YetAnotherFileLayer

Tailscale file transfer (Taildrop) vs YAFL – your devices vs anyone

If you run Tailscale, Taildrop is a lovely perk: send a file from one of your devices to another, over your own WireGuard-encrypted tailnet, no third party in the path. For laptop-to-desktop moves between machines you own, it's exactly right.

Its boundary is the same as its strength: Taildrop moves files between your own devices. Per Tailscale's docs, it can't send to a device owned by someone else, even one on the same tailnet – the moment the other end isn't a device you own, you need something else.

Where Taildrop stops

What YAFL does differently

TaildropYAFL
Who can receiveYour tailnet devicesAnyone with the link – browser, CLI, or MCP agent
Network requirementTailscale on both endsPlain internet
TimingReceiving device onlineAsync – 24-hour link, get_status to check liveness
EncryptionWireGuard tunnel (network-level)End-to-end at the file level – key only in the URL #fragment; app server never handles the bytes, storage holds ciphertext only
Agent surfaceMCP tools incl. login + CLI with stable exit codes
CleanupFiles land on the deviceLinks self-destruct at 24h; one-time links burn on first download

Different encryption philosophies, both honest: Tailscale secures the pipe between your devices; YAFL secures the file itself, so even the storage operator can't read it – which is what lets the link go to anyone.

When to use which

FAQ

Can Tailscale send files to someone outside my tailnet? Taildrop is designed for your own tailnet devices. For recipients outside it, use a link-based E2EE tool: yafl put file.zip gives you a 24-hour link anyone can open in a browser – or that an agent can redeem with one MCP call.

Install: npx -y @yafldev/mcp with YAFL_API_KEY set, or the one-liner curl -fsSL https://yafl.dev/install.sh | sh.

Get started Full setup docs →