On its face, this is really cool and being a user of both tailscale and mullvad this is awesome.
My primary concern though: will this lead to potential privacy leaks? Can a government agency shakedown Tailscale now to trace your Mullvad ID/connection to your Tailscale account?
That doesn't really answer my question at all, at least not thoroughly in plain english.
The question is: if a government agency goes to tailscale and says: "we're looking for Mullvad user 912830193276163872" - does tailscale log that, can they provide it, will they provide it?
Tailscale needs to know information about your Mullvad license in order to authenticate you with the exit nodes. So it's theoretically possible for a government to ask Tailscale to correlate the data they've collected about you (like a client IP) with an authorized Mullvad license. Which, of course, they'd need to know represents your traffic from talking to Mullvad, which means you're not really placing any extra trust in Tailscale.
I would assume that Headscale could also support this functionality in the future if you trusted Mullvad but not Tailscale.
> Tailscale needs to know information about your Mullvad license in order to authenticate you with the exit nodes.
That doesn't sound strictly true.
Mullvad and Tailscale need to settle their costs between each other, and Tailscale needs to settle with you.
What Tailscale needs to know about "your" Mullvad license is that x of y devices are using a Mullvad exit node, so they can charge you for y.
What Mullvad needs to know is a high water mark usage (data transfer, throughput, connections, whatever) for Tailscale (not you) so they can charge Tailscale some carrier grade rate.
There's little reason Tailscale couldn't do a iCloud Private Relay style Apple<->CloudFlare privacy preserving handoff.
My primary concern though: will this lead to potential privacy leaks? Can a government agency shakedown Tailscale now to trace your Mullvad ID/connection to your Tailscale account?