Hi,
Could someone explain me is Tailscale still protects from ISP snooping, will it protect you in unsecured network?
Another victim of the false advertisement of bad company like nordvpn…
Protects from ISP snooping:
- only if you self host an exit node outside your house, on a cloud server like amazon, ovcloud or hetzner
Protect from an unsecure network (like WiFi at airport/cafe/library)
- yes, if you’re using an exit node. This can be at your house or a cloud server
Tailscale is a traditional VPN but just removes a lot of the heavy lifting when it comes to the configuration/authentication side of the VPN for the end user
Could someone explain me is Tailscale still protects from ISP snooping
It can but it requires some extra systems on a network that your ISP doesnt own
will it protect you in unsecured network?
Yes
Actually I’m also curious about mitm attacks - how effective is Tailscale (or any vpn for that matter) against that when you connect to a public wifi?
Let me tell you like this, suppose if you buy NordVPN, what it do is, it has many servers in many countries connected with various VPN protocols like OpenVPN, Wireguard, IPSec and when you use NordVPN it connects to one of its server and your internet traffic flows through that server with whatever VPN protocols it uses.
Now, what tailscale does is it lets you create your own kind of NordVPN with Wireguard protocol, all you need to do is install tailscale on all your machines and on servers and advertise some of the servers or machine to run exit-node. Try this if you need 3 free exit-nodes GitHub - patte/fly-tailscale-exit: Run a VPN with global exit nodes with fly.io, tailscale and github!
By default machines connected with tailscale, only tailscale traffic is encrypted and non-tailscale traffic is not encrypted, in order to encrypt all internet traffic you need to use exit node.
Now how to save your ip from torrenting and ISPs if that is what you are worried
If you are familiar with docker, run tailscale-Unbound-AdguardDNS in a docker container and use this as DNS in tailsacle. so all your DNS queries will be handled by you. Instead of all your ISP.
For torrenting, Use Oracle free vps, Lockdown your Ubuntu server in Oracle with ufw and tailscale, Use UFW to lock down an Ubuntu server · Tailscale Docs
Install docker and run deluge in a docker container, now every time you have to use deluge, ssh into your Oracle server and use one of the exit-node in tailnet with exit-node lan access.
You can run many things over tailscale like this, if you need a private search engine, you can run searxng in docker, make sure they listen only on tailscale interface(tailscale0) or if you are not worried about memory of your server, you can run tailscale in every docker container you use and take advantage of tailscale https and tailscale serve.
I just try find solution to improve my privacy
what a useless fucking reply
For man in the middle attacks a VPN on a “wild west” open wifi will prevent these as long as your settings are right.
If using tailscale make sure your using an exit nodes so all traffic of yours routes through ts and thus goes through the encrypted tunnel. Without exit node only traffic specific to tailscale network will get sent everything else will go out the wifi connection like normal. Same here goes for most of the mesh VPN providers.
If using any of the commercial Vpns just make sure it’s set to route all your traffic, these normally do so by default but verify
A VPN, when configured right, will put you in a tunnel on the network till you get out the other side. Since mitm attacks usually occur in the same network this mitigates that. Now with https man in the middle is much harder if not thwarted but if the wifi is open I still use tailscale and an exit node for extra caution.
Thanks for explanation. I installed OpenVPN on AWS cloud and that’s enough for me now I think.
Maybe next time will install Pihole + pi VPN. However I prefer Adguard home.
They don’t really improve your privacy, they just shift who has access to your traffic from your ISP to them. The VPN service’s employees could still snoop on you if they really wanted to.
Regardless of whether or not you use one you should take real steps to improve your privacy and security online:
- Install the browser extension HTTPS Everywhere (ensures you don’t visit sites over insecure and non-private HTTP when the secure and private HTTPS is available)
- Install an ad blocker in your browser, such as uBlock Origin if you’re using Firefox
- Turn on any tracking prevention settings in your browser. Setting them on maximum may break certain websites; if this happens to websites you care about then dial it down until they start working again, or add specific exceptions if able.
- Do not use DNS servers provided by your ISP or VPN service. I personally favor Quad9, but Cloudflare’s public DNS is another good privacy-preserving choice. Whichever you choose, make sure it supports DNS over HTTPS (DoH) as otherwise your DNS queries aren’t private over the wire.
- When signing up for online accounts, choose unique random passwords per account, storing the credentials in a password manager such as Bitwarden.
- Use a search engine that preserves your privacy, such as DuckDuckGo, instead of Google.
You will notice that “use a VPN service” doesn’t feature on that list because it’s not a meaningful enhancement to your online privacy compared to the above. If you’re in a position where you need to care about threat actors snooping on your traffic, those VPN services are not sufficient. Use Tor instead, and be prepared to suffer quite a bit for the actual security and privacy that provides (it’s slow and you’ll run into “prove you aren’t a bot” checks constantly).
Yeah that’s exactly what I said…
So is Tailscale for still don’t get it?
So only best option is own VPN server Wireguard or OpenVPN
Technically speaking,
Portmaster is the best route to take if you are paranoid
It’s advantage over a traditional VPN is its mesh architecture. In other words, once the relavent information about one’s Tailnet is retrieved from a coordination server, all the nodes connect to each other directly peer-to-peer. This offers a certain amount of fault tolerance in case the Internet goes down.
What happens if the coordination server is down? · Tailscale Docs.
In traditional VPNs, all the nodes communicate through a hub. If the hub goes down so does one’s VPN.
I just need VPN for secure connection to the web, and against ISP spoofing. I think will be better for me to stick to Mullvad
It seems like yes, you should use a consumer focused IP spoofing type of VPN, and Mullvad is great at that.
Tailscale is the traditional form of VPN, as in, it’s a network that is virtual and private. Accessing the internet in a way that encrypts connection from inside this Private Virtual Network is just one of the many features of Tailscale but you need to understand a tiny bit of what’s going on to do it
So I know how VPN works for the most part my question turns into since I’m already using tailscale for remote access purposes from my mobile devices how would I configure it to cya against ISP snooping to avoid “those” types of letters for doing the usual types of activities where you would bind your VPN to the client during the download (iykyk 
)
Then you need an exit node (Exit nodes (route all traffic) · Tailscale Docs) that is outside your home that your ISP can’t snoop on. For that Tailscale offers some collab with Mullvd (Surf the Web Privately with Mullvad's Global Network + Tailscale)