Add consent mechanism to plugins that send your notes to the cloud

PR-C · March 14, 2023, 12:52pm

Use case or problem

Plugins that send users data to 3rd parties (e.g. GPT-based plugins), do not properly alert users that their data will be leaving the privacy of their computers to be processed at a remote server, likely becoming algorithmic training data. There needs to be a more proper mechanism to ask for users’ consent on sending data out of Obsidian, particularly given that privacy and local first are two of Obsidian design principles.

Proposed solution

Upon submission, ask plugin developers to include a pop-up/UI feature that alerts users of their data leaving to the cloud, along with a brief explanation/link expanding on how that data will be used. Additionally, plugins that interface with 3rd parties, should add this information to their GitHub readme as a disclaimer at the top of the document.

Another option will be to create a plugin template, specific to plugins interfacing with 3rd parties, that automatically integrates these features and requires plugin developers to keep them if they want to submit.

WhiteNoise · March 21, 2023, 8:25pm

We can’t add a “consent mechanism” because we can’t enforce what the user choses to do.

We could create a “standardized pledge” that third party developers take. But understand that this means that the third-party developer promise not to do XYZ, not that we can proactively restrict them not to do XYZ. (you can open a FR for this).

Please continue the discussion here https://forum.obsidian.md/t/security-of-the-plugins/7544

PR-C · March 22, 2023, 10:27pm

I answered you there Security of the plugins - #107 by PR-C