Tailscale state file encryption no longer enabled by default

Original Article ↗ Hacker News Discussion ↗

Change in behavior

  • Node state file encryption and hardware attestation keys are no longer enabled by default in recent Tailscale versions.
  • Behavior reverts to pre‑1.90.2: on Windows/Linux you must explicitly enable --encrypt-state; macOS GUI clients still use Keychain, and mobile platforms aren’t affected.
  • Automated deployments that relied on “secure by default” must now add flags.

Security implications / threat model

  • Encrypted state was meant to prevent “node cloning”: stealing the state file and impersonating a node from another machine.
  • It mainly protects against attackers who can read the disk but don’t fully control the system; if they have root, they can still grab keys from memory or ask the TPM to decrypt.
  • Commenters disagree on how important this is: some see it as an important hardening step for serious admins, others as a niche threat vs. the complexity cost.

Why it was disabled by default

  • Linked PR and an engineer’s comment: the main reason is support burden and unreliability of TPM usage across a very heterogeneous device fleet.
  • Common failure modes:
    • BIOS/firmware updates or motherboard replacements resetting TPM or changing measured state.
    • Flaky or buggy fTPMs on consumer boards.
    • VMs/vTPMs, Kubernetes pods, and images cloned/moved between hosts.
  • Resulting behavior: Tailscale stuck “starting” or refusing to connect with little diagnostic info. Even disabling encryption sometimes didn’t help due to hardware attestation key handling.

Debate on defaults: security vs. usability

  • Some view this as a major U‑turn after a big blog post and a brief default‑on period; they expected “secure by default” to stick.
  • Others argue the feature was clearly still maturing; once serious regressions appeared, rolling back the default was the only reasonable choice.
  • Several say TPM-based protections should always be opt‑in because they behave like a time bomb when hardware or firmware changes.

General TPM discussion

  • Many reports of TPM resets breaking Bitlocker or other crypto after BIOS updates; advice is always to have recovery keys/backups.
  • Consensus: TPMs are powerful in tightly controlled or enterprise environments, but too fragile and confusing as a universal default for a product that runs “on everything.”