> I do not interpret their policies such that they are processing the information you added emphasis to beyond what is necessary to serve the customer. What evidence do you have to the contrary?

Respectfully, you are failing to appreciate the full scope of the problem. It doesn't matter what Tailscale do with the data. The log contents don't matter at all, only the fact that a network connection was made. Every network connection you make creates metadata about you, and the Internet itself — the path between me and Tailscale's logging endpoint — is always listening.

Think what conclusions can be drawn about a person's behavior from a log of their network connections. Encryption doesn't matter, because we're just talking about metadata; each connection's timestamp, source, destination, and port. Think about the way each additional thing-which-makes-network-requests increases the surveillance value of all the others.

Straight away, many people's NTP client tells the network what OS they use: `time.windows.com`? Probably a Windows user. `time.apple.com`? Probably Mac or iOS. `time.google.com`? You get the idea. Yeah, anyone can configure an NTP client to use any of those hosts, but the vast vast majority of people are taking the default and probably don't even know what NTP is.

Add a metadata point: somebody makes a connection to one of the well-known Wi-Fi captive portal detection hosts around 4PM on a weekday? Maybe somebody just got home from school. Captive portal detection at 6PM on a weekday? Maybe somebody just got home from work. Your machines are all doing this any time they reconnect to a saved Wi-Fi network: https://en.wikipedia.org/wiki/Captive_portal#Detection

Add a metadata point: somebody makes a network connection to their OS's default weather-widget API right after the captive-portal test, and then another weather-API connection exactly $(DEFAULT_INTERVAL} minutes later? That person who got home is probably still home.

Anyway, you get the point that this stuff adds up! The problem with Tailscale is that its default behavior exposes metadata about entire additional classes of traffic in addition to all the examples I just mentioned that my devices were already leaking. Tailscale would have me start telling the Internet “hey I'm here and doin' stuff!” every time I read or write any file on my NAS, every time I use Steam Link remote play over LAN, every time I SSH or RDP into any of my other machines.

The free “Personal” tier is limited to only 3 users but 100 devices, so it's normal and expected to set it up the client on any and every computer you own: https://tailscale.com/kb/1154/free-plans-discounts#personal-...

My behavior would be exposed to every layer of service provider along the way: my ISP, my ISP's ISPs, the cloud provider Tailscale use to host their surveillance endpoint, Tailscale themselves if they so choose, whatever creepy secret spy implants we're not allowed to know about. No thanks! If you want to be private, you must be silent.