You keep saying you don't mind timing and volume information known by Tailscale but much more concerningly compared to that is that they can add peers to your tailnet. In fact that's how their optional open-port scanner service discovery feature works. And even if you trust Tailscale, which I generally do, then there is the concern that they only support login through SSO via identity providers. You have to trust them as well.

I have an iPhone. I pretty much have to trust Apple. If you took that over then yes, you could screw me over pretty hard.

And yes, they could add peers to my tailnet. That’s why every time I have talked about TS I say it’s about your threat model. I’m a home user, and while I wouldn’t just open up my network, there’s nothing here that will get me in prison or dead. If I had that kind of info it would never, ever meet the internet in any form.

I would be more cautious if I ran a large multinational corporation. I don’t. I think I can trust Tailscale not to be the operators of an enormous “residential IP VPN” botnet.