Comment by rainsford

Is the connection through Cloudflare still encrypted between the two peers, as it would be going through a Tailscale relay? If not, that's definitely a downgrade using the Cloudflare approach. But if not, I'm not sure the trust model is significantly different with maybe the added benefit of the fact that Cloudflare's relay performance is likely better given that relaying traffic is kind of their main thing rather than a very secondary function like it is for Tailscale.

On the other hand, my experience with Tailscale is that they're very, very good at NAT hole punching and I'd rather have a direct connection where possible from a latency standpoint.