The pop-ups and "social engineering" in question are things that any users in HN likely already accepted, which is to enable community plugins.
These community plugins are the backbone of Obsidian and where a lot of the meat is behind its fame come from.
replyThere's no protections beyond that, community plugins can do whatever they want. Thankfully, the vast majority of them are open-source.
As someone who doesn't use shared vaults - would the warning popup, 'to enable the "Installed community plugins" synchronization feature', not be on a per shared vault basis? Is trusting a single shared vault for plugin sync going to mean I sync my plugins for every shared vault?
replyIMO that's an issue in and of itself, but it doesn't read that way in the (very unclear) original article.
This. Make it like a vim mode, input “I know what I’m doing” or even require some basic fizz buzz.
reply