Suppose that I pay mullvad by credit card versus I pay Tailscale for Mullvad by credit card. Is there any difference between the privacy level? If the user visits a website, can their IP be found more easily if they go through tailscale?
Assume that governments require Tailscale full cooperation. This could be logging, but as a middleman Tailscale could be required to direct the traffic to an attacker controlled node rather mullvad ?
I understand Tailscale sees I am using mullvad. Do they log connections? can that help deanonymize users by traffic analysis? The ISP also logs. Is one worse than the other?
I know mullvad offers crypto payment and coupons, but I am not that crazy
Tailscale logs more than Mullvad does, in that the client logs some information related to connectivity to the mullvad nodes themselves, and those logs are centralized by default. Those logs do not describe connections you are making through Mullvad, but in an advanced case if they were requested in a legal investigation they could be used along with other data to make up additional correlative evidence. We collect these logs primarily for product support and to continually improve the product, identifying bugs, frequent user challenges and so on - it’s part of how we constantly improve our services.
In terms of general online privacy and resistance to online attackers, such as reducing correlative association with your home ip address and so on, using Mullvad through Tailscale is just as strong as using a Mullvad native client.
Tailscale doesn’t sell your data or metadata, that’s not our business model and it goes against our values. Part of the reason we partner with Mullvad rather than host our own exit node infrastructure is to retain a separation such that Tailscale never sees your data, only some metadata, as described in Security | Tailscale. In terms of ways we use metadata, mostly it’s to provide the product to you, both the product today and the future features, the more complete description is always in our privacy policy which includes the details I mentioned above such as we do not sell your metadata: Privacy Policy · Tailscale
Assume Tailscale logs everything. It’s a business tool not a privacy tool. Security and visibility into your business network is critical. I would assume connections to Mulvad are no exception.
DNS requests don’t necessarily go through the mullvad tunnel but exit the device directly when I last checked. There is a beta setting buried in a GitHub issue to fix it.
If you’re doing things that three letter agencies or governments are going to chase you down for, commercial products are not going to protect you.
If you’re doing normal VPN stuff like the majority of people do, you’re probably fine. Only time I’ve heard of issues is when someone has something mis-configured on their end. Has anyone else heard anything?
Tailscale does the configuration. It’s on them if it is misconfigured (like DNS leaks etc).
VPN is mostly used to bypass governments: torrent downloads, copyrighted movies, tv series and if you are in countries like Russia or China for all those things for which these governments have banned Tailscale (using tweeter to expose governments, exchanging with journalists, etc). You should assume governments are interested in VPNs.
Like, I don’t care. But if anonymity and extreme privacy where nobody can subpoena your traffic metadata is important to you, Tailscale is the opposite of what you want.
That makes the most sense, but just out of curiosity, how would you mail cash to them privately? I would assume with no return address and hope the letter doesn’t get lost in the mail. I think crypto would be the most secure way to do it but even then there’s multiple ways of using crypto and some are more secure than others.
Yes, no return address. I would also check that you can’t feel the money through the envelope, maybe also using a padded one.
For crypto, ofc the source of the crypto shouldn’t be bought directly on a KYC exchange. Then you wouldn’t benefit from its privacy
