I am a techno-skeptic most of the time, but I don't think this idea is particularly crazy. Usability-wise, something you can talk to (in your own "low resource" language) is a winner.
The catch is that you have users without either the sophistication to size up how trustworthy this model is or to do out-of-band verification (remember: no internet). I think a RAG model serving answers from Wikipedia could be suitably safe, but we'd have to do some user research to know more.
We build Butter Box, a tool for making life offline a bit smoother.
It's based on this same principles and in fact, one of the creators is friends with Jason :-)
Ours is tailored for scenarios where Internet is unavailable due to disaster, government shutdown or simply cost. It has an app store, an encrypted (matrix) chat server with a simple web UI, and maps (since you probably didn't download google maps for you area before the Internet went out).
We localize the boxes (mostly for central and south america) and have sent a few dozen around the world to communities with various use cases.
100%. This is something we are trying to solve with Butter Box (https://likebutter.app/box/) but there aren't great answers.
I've considered shipping a unique-to-device certificate for e.g. box123.comolamantequilla.com with each box. It doesn't solve the evil maid scenario of someone copying it, but it at least provides TLS. Realistically, our users are offline and mostly not going to verify that comolamantequilla is owned by the organization they're intending to trust.
You can setup DNS on the box to redirect users and to give a friendly name to your box. That's what we do for butter box (https://likebutter.app/box/). To make it a step easier, we provide a QR code. But even that is a little clumsy since you must first connect to WiFi, then scan the code.
Captive portals sound nice until you find out how limited they are -- a lot of styling, JS and browser features are simply unavailable. So, you need to tell users "Close this, then go open this site in your real browser"...
Of course, you can't and probably don't want to redirect HTTPS traffic since you don't have the matching cert for e.g. https://google.com
Butter Box (https://likebutter.app/box/) and Internet In a Box are two modern descendants of the concept. Both run on RPis (and, nominally, some other hardware).
Putting together the images isn't terribly difficult. For Butter Box, we just run a script to install all the things we want, then make an .iso of that, which we distribute on our site and in hardware form.
Those onboard network cards are indeed a problem. You can get single-digit # of simultaneous users. But other than that, they tend to be very fast for large files since you're not going out over the Internet and can saturate the WiFi connection.
The catch is that you have users without either the sophistication to size up how trustworthy this model is or to do out-of-band verification (remember: no internet). I think a RAG model serving answers from Wikipedia could be suitably safe, but we'd have to do some user research to know more.