Tailscale is heavily focused on authorization (authz; what you can do), and considers strict identity verification (authn) crucial to that goal. So they chose to delegate the latter problem to a party that's already solved it better than Tailscale could. This is reasonable and I'm with them.

But I do agree with you on your point; once you lose your Google account, you lose a lot more - including your personal TS network, which may include offsite devices, grandparents' PC, etc.

Unfortunately your TS account is also heavily tied to the chosen ID provider, I don't think you can change it at all (even if you go thru support). I would prefer to be able to link two IDs to a single TS account (e.g. Google and Apple), perhaps be able unlink the one I don't want anymore. I see a security concern in there (you either have a weak link, or you can't unlink an account you don't control anymore), but it would still be nice.

> I don't think you can change it at all (even if you go thru support)

I thought you could, but there's one exception (that I can't recall). If you signed up with that specific OIDC provider, you can't switch but you can with the other stock OIDC providers.

I remember the same, and I think GitHub was the exception.

I raised a ticket as i created mine as a test using Apple login and wanted to change. Was basically told to just create a new account with them.

>As someone who got his google account blocked and got locked out of half of the internet,

Say again please? How did you get locked out of so much I ask? I use one gmail account for mostly unimportant emailing and as a dumping ground for email signups that later spam you to death with "promotions". That's about it, and I'm able to use a hell of a lot more than "half the internet".

I'm honestly curious about the mechanics of how and why one could let aving, or losing, a google account affect them so much.

Does this really take so much imagination? They used their Google account for signing up to everything else, so when they lost access to the Google account they were locked out of everything else as well.

Given Google's well known history of randomly blocking accounts with no clear reason and no normal route for recourse, I can't fathom why anyone would do such a thing. Even back in the early years, it happened often enough to be leery of depending on this company for so much.

Long story, I give the brief summary: I signed up around 2006 for gmail bringing my own domain (that was free at that time). Over the years, that "gmail" was turned into google accounts. Since 2012 google decided custom domains are no longer free, but kept existing users if it was non-commercial usage. Somewhen around 2023 they decided to kick out users using their own domain, forcing them to convert to paid google workspace subscription. I compared prices and instead moved my domain to Microsoft365. Since then the first thing I login with google is a message telling me that I need to upgrade to a paid Google Workspace subscription. All my notes in google keep were gone, google maps bookmarks etc. And yes, I can't even access those free services google offers anymore with that account.

Have you seen headscale? It's a bit of work if you don't have a selfhosting setup but it enables you to use the service without being at the whim of Tailscale.

Ironically the reason headscale exists is at the whim of tailscale. Because tailscale allows headscale to use their client. If they revoked that ability, which they reserve the right to and could do at any time, headscale would be non viable as software for most use cases

May as well use NetBird in that case.

You can login with a passkey now: https://tailscale.com/kb/1341/tailnet-passkey-admin. It looks like you still have to use Google/etc. for your main account initially. But still, this would prevent getting locked out.

login != signup.