they would like to solve here, IMO. IPv4, IPv6, and a sudden change in attitude
For a single user it looks nice and is free. For multiple users it gets more expensive (USD60-USD180/person/year).
ZeroTier – Global Area Networking looks similar to tailscale from the user’s POV but probably has a different technology stack. Adam Ierymenko’s blogpost about early design decisions here sets the scene: Decentralization: I Want To Believe.
The design I settled on is ultimately rather boring. I built a peer-to-peer protocol with a central hub architecture comprised of multiple redundant shared-nothing anchor nodes at geographically diverse points on the global Internet.
I designed the protocol to be capable of evolving toward a more decentralized design in the future without disrupting existing users, but that’s where it stands today.
Source seem to be open? Pricing reasonably cheap. Pragmatic tradeoffs seem reasonable to me.