Tailscale has raised $160M

Original Article ↗ Hacker News Discussion ↗

Initial Reaction to the $160M Raise

  • Many commenters express immediate anxiety that a large Series C implies future “enshittification”: feature removals, tighter paywalls, enterprise‑only functionality, or eventual acquisition.
  • Others see it as validation that the product is durable and less likely to disappear, and that founders and early staff deserve liquidity.

VC, Burn, and Control Concerns

  • Thread debates whether they’ve already burned much of the previous $100M and what yearly burn might look like (tens of millions, mostly salaries and go‑to‑market).
  • Some argue big rounds inevitably come with stronger investor pressure to maximize revenue, even if there’s no “debt” to repay.
  • A minority push back, noting strong growth can justify large “war chests” and that some capital may simply de‑risk downturns or fund long bets.

Enterprise Strategy and Pricing

  • Strong criticism of pricing jumps: core features like robust ACLs, SAML/SCIM, and advanced logging push per‑user costs into ~$18–20+/month, which smaller orgs find hard to justify.
  • Others defend this as deliberate segmentation: free tier for hobbyists, mid‑tier for small teams, and premium pricing where enterprises can pay.

Open Source vs Proprietary & Alternatives

  • Recurring discomfort that the coordination server is closed source; Headscale provides a self‑hosted implementation but is seen as limited vs the hosted service.
  • Multiple alternatives are discussed: NetBird (often praised, fully open source, self‑hostable), ZeroTier, Nebula, Netmaker, innernet, Teleport.
  • Some expect forks or OSS UX layers over WireGuard if Tailscale’s product worsens.

Product Quality, Use Cases, and Technical Pain Points

  • Widespread praise: “just works” VPN, excellent UX, great for home labs, small business networks, robotics/IoT, family file sharing (Taildrop), replacing OpenVPN/AnyConnect.
  • Notable issues: flaky MagicDNS/DNS on Linux and Apple devices, routing quirks, reliance on DERP relays when NAT traversal fails, user‑space WireGuard performance concerns, recent subnet‑router regressions on some distros.

Security Model and Identity-First Networking

  • Interest in the “identity‑first networking” / “new internet” vision: moving away from IP‑centric security toward user/service identity, and overlaying on IPv4/IPv6 rather than replacing them.
  • Some worry about trusting a centralized control plane; Tailnet lock is cited as mitigation but still depends on the control server’s behavior.

Hosted vs Self‑Hosted, SSO Requirements

  • Questions about failure modes: if the hosted control plane dies, existing tunnels should keep working but new connections/changes can’t be orchestrated.
  • Several users dislike that sign‑in effectively requires big‑tech identity providers; custom OIDC is possible but seen as overkill for individuals.