Questions about Security and Sync feature

Hi ,

So i’ve recently tried Obsidian and went for the Obsidian Sync feature, but i don’t seem to fully understand how it works.

Lets say I have a vault created on my PC, and i want to be able to access it on my phone, so i activate sync and end-to-end ecryption. I can now use it on both devices, but if one of the two devices get his obsidian storage folder deleted by accident, I lose all my data instantly and i don’t understand why it is so unsafe.
Futhermore, it does not appear to be very secure since anyone with access to the device (say my laptop gets stolen) can look into the obsidian storage file on the device and read it easily.

My question here is why not create an app with an id and password and make it the only way to access data ? And also why not store all the data into obsidian servers so that everytime you disconnect from the app or accidentally delete all files on the device, you can still access it and recover like you would with emails on Gmail app ?

My questions may seem dumb but i’m really interested into this program and i want to be sure that I understand everything before seriously using it.

Thanks if anyone can help.

You are describing a very different design philosophy than Obsidian follows. There are many other apps that store data this way. Obsidian stores data as local-first Markdown.

I see Cawlin is typing too, so he will likely have great advice about sync vs. backup. They are not the same thing, and you should have backups always (not just Obsidian.)

That happens because it’s a sync service — when you make a change, it copies the change to your other devices. If this happens, you should be able to recover your files in Settings > Sync > Deleted files. But also, because your notes are just text files, you should be able to recover from your device’s general file backups. Since you’re asking this question I’m guessing you don’t backup. Not backing up is asking for trouble, so here are some links to get you started:

The answer to this is full-disk encryption. Your phone or tablet most likely has it enabled by default. If it’s not enabled on your laptop, your operating system probably has a way to do it (tho it may be awkward to enable if you already have stuff stored on the device — make sure your backups are up to date first).

Someone who has both your device and your login password can of course get around that, but in that case you have bigger problems.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.