I haven’t used tailscale to know how well it works but as a current zerotier user I’ve been considering moving away from it.

I actually love the idea and it’s super simple to set up but has some very annoying pitfalls for me:

1. It’s a lot of “magic”. When it fails to work the zerotier software gives you very little information on why.
2. The NAT tunneling can be iffy. I had it fail to work in some public WiFis, occasionally failed to work on mobile internet (same phone and network when it otherwise works). Restarting the app, reconnecting and so on can often help but it’s not super reliable IMO.
3. Just recently I’ve had to uninstall the app restart my Mac, reinstall the app to get it to work again - there were no changes that made it stop, it just decided it’s had enough one day to the next and as in point 1, it doesn’t tell you much over whether it’s connected or not.

Pretty much all of the issues I’ve had were with devices that have to disconnect and re-connect from the network and/or devices that move between different networks (like laptop, phone). On my router, it’s been super stable. Point is, your mileage may vary - it’s worth trying but there are definitely issues.

Would you accept a certificate issued by AWS (Amazon)? Or GCP (Google)? Or azure (Microsoft)? Do you visit websites behind cloudflare with CF issued certs? Because all 4 of those certificates are free. There is no identity validation for signing up for any of them really past having access to some payment form (and I don’t even think all of them do even that). And you could argue between those 4 companies it’s about 80-90% of the traffic on the internet these days.

Paid vs free is not a reliable comparison for trust. If anything, non-automated processes where a random engineer just gets the new cert and then hopefully remembers to delete it has a number of risk factors that doesn’t exist with LE (or other ACME supporting providers).

Except there is (of course) a mega thread on Reddit to get invites where people blindly invite anyone.

I like to think the behind the scenes is just a decades long game of dare in Mozilla’s leadership that slowly got out of control but they’ve all gotten too deep in it now to give up and just call it a tie.