Technology Apr 29, 2026 · 2 min read

What "Offline-First" Actually Means When You're Building a Privacy Tool

All tests run on an 8-year-old MacBook Air. "Offline-first" gets used to mean a lot of things. For most apps it means "works without internet, syncs when reconnected." For a privacy-focused PDF tool, it means something stricter: the app should be architecturally incapable of sending your data anyw...

DE
DEV Community
by hiyoyo
What "Offline-First" Actually Means When You're Building a Privacy Tool

All tests run on an 8-year-old MacBook Air.

"Offline-first" gets used to mean a lot of things. For most apps it means "works without internet, syncs when reconnected."

For a privacy-focused PDF tool, it means something stricter: the app should be architecturally incapable of sending your data anywhere — not just configured not to.

Here's what that actually requires in practice.

The difference between "won't" and "can't"

A tool that promises not to send your data is making a policy promise.
A tool that has no network stack can't send your data — that's an architectural guarantee.

The goal was the second one.

No network stack in the core app

The Rust backend has zero network dependencies. No reqwest. No hyper. No tokio with network features enabled.

# Cargo.toml — no network crates
[dependencies]
lopdf = "0.31"
aes-gcm = "0.10"
argon2 = "0.5"
image = "0.24"
notify = "6"
# reqwest is not here. intentionally.

If a network crate isn't in the dependency tree, it can't make requests. No configuration option can enable what doesn't exist.

Auditing transitive dependencies

Your direct dependencies might pull in network crates transitively:

cargo tree | grep -E "reqwest|hyper|h2|rustls|native-tls"

Run this. If anything appears, trace back which dependency pulled it in.

In my case, an early dependency pulled in hyper via an optional feature flag I hadn't noticed. Removing one feature flag fixed it.

Tauri's own network calls

Tauri makes network calls for update checks and some telemetry. Disable both:

{
  "plugins": {
    "updater": {
      "active": false
    }
  }
}

Verify with a network monitor (Little Snitch on macOS) that nothing goes out during normal use.

The one exception

License validation. One-time activation key check at first launch only. After activation, the key is stored locally and never re-verified. Offline users can use the app indefinitely.

This is the minimal network surface I was willing to accept.

What users actually care about

Most users don't think about this — until they need to open a document they'd never send to a server. Medical records. Legal contracts. Tax returns.

At that moment, "offline-first" stops being a feature and becomes the reason they chose your tool.

Hiyoko PDF Vault → https://hiyokoko.gumroad.com/l/HiyokoPDFVault
X → @hiyoyok

DE
Source

This article was originally published by DEV Community and written by hiyoyo.

Read original article on DEV Community
Back to Discover

Reading List