Obsidian is an awesome tool, been using it daily since a few weeks. I wanted to start subscribing to the Sync feature but have a few concerns. Doing end-to-end encryption properly is hard. As Obsidian is not open-source (and I understand the reasons for that) it’s a black box that we have to to trust. A few questions to alleviate my (and potentially many other user’s) concerns - I apologize if some of this has already been discussed.
- How is the end-to-end encryption implemented? What algorithm is used?
- How is the key generated and how is it stored?
- How is it ensured that it never leaves the local device?
- Did you do an independent, external audit by a specialized company and if yes, have you published the report?
Thanks for all your work, I’m looking forward to many years of using Obsidian & Sync.