Thanks for the response. Yes I had seen some prior similar responses, but I still think some help for users to understand the risks could usefully be included in the Help - rather than leaving the information buried in a long thread like this.
Have any of the YouTube channels covering Obsidian made any videos related to security that might help me investigate further?
I do understand there are technical limitations, and that Obsidian has chosen a certain development path, but as you know online fraud, malware and data theft is a very real issue of concern to many people.
Okay, thanks. I imagine you’re referring to this from your link (which I’ve seen already, along with the ‘safety’ tab):
Due to technical reasons with our platform, we’re unable to restrict plugins to a specific permission or access level. Since we offer Obsidian for free, currently we’re unable to manually review each plugin.
The good news is that Obsidian has an amazing and passionate community, so we rely on community trust to ensure security of community plugins.
I came to Obsidian, and this forum, for that amazing community. But I respectfully, and politely, disagree that trust is the solution to security.
Please understand, that I get that the app is free. I hope you also understand that not everyone who is using Obsidian is here just because it’s free. Personally I came because I’d heard about that amazing community, from SweetSetup and others, and thought it was a neat solution. My disappointment in the security gaps is therefore coming from a place of loving the Obsidian concept, not a place of trying to be difficult.
Since you were claiming that there is a lack of transparency about plugin risks in the app/docs, I was just trying to what exactly are you referring to and what more should we add. What is buried in this thread that is not covered at high level in the app/docs?
Could I ask if I’m understanding this correctly, specifically how turning off Safe Mode works? I searched but didn’t find the answer.
Turning off Safe Mode, I presume, doesn’t automatically turn on all community plugins? Is the process similar to Core Plugins, where one can turn on/off plugins? So, if I turn off Safe Mode, I now get access to (a list of) community plugins. I can then choose to turn on a specific plugin? So I’m accepting the risk of that one plugin, not all plugins?
Yes. Mostly.
Turning off safe mode gives you access, and you can download the individual plugins you choose.
There’s a further switch where you can turn individual plugins on or off.
FWIW, since the warning about plugins is general, I understood this as signaling that just turning off Safe Mode would open a kind of Pandora’s box. Would it be useful to rephrase, or add a phrase like (additions in italics):
Turning off Safe Mode allows you to download and turn on/off plugins created by community members.
Community plugins can access files on your computer, connect the internet, and even install additional programs. They can also be faulty and cause data corruption or data loss. [? Possibly add: See [link] for guides on how to evaluate the safety of third-party plugins.]
Would you like to disable Safe Mode to allow access to these third-party plugs? Before downloading and activating any third-party plugin, make sure you have set up backups of your vault in case plugs malfunction and wipe your notes.
(My ex-technical writer hat is rusty…still thinking (if it’s helpful).)
Mozilla has a nice article (on evaluating the safety of Firefox extensions) that could be a useful model for addressing this question of Obsidian plugins safety. The link could be offered as a general of guide for how to think about evaluating third-party plugins or extensions. (Obviously, Mozilla has a lot more resources for vetting extension safety.)
One option to keep in mind is that plugins and settings are loaded on a per-vault basis. If some vaults are more sensitive than others, it may be reasonable to run some vaults with safe mode on, and others with it off.
Here’s my suggestion:
We could maybe limit the community plugins to plugins which have had some audit from the devs, and before updates are pushed, they are again audited. These plugins can be installed without turning safe mode off. From a risk perspective, these plugins would sit somewhere between Obsidian’s own plugins and how plugins are done currently.
And then the usuer has the ability to just add plugins outside the community plugins page by disabling safe mode. From a risk perspective, they would be exactly like current plugins.
As some devs in this thread have mentioned, sandboxing the plugins would be infeasable, so we might as well not try for now.
Additionally, I want to say that I dislike OP’s 2nd suggestion. I use obsidian because if there’s a functionality that’s missing in Obsidian and existing plugins, I have the ability to make a plugin that does what I want.
I’ll just quote what WhiteNoise already said well, and has been said in other ways multiple times in this thread:
And from the help files:
Due to technical reasons with our platform, we’re unable to restrict plugins to a specific permission or access level. Since we offer Obsidian for free, currently we’re unable to manually review each plugin.
As far as I can tell, your suggestion is essentially, “yeah but some of them?” And (according to this thread, not according to me) the short answer is: No.
Thanks for the reply.
This is going to sound embarasing, but I kinda only skimmed Licat’s responses to Den (which do adress my suggestion) because I assumed they were all responses on why sandboxing wasn’t feasible.
Have you changed your mind about using community plug in? I’m also a new user, it seems that plugins have a lot to offer but I cannot risk my sensitive data. What were your solutions?
This discussion thread is quite informative and philosophical at times. I have a purely technical question: if I download a plugin but not enable it, is there any harm if the plugin has a (honest) security hole?
So I have about a dozen plugins that I might potentially use, but would like to enable them only when needed. Would the need-based-enabling minimize any security risk? In other words, is there any difference between “disabled” and “uninstalled”, or between “all plugins disabled” and “safe mode”?
So I have about a dozen plugins that I might potentially use, but would like to enable them only when needed
I’ve downloaded tons of plugins for the same reason. What I really need is a way to “favorite” plugins instead so that I stop downloading plugins that take up space and take time to update even when I’m not yet ready to use them.
This question of disabling vs. removing plugins remains unanswered. Most security experts recommend completely removing unused extensions/apps, but in doing so all the customized settings are lost.
Perhaps the developers could explain exactly what disabling means, and let the users decide the best course of action?
I think it’s a pretty safe guess that there are no security risks if the plugin isn’t enabled, just from my own technical experience and what I’ve seen so far about how Obsidian plugins can be manually installed in the .obsidian/plugins by just doing a git clone there. So I wouldn’t worry about it.
If you want to be more safe, then maybe you could go into the .obsidian folder, create a new folder called .obsidian/plugins-disabled and move that particular plugin’s folder into it from the .obsidian/plugins
