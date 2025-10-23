Be Careful with Obsidian

2025 Oct 23.

Just a few personal thoughts.

Notes to myself, to people who use and love this app everyday.

This is not an attack or hostility toward Obsidian or the talented engineers who created it.

Obsidian’s source code is closed.

Its macOS app is distributed as a .dmg file without any checksum.

Although Obsidian has an iOS version, it isn’t distributed through the Mac App Store. It’s unclear whether this is a design choice or due to technical or policy constraints. It's a point worth questioning.

Since Obsidian isn’t distributed through the Mac App Store, it isn’t required to use sandboxing,

Combined with the fact that its source code isn’t public,

And that many users rely heavily on Community Plugins (some of my friends have customized their Obsidian setups so much that I barely recognize the app),

And that users often grant Obsidian access to sensitive folders like iCloud Drive, Documents, or Desktop (protected by TCC or not), etc to open Vault.

To me, this represents a very serious risk.

I trust the Obsidian team.

It’s an app built on good philosophy to me.

I’ve used it for quite some time, mainly on iOS, with almost all Core Plugins disabled and never touching any Community Plugins.

Yet I’ve always felt that something wasn’t quite right.

This situation is somewhat similar to VSCode.

But VSCode is open-source, and it benefits from stricter review systems, a larger user base, and much more attention overall.

Even so, extensions still carry enormous potential risk.

I believe Obsidian will gradually become an indispensable part of many people’s work and life.

I like Obsidian’s icon because it gives me the feeling that I’m sharpening a rough stone into the shape I desire, a metaphor for turning collected knowledge into applicable understanding.

But I also hope that the sharp edges and potential risks of this “sharpening tool” receive more attention, so that we don't cut our hands or bleed during that process.

Thanks,

Hữu Phong.