WebAssembly changed the default for in-browser processing
A decade ago, video conversion and PDF editing on the web defaulted to server-side processing because nothing else worked at acceptable speed. WebAssembly broke that assumption. Here's the technical stack NoSend Tools relies on, and why it matters.
2010s default: heavy work goes to the server
A decade ago, converting video, editing PDFs, or reading EXIF from large images in the browser was effectively a server-side operation. JavaScript was not fast enough to host mature C / C++ libraries like ffmpeg, libheif, qpdf, or kuromoji, and porting them to JS was prohibitive.
As a consequence, web application architecture defaulted to "upload, process, return." "Process entirely in the browser" was not a cost decision but an elimination by available tooling. Privacy-conscious users had no good free option.
WebAssembly removed the constraint
WebAssembly (WASM) is a sandboxed low-level runtime that lets browsers execute compiled output from C / C++ / Rust. Stable across major browsers by 2017, by the early 2020s the toolkit looked very different: ffmpeg.wasm, libheif-js, pdf-lib (pure JS) / PDF.js, kuromoji.js, transformers.js (Whisper / RMBG and similar ML models) — features that previously required a desktop install became a browser tab.
NoSend Tools uses ffmpeg.wasm for the audio / video tools, libheif-js for HEIC decoding, pdf-lib / PDF.js for PDF work, and transformers.js + Whisper for transcription. The key distinction: the library code itself and your input data are separate things. The initial ffmpeg.wasm download (~30 MB) and the kuromoji dictionary (~12 MB) do not contain any of your files.
For many tools, the standard browser APIs are already enough
Plenty of tools don't even need WebAssembly. Hashing, JWT verification, Base64 and URL encoding, image resize and crop, audio recording, timezone conversion — all of these run on standard browser APIs alone: SubtleCrypto (Web Crypto API), Canvas / OffscreenCanvas, the Web Audio API + MediaRecorder, Intl + the IANA tz database. These are native to the browser, well-audited, and add zero load time.
The old assumption — "browser-only means slow and limited" — no longer matches the mid-2020s reality. The blocker for a privacy-first toolkit is not the technology; it is the business model that prefers user data going through your servers.