It's almost as if these people are offended someone would not use tailscale. Do you also find stories about people hiking and comment "I just look up scenic locations on google"? Why would you think your +1 to the easy, commercial route is at all interesting to a forum literally having Hacker in the name?
It is quite different here as the OP stated headscale which is own hosted and I understand they use just the tailscale clients. That is mine setup too after using tailscale first and then wanted something own hosted without my traffic going through someone else's network infrastructure (internet excluded of course)
In my opinion Tailscale is the realistic option for most people. The author is familiar with Tailscale having worked with it previously, but my interpretation is that he wanted to get more familiar with the underlying Wireguard technology.
“Each Tailscale agent in your distributed network streams its logs to a central log server (at log.tailscale.com). This includes real-time events for open and close events for every inter-machine connection (TCP or UDP) on your network.”
That reminds me of a complaint that I had with a visualization library that kept pushing the open source project to be tied into their hosting racket. I brought up how lots of security organizations at the time wouldn't understand how much of a massive problem it was for the end user to decide to make the data immediately available to the entire Internet. It feels wrong that such implications could be missed from a set of environment variables just being missing. Usually you want things to fail safely ...
Agreed it's a bit annoying how non-discoverable this is. Wish it was in some sort of onboarding prompt. But I can see Tailscale's argument for making it the way it is.
Tailscale is really targeting the business market, especially since their product is basically free for personal use. In a corporate environment, I imagine that the client logs are actually hugely valuable to the corporate customers themselves. It lets them see who is accessing what and is super critical when doing a post-mortem after a hack. (also no actual traffic content is logged)
But I still keep client logging disabled for my personal use.
