A secluded wooden cabin in a snowy winter landscape, completely disconnected.

Photo by Serhattugg on Pexels

privacyon-devicelocal-first

Why Your Productivity Tracker Shouldn’t Need Wi-Fi

Most time trackers quietly upload every app and URL you visit to a cloud dashboard. Here's why that's a bad trade for your data — and what on-device tracking looks like instead.

Mike4 min read

Why Your Productivity Tracker Shouldn't Need Wi-Fi

Think about what your time tracker sees.

Every app you open. Every website you visit. The title of the document you're writing. The name of the Slack channel you're in. The hours you work, the hours you don't, the 2am stretch where you were clearly panicking about something.

Now think about where that data goes if you're using a cloud-based tracker. It leaves your machine, travels over the internet, and sits on a server run by a company whose business model depends on keeping your account active. Their ops team, their support team, their data analysts, and — if you're ever breached — a lot of strangers on the internet now have a pretty intimate record of your working life.

A productivity tracker is one of the most sensitive pieces of software you'll ever install. More telling than your browser history, because it's categorized and time-stamped. More telling than your calendar, because it's what you actually did, not what you intended to do.

It's worth asking: does this thing really need a network?

What "cloud-based" actually means in a time tracker

The pitch for cloud trackers sounds reasonable. "Sync across devices." "Access your reports anywhere." "AI-powered insights."

Here's what it means in practice:

  • A running process on your Mac reads your foreground app, window titles, and — if you grant the permission — URLs from your browser.
  • That stream is sent, continuously, to the vendor's servers.
  • It's stored, indexed, and analyzed on their infrastructure.
  • You log into a web dashboard to see the charts.

Three consequences that tend to be underplayed:

It's a permanent record they control, not you. Delete your account and you're trusting their deletion policy. Get locked out of the account and your years of history are stuck behind a support ticket.

It's a breach target. Productivity SaaS has been breached before, and productivity data is catnip for anyone doing targeted social engineering. "Hey, I noticed you've been in Jira ticket #1247 a lot this week — your manager asked me to loop you in on..."

The vendor's incentives aren't yours. Their growth loop depends on engagement, dashboards, team features, upsells. Your goal is simply to see where your attention went. Those two things drift apart over time.

What on-device tracking looks like

On-device means the tracker lives entirely on your Mac, like Finder or Terminal. Specifically:

  • Data stays in a local file — a SQLite database, or something similar — in your user directory.
  • The app makes zero network calls for analytics. No telemetry, no usage pings, no "anonymous improvement data."
  • There's no account, so there's nothing to log into and nothing to leak.
  • The reports are computed locally, inside the app, on the data you already have.

If someone pulled the network cable out of your Mac right now, an on-device tracker wouldn't notice. That's the test.

The trade-off people assume exists — "I'll give up privacy for better insights" — turns out to be a phantom. None of the core analyses (time per app, focus scores, trends, website breakdowns) require a server. They're just aggregations over a SQLite database. Your Mac can do that in milliseconds.

The permissions test

One quick way to tell whether a productivity tracker is respecting your data: look at what permissions it asks for, and what it does with them.

  • Accessibility / Automation. Fine to require — these are how macOS tells the app which website is active in your browser.
  • Full Disk Access. Should never be needed for a time tracker.
  • Network access for sync / account. Red flag unless you specifically want sync. Ask what's being sent and where.
  • Outbound connections at rest. Open Little Snitch or Lulu. If your tracker is making connections while idle, it's phoning home.

A local-first tracker passes this test trivially because it doesn't need the network for its core function.

"But I want my data accessible on my phone / on the web"

Fair. Some people genuinely do. For most knowledge workers who just want to understand their own focus, this desire disappears after a week — you end up looking at the menu bar app and almost never open a web dashboard.

If you do want multi-device sync, a reasonable middle ground is on-device tracking with export. Your tracker runs locally; you can export CSV or JSON and throw it wherever you want. Your data is still yours. Sync is opt-in, not architectural.

How Focus Meter handles this

Focus Meter is local-first by design:

  • All data lives in a SQLite database on your Mac.
  • Zero network calls for analytics. The app genuinely doesn't know the internet is there.
  • No account, no login, nothing to breach.
  • Export your data as CSV or JSON whenever you want.

It's $19 once, partly because there's no server to run. That's also why there's no subscription — a local app doesn't need recurring revenue to stay online.

Most of the polish that people pay cloud trackers for — clean dashboards, focus scores, weekly digests, browser-level tracking — doesn't actually need a cloud. It just needs good local software.