Not true, or not entirely true
The control plane can be self hosted (headscale), and they have a mitigation for mitm or attack surface in the control plane - tailscale lock.
It's FOSS, on their clients, if their control plane is FULLY compromised, literally completely taken over, they can still not add new machines, nor access them, at best they can shut you out of derp (can't even prevent your already logged in machines to connect because holepunch)
now i probably need nostr:nprofile1qqs99d9qw67th0wr5xh05de4s9k0wjvnkxudkgptq8yg83vtulad30gpp4mhxue69uhkummn9ekx7mqpzpmhxue69uhkummnw3ezumrpdejqx0sfxm to explain because I'm 5 and retarded
basically tailscale does direct connections between nodes, yes, and it is encrypted
but these nodes at the start don’t know each other, they ask the tailscale control plane “what nodes are there”
if the control plane lies and inserts fake/impersonating nodes, it could pretend to be your trusted laptop for example
this makes no sense. if they couldn't add machines then how do they add your machines? something has to coordinate everything.
It's true without tailscale lock, please look into that feature
