I’ve been thinking about this more and more. According to the sidebar, this community is “A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.” Based on that I don’t think Plex qualifies.
Privacy: Plex clearly records the metadata of what you watch. When I used it, it would send me a report by email of what my “friends” were watching. Even with that turned off, their services still track telemetry.
Control: Plex has all of it. They can (and do) make unilateral changes to the service, how authentication works, where you can run it, etc.
So I ask, when you are hosting something that is entirely dependent on a commercial entity to function, is Plex really selfhosting in the spirit of this community?
Just as much as Tailscale is self hosting. Tailscale is probably more concerning from a security point of view.
To me, Tailscale is not selfhosted at all. That’s why headscale exists.
So not at all?
Tailscale is just a Service. Not sure how you could even think calling Tailscale self hosting.
What exactly is concerning about Tailscale’s security?
I’m new to self-hosting and Tailscale was the easiest/fastest way I could get to access my stuff externally. I’m currently learning about the alternatives.
I’m not concerned about it personally, but you are putting a lot of trust in them as a 3rd party service provider. It’s up to your specific risk profile if that’s acceptable risk or not.
The alternative would probably be self hosting a vpn yourself with dyndns to handle ip address resolution. I’m biased (I have a professional networking background) but I don’t think it’s that much harder to setup either. But then I’m also a hypocrite and don’t self host anything anymore.
There’s also a valid argument to be made that doing it yourself is riskier because novices make mistakes. I don’t think this is too big of a concern personally - it’s not like you’re rolling your own cryptography.
Like all VPN-like things, some amount of data has to flow through their system. But almost everything is encrypted nowadays so it’s generally not too big of a worry.
For Tailscale though, they see way less. They see your IP during device setup, and maybe during use if things are making it hard for them to enable a direct connection. Depending on your DNS setup, they may see some of your DNS requests.
Its also really easy to setup your own headscale sever and then nothing goes to them at all. I recommend a small VPS for that, rather than running it on your home internet connection.
Tailscale controls the routing, thus the traffic. They control which keys get trusted. They most of the time distribute and develop the software.
It would be quite easy for them to start snooping on traffic, while on the internet anything basically is additional encrypted, that would not apply so broadly to the traffic that get sent via tailscale especially the self hosted crowd, a lot of that traffic would be http and unencrypted.