Comment by bradfitz
3 years ago
> I'm skeptical of the obvious counterpoint that this assists a flywheel of greater b2c satisfaction leading to b2b success...
Okay. But it does? Our stats continue to show that making nerds happy (we're also nerds) leads to more corporate sales. (https://tailscale.com/blog/free-plan/ etc)
So if we can make something that we want ourselves and our friends and fellow nerds also like, and that also then leads to more corporate sales... why not?
Anecdata: It directly lead us (Instacart) to try and then adopt Tailscale. Many of us had used it at home and were happy nerds. This gave it a huge initial leg up vs other "enterprisey" VPNs when we were in the evaluation stage.
Tailscale sold itself after that. The docs were excellent and it really is simple to use and run. I was able to do a full PoC in day and prove that I could join all of our environments and clouds into one VPN and have DNS resolving correctly everywhere.
Same here.
Tried Tailscsle at home, took it to work and implemented it for our own needs.
Seems to me making nerds happy had a great conversion rate to paying customers.
I appreciate the response - great blog post. I don't doubt this works for certain companies and components of the ecosystem; it worked for Dropbox (at least for a long time).
Tailscale is clearly a superior product to it's competitors and I have regularly recommended colleagues and clients to evaluate whether it fits their needs. However, unfortunately, that is frequently not enough to "win" in the crowded and bureaucratic enterprise software space.
I would love to be proved wrong here and wish you the greatest success!
The big problem with Tailscale in enterprise is it can't touch anything that interacts with lots of compliance domains, which typically require FIPS.
There are creative ways to get around that, but it makes implementation a complex story and heavy lift.
Of course the typical comment that ignores every other country except the USA.
Which "compliance domains" are you thinking of that require FIPS crypto for access VPNs? Be specific, if you can? Thanks!
6 replies →
A lot of B2C VPNs position themselves as kinda sketchy and anti-corporate.
If the cops or the MPAA come calling, we'll tell them to go to hell. Netflix blocks our servers? We'll set up new ones. Accused of torrenting? We didn't see anything, and we don't know who you are either. We're incorporated in a jurisdiction that makes us almost impossible to sue. We've got 4 employees, and not a single clothes iron between us.
B2B VPN products often have the opposite market positioning - straight-laced, trustworthy stuff. Absolutely not claiming to be difficult to sue. We've got 50+ employees, all of them wear shirts and some even wear ties. And suppliers like cloudflare are more than happy to help you MITM all your employees' https traffic, in the name of "security".
These just seem like positions in the market that are very hard to reconcile.
Cloudflare is on a somewhat interesting position. They are known for negative about banning copyright violation or controversial contents (than competitors), but also provides enterprise solutions.
> They are known for negative about banning copyright violation or controversial contents (than competitors)
They're required to do the former (and Switter) by American laws, and for the latter: they banned the Daily Stormer, 8chan after a terrorist incident, and Kiwi Farms after their members called for open violence. It's not hard to see why these three got banned, inciting violence is not covered by "free speech".
This is simply a false dichotomy and that you don't realize such is damning
This is a pretty tried and true process historically as well, just… “ask your developer.”
A lot of the people making purchasing decisions to acquire products like Tailscale are in security departments and have a very low opinion of Mullvad (VPN of choice for all kinds of abusive/fraud/hacking traffic).
>>> and have a very low opinion of Mullvad
We do?
I have a high opinion of them, one of the few VPN services I would trust not to give in even to governmental pressure. I firmly believe they would shut down their service before the compromised user privacy. That is very commendable
Are you a CISO or otherwise have that purchasing power? I’ve found that CISO types hold opinions that are not usually met by ground floor or even middle management folks.
i agree. meanwhile people are using vpns they saw advertised on youtube
Why would this affect the security of someone adopting Tailscale? It's not like partnering with Mullvad makes it easier for hackers/fraudsters/etc to attack a Tailscale user. Maybe I'm an idiot, but I would assume that 'hackers/fraudsters trust it' probably means that they do a decent job of respecting privacy?
What is the VPN service you think people (people on HN, say, not YouTube) have a high opinion of?
Mozilla is rebadged Mullvad. Proton might be ok. Everything else (Nord, Avast, Express, ...) is YouTube sponsor trash, Mullvad's the gold standard afaik.
Cloudflare Warp, WindScribe, and iVPN are decent. But given the ubiquity of DoH and the roll out of HTTP3/QUIC + Encrypted Client Hello, no VPN might serve just fine, too.
>(VPN of choice for all kinds of abusive/fraud/hacking traffic).
This is a pretty bad take. With your logic anything pro-privacy like Signal/Matrix etc would also be "x of choice for abuse/fraud/hacking etc" and thus shouldn't be used.
A VPN that can block activity X by definition is monitoring you to decide whether you're doing activity X.
Surely any solution worth using is going to be doing that on the client side in a way that's independently verifiable.