[lmgftp]

Just curious, but how can we be sure that GMail doesn't continue to do voodoo like uploading a copy of draft without complete transparency?

i.e. will this also disable any scripts that would send data to GMail while drafting is in progress, because if not I could see that as a potential hole for a future breach. Something like "while typing a draft, block all upward data triggered by this page" seems appropriate, rather than targeted draft-saving

[anemitz]

Yeah, was thinking the same. At the end of the day any type of client-side javascript encryption is insecure since you'd need to prove the browser + runtime + js + algo are all kosher.

It's also sort of ironic that this extension is trying to protect your privacy against the same company making both the browser and the email service:)

[OmarIsmail]

We do a combination. We add a marker to the secure compose body (only compatible with new Gmail compose) and intercept the draft savings to prevent the drafts of the secure compose from going through to Gmail's servers.

You'll see that in the secured compose when it tries to save a draft it says "Draft saving..." "Save failed".

And un-secure composes and replies don't get blocked.