basically tailscale does direct connections between nodes, yes, and it is encrypted but these nodes at the start don’t know each other, they ask the tailscale control plane “what nodes are there” if the control plane lies and inserts fake/impersonating nodes, it could pretend to be your trusted laptop for example