Hello I’ve been using cloudflare to get remote access for the couple apps I selfhost, but lately I’ve been hearing about the wonders of tailscale.

It seems that the free tier is enough for my use. Which would be a safe option to have remote access for my 3D printer? Also how are both in terms of privacy?

  • keyez@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    Just my two cents I’d prefer my traffic going through Cloudflare vs Tailscale if it’s all the same, since I’ve heard a lot about Tailscale but know nothing. I’ve interacted on Github threads with people from cloudflare and they’re all super nice and their blog posts and post-mortems are very insightful. Was curious to see if people had actual insight but appears it’s just auto cloudflare = bad.

    • Encrypt-Keeper@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      That’s the beauty of Tailscale, you don’t have to trust them, because they don’t MITM your data, unlike with Cloudflare. I’m sure the employees of Cloudflare are nice, but so are the employees of any company, good or bad. It’s not that Cloudflare is necessarily bad, but you’re putting them in a position of trust over the content of your data you send through them, as opposed to trusting no one.

      I’m sure most of the people who work for Google are very nice people, but people still switch to self hosting for the privacy and control over their own data, and the same goes for Cloudflare.

      • keyez@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        1 year ago

        Got any info on how cloudflare MITM and decrypts all traffic but tailscale doesn’t? Playing devils advocate and pointing out how not much you’re saying is making sense.

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Look man I get that you’re not very tech literate and as a hobbyist that’s perfectly ok but just because you don’t know much about technology doesn’t mean the technology doesn’t make sense. You wanted to know what’s different and I told you, you wanted to know how and I told you. If you still don’t understand something then you need to articulate that and ask an actual question. It took me years to earn a degree in network engineering I can’t just distill all of that knowledge into a single comment for you to cover every possible dependent piece of knowledge that you’re lacking because all you can communicate is “I don’t get it”. You have to be specific on what it is specifically that you’re not getting.

          I will indulge you again here under what might be a false assumption that you genuinely want to know the answer.

          Cloudflare MITMs your traffic because that’s how it was designed. Your traffic is encrypted to their servers, de encrypted, then reencrypted between Cloudflare and your server. They can see and modify any data you send through them. All your passwords, tokens, and personal information are readable by Cloudflare. Therefore there’s an incredible amount of trust you need to put in Cloudflare, and the security of their systems.

          Tailscale on the other hand has a service called funnel, which is a direct replacement to Cloudflare tunnels, however they differ in that Tailscale is a company with privacy and security as a priority and they accomplish the same goal as CF tunnels but their solution is designed to keep your data encrypted end to tend, from your client to your server. You therefore don’t need to place all that trust with Tailscale because they can’t see or modify your data even if they wanted to.

          Both services accomplish the task of proxying public traffic to your backend server, however CF opens up all your data, and Tailscale doesn’t. Think of them both like a postal service, except Cloudflare opens up all your mail and puts it into new envelopes before giving it to the carrier for delivery to your mailbox. A lot of us prefer the postal service that just leaves your mail sealed from origin to destination.

        • milkjug@lemmy.wildfyre.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          EncryptKeeper’s explanation is perfectly concise and informative if you have a cursory grasp of self hosting and networking.

          If it’s not making sense to you, I would suggest revisiting some of the technical fundamentals of self-hosting, which admittedly is quite an advanced topic that most people don’t, and do not need to care about.

          You would be equally well-served, perhaps more so (if you don’t really care about privacy or terms of service) by sticking to regular cloud services. The road to self-hosting is arduous and if done wrongly, causes you more harm than good. Especially if your technical foundation is not yet strong. Which your posts suggest is the case.