Why isn’t Obsidian Open Source?

Editors note: This article was originally published in July of 2022. It has since been updated and expanded.

Many people have expressed concerns on the closed source development of the Obsidian application. Obsidian is a wonderful application used by people all over the world, and the concern is understandable. Why isn’t Obsidian open source?

Why Do We Care?

One of the core ideas behind Obsidian is the open format of the application. Obsidian uses markdown both in the app and behind the scenes, which means that you’re never tied to the app itself: you could open your Obsidian Vault in any application that supports plain text or markdown. Obsidian adds lots of bells and whistles on top of that format, but in theory you could open your vault in any text editor.

The open format of Obsidian is very important to them. The CEO of Obsidian, known as Kepano, says this:

File over app is a philosophy: if you want to create digital artifacts that last, they must be files you can control, in formats that are easy to retrieve and read. Use tools that give you this freedom.

File over app is an appeal to tool makers: accept that all software is ephemeral, and give people ownership over their data.

In the fullness of time, the files you create are more important than the tools you use to create them. Apps are ephemeral, but your files have a chance to last.

Kepano on X

That’s important, because applications die all the time. For example, the Atom text editor recently was retired, after it was purchased by Microsoft.

But Atom is an Open Source text editor, which means technically the community could carry on the development on their own. And downloads will continue to be available as long as Github is around. It gives people a sense of control that is lacking in close-sourced applications, and I think that’s why there’s concern surrounding this aspect of Obsidian.

What Does Obsidian Say About It?

One of the co-founders of Obsidian, Erica Xu (referred to as Silver), has specifically addressed these concerns. Her overall points were these:

  1. Open source doesn’t guarantee safety without specific (and expensive) third party audits.
  2. Open source doesn’t mean faster development. Code review often takes longer than development.
  3. Open source projects don’t last forever.
  4. Open source requires a lot of extra effort, and the developers would rather put that effort into the app itself.

In essence, the developers aren’t interested in maintaining an open source repository. They’d rather focus on making the app as good as possible.

They have a point: I’ve maintained a few open source repositories myself, and it does take a lot of time. Many organizations have dedicated developers whose only job is take care of pull requests and process issues.

They also want to be able to support their families by making money through the Obsidian application, which could be more difficult in an open source environment.

What About Security?

The Obsidian team is correct that open-source doesn’t ensure secure software. Sure, there are more eyes on the source code, so security vulnerabilities might be caught faster. But hackers can also see the source code, so they can look for exploits more easily.

Both open and closed source software is inherently insecure, unless a lot of time is invested to make sure that it is secure.

One way to do that is to get a third party security audit, and as of 2024 Obsidian has completed one such audit (and fixed four minor issues that this audit surfaced). This is a big deal, and I’m not aware of any other note-taking app that has completed such an audit. If you want to learn more about how Obsidian protects your data, see their security page.

What About Privacy?

Obsidian has a very strong privacy policy. They state that they don’t collect any personal information unless you specifically give it to them (such as creating an account on their website or forum). The app itself doesn’t track you, and all information is stored locally on your machine.

There are specific instances where the app will connect to the internet, such as if you are installing a new theme or community plugin. But for the most part, if you’re really concerned about the privacy of your notes, you can use Obsidian without an internet connection.

There are also other ways to install themes and plugins, so the app is 100% feature complete without a connection to the internet.

Are There Open Source Alternatives to Obsidian?

There are many similar applications in the Open Source realm. So if you are concerned about the closed-source nature of Obsidian, there are other options. For example:

  • Logseq. Big community, open source. But not many plugins.
  • Zettlr. Small but active community. Good feature set, but no plugins, and not a very pretty app.
  • Foam. Very much still in beta, and based on VS Code. It’s open source, but you also have to trust VS Code in this case, which is only partially open source (and made by Microsoft).

These are some of the best options I’ve found, but they have some major downsides. The communities are much smaller, and they don’t have the same set of robust plugins that Obsidian has. They look great for simple use-cases, but they aren’t as polished or robust as Obsidian. (and potentially not as secure, since they haven’t received third-party audits)

The lack of plugins is a big deal, because plugins are one of Obsidian’s strongest features. If you haven’t tried community plugins yet, you can learn more here. (or see Super Powers for Obsidian)

These apps all use Markdown behind the scenes though, so if you wanted to switch, you could do so at any time with minimal effort. Obsidian is no Evernote: it is built on an open format, and it doesn’t lock you into their tool. You can switch away at any time with little fuss or mess.

Personally, I think as long as the Obsidian team continues to act transparently and in good faith, I choose to trust them. However, if they ever break my trust, I will be the first to search for and use alternatives.

7 responses to “Why isn’t Obsidian Open Source?”

  1. I respectfully reject Silver’s view on open source. Here are my counter arguments

    Open source doesn’t guarantee safety without specific (and expensive) third party audits.

    The audit as carried out by the community. If you require 3rd party audits, it’s probably not open source. Take Telegram’s server for example.

    Open source doesn’t mean faster development. Code review often takes longer than development.

    This only stands if you don’t have funding and not a lot of interest. Neovim is developing at a break neck speed. Emacs is tightly controlled at its core and still moves at a decent pace. VSCode is fully open yet corporate backed and moves very fast.

    Open source projects don’t last forever.

    Laughs in Debian

    Open source requires a lot of extra effort, and the developers would rather put that effort into the app itself.

    No, development requires a lot of effort and whether your team is 5 dedicated maintainers or 5 cherry-picked employees doesn’t matter. You still have to invest in them

    1. Fair enough Trev! I agree that open-source is often better for projects like this, and I think Obsidian would be even better if it was open source. But, it isn’t a deal breaker for me. I don’t think they have nefarious intentions, they just have a different set of values when it comes to software development, and I’m glad that it seems to be working for them.

  2. […] thanks to a comment from reader Gina I tried Obsidian, a closed-source Electron app. I like it! The UI is very nice, I particularly like the default Markdown editing mode […]

  3. super stupid argument

    Open source requires a lot of extra effort, and the developers would rather put that effort into the app itself.

    1. Not necessarily. I don’t know if you’ve ever maintained an open source repository. I have, and it requires a lot of “busy work” that often isn’t as fun or fulfilling to a person who likes to code.

      It could still be an excuse, because typically you can outsource the open source busy work easily enough, but it’s certainly not a stupid argument to someone who has been in their shoes.

  4. What is the excuse for not accepting any PRs from people but still keeping the code public? They can still not deal with making it actually open-source but rather only keep the code public

    1. I think you might be confused: they don’t accept PRs for the Obsidian app itself, only for open source components of the app (documentation, plugins, themes, etc). The code for the app is only available to Obsidian employees, not to the public.

Leave a Reply

Your email address will not be published. Required fields are marked *