they were talking about proxy VPNs, whereas tailscale is for building actual virtual networks to connect your devices, which is a completely different thing (besides sharing the same approval foundation).

If you were to distrust tailscale (and you’re not simply self hosting headscale), an attacker might be able to access for otherwise non-public devices(’ ports), reroute/MitM your traffic and monitor which device connects to which.