Tailscale file transfer (Taildrop) vs YAFL – your devices vs anyone
If you run Tailscale, Taildrop is a lovely perk: send a file from one of your devices to another, over your own WireGuard-encrypted tailnet, no third party in the path. For laptop-to-desktop moves between machines you own, it's exactly right.
Its boundary is the same as its strength: Taildrop moves files between your own devices. Per Tailscale's docs, it can't send to a device owned by someone else, even one on the same tailnet – the moment the other end isn't a device you own, you need something else.
Where Taildrop stops
- The receiver isn't your own device. A client, a collaborator, a one-off recipient – inviting someone into your network (or getting them a Tailscale identity at all) to hand over one file is the wrong tool.
- The receiver is an AI agent. There's no MCP surface, and Taildrop's file CLI (
tailscale file cp/tailscale file get) only targets your own tailnet devices – nothing built for an agent to send, receive, and check transfers as tool calls to an arbitrary recipient. - You want a link, not a push. Taildrop pushes files to a device; sometimes you want a URL you can paste into a chat, an email, or an agent prompt – redeemable later.
What YAFL does differently
| Taildrop | YAFL | |
|---|---|---|
| Who can receive | Your tailnet devices | Anyone with the link – browser, CLI, or MCP agent |
| Network requirement | Tailscale on both ends | Plain internet |
| Timing | Receiving device online | Async – 24-hour link, get_status to check liveness |
| Encryption | WireGuard tunnel (network-level) | End-to-end at the file level – key only in the URL #fragment; app server never handles the bytes, storage holds ciphertext only |
| Agent surface | – | MCP tools incl. login + CLI with stable exit codes |
| Cleanup | Files land on the device | Links self-destruct at 24h; one-time links burn on first download |
Different encryption philosophies, both honest: Tailscale secures the pipe between your devices; YAFL secures the file itself, so even the storage operator can't read it – which is what lets the link go to anyone.
When to use which
- Between your own Tailscale devices → Taildrop.
- To a person or agent outside your tailnet – the Taildrop alternative case → YAFL.
- Into an AI workflow (Claude Code on a VPS, agent-to-agent) → YAFL – one
upload_filecall, onedownload_filecall. - Want a no-account, live-code terminal option instead? See Magic Wormhole vs YAFL or LocalSend vs YAFL.
FAQ
Can Tailscale send files to someone outside my tailnet? Taildrop is designed for your own tailnet devices. For recipients outside it, use a link-based E2EE tool: yafl put file.zip gives you a 24-hour link anyone can open in a browser – or that an agent can redeem with one MCP call.
Install: npx -y @yafldev/mcp with
YAFL_API_KEY set, or the one-liner
curl -fsSL https://yafl.dev/install.sh | sh.