Back to blog

Why local-only privacy changes the security UX

·KA13 Team

Most security tools ask you to make a fundamental trade: give us access to your data, and in return, we will protect you. This creates an inherent trust dependency. You have to believe that the security vendor will not misuse the extensive access you have granted them.

Baselyt rejects this trade entirely. By processing everything on-device with metadata-only collection, we eliminate the need to trust us with your sensitive information.

The traditional model: trust us

Consider how most mobile security apps work:

  • Install a VPN that routes all your traffic through their servers
  • Scan every file you download by uploading it to their cloud
  • Analyze your app usage patterns by sending telemetry to their backend
  • Inspect your network traffic to detect threats, which requires decrypting HTTPS

Each of these approaches requires you to trust the vendor with extremely sensitive data. Even with the best intentions, this creates risks:

  • Data breaches: The vendor's servers become a honeypot for attackers
  • Government demands: Legal requests can force vendors to hand over collected data
  • Mission creep: Today's privacy-focused startup becomes tomorrow's data monetization machine
  • Employee access: Internal staff may have more access to user data than users realize

The local-only alternative

Baselyt's architecture makes these risks structurally impossible:

  • On-device VPN: Your traffic never leaves your phone. We create a local VPN tunnel purely for enforcement, not for routing through our servers
  • Metadata-only: We never see message content, browsing history, or any sensitive data. Just behavioral patterns like "app X made 10 requests to domain Y"
  • Local analysis: All baseline learning and drift detection happens on your device. No telemetry sent to our servers by default
  • No TLS interception: We do not install root certificates or perform man-in-the-middle attacks. Your encrypted traffic stays encrypted

How this changes the UX

No account required

Most security apps require you to create an account, link an email, and often provide payment information. Baselyt does not need any of this for core functionality. Your data lives only on your device.

Transparent data controls

When all processing is local, you can see exactly what data exists and control it directly:

  • Delete all baselines for a specific app. Done instantly, no server sync
  • Export your data for personal analysis: a JSON file, no permission requests needed
  • Purge everything: one button, immediate deletion

Works offline

Because everything happens on-device, Baselyt works even when you are offline. Baseline learning continues, drift detection keeps running, incident logs keep recording.

Verifiable privacy

Trust-based privacy requires you to believe vendor claims. Local-only privacy can be verified: use a network sniffer to confirm Baselyt is not sending data anywhere, or review the code once open-sourced.

The trade-offs

  • No cross-device sync by default: Your baselines do not automatically follow you to a new phone (though opt-in backup solves this)
  • Limited to device capabilities: We cannot use powerful cloud-based ML models for analysis
  • No centralized threat intelligence: If your phone detects a malicious app, other users do not automatically benefit

We believe these trade-offs are worth it. The privacy guarantees create a fundamentally more trustworthy foundation for security software.