Sync encryption: is there any way to audit it? Privacy and security concerns

Hello everyone! I think Obsidian is the best writing environment currently available, and I am very happy to pay for the Sync plugin. I have a few concerns about privacy and security of the sync encryption though.

If there is no way at all to verify that files in my synced vaults are actually encrypted, then the very idea of encryption loses most of its value. In order for something to be truly private and/or secure it can’t rely on trust only.

SUGGESTION: it would be great to make it possible to “audit” the client encryption (open sourcing the sync plugin, maybe?), so that users don’t have to rely on trust when they store sensitive content. A privacy and security guarantee is the only thing that this great piece of software is missing right now.

What do you think?

2 Likes