Hello everyone! I think Obsidian is the best writing environment currently available, and I am very happy to pay for the Sync plugin. I have a few concerns about privacy and security of the sync encryption though.
If there is no way at all to verify that files in my synced vaults are actually encrypted, then the very idea of encryption loses most of its value. In order for something to be truly private and/or secure it can’t rely on trust only.
SUGGESTION: it would be great to make it possible to “audit” the client encryption (open sourcing the sync plugin, maybe?), so that users don’t have to rely on trust when they store sensitive content. A privacy and security guarantee is the only thing that this great piece of software is missing right now.
I’ve been thinking to buy Obsidian.Sync subscription but I’m also quite a bit not sure how is it going to be encrypted and if I can trust it. I don’t necessary look for open source pieces as I never considered open sourced code as a security proof.
Maybe it is possible to give some highlights on the https://obsidian.md/sync page with some info about how files gets encrypted, how do you know how to decrypt them, where are they stored on your end, how the encryption keys are stored and generated, etc etc.
I’m pretty sure that description wouldn’t be enough as a proof of security for most of the users but for me (and people like me) it would be enough to pay you ~$100 a year.