Tailscale is great -- they centralize a bunch of annoying stuff (authn and authz) in their control plane which orchestrates wireguard connectivity between users and devices. It is an amazing tool for any homelabber wanting to access their network or self-hosted services, and It's fairly straightforward share access to services on a tailnet with friends. Setting up a server requires a bunch of technical knowledge, but at the same time the quality of service templating capabilities (e.g. with nix) could make this more and more accessible. Today, when you self-host something and want to share it with friends, the identity & security parts are still complex (and you don't want to get them wrong). But what if tailscale had an "apps" pane with one-click deployment of a minecraft server or jellyfin to either a tailscale-managed raspi or cloud compute? People would be able to create private networks with their friends and share hosted services with them. Turning on the tailscale VPN on your phone suddenly gives you access to all this great stuff from your friends. Sure, you can get a hosted minecraft server and share your IP and password with friends, but tailscale is in the position to leverage identity as a "passport" within user-managed networks, and provide service discovery with way better UX than ip:port. Users on the network wouldn't need to know what URLs to go to, or remember login/password info. They could go to their friend's net and browse the services they're hosting. Maybe there's a "request access" button, a "favorite" star, or even a "copy" button to host the same server under your account. I love the open web, and I wouldn't want one company to manage identity on the internet, but there's also something really interesting about this thought experiment -- something community oriented. An inversion of control.