BACK
your secret internet
remote

your secret internet

or how to expose things to the internet in such a way only you can access them

Created On: Tue, 19th May 18:51 (2026)

Updated On: Tue, 19th May 19:28 (2026)

Published On: Tue, 19th May 19:18 (2026)

hey, it's been a while since last time. i was gonna write a generic thing, but then i decided to talk about one of the things i've been working with. something called the tailnet. now, if you want the complete details, then i have to point you to the official docs that exist which describe this in a lot of detail, though you'll need some kinda technical background to understand it, so for the layman, the title of this article is close enough.

disclaimer

i am very much not an expert in the world of networking. so i may say some things that are incorrect. however, i am confident enough that the only things i'd get wrong are either how "modern/revolutionary" something is (say, TailScale can be similar to how a VPN works), or some of the more technical stuff.



essentially the way it works is that you're defining your own kind of subnetwork, where all IPs look like 100.x.x.x - and in order to get access to it, you have to authenticate in some way. you will depend on a central control server, in this case hosted by Tailscale, however the only thing that part is used for is to discover other devices that you have also logged into, and using public keys for encryption purposes. However, the actual "network" is between your devices only - essentially it creates tunnels between your devices that are encrypted that can be used for them to access each other.

to put it another way, it's a kind of network that is accessible on the internet, however only after you actually "sign in" - in other words, your secret internet. however, what can you use this for?

well, you may have heard about selfhosting, or home labbing. this is basically a setup where you host your own stuff that you can access -- the Plex server, which helps you have your very own Netflix, is one example - but you can do almost anything that having a server would allow you to do. you can host your own email service, your own websites, your own services that let you have cloud storage -- except the "cloud" is your own devices. the capabilities are damn near endless. these are not even 1% of the things you can do, and "your own websites" is doing a lot of heavy lifting -- you can host whatever technology you want, and use it, without needing to depend on the cloud. of course, you can also host game servers.

...except, of course, this is locked within your home. I also take self-hosting to mean hosting on another server -- as frankly you can migrate that entire setup to work locally whenever you'd like. I just prefer the remote server approach because it takes away the issue of keeping something up 24/7, and the maintenance that comes with hosting your own stuff. now, technically you can expose your home network to the internet, but for many reasons this is a very unwise decision. the moment you open up your stuff to the internet, is the moment where the attack vector goes from near-zero to gargantuan. All it takes is one person with the savvy and curiosity to discover your stuff and try to enter it for all your stuff to become compromised. You can add security measures, such as authentication and firewalls - but everything comes with caveats. for example, firewalls are a bit difficult to setup while trying to retain remote access, since your device is going to have different IPs.

in comes TailScale. this can effectively act as a bonus layer of protection on top of everything. now, people can't even know that you have services. all the stuff you have hosted is functionally invisible on the internet -- there is no way they can stumble into it, so even discovering your stuff is going to be a problem. the only way they can basically access your network is by logging into TailScale, at which point congratulations! they've now broken through the first layer of security -- which wouldn't have existed anyways without it.

what this lets you do is basically, without much concern, self-host something like a Plex server, and then being able to access it from anywhere, all while the rest of the internet, save for TailScale, isn't even aware that it exists. so even if you don't have a password, you still have a layer of security. of course you should still use some more security - may as well add more layers - but it works out pretty well.

not to mention how damn simple it is. all you need to do, is install it on whatever device you want to connect to the network, login, and then voila! they're connected. now you can host something, and then have TailScale serve it up so other devices can connect. it's an extreme ease-of-use to utility ratio, and honestly kind of a no-brainer. of course, to make any use of it, you need enough of a technical understanding to actually setup/create things to host and use.

by the way...

if people are interested, i can explain how you can also setup your tailnet so that you can access it via a custom domain without needing to get one of TailScale's premium plans - it's perfectly normal, but i really only recommend it if you already have a domain, and have some kind of DNS setup, or are interested in setting one up - since then you get the benefits at no extra cost. if you're the kind of person who'd be interested in TailScale however, you probably already have a domain.