Comment by traceroute66

Historical blog post from tailscale (August 2025) saying how awesome and important this feature was[1].

TL;DR If you care about the stuff mentioned in that blog post (which most sensible sysadmins would) then the implication is that you are no longer protected against those threat scenarios UNLESS you manually apply the flag at install time.

Which means for people using deployment scripts/tools you now need to update those to put the flag in during installation. Because previously you could rely on the feature being "on by default", which is no longer the case.

[1]https://tailscale.com/blog/encrypting-data-at-rest