--private=~/path/to/jail limits access to your home directory to ~/path/to/jail and when you don't want Obsidian to have internet access you can take it away with --net=none.
Note that if you already have an Obsidian vault, suddenly jailing it might break things. Obsidian stores a bunch of state in ~/.config/obsidian which will no longer be valid. And amusingly/frustratingly, the GTK file picker doesn't take the jail into account and seems to produce invalid paths.
And because --private mounts some bits as temporary filesystems, you might end up losing state. Try before you buy.
There are many good reasons to trust Obsidian team (they are not VC backed, they clearly state they don’t own your data, you are not locked in). If you don’t trust them because they are not open-source then If you want to be a purist about it, then just use an open-source markdown editor instead.
The author dedicates an entire paragraph to how much they trust the Obsidian team. It isn't open source purism, they are warning users that good intentions don't prevent a developer from writing software containing vulnerabilities.
Usage of user-created plugins and access to cloud accounts aggravates the risk posed by a vulnerability.
Open source reduces vulnerabilities over time, so those who want to heed the author's warning may indeed want to switch to an open-source Markdown editor. Just not because the Obsidian team is Evil.
> Also even if it is open source, who really verifies the binary is built from the source published?
Apple notarization is usually the way for non Store downloads. Non-notarized apps present a warning and require overriding security settings to run (with admin privilege). There's nothing inherently stopping someone from notarizing code A and putting code B on GitHub, only that some sanity checks have been performed and the binary is not a known threat (or has been modified).
Mac app store distribution is not that common. Some apps are available in the store or as direct downloads. The store adds the sandboxing restrictions, which dont work for many apps, eg its not very easy to install a cli.
You should always be careful with closed source software. You should also be careful with open source software, unless you're building from source and manually checking the source in each update isn't malicious, which let's be real, nobody does.
I had to do some gap analysis between note-taking apps with a graph view functionality to allow me to visualise my knowledge-base.
Obsidian was my initial choice but I had grievances with it.
I ended up going with Logseq for many reasons - yes it appears to be less mature however that doesn't mean that it is inferior by any measure (and open-source)
> I ended up going with Logseq for many reasons - yes it appears to be less mature however that doesn't mean that it is inferior by any measure (and open-source)
If I remember correctly it was inferior to Obsidian because Logseq used a proprietary format. Yes, it was/is officially markdown but not in a format that is easily transferred. I don't know if it changed but Logseq documents where literally just a big Markdown list if I remember correctly.
Personally I do see the problem with closed source solutions but the real problem with Obsidian are AFAIk the plugins and not the App itself. I mean: They have a long way to go to be even remotely as evil as people at Google or Microsoft. But if that ever happens I simply walk away with my .md documents.
On the same boat few months (actually, almost 2 years!) ago, I found Logseq too limiting as soon as one need to manage notes consistently ("typing" them as collections of notes of similar nature and acting on their properties as metadata), went through quite a long list of contenders (including AnyType) and ultimately settled with https://triliumnotes.org/
I wouldn’t hold not being on the Mac App Store against it. The MAS is sort of a failed ecosystem with very low usage/engagement, and all the downsides of the iOS store like potentially lengthy review times (can be a lot longer than the iOS store since it seems to play second fiddle) and arbitrary capricious rejections when you’re just trying to ship innocuous bug fixes to users.
I think the increasingly widespread attitude that only open source software is good and trustworthy increasingly annoying and problematic.
Building software takes time and resources. Experienced show that most open source projects do not make enough money to make the resource investment worthwhile, much less the time investment.
I generally like people being able to out food on the table, and if that means I have to pay for their software to use it or get updates, then I am happy to do so if that software is of value for me.
That of course doesn‘t mean I appreciate unnecessary vendor lock in, hostile subscription models, etc. All of these things are common with proprietary software, but they are not inherent to it.
Obsidian is a great example. Easy to takeout open formats, generous licensing model and no aggressive licensing implementation that makes it impossible to use the software offline. The team behind it seems to be able to make a living and people can still feel safe about the access to their notes.
Even if its not open source, it would be great progress if we‘ve had more software like obsidian
> I think the increasingly widespread attitude that only open source software is good and trustworthy increasingly annoying and problematic.
Software being open source almost always makes it more trustworthy, and I'm glad that more people are picking up on this over time.
> I generally like people being able to out food on the table
Completely agreed, and this makes for a frustrating paradox.
I don't use Obsidian because it's closed source, but I don't think it's evil or anything. Conversely, I pay for Immich, and I hope their model is sustainable.
Obsidian also has affordable commercial pricing. By now I very much try to pay support contracts or give back to projects in other ways at work.
The problem is that quite a few open core companies immediately go from $0 / year to low to medium 6-digit-figures per year. This escalates the entire project sky-high in levels of internal scrutiny with a high chance of it not happening.
On the other hand, it was simple to argue why this is easily providing us with $50 in value per year. Now it is integrated with our normal license handling and it's actually slowly and steadily growing internally. We're up another 4-5 users from the last time I looked.
>I think the increasingly widespread attitude that only open source software is good and trustworthy increasingly annoying and problematic.
If people put their notes in, only open source software is good.
At best, one can tolerate a very big closed source company, who is unlikely to just do whatever with the data and has some track record for privacy, like Apple.
But trusting all your notes to a closed source app from a small peanuts company?
I think they could easily make Obsidian open source without losing out on profits.
The app itself is free anyway.
They could keep the sync backend closed source and make people pay to use the sync feature.
Lots of apps have open-source clients (for trust/auditability) but backends that are closed/locked somehow, e.g., Logseq.
The article is about security and trust. Open Source is in that context by definition the only good solution. Though, doesn't mean that a closed app has to be bad, but you have to blindly trust them, and hope that this will never change. With Open Source, you don't have to be blind, you can trust them educated (or at least trust that other will check what's going on).
Of course this always a bit of case by case, but obsidian is a very exposed and worthful target.
> I generally like people being able to out food on the table, and if that means I have to pay for their software to use it or get updates, then I am happy to do so if that software is of value for me.
Paying money to Obsidian for writing yet another text editor seems like digging and filling holes to increase GDP to me.
While I agree with you, i feel like that was not the point the author was making.
It more so was a warning that the combination of little reviewed community plugins and a not sandboxed macos binary is a potential risk. And with that sentiment I can also agree.
Not being able to give granular permissions to folders is not the problem of an app which regardless of being open or closed source may be compromised. Remember that the risk is zero if and only if you avoid the risk, i.e. in this particular case do not install Obsidian.
Macos:
- does not have a granular permissions model as far as I know;
- deprecated sandbox-exec that allowed to achieve the above;
- macos appstore is a very strange phenomenon, I would not put much trust in it by default.
Obsidian:
- has a system of community plugins and themes which is dangerous and has been discussed multiple times[0]. But the problem of managing community plugins is not unique to them. Malicious npm packages, go modules and rust crates (and you name it) anyone?.. you are on your own here mostly. And you need to perform your own due diligence of those community supported random bits.
Obsidian could hugely benefit from an independent audit of the closed source base. That would help build trust in the core of their product.
If MacOS, an OS with posix style permissions, app level permissions, and folder access limits per app does not have a “granular permissions model”, which OS does? What are you trying to say?
Obsidian is a startup that's been on my radar. It inspires me. They're able to go so far as to challenge Notion with their small team, which I appreciate. By the way, I'm not saying Notion is bad. I think it's revitalizing the industry.
On the other hand, I was unaware of the vulnerabilities in the Apple ecosystem. Or rather, I didn't think there would be. The article raised my awareness.
I've used dozens of notetaking tools over the years. Some cloud-based, some markdown-based, some flashy apps, some plain-text, some open-source, and some closed-source. My takeaway from years of jumping between them is this: don't use closed-source notetaking software. Just don't do it. Even if your data is in markdown files, on your own computer, you're still probably stuck with proprietary markdown extensions, and at the very least, you're stuck with muscle memory for the app's UI that you'd have to translate to some new system eventually. Startup companies come and go, on a monthly basis. Developers move on to shiny new projects. You can't take that risk, or any other security risks, with your personal notes.
I've known kepano (their CEO) for almost 20 years, he is an incredible builder and a solid human. My hunch is they would never act in an unsavory way to their users. I get that the point it could be more open (a community build would be slick), and yet it's an incredible product and worthy of financial support. I am glad to be a user and love that it's a part of my daily workflow.
The set of open source code and verifiable code overlap, but one doesn't always imply the other. In either case, provenance needs to be established. I think it would be reasonable for Obsidian to ship signed checksums and a public transparency log (e.g., Sigstore) for builds (plugins authors could do the same?). A more granular plugin permissions system would be great too, even though most plugins are OSS.
I'm not sure how this is relevant? The code is signed but that doesn't mean it doesn't contain backdoors. Without it being open source or at the very least source-available, we can't know
This is of course true of many other apps we run on Mac (though I suspect a non-zero number of common apps have backdoors); Obsidian also runs without sandboxing though, is used by many to record their innermost thoughts, and as the author mentioned, there's also the potential for data to leak via compromised extensions.
Am I missing something, or does the fact that it's signed tell us nothing except that the Obsidian company signed off on it? If so, I'd really like to understand if you had a purpose of sharing this... is there a tacit implication that "surely a company can be trusted"?
The scary thing is that nowadays everything is backdoored. And developers/product owners can even don't know about it. Obsidian is an electron app, thus uses npm, and with npm we now get like at least one malicious package per month.
If they have package autoupdate it's just a matter of time and effort for an attacker to plant something shady there. This could be simple crypto-stealer, or this could be a way to access people's personal vaults.
When I toggle developer mode (Command + Option + i on my mac) I see what appears to be the source code (it’s an Electron app). Maybe it’s not the full source though. And I guess it’s very difficult to read since it’s minified.
That is not meaningfully open source. Even if that would be the full source code, it still wouldn't have an open source licence, although then it technically would be free(as in freedom) software, not just open source, but most people assume open source = free software.
I trust the obsidian team, but I don't trust the plugins.
It's a strange article. Yes it's not an open source, but based on what is the author suspicious? Any bad behaviours from the authors? Change of ownership? Plugin risks?
For me this is the least problematic non-open source software:
- non VC funded (like Mattermost enshitification after VC)
I know this may go against the ethos of some folks on HN, but I switched to Apple Notes and haven't looked back. At the end of the day, you either use the tool or the tool uses you.
For diagrams, mindmaps, etc... I just use Freeform now -- screen capture or export the board as PDF to paste into my notes. It's deceptively flexible and more powerful than it would appear.
https://triliumnotes.org/ is my clear recommendation. It's quite more powerful than the usual contenders and it may take a while to explore its depths, but it's also not pushing its complexity in your face like Logseq and some others do.
But files obsidian works with are just bunch of .md files that can be viewed or edited with anything, nano, notepad, visual studio code etc. So does it really matter it is or it is not open source?
How is your point relevant to the security risks of community plugins?
But also - no, they aren't, they use plugin-customized non-standard markdown format, so while the extension is the same, you can't view/edit them with anything just like you can't edit Word xml files with notepad (of course, it's not as extreme as Word xml, unless you're an extreme user of custom plugins)
dsissitka|4 months ago
elric|4 months ago
And because --private mounts some bits as temporary filesystems, you might end up losing state. Try before you buy.
terespuwash|4 months ago
miggol|4 months ago
Usage of user-created plugins and access to cloud accounts aggravates the risk posed by a vulnerability.
Open source reduces vulnerabilities over time, so those who want to heed the author's warning may indeed want to switch to an open-source Markdown editor. Just not because the Obsidian team is Evil.
kgwgk|4 months ago
seems a low bar for trusting (that part especifically)
dSebastien|4 months ago
There are many facets to that. Plugins have unrestricted access, they can start servers, make http calls, read/write files ...
Plugins get approved once, but are never checked again.
And plugins are now increasing in number more rapidly, ...
k8sToGo|4 months ago
On Windows this is how most applications are distributed.
Same with Spotify etc.
Also even if it is open source, who really verifies the binary is built from the source published?
joshvm|4 months ago
Apple notarization is usually the way for non Store downloads. Non-notarized apps present a warning and require overriding security settings to run (with admin privilege). There's nothing inherently stopping someone from notarizing code A and putting code B on GitHub, only that some sanity checks have been performed and the binary is not a known threat (or has been modified).
https://developer.apple.com/documentation/security/notarizin...
justincormack|4 months ago
reassess_blind|4 months ago
warpspin|4 months ago
Reality is, as you already implied: in practice you cannot "be careful" except avoiding obvious malware.
At SOME point you have to trust SOMEONE, unless you use TempleOS in which case you can trust whatever god you have.
imputation|4 months ago
Obsidian was my initial choice but I had grievances with it. I ended up going with Logseq for many reasons - yes it appears to be less mature however that doesn't mean that it is inferior by any measure (and open-source)
Lapel2742|4 months ago
If I remember correctly it was inferior to Obsidian because Logseq used a proprietary format. Yes, it was/is officially markdown but not in a format that is easily transferred. I don't know if it changed but Logseq documents where literally just a big Markdown list if I remember correctly.
Personally I do see the problem with closed source solutions but the real problem with Obsidian are AFAIk the plugins and not the App itself. I mean: They have a long way to go to be even remotely as evil as people at Google or Microsoft. But if that ever happens I simply walk away with my .md documents.
ezst|4 months ago
Havoc|4 months ago
agsnu|4 months ago
moooo99|4 months ago
Building software takes time and resources. Experienced show that most open source projects do not make enough money to make the resource investment worthwhile, much less the time investment.
I generally like people being able to out food on the table, and if that means I have to pay for their software to use it or get updates, then I am happy to do so if that software is of value for me.
That of course doesn‘t mean I appreciate unnecessary vendor lock in, hostile subscription models, etc. All of these things are common with proprietary software, but they are not inherent to it.
Obsidian is a great example. Easy to takeout open formats, generous licensing model and no aggressive licensing implementation that makes it impossible to use the software offline. The team behind it seems to be able to make a living and people can still feel safe about the access to their notes.
Even if its not open source, it would be great progress if we‘ve had more software like obsidian
jamesbelchamber|4 months ago
Software being open source almost always makes it more trustworthy, and I'm glad that more people are picking up on this over time.
> I generally like people being able to out food on the table
Completely agreed, and this makes for a frustrating paradox.
I don't use Obsidian because it's closed source, but I don't think it's evil or anything. Conversely, I pay for Immich, and I hope their model is sustainable.
tetha|4 months ago
The problem is that quite a few open core companies immediately go from $0 / year to low to medium 6-digit-figures per year. This escalates the entire project sky-high in levels of internal scrutiny with a high chance of it not happening.
On the other hand, it was simple to argue why this is easily providing us with $50 in value per year. Now it is integrated with our normal license handling and it's actually slowly and steadily growing internally. We're up another 4-5 users from the last time I looked.
coldtea|4 months ago
If people put their notes in, only open source software is good.
At best, one can tolerate a very big closed source company, who is unlikely to just do whatever with the data and has some track record for privacy, like Apple.
But trusting all your notes to a closed source app from a small peanuts company?
geistlos|4 months ago
Lots of apps have open-source clients (for trust/auditability) but backends that are closed/locked somehow, e.g., Logseq.
unknown|4 months ago
[deleted]
slightwinder|4 months ago
Of course this always a bit of case by case, but obsidian is a very exposed and worthful target.
rightbyte|4 months ago
Paying money to Obsidian for writing yet another text editor seems like digging and filling holes to increase GDP to me.
N-Krause|4 months ago
It more so was a warning that the combination of little reviewed community plugins and a not sandboxed macos binary is a potential risk. And with that sentiment I can also agree.
wosined|4 months ago
phoronixrly|4 months ago
nrvn|4 months ago
Macos:
- does not have a granular permissions model as far as I know;
- deprecated sandbox-exec that allowed to achieve the above;
- macos appstore is a very strange phenomenon, I would not put much trust in it by default.
Obsidian:
- has a system of community plugins and themes which is dangerous and has been discussed multiple times[0]. But the problem of managing community plugins is not unique to them. Malicious npm packages, go modules and rust crates (and you name it) anyone?.. you are on your own here mostly. And you need to perform your own due diligence of those community supported random bits.
Obsidian could hugely benefit from an independent audit of the closed source base. That would help build trust in the core of their product.
[0]: https://www.emilebangma.com/Writings/Blog/An-open-letter-to-...
wiether|4 months ago
They do a yearly audit: https://obsidian.md/security
joomla199|4 months ago
ugur2nd|4 months ago
On the other hand, I was unaware of the vulnerabilities in the Apple ecosystem. Or rather, I didn't think there would be. The article raised my awareness.
eviks|4 months ago
gxonatano|4 months ago
Andaith|4 months ago
So far I have uninstalled all themes & plugins except the kanban board - I'm working on it. I'll use core obsidian and that's all.
unknown|4 months ago
[deleted]
unknown|4 months ago
[deleted]
chews|4 months ago
thomascountz|4 months ago
colesantiago|4 months ago
That way the author can still keep the source closed and those who want code can pay for it.
I very rarely see OSS being monetized successfully without a community fork destroying the original project.
OSS still requires money to maintain the project and sparse donations really don't really cut it.
Robdel12|4 months ago
pcthrowaway|4 months ago
This is of course true of many other apps we run on Mac (though I suspect a non-zero number of common apps have backdoors); Obsidian also runs without sandboxing though, is used by many to record their innermost thoughts, and as the author mentioned, there's also the potential for data to leak via compromised extensions.
Am I missing something, or does the fact that it's signed tell us nothing except that the Obsidian company signed off on it? If so, I'd really like to understand if you had a purpose of sharing this... is there a tacit implication that "surely a company can be trusted"?
eviks|4 months ago
> it isn’t required to use sandboxing
ihorcher|4 months ago
Rohansi|4 months ago
bobertdowney|4 months ago
When I toggle developer mode (Command + Option + i on my mac) I see what appears to be the source code (it’s an Electron app). Maybe it’s not the full source though. And I guess it’s very difficult to read since it’s minified.
gorgabal|4 months ago
I trust the obsidian team, but I don't trust the plugins.
swiftcoder|4 months ago
freefaler|4 months ago
For me this is the least problematic non-open source software:
- non VC funded (like Mattermost enshitification after VC)
- open source formats
- community plugins with source code (it's JS)
deafpolygon|4 months ago
For diagrams, mindmaps, etc... I just use Freeform now -- screen capture or export the board as PDF to paste into my notes. It's deceptively flexible and more powerful than it would appear.
CaRDiaK|4 months ago
msuniverse2026|4 months ago
username135|4 months ago
tonyhart7|4 months ago
ezst|4 months ago
mastazi|4 months ago
duckerduck|4 months ago
[0]: https://logseq.com/
liqilin1567|4 months ago
rubymamis|4 months ago
jiri|4 months ago
eviks|4 months ago
But also - no, they aren't, they use plugin-customized non-standard markdown format, so while the extension is the same, you can't view/edit them with anything just like you can't edit Word xml files with notepad (of course, it's not as extreme as Word xml, unless you're an extreme user of custom plugins)
phoronixrly|4 months ago
worthless-trash|4 months ago