software

What 'Offline-First' Actually Means When You're Building a Privacy Tool

Published: (April 29, 2026 at 08:39 AM EDT)
2 min read
Source: Dev.to

Source: Dev.to

What “offline‑first” really means for a privacy‑focused PDF tool

“Offline‑first” is often used to mean “works without internet, syncs when reconnected.”
For a privacy‑focused PDF application, the requirement is stricter: the app must be architecturally incapable of sending your data anywhere—not just configured not to.

A tool that promises not to send your data is making a policy promise. The goal is to enforce that promise at the code level.

Removing network dependencies from the Rust backend

The Rust backend should have zero network crates. For example, the Cargo.toml might look like this:

# Cargo.toml — no network crates
[dependencies]
lopdf = "0.31"
aes-gcm = "0.10"
argon2 = "0.5"
image = "0.24"
notify = "6"
# reqwest is not here intentionally.

If a network crate isn’t present in the dependency tree, the binary cannot make HTTP requests, and no configuration option can enable something that doesn’t exist.

Checking for transitive network crates

Even if you don’t list a network crate directly, a dependency might pull one in transitively. Run:

cargo tree | grep -E "reqwest|hyper|h2|rustls|native-tls"

If anything appears, trace the output back to the originating crate and disable the offending feature. In the example above, an early dependency pulled in hyper via an optional feature flag; removing that flag resolved the issue.

Disabling Tauri’s built‑in network calls

Tauri performs network requests for update checks and telemetry. To keep the app offline‑only, disable both:

{
  "plugins": {
    "updater": {
      "active": false
    }
  }
}

Verifying that no traffic leaves the machine

Use a network monitor (e.g., Little Snitch on macOS) to confirm that no outbound connections occur during normal use.

License validation with minimal network surface

A one‑time activation key check is performed only at first launch. After activation, the key is stored locally and never re‑verified, allowing offline users to run the app indefinitely. This represents the minimal network surface acceptable for the product.

Why “offline‑first” matters

Most users don’t consider network behavior until they need to open highly sensitive documents—medical records, legal contracts, tax returns. At that point, “offline‑first” isn’t just a feature; it’s the core reason they chose the tool.

Hiyoko PDF Vaulthttps://hiyokoko.gumroad.com/l/HiyokoPDFVault

@hiyoyok

0 views
#offline-first #privacy #Rust #network‑free #dependency‑management #PDF tool #security architecture
View source
Share:
Back to Blog

Related posts

Read more »