Step off the hamster wheel. Hold the path to freedom. 跳下仓鼠滚轮,握住通往自由的路。
A fully offline, single-HTML-file net worth tracker with industry-standard end-to-end encryption. No server. No telemetry. No account. Your financial data lives only in a single encrypted file you control.
完全离线的单 HTML 文件财富追踪工具,采用行业标准端到端加密。无服务器、无遥测、无账号。你的财务数据只存在于你自己掌控的一个加密文件里。
Author / 作者: Felix Zhao License: MIT
The "rat race" was the previous generation's metaphor — there were finish lines, winners, losers. Today's young people face the hamster wheel: no finish line, no rankings, the harder you push the more tired you get, but you don't move.
This tool isn't about running faster in the race. It's about stepping off the wheel. The first step is seeing the numbers clearly. Tracking your finances won't make you rich, but not tracking means you never know where you actually stand.
- Single HTML file — the entire app is one ~135KB file. No build step, no install, no
node_modules. Open it in Chrome/Edge. - No network calls — the app makes zero outbound requests. No analytics, no remote config, no live price feeds. (Confirmed: search the source for
fetch/XMLHttpRequestand you'll find none.) - AES-GCM 256 + PBKDF2-SHA256 (250k iterations) encryption on your data file. OWASP 2023 compliant.
- Mandatory password when binding a new file (V7.6+).
- Zero residual data after browser close —
beforeunloadclears localStorage. Reopening the app requires re-binding the file and re-entering the password. - No password recovery, no backdoor. Lose the password = data permanently unrecoverable.
- 💰 Holdings — Single source of truth + custom Checklist (reminders, tax to-dos)
- 📊 Dashboard — Net worth, total return, passive income, Fat FIRE progress
- 📈 Positions — Interactive donut chart + closed-position history
- 💵 Passive Income — 3-bucket model (refundable / non-refundable / tax-free) · pending refunds · annual income after refunds
- 🐹 Forecast — Monte Carlo simulation + hamster-wheel animation + What-if sliders
- 📜 History — Monthly snapshots + net-worth curve
- 🌐 Settings — FX rates · FIRE target · language toggle (EN/中) · password change
git clone https://github.com/FreeSoul01/off-the-wheel.git
cd off-the-wheel
# macOS
chmod +x "Launch Mac.command"
./"Launch Mac.command"
# Windows
./Launch\ Windows.batOn first launch:
- The app shows a locked screen demanding a data file.
- Click 🔗 Bind new file → choose where to save your
data.json→ set a password (≥8 chars). - Done. Every change auto-saves to your encrypted file.
To try the app with sample data first, rename data.example.json to data.json and Open existing file — you'll be prompted to upgrade it to encrypted format.
| Item | Configuration |
|---|---|
| Symmetric cipher | AES-GCM 256-bit (Web Crypto API) |
| Key derivation | PBKDF2-SHA256, 250,000 iterations |
| Salt | 16 random bytes per save |
| IV | 12 random bytes per save |
| File format | {type, version, kdf, iterations, cipher, salt, iv, ciphertext} |
Want to verify? Open your data.json after binding — you should see only the envelope above. Even your operating system can't read your financial data without the password derivation step.
off-the-wheel/
├── NetWorthTracker.html
├── data.example.json
├── Launch Mac.command
├── Launch Windows.bat
├── .gitignore
├── LICENSE
├── README.md
└── docs/ ← 新增这一行
└── *.png (screenshots used in README)
The app writes directly to your bound data.json. For redundancy:
- Settings → ⬇ Download copy — saves a timestamped encrypted copy to your Downloads folder. Run this whenever you've made significant changes.
- Cloud sync (optional) — since the file is encrypted with your password, it's safe to put
data.jsonin iCloud Drive / Dropbox / Google Drive / OneDrive. Even if the cloud provider is breached, attackers see only the encrypted envelope. Just bind to the file from its cloud-synced location. - Multiple devices — bind the same
data.json(e.g. via iCloud Drive) on each device. Every device needs the password to decrypt. The encrypted file is the single source of truth.
data.json in a public Git repo, public folder, or shared link — even encrypted. Public exposure means unlimited offline brute-force time on your password. The .gitignore shipped with this repo defends against this if you do use Git for personal version control.
- No supply chain. No npm dependencies = no
is-promiseorevent-streamstyle attacks. - Inspectable. Anyone can read the source in 20 minutes.
- Portable. USB stick → any computer → works offline forever.
- Your data, your file. No vendor can lock you out, change pricing, or shut down a server.
Issues and PRs welcome. The whole codebase is one HTML file — to contribute:
- Fork the repo
- Edit
NetWorthTracker.html - Test by opening the file in Chrome/Edge
- Open a PR with a clear description of the change
This tool protects against:
- ✅ Cloud breaches of fintech apps (you don't use one)
- ✅ Casual snooping if your laptop is briefly accessed (file is encrypted at rest)
- ✅ Server-side data mining or AI training on your finances (no server)
This tool does not protect against:
- ❌ A keylogger on your machine reading your password
- ❌ A compromised browser extension reading the page DOM (use a dedicated browser profile)
- ❌ You forgetting your password (data is then permanently lost)
- ❌ A fully compromised OS with disk inspection while the app is open and decrypted
Use a dedicated Chrome profile (the launchers do this automatically via --user-data-dir=.app-profile/) and a strong, unique password.
老鼠赛跑 (rat race) 是上一代的比喻 — 你在和别人竞争,有终点线,有输赢。但现在的年轻人面对的是仓鼠滚轮 (hamster wheel) — 没有终点,没有名次,越努力越累,位置却没变。
这个工具不是让你"在赛跑里更快",是让你跳下轮子。第一步是看清数字。记账不会让你变富,但不记账就永远不知道自己在哪里。
- 单文件 HTML — 整个应用就是一个 ~135KB 的 HTML。无构建、无安装、无
node_modules。Chrome / Edge 直接打开 - 零网络调用 — 应用不发任何外网请求。无埋点、无远程配置、无实时价格 API (源码里搜
fetch/XMLHttpRequest找不到任何调用) - AES-GCM 256 + PBKDF2-SHA256 (250,000 iterations) 加密,符合 OWASP 2023 推荐
- 强制密码 — V7.6+ 起绑定新文件时必须设置密码
- 关闭浏览器零残留 —
beforeunload自动清 localStorage,再次打开必须重新绑定文件 + 输入密码 - 无密码找回、无后门 — 密码丢失 = 数据永久无法解密
- 💰 Holdings — 唯一数据源 + 自定义 Checklist (备忘录、税务 todo)
- 📊 Dashboard — 总资产、Total Return、被动收入、Fat FIRE 进度
- 📈 Positions — 互动甜甜圈图 + 已清仓历史
- 💵 Passive Income — 三段式分类 (可退税 / 不可退税 / 无税) · 待退税累计 · 退税后应得年收入
- 🐹 Forecast — Monte Carlo + 仓鼠滚轮动画 + What-if 滑块
- 📜 History — 月度快照 + 净资产曲线
- 🌐 Settings — 汇率 · FIRE 目标 · 语言切换 (EN/中) · 修改密码
git clone https://github.com/FreeSoul01/off-the-wheel.git
cd off-the-wheel
# macOS
chmod +x "Launch Mac.command"
./"Launch Mac.command"
# Windows
./Launch\ Windows.bat首次启动:
- 应用显示锁屏,要求绑定数据文件
- 点 🔗 绑定新文件 → 选择
data.json保存位置 → 设置密码 (≥8 位) - 完成。每次改动自动写入加密文件
想用 demo 数据先试一试: 把 data.example.json 重命名为 data.json,然后选 打开现有文件,会提示你升级到加密格式。
| 项目 | 配置 |
|---|---|
| 对称加密 | AES-GCM 256-bit (Web Crypto API,浏览器原生) |
| 密钥派生 | PBKDF2-SHA256,250,000 iterations |
| 盐 | 每次保存 16 字节随机 |
| IV | 每次保存 12 字节随机 |
| 文件格式 | {type, version, kdf, iterations, cipher, salt, iv, ciphertext} |
想验证? 绑定后用文本编辑器打开 data.json,你应该只看到上面的 envelope 结构,看不到任何明文财务数据。
off-the-wheel/
├── NetWorthTracker.html
├── data.example.json
├── Launch Mac.command
├── Launch Windows.bat
├── .gitignore
├── LICENSE
├── README.md
└── docs/ ← 新增这一行
└── *.png (screenshots used in README)
应用直接写入你绑定的 data.json。冗余备份建议:
- Settings → ⬇ 下载副本 — 保存带日期的加密副本到 Downloads 文件夹。重大改动后建议手动执行
- 云盘同步 (可选) — 加密文件放在 iCloud Drive / Dropbox / Google Drive / OneDrive 是安全的,因为没有密码无法解密。云厂商被攻破时,他们也只看到加密 envelope。直接把
data.json绑定到云盘里的位置即可 - 多设备同步 — 在每台设备上绑定同一个
data.json(比如 iCloud Drive 同步的位置),每台设备都需要密码解密。加密文件本身就是唯一的真相源
data.json 放进公开 Git repo / 公开文件夹 / 公共分享链接 — 即使加密。公开暴露 = 攻击者有无限时间离线暴力破解你的密码。本仓库附带的 .gitignore 在你使用 Git 做个人版本管理时提供保护。
- 零供应链 — 没有 npm 依赖 = 不会被
event-stream那种供应链攻击 - 可审计 — 任何人都能在 20 分钟内读完源码
- 可移植 — 装进 U 盘 → 任何电脑 → 永远可用
- 数据归你 — 没有任何厂商能锁你账号、改价格、关服务器
欢迎 Issue 和 PR。所有代码就在一个 HTML 文件里:
- Fork repo
- 编辑
NetWorthTracker.html - Chrome / Edge 打开测试
- 提 PR,清楚说明改了什么
本工具保护:
- ✅ 云端 fintech 应用被攻破 (你没用云服务)
- ✅ 笔记本被短暂接触时的偷看 (文件加密保存)
- ✅ 服务器端数据挖掘或 AI 训练你的财务 (没有服务器)
本工具不能保护:
- ❌ 你电脑上有键盘记录器记下你的密码
- ❌ 浏览器扩展被植入恶意代码读取页面 DOM (建议用独立 profile)
- ❌ 你忘了密码 (数据永久丢失)
- ❌ 操作系统被完全控制,在应用打开 + 解密状态下扫描内存
启动器自动用 --user-data-dir=.app-profile/ 创建独立 Chrome profile,加上一个强且唯一的密码。
Screenshots use the included demo data (Whisker & Co. Brokerage, Doggo Republic, etc.) — no real personal finances are shown. 截图使用项目内置的 demo 数据(Whisker & Co. 喵券商、Doggo 共和国等),不涉及任何真实财务数据。
The only place to enter data. Multi-region, multi-account. Stocks need ticker + shares + price; everything else just needs Name + Value. Prices are edited manually — fully offline.
唯一需要编辑的地方,所有其他页面从这里派生。多地区、多账户。股票填 ticker + 份额 + 价格,其他资产填 Name + Value 即可。价格手动编辑,完全离线。
Net worth, total return (with realized P&L breakdown), passive income, Fat FIRE progress with Monte Carlo probability. Donut charts by asset class and region.
总资产、Total Return(含已实现 P&L 分解)、被动收入、Fat FIRE 进度(含 Monte Carlo 达标概率)。资产类别和地区的甜甜圈图。
Interactive donut chart with per-position weight, value, unrealized & realized P&L. All positions sortable by any column.
互动甜甜圈图,显示每个标的的权重、市值、未实现/已实现 P&L。所有持仓可按任意列排序。
Refundable / non-refundable / tax-free buckets, computed from the dividend log over the last 3 complete months. Pending refunds tracked by year. After-refund annual income card.
按可退税 / 不可退税 / 无税三类计算,基于最近 3 个完整月的分红记录。按年份统计待退税,退税后应得年收入一目了然。
3000-run Monte Carlo with P10/P50/P90 paths. Your hamster's spin speed is driven by your FIRE probability — the closer you are to freedom, the slower the wheel spins.
3000 次 Monte Carlo 模拟,显示 P10/P50/P90 路径。仓鼠转轮的速度由你的 FIRE 达标概率驱动 —— 越接近自由,轮子转得越慢。
FX rates entered as "1 USD = X" (changes propagate instantly to all CNY displays). Language toggle (EN / 中). Security panel for setting/changing your encryption password. Data file management (bind / open / download / restore).
汇率以 "1 USD = X" 输入(改动立即在所有 CNY 显示中生效)。语言切换(EN / 中)。安全面板用于设置/修改加密密码。数据文件管理(绑定/打开/下载副本/从文件恢复)。
Current: v7.6.0
See NetWorthTracker.html header for current version. Major changes:
- v7.6 — Mandatory AES-GCM encryption + EN/中 language toggle + zero-residue browser close
- v7.5 — 3-bucket Passive Income model + Holdings checklist + 1-USD-base FX display
- v7.4 — Removed Refresh Prices (was making network calls — violated offline promise)
- v7.3 — Monte Carlo + hamster wheel animation
- v7.0–v7.2 — Realized P&L, Avg Price, Total Return refactor