Anti-Feature (Tracking): Tailscale (com.tailscale.ipn) logs and reports debugging information
Issue
App Name | Tailscale |
Package Name | com.tailscale.ipn |
Version | any |
Issue Type | Anti-Feature |
Classification | Tracking |
Description
Tailscale sends debug logs to their own servers. It's not clear if this can be turned off, as I do not use the service, but I do not think it can be, even if you self-host using something like headscale. In the past, developers have suggested blocking their DNS if you don't want it to happen.
Sources
Documentation
Each Tailscale agent in your distributed network streams its logs to a central log server (at log.tailscale.io). This includes real-time events for open and close events for every inter-machine connection (TCP or UDP) on your network.
[...]
Each client logs information about its own operation and its attempts to contact other nodes. The data collected and how it is used are described in our privacy policy.
[...]
Some logs are centralized collected by Tailscale for debugging. This is done with a custom-built, high-capacity, high-reliability, distributed logging system.
Right now, logs are only accessible locally on each node. You could stream your system- and container-level logs to the same centralized data store for further analysis.
— Official Documentation KB 1011
Public Statements
The log server is http://log.tailscale.io. You can make it unreachable in your /etc/hosts to avoid sending anything. (I haven’t tested this much, please let me know if you run into any issues.) Also block http://log.tailscale.com, as we may migrate to that hostname one day.
— David Crenshaw, Tailscale CTO, via Twitter. Apr 3, 2020
Code
We collect and use your email address and name, as well as your device name, OS version, and IP address in order to help you to connect your devices and manage your settings. We log when you are connected to your network.
Collection: "tailnode.log.tailscale.io",
— cmd/tailscale/backend.go#L298
// Upload logs infrequently. Interval chosen arbitrarily.