lol we told you plugins were insecure years ago. I distinctly remember getting flamed in your discord because I said that they had full disk access. Too little too late.
The insecurity is part of the benefit. Obsidian being so open, allowing easy customizing is what makes it great. They should add some more bells, whistles and guards to prevent sneaky social attacks, but they can't close Obsidian all together, or it would kill the app.
What do you propose? Even if they configure node's lowest level file APIs to block any access to paths outside the vault, plugins can still execute arbitrary shell commands who will have access to the entire OS.
And before you say it's useless and should be stopped too, well, that's a fine opinion! But then you lose plugins providing git integration, automated backups, document conversion using pandoc, etc. Many users might value that greatly.
A permission system for their plugins might be the only solution, annoying permission request popups and all.
That's a good point. I think I'd solve this in two steps.
0) scripts and plugins should only be able to operate on the text in the vault. Just like how I expect a snippet of JavaScript running in my browser to only have access to the website and not to my entire disk.
1) Any commands that run outside of this sandbox need to be approved first. Obviously this could get annoying, but there's tricks you could use here to help.
Obviously this is a high level approach and I'm not on their team, so this is basically armchair programming. But since you asked, it's okay. ;)
In 2026, applications, third or even first party, don't need to have full-disk access, and are not given either. They see a jailroot environment. I give full disk access to the terminal app, and a handful of others. 90% of them, nope.
At least that's the case in macOS, I'm pretty sure Windows can do that too. Linux of course has had such capability since forever, but I guess most distros you need to manually take care of it.
This is implemented the wrong way around. Each program should only have access to its own folders by default, with it being possible to grant additional access. Also, I don't believe Endpoint stuff is included in the normal Windows license.
Maybe it isn't built-in, but most Windows user I've worked with, including myself, have been using Sandboxie for probably two decades at this point, probably hard to find any Windows software that is more ubiquitous than Sandboxie in developer circles.
Sandboxie is essentially a giant pile of fragile hacks on top of a Windows API that does not want to be used this way. Does it seem like it works most of the time? Sure. Has it had bypasses? Also yes. I've used it in the past but I don't truly trust it.
Yes you can sandbox Obsidian on the OS. The point they're making is nearly every third party program ships Without sandboxing. There's nothing special about Obsidian here.
This hardening is enabled by default with Gatekeeper. That includes Homebrew apps, unless you disable it.
When an app tries to access something outside of its sandbox, you get a notification asking to approve or deny. Full Disk Access I think needs to be explicitly given on System Settings (Privacy & Security -> Full Disk Access).
That's probably all the hardening the average person needs. BlockBlock because most malware tries to get persistence. Little Snitch or LuLu for fine-grained whitelisting of network requests for any apps that have plugins (e.g. you give Documents permissions to Obsidian, plugins inherit that, but they can't exfiltrate if you only allow requests to trusted domains).
I've never tried to do this or similar in Windows (obviously easy in unix-like environments) but I'm going to bet it's far more trouble than it's worth for 99% of users
On macOS at least those 99% of users are probably installing from the App Store, where apps are sandboxed by default and need to explicitly ask for access to paths outside that sandbox. Even when not installed from the App Store a permission dialogue is popped if an application tries to read from sensitive paths like your photo library.
Does that help in this case though? I think the worry is that a rogue Obsidian plugin does bad stuff with your Obsidian vault, not just do stuff to the rest of the computer. But that vault/those notes live in the same sandbox as the (rogue) 3rd party plugin, which doesn't help with that, they really need to be isolated away from the notes themselves.
Anything that reduces the blast radius helps. There should still be a focus on further hardening. Most value comes from exploits that enable pivots. Attackers will focus on other vectors that enable broader pivots because immediate high value notes only exist for a limited set of users.
Lol it's a social engineering attack. What are you talking about. Don't run programs you don't trust, especially when being asked to do so by strangers on the line.