I share the same concerns. They also had some bizarre and worrying behaviour where anyone signing up with the same domain would automatically be joined to your account, seemingly without any approval steps.
This was ostensibly to allow “corporate” accounts to easily group all users together, but the behaviour relies in the backend on a manually maintained (by Tailscale) list of “shared” domains where this auto joining behaviour would be bypassed (eg. @gmail.com) to prevent say all Gmail users being grouped into the same account.
Of course this manual list missed some obscure shared email domains and there were users complaining on GitHub that they were unexpectedly seeing other users/machines in their account.
I hope this terrible design decision has now been fixed in some way but it adds to my slight unease at the authentication model being used (along with the OP’s concerns).
Aside from this Tailscale is a great product, but for something focussed on security these sorts of things need to be given a high priority (if they’re not already).
Oh, I wasn't aware of that. That's certainly worrisome considering Tailscale's default configuration for the ACL and authenticating new machines. Fortunately I updated my settings to change the default ACL policy and to manually approve any new machines.
This was ostensibly to allow “corporate” accounts to easily group all users together, but the behaviour relies in the backend on a manually maintained (by Tailscale) list of “shared” domains where this auto joining behaviour would be bypassed (eg. @gmail.com) to prevent say all Gmail users being grouped into the same account.
Of course this manual list missed some obscure shared email domains and there were users complaining on GitHub that they were unexpectedly seeing other users/machines in their account.
I hope this terrible design decision has now been fixed in some way but it adds to my slight unease at the authentication model being used (along with the OP’s concerns).
Aside from this Tailscale is a great product, but for something focussed on security these sorts of things need to be given a high priority (if they’re not already).