DEV Community

Cover image for What "Offline-First" Actually Means When You're Building a Privacy Tool
hiyoyo
hiyoyo

Posted on

What "Offline-First" Actually Means When You're Building a Privacy Tool

#rust #tauri #privacy #offline

All tests run on an 8-year-old MacBook Air.

"Offline-first" gets used to mean a lot of things. For most apps it means "works without internet, syncs when reconnected."

For a privacy-focused PDF tool, it means something stricter: the app should be architecturally incapable of sending your data anywhere — not just configured not to.

Here's what that actually requires in practice.

The difference between "won't" and "can't"

A tool that promises not to send your data is making a policy promise.
A tool that has no network stack can't send your data — that's an architectural guarantee.

The goal was the second one.

No network stack in the core app

The Rust backend has zero network dependencies. No reqwest. No hyper. No tokio with network features enabled.

# Cargo.toml — no network crates
[dependencies]
lopdf = "0.31"
aes-gcm = "0.10"
argon2 = "0.5"
image = "0.24"
notify = "6"
# reqwest is not here. intentionally.
Enter fullscreen mode Exit fullscreen mode

If a network crate isn't in the dependency tree, it can't make requests. No configuration option can enable what doesn't exist.

Auditing transitive dependencies

Your direct dependencies might pull in network crates transitively:

cargo tree | grep -E "reqwest|hyper|h2|rustls|native-tls"
Enter fullscreen mode Exit fullscreen mode

Run this. If anything appears, trace back which dependency pulled it in.

In my case, an early dependency pulled in hyper via an optional feature flag I hadn't noticed. Removing one feature flag fixed it.

Tauri's own network calls

Tauri makes network calls for update checks and some telemetry. Disable both:

{
  "plugins": {
    "updater": {
      "active": false
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

Verify with a network monitor (Little Snitch on macOS) that nothing goes out during normal use.

The one exception

License validation. One-time activation key check at first launch only. After activation, the key is stored locally and never re-verified. Offline users can use the app indefinitely.

This is the minimal network surface I was willing to accept.

What users actually care about

Most users don't think about this — until they need to open a document they'd never send to a server. Medical records. Legal contracts. Tax returns.

At that moment, "offline-first" stops being a feature and becomes the reason they chose your tool.

Hiyoko PDF Vault → https://hiyokoko.gumroad.com/l/HiyokoPDFVault
X → @hiyoyok

Top comments (0)