Home About Projects Blog Subscribe Login

The Return of the Thick Client

After 15 years of "everything in the browser," native apps are making a comeback. Electron, Tauri, SwiftUI-local-first is the new architecture. Why the pendulum is swinging back from the cloud.

For the last 15 years, the industry repeated the same mantra: put everything in the browser. It was a seductive idea. One codebase. Instant distribution. No app store politics. No installer friction. A universal runtime sitting on every machine.

And for a while, it was the right abstraction. Browsers got fast. JavaScript engines became absurdly capable. SaaS became the default business model. The cloud turned software into a subscription, and the browser became the delivery vehicle.

But abstractions have a shelf life. They work brilliantly until the costs become impossible to ignore.

We are now at that point.

The thick client is back—not as nostalgia, and not because engineers suddenly miss shipping installers on CDs—but because the economics and physics of modern software changed. Local compute is abundant. Network trust is lower. Users expect instant responsiveness. AI workloads are pushing more processing toward the edge. And in a world where every critical workflow depends on 20 APIs and three identity providers, local control is starting to look less like a luxury and more like a strategic advantage.

The pendulum is swinging back.

The browser won for good reasons

Before explaining the reversal, it is worth being honest about why the browser dominated in the first place. The web solved real problems.

If you were building internal tools, CRMs, dashboards, support portals, or content systems, the browser was a gift. It reduced operational friction so dramatically that almost every other tradeoff looked acceptable.

But the web also taught an entire generation to ignore what users were paying in exchange. We normalized slow startup times, bloated memory footprints, flaky offline behavior, brittle authentication redirects, and the bizarre idea that a note-taking app should stop working because a third-party JavaScript bundle failed to load.

That is not elegance. That is accumulated compromise.

Thin clients became thick in all the wrong ways

The irony is that the “thin client” era produced some of the fattest software stacks we have ever seen.

A modern browser application often includes a frontend framework, a build pipeline, a design system, an analytics layer, feature flagging, client-side state management, telemetry, embedded chat, consent management, multiple ad or tracking scripts, and a long dependency chain nobody fully understands. Then it calls a backend that depends on a second backend, which depends on cloud storage, identity, observability tooling, queueing, and half a dozen vendor APIs.

The user sees a clean interface. Underneath it is a logistics operation.

This architecture is manageable when the workflow is simple and the margin is high. It breaks down when speed, reliability, privacy, or sustained operator focus actually matter. Cybersecurity, infrastructure, creative tooling, local knowledge work, and AI-assisted workflows all expose the weaknesses quickly.

When a product becomes mission-critical, teams rediscover an old truth: the more moving parts between user intent and execution, the more failure modes you inherit.

Why local-first is becoming rational again

Three things changed at once.

First, hardware stopped being the bottleneck for most users. Laptops are now absurdly capable. Even mid-range devices can run rich UIs, local databases, vector search, media processing, and increasingly useful AI models without breaking a sweat. We spent a decade pretending the endpoint was weak because cloud economics encouraged that story. It is no longer true.

Second, network reliability is still not good enough to be the foundation for everything. This sounds strange in 2026, but anyone who has run real systems knows it is true. Networks flap. VPNs fail. captive portals appear. mobile handoffs break sessions. identity providers degrade. DNS does weird things at exactly the wrong time. Designing every serious workflow around a permanently healthy, low-latency connection is not modern. It is naive.

Third, AI changed the shape of software. Many of the most valuable AI experiences are deeply contextual, latency-sensitive, and privacy-sensitive. They work better when inference, caching, indexing, or retrieval is at least partially local. If your product needs to understand a user’s files, messages, history, or behavior in real time, shipping every interaction through a remote browser app is often the wrong architecture.

Local-first is not a fashion statement. It is what happens when the endpoint becomes capable again and the trust assumptions around the network get weaker.

The return is already happening

You can see the shift everywhere if you stop looking only at old SaaS categories.

Developers are embracing tools built with Tauri, Electron, SwiftUI, and Rust-backed local runtimes. Design and writing tools increasingly cache aggressively or work offline by default. Password managers, note systems, team messengers, and AI workbenches are moving critical logic closer to the machine. Even products that still monetize as SaaS are quietly becoming hybrid systems: cloud sync, local execution.

That is the important distinction. The return of the thick client does not mean the death of the cloud. It means the cloud is losing its monopoly over where software logic lives.

For a long time, we treated local execution as legacy and remote execution as modern. The more accurate model is this: the best software now places work where it belongs.

That is a much healthier architecture than pretending one runtime should own everything.

Security is part of the comeback

As someone who has spent two decades in cybersecurity, I think this shift is underappreciated as a security story.

The browser centralized too much trust. We accepted a world where a compromised session cookie, malicious extension, poisoned dependency, or injected third-party script can expose an enormous amount of user activity. We also normalized shipping sensitive workflows through environments that were designed for openness and extensibility, not for high-assurance control.

A thick client is not automatically safer. Bad native software can be catastrophic. But it gives you options the browser never fully could: stronger sandboxing, more predictable update channels, tighter control over dependencies, better secret handling, hardware-backed identity, encrypted local storage, and deliberate degradation when the network is hostile.

In other words, the thick client can reduce blast radius when designed properly. In a threat environment defined by supply-chain attacks, credential theft, session hijacking, and client-side data leakage, that matters.

The strongest systems I see now are not “web-only” or “native-only.” They are trust-layered. They decide very deliberately what stays local, what is signed, what is synchronized, and what never leaves the device unless explicitly necessary.

What most founders still get wrong

Many founders hear this shift and make the wrong inference. They think the lesson is to build a desktop wrapper around their SaaS and call it strategy.

That is not a thick-client comeback. That is branding.

The real opportunity is architectural. Ask harder questions:

These are not design details. They shape retention, margins, reliability, and trust.

The companies that win the next cycle will not be the ones with the most aggressive “AI-native” homepage copy. They will be the ones that rebalance the stack intelligently: less blind dependence on browsers, more respect for local capability, and tighter integration between machine, edge, and cloud.

Why this matters beyond software aesthetics

There is a broader strategic point here. Every architectural fashion carries a power structure with it.

The browser era concentrated power in a small set of platforms: cloud vendors, identity providers, browser engines, app distribution intermediaries, analytics layers, and SaaS aggregators. When your product exists primarily as a web surface, your business inherits that stack’s incentives and fragilities.

Thicker clients re-open room for independence. Not total independence, but more room. More control over performance. More flexibility in pricing and packaging. More resilience when vendors fail. More ability to build differentiated workflows instead of another interchangeable dashboard running inside the same tab architecture as everybody else.

This is one reason I am so interested in local-first systems and personal infrastructure more broadly. They are not just technical preferences. They are governance choices. They change who controls the workflow, who sees the data, who can break the product, and who captures the margin.

The next software stack is hybrid by default

I do not think we are going back to the pre-web world. We are not abandoning browsers, app stores, or cloud backends. Those are too useful.

What is ending is the lazy assumption that the browser is always the default and that pushing more of the stack into remote infrastructure is automatically progress.

The next generation of serious software will feel different. It will open instantly. It will work during network turbulence. It will treat sync as a feature, not a prerequisite. It will use the cloud where the cloud is genuinely strong and the local machine where the local machine is obviously better.

That is the return of the thick client.

Not a regression. A correction.

And like most corrections in technology, it is really a return to first principles: put the work close to where the value is created, reduce unnecessary dependencies, and never confuse a convenient abstraction with a permanent truth.


Follow the journey

Subscribe to Lynk for daily insights on AI strategy, cybersecurity, and building in the age of AI.

Subscribe →