I Built a Spy Tool That Can't Spy
I built software that records every word you say. Every Zoom call. Every system sound.
Perfect for surveillance.
Except I can’t see your data.
Even if I wanted to.
The Pitch That Sounds Like Evil
“We record everything. Microphone. System audio. Meetings. Calls.”
You’d close the tab.
Check if your webcam has tape on it.
Wonder which LinkedIn thought leader convinced a VC that mass surveillance was “disruption.”
The Difference Is Physics
Here’s what every other tool does:
Your Voice → Their Server → Their AI → Your Results (maybe)Here’s what I built:
Your Voice → Your Mac → ~/nbp-data/ → DoneNo server exists.
I didn’t skip building the backend. There is no backend.
Your recordings live in ~/nbp-data/{uuid}/. On your disk. In your home folder.
I have no access to your filesystem.
Neither does my app, beyond that folder.
There’s no “sync” feature. No “cloud backup” toggle. No API that phones home “just for analytics.”
The Network Test
Record something. Open Terminal.
sudo lsof -i -P | grep nbpNothing.
Because the app makes zero network calls.
No telemetry. No update checks. No “anonymous usage data.”
I can’t tell if you’re using the app. I can’t tell what you recorded. I can’t tell how long you recorded.
Want proof?
Unplug your ethernet. Turn off WiFi. Start recording.
It works exactly the same.
You could record in a Faraday cage and it wouldn’t notice.
What 30 Minutes Looks Like
~/nbp-data/8f3d2a10-c4b9-4e2f-9a1c-5d8f9e3c2b4a/
├── raw_mic.ogg # 42 MB
├── raw_system.ogg # 38 MB
├── audio_mix.ogg # 45 MB
├── metadata.json # 2 KB
└── transcript.md # 18 KBOpen raw_mic.ogg in VLC. It plays.
Open metadata.json in TextEdit. It’s JSON.
Open transcript.md in iA Writer. It’s Markdown.
No proprietary formats. No encrypted blobs. No “you need our app to read this” bullshit.
Copy the folder to a USB drive. Open it on a machine that has never seen NBP.
Everything works.
The Cloud Is a Choice
Sometimes you want OpenAI.
Maybe local Whisper is too slow. Maybe you want GPT-4 to summarize a 3-hour meeting.
Fine.
You paste your API key into Settings. You click “Use OpenAI.”
The app makes exactly one network request. To OpenAI. With your key.
You can watch the request in your network monitor.
Delete the key? The app keeps working. It falls back to local Whisper.
No degraded experience. No “please reconnect” modal. No nagging.
What Privacy Actually Means
Most apps say “We value your privacy.”
Then:
- They encrypt your data. (They hold the keys.)
- They don’t sell your data. (They sell “insights.”)
- They get breached. (But don’t worry, it was encrypted.)
I’m not asking you to trust my promises.
I’m asking you to trust physics.
If the data never leaves your machine, I can’t access it.
No subpoena can extract it from my servers. Because I don’t have servers.
No employee can leak it. Because no employee has it.
No hacker can steal it. Because there’s nothing to hack.
Someone wants your recordings?
They need physical access to your Mac.
And if they have that, you have bigger problems than NBP.
The Trade-Off
You pay with convenience.
No automatic backup. No “open on your phone.” No team sharing.
Your hard drive dies? Your recordings die.
You manage backups. You manage encryption (FileVault). You manage storage.
But that’s the deal.
Privacy isn’t a feature you toggle on.
It’s a decision you make when you write the first line of code.
You either own the data, or you don’t.
I chose ownership.