Some additional information: as of v0.7.4, you can disable auto-updater, and the app will not make any network connections at all, unless you embed remote images or other resources. Anyone can monitor that and submit a bug report if that’s not the case.
We will have privacy statement soon, basically saying that we do not collect any personal information when you use the app. We do have your email if you choose to sign up for an account and sign in to the app, but even in that case Obsidian still doesn’t make any network connections if you disable the auto-updater.
We have a few opinions about open source that we hope people who ask for open source can consider:
-
Open source does not necessarily guarantee safety. A specialized team can do a security audit, which costs anywhere between 5-20k dollars, and that’s the closest thing you can get to safety. Even then, it’s not an absolute guarantee of safety; your best bet is to keep all the data in your head if you want zero risk of others seeing your data.
-
Open source does not necessarily mean faster improvement. Code is not just text that can be easily understood and manipulated; one needs to understand the code architecture and design to make good fixes and improvements. Honestly in some cases, doing a good code review will take us more time than actually fixing it ourselves. On top of that, the code base of large projects like VSCode is almost incomprehensible to anyone other than the core contributors.
-
Open source projects do not necessarily last forever. It’s not hard to see all those abandoned projects looking for maintainers. Think about incentive alignment: after building a sustainable business, it’s obviously in our best interest to keep Obsidian going, however an open source maintainer may not consider keeping the project alive to be their top priority when other life priorities or other interesting opportunities arise.
-
Doing open source right is a significant effort; it’s not just “putting code on GitHub”. There’s work in documentation, reply to issues, code reviews, help fellow developers get up to speed with the code base, etc. The cost to benefit ratio is very low for our small team of 2, and our plate is already full.
In summary, I think having a privacy statement and a pledge to open up code access if Obsidian discontinues are good ideas, but open sourcing does not make sense given the current circumstances.
Lastly, I’m going to move this to “Obsidian” rather than leave it in “Feature requests”, since I don’t think being open source is a product feature, just like “free commercial license” or “free Obsidian Publish” are not feature requests. More like business model and product direction discussion in my opinion.