trashhalo/obsidian-webhooks

Amazing - just a few questions

jamie9090 opened this issue · 4 comments

This plugin has answered my prayers! Thank you.

Really hope this gets integrated into Obsidian in the long run as a default feature - it's that good.

A couple of quick questions:

  1. Any privacy or security concerns I should be aware of when using this? Can you see the data I am sending through the webhook? Someone also mentioned others potentially being able to find the web hook?

  2. I'm using this to send capture ideas from phone and send to Obsidian. So I may fire upto 100 events a month. Is there any concern with this?

  3. In order for the "sync" to occur, does it rely on the original installation? Or will this work across Obsidian on any device like laptop, tablet or mobile?

Can you see the data I am sending through the webhook?

Data is held as plain text in the datastore until your obsidian client fetches them. Then they are deleted. In the firebase admin interface I can see the contents of the data but no one else can. I could look into encrypting these if it becomes a concern.

Someone also mentioned others potentially being able to find the web hook?

The junk at the end of the webhook url is unique to you. It is generated from a random 24 bytes. The two ways someone could find your key is:

  1. Guessing your unique code. Very unlikely.
  2. Having your webhook url. For instance if you give it to ifttt. They now know your key.

Ive implemented it such that having a users webhook key allows you to add new events but not read existing events. I thought that would help increase the user protections.

I'm using this to send capture ideas from phone and send to Obsidian. So I may fire upto 100 events a month. Is there any concern with this?

Go for it! Im just glad people are getting use out of this.

In order for the "sync" to occur, does it rely on the original installation? Or will this work across Obsidian on any device like laptop, tablet or mobile?

Any device with the plugin installed and configured can sync data from the service to your notebook. For instance I have it on my phone, macbook, gaming pc. Which ever one sees the new data first will process it. Because I pay for the obsidian sync service that new data will be sent to all the other devices immediately.

Awesome. It has been working amazingly for my case! And thanks for taking the time to respond.

For the first question, can you still see the data after it gets wiped, or is it completely gone?

Encryption would be ideal, but I can understand that this is a community project.

For the first question, can you still see the data after it gets wiped, or is it completely gone?

I cannot see deleted data.

Encryption would be ideal, but I can understand that this is a community project.

I was looking at this a little bit on my phone in a uber :) . I think I could support encryption where I would store the part of the key that lets me encrypt data only. Give you the part of the key that lets you decrypt it.

You would have to paste the decryption key into your obsidian settings. But that would make it so I could not see in the database your data. It would also mean if you lost your secret decryption key that there wouldnt be a way to recover the data in the database.

What do you think?

That sounds amazing with me!

Does everything else work the same?

From my end, I'm basically shooting through Todoist tasks (I use them more as "ideas") through Integromat (Make) that gets sent to Obsidian Webhooks to add to a doc.