For those that didn't read the article Obsidian Entertainment (the video game company) has AI support that hallucinates and tells you to email Obsidian (the note-taking company) instead.
> Unfortunately for the Obsidian team the main result of this blog post has been to draw people’s attention to some long standing concerns about their plugin system.
As someone on the Obsidian team I don't consider that unfortunate at all. On the contrary, I feel incredibly lucky that anyone cares! Obsidian has followed complaint-driven development from the start [1]. I'd be more worried if people stop complaining.
There will always be some set of things that bubbles up to the top of the community's priority list. The plugin ecosystem has bubbled up to the top of the list, so you can expect to see improvements. The solutions we have in mind are sourced from the many smart people in the community who are also invested in this challenge.
Of course the bottleneck is that Obsidian only had two developers, now four. So there are only so many things that can be improved every year.
It's fun to go back through shipped items on the Obsidian roadmap [2] to see a reflection of what the community was complaining about at the time. Obsidian has come a long way.
I also think it's good that people are becoming educated about the tradeoffs between safety and freedom. Obsidian is incredibly malleable and powerful, but that comes at a cost. It's tricky to make a chainsaw that cuts trees but not arms.
What this blog post highlights is that the landscape has radically changed since 2020 when Obsidian launched. It's now viable to use Obsidian without plugins, and if you want to add functionality yourself, it's become trivial to add a feature using LLMs, and have the code completely in your control.
When I visited the National Museum of Korea in Seoul, one of my favorite parts was exploring the exhibit dedicated to the backing up state data — via calligraphy, letterpress, and stone carving.
> "The Veritable Records of the Joseon Dynasty, sometimes called sillok (실록) for short, are state-compiled and published records, documenting the reigns of the kings of the Joseon dynasty in Korea. Kept from 1392 to 1865, they comprise 1,893 volumes and are thought to be the longest continual documentation of a single dynasty in the world."
> "Beginning in 1445, they began creating three additional copies of the records, which they distributed at various locations around Korea for safekeeping."
After the Japanese and Qing invasions of Japan, King Hyeonjong (1659–1675) started a project to collect calligraphy works written by preceding Joseon kings and carve them into stone.
It's somewhat surprising that these values didn't continue to persist in the Korean government.
Yes, on desktop, Obsidian plugins can access files on your system, unless you run it in a container. On iOS, iPadOS, and Android the app is sandboxed so plugins are more constrained.
This is not unique to Obsidian. VS Code (and Cursor) work the same way despite Microsoft being a multi-trillion dollar company. This is why Obsidian ships in restricted mode and there's a full-screen warning before you turn on community plugins.
VS Code and Obsidian have similar tradeoffs, both being powerful file-based tools on the Electron stack. This fear about plugins was raised on the Obsidian forums in 2020 when Obsidian was still new, and Licat explained[1] why it’s not possible to effectively sandbox plugins without making them useless.
So... what do you do?
The drastic option is to simply not use community plugins. You don't have to leave restricted mode. For businesses there are several ways to block network access and community plugins[2]. And we're currently planning to add more IT controls via a policy.json file[3].
The option of using Obsidian without plugins is more viable in 2025 than it was in 2020, as the app has become more full-featured. And we're now regularly doing third-party security audits[4].
But realistically, most people want to run community plugins, and don't have the technical skills to run Obsidian in a container, nor the ability and time to review the code for every plugin update.
So the solution that appeals to us most is similar to the "Marketplace protections"[5] that Microsoft gradually implemented for VS Code. For example, implementing a trusted developer program, and automated scanning of each new plugin update. We plan to significantly revamp the community directory over the coming year and this is part of it.
Note that Obsidian is a team of 7 people. We're 100% user-supported[6] and competing with massive companies like Microsoft, Apple, Google, etc. Security audits are not cheap. Building an entire infrastructure like the one I described above is not easy. We're committing to doing it, but it wouldn't be possible without our supporters.
