Tailscale uses Wireguard which is E2EE and Tailscale clients are open source. I use taildrop all the time, it’s very reliable and not only that, it’s P2P so it doesn’t go through other people’s servers afaict.
My understanding is that to configure your WireGuard tunnels the tailscale saas layer distributes the keys. If so there’s nothing stopping it distribute a key you don’t control.
