Building a Zero-Upload Privacy Architecture
Architectural patterns for processing sensitive images entirely client-side without any backend.
NA
Naushad Alam
Contributing Author · Squoosh Next BlogBuilding an application that processes sensitive images without any server contact requires careful architectural planning at every layer. The most critical decision is the absence of an upload endpoint — if no route exists to receive image data, it is technically impossible for the application to transmit it regardless of bugs or misconfigurations. Processing must occur entirely via browser APIs: Canvas for pixel operations, WebAssembly for codec execution, and IndexedDB or the File System Access API for persistence.
Network requests are limited to loading static assets and analytics. Content Security Policy headers should block all form submissions to external origins. Subresource Integrity hashes on all script tags prevent supply-chain attacks from injecting data exfiltration code.
This is exactly the architecture deployed in Squoosh Next.
Key Takeaways
Building an application that processes sensitive images without any server contact requires careful architectural planning at every layer.
The most critical decision is the absence of an upload endpoint — if no route exists to receive image data, it is technically impossible for the application to transmit it regardless of bugs or misconfigurations.
Processing must occur entirely via browser APIs: Canvas for pixel operations, WebAssembly for codec execution, and IndexedDB or the File System Access API for persistence.
Network requests are limited to loading static assets and analytics.
Try It in the Workspace
Everything discussed in this article can be tested directly in Squoosh Next — no sign-up, no upload, 100% client-side.