Tell HN: Tailscale terms updated, added mandatory arbitration

65 points by EMIRELADERO ↗ HN
Just received this email:

Hi,

As the Owner (or designated Account changes contact) for your Tailscale tailnet, we’re reaching out to inform you that we have updated Tailscale’s Terms of Service and Privacy Policy.

What’s changed?

We added a Data Privacy Addendum (DPA, a.k.a. “Data Protection Agreement”) that outlines our uses, obligations, and responsibilities with protecting your data. We improved definitions and language to reflect our ongoing commitment to safeguarding your privacy and data, as well as to making room for some new features we’re working on. We changed the jurisdiction of the documents to New York, NY USA (from Ontario, Canada). We included a binding arbitration clause to help mitigate the business risks of granting a DPA to all of our customers. We incorporated an NDA to make it easier for us to share resources like our SOC 2 report with any customer that requests it. Please take the time to review the new documents, linked above. Copies of our former agreements - Terms of Service and Privacy Policy - are available in case you wish to compare. What do I need to do?

You don’t need to take any action to accept the new Terms of Service and Privacy Policy. They are now in effect.

If you have any questions, please reply to this email.

Cheers,

David Carney

Co-founder & COO, Tailscale Inc.

23 comments

[ 3.2 ms ] story [ 58.6 ms ] thread
They also moved from Canada, I wonder why..
well that's super shady. they likely moved to New York because US laws are a lot more lax than Canadian ones. definitely a good reason to not use Tailscale.
Can you be more specific as to which particular kind of laws being more lax would cause you to not use Tailscale anymore?
They are both part of the 5 Eyes so your data isn't really secure anyways
This is pretty common these days. Whether you like the change or not, I doubt is anything nefarious.
My guess is either that they're going to be acquired soon and are making these moves to ease the acquisition, or they are moving to get access to a whole subset of customers that can't use them for regulatory reasons?

But I could be totally wrong.

> get access to a whole subset of customers that can't use them for regulatory reasons

US government for example.

Yes exactly. Although with these things companies often register a second US entity.

But I didn't get that sense... the language says that the documents use NY jurisdiction, not that they registered a new business entity.

https://fairarbitrationnow.org/ten-reasons-why-arbitration-s...

Ten Reasons to Ban Arbitration

1) You cannot hold companies accountable. Forced arbitration allows companies to play by their own rules and escape accountability when they harm consumers and employees.

2) You cannot sue for discrimination, harassment, abuse, retaliation, or wrongful termination.

3) Arbitrators are not required to follow the law.

4) You cannot sue for negligence, defective products, or scams.

5) Legal recourse is not allowed.

6) You cannot appeal an arbitration decision.

7) Arbitration is a private system without an impartial judge.

8) There are no juries in arbitration.

9) There is no public review to determine whether the arbitrator got it right.

10) Forced arbitration prohibits class action lawsuits, an important way for consumers and employees to band together to fight injustices.

Bye, there goes tailscale...
Maybe they suffered a big breach recently like many other companies and want to get in front of possible lawsuits. Not sure how that would even work legally if they knew and didn’t disclose that before forcing arbitration on users.

Alternatively, there was an exploit recently in the windows Tailscale client, and the auto updating functionality seems to have not worked very well (for me at least— I had to manually upgrade it and it was annoying). Who knows, maybe that exploit is what led to the rash of high profile breeches lately— I’ve been puzzling over the source, and thinking also about the CircleCI and LastPass breeches as possibilities.

I don't know about Tailscale other than it's nice UI for a VPN, but seems like HN folk love it, although i would expect HN to be more cautious about something so important like direct access to your local network
Do you know of another, preferably open source product that satisfies:

* Easy installation and configuration

* Excellent NAT-traversal even when on CG-NAT

* iOS support

* Great performance, able to stream 4K video over the Internet

I've been looking for an alternative to Tailscale but so far all the ones I found fail in at least one of the above.

Edit: formatting

Which point(s) does zerotier fail?
Zerotier really doesn't fail any points, it's just no longer the "hot new thing" or an up and comming startup.

I moved from Zerotier to Tailscale mainly for the fit and finish and Wireguard. Zerotier accomplished everything I wanted for my home network but was never "pretty." Tailscale is "pretty" and easy to use. MagicDNS makes accessing my devices easy as I don't have to set up my own DNS entries.

I moved our entire company off of OpenVPN and AWS VPN to Tailscale. It may not be as cheap anymore, but their networking ACLs and integration with Google/Microsoft for login have made it SO EASY to onboard new people and hardware.

In my experience, and I used ZeroTier extensively before moving to Tailscale, it fails in a few points:

* Performance was never quite great, especially when NAT was involved. This may have improved, but I haven't used it in a while.

* NAT was hit-and-miss. It would usually work, but would not work frequently enough that I couldn't just count on it.

* Not really easy for some use-cases. Main one for me, having a router both for acessing my LAN from outside, and as a gateway to my home Internet (akin to a VPN service like e.g. Mullvad or PIA). It's possible, and I did use it that way but it required some iptables-fu and it would fail some times - when it did, I would lose all my ability to connect back. This is especially bad if I'm traveling, since I don't have physical access to the router to fix the config. This never happened with Tailscale.

Tailscale has been incredibly helpful to various open source groups, including the team behind headscale which implements an open source version of the tailscale head server. They also contribute directly and indirectly to a number of other open source ecosystems and libraries.

Basically they have done a lot to engender good will from others.

HN's ToS contains the same type of provision, fwiw.

It's super common these days. I find it to be a bit rude to ask someone to give up their civil rights.

So Tailscale is cool, but I stopped using it at home because I didn't like relying on a service that I couldn't self-host and required me to log in with Github. I haven't replaced it yet, but am looking at Zerotier which seems to allow self-hosting everything.
Have you checked out headscale? It’s an open source control plane for Tailscale which lets you plug in any OIDC provider. Tailscale the company even employs an engineer which uses about 50% of his time on headscale.
Thanks, looks great! I searched it and the link is grey, so I must have run across it before, but I needed the reminder!
The new tailscale lock has completely removed my fears about it.