naibed
September 17, 2025, 3:50am
7
Speaking of not being an anonymity service, I stumbled across this ticket on Tailscale’s GitHub. It’s been open for 3 months with no response:
When “Use Tailscale DNS settings” is checked in macOS, Tailscale additionally records all your system’s DNS queries. This means that when this box is checked, on machines where it is installed, Tailscale will collect metadata about your laptop’s routine web browsing, such as when you visit Google.com , and when your server retrieves updates from Ubuntu, your AWS account ID, your EKS endpoints, and other private hash information that appears in domain names. This is your “Internet browsing metadata”.
opened 03:53PM - 02 Jun 25 UTC
needs-triage
bug
### What is the issue?
Tailscale will collect telemetry, logs, metadata, etc. (… the "logging") about all connectivity that transits a Tailscale IP address.
When "Use Tailscale DNS settings" is checked in macOS, Tailscale additionally records all your system's DNS queries. This means that when this box is checked, on machines where it is installed, Tailscale will collect metadata about your laptop's routine web browsing, such as when you visit Google.com, and when your server retrieves updates from Ubuntu, your AWS account ID, your EKS endpoints, and other private hash information that appears in domain names. This is your "Internet browsing metadata".
Here is your documentation about disabling telemetry, logging, whatever you want to call it:
https://tailscale.com/kb/1011/log-mesh-traffic?tab=macos#opting-out-of-client-logging
On macOS, a community member found the paths that need to be modified, today:
https://github.com/tailscale/tailscale/issues/5114#issuecomment-2562348184
```
/private/var/root/Library/Containers/io.tailscale.ipn.macsys.network-extension/Data/tailscaled-env.txt
~/Library/Containers/io.tailscale.ipn.macos.network-extension/Data/tailscaled-env.txt
/etc/tailscale/tailscaled-env.txt
```
These should have the contents:
```
TS_NO_LOGS_NO_SUPPORT=true
```
There doesn't appear to be a way to disable the collection of Internet browsing metadata when "Use Tailscale DNS" is enabled.
### QA
**How does Tailscale's collection of DNS queries differ from your ISP, Cloudflare, Apple and Google's?**
It doesn't. That said, Google has your e-mail, it has proven to be a good steward of your private browsing data.
**How does Tailscale's collection of DNS queries differ from other Internet utilities, like HTTPS Everywhere, spam / phishing, and similar queries?**
Those purposes seem narrow to me.
**Why doesn't the UI provide an easy way to disable telemetry?**
I'm not sure. I think it's a central part of their investment thesis. Support is a sincere use case, and yet... it's something you can turn back on, so it's not like you can't turn on logging for the express purpose of a support session.
**How does this affect me?**
Personally, I don't object to the collection of telemetry generally. I question if tailscale needs such fine grained metadata about IP connections. I never want to send any fraction of information about my Internet browsing to Tailscale.
### Steps to reproduce
1. Visit the settings page
2. Observe there is no checkbox for Tailscale logging. There should be one.
<img width="712" alt="Image" src="https://github.com/user-attachments/assets/5adff280-30eb-45c3-a2b4-2e84a507e8c5" />
### Are there any recent changes that introduced the issue?
In some ways you guys made it harder to disable logging, presumably on purpose. I mean it's such an obvious choice. It's your prerogative.
### OS
macOS, Windows, Linux
### OS version
Sequoia 15.3.2
### Tailscale version
1.84.0
### Other software
_No response_
### Bug report
BUG-NO-LOGS-NO-SUPPORT-this-node-has-had-its-logging-disabled