Has obsidian ever had an independent security audit?
If not, then are there plans to do this in the future on a regular basis?
edit: btw I pay for sync and love the app. Just want to be able to trust the company. Any company can use security and privacy buzzwords, but it doesn’t mean the actual code and servers implementations are secure. I’m sure there are plenty of security of conscious users who want to use the sync service, but need something more than security buzzwords and “just trust us, bro/sis”
I don’t know how costly such things are but hopefully obsidian becomes successful enough to be able to do things like this.
I don’t think they should make security claims about the sync and publish services if the claims can’t be backed up by something more substantial than their “word”.
Honestly I just pay for sync now to support them, because Obsidian is hands down my favorite app , but I use my own file syncing solutions. I’d love to use obsidians as it would be much more convenient.
No, it’s not opposed at all. There are just no plans as of now.
I don’t think Obsidian makes more “security claims” than any other software.
This is I guess an issue of trust on said claims. Some people don’t trust if they don’t see the code. Some people don’t trust if they can’t compile their own binaries. Some people don’t trust if there isn’t a security audit and so on.
I answered your question straightforwardly so you can make your decision.