Q: Encryption useless because of gmail's draft autosave feature?

The solution is easy: use gmail in https ! And for the stored on gmail server, I think you can trust them,,, (You have all your mails on they servers)

Disabling auto-save is *probably* possible. We will do some tests soon...

I definitely see your complaint and one of the first things that came to my mind when I noticed that was to write the email out in abiword or openoffice or even, god forbid, ms office word. then copy over to gmail, sign, crypt and send. never leaves your computers ram in unencrypted form that way. I know its not a permanent fix but its a solid temporary work around, and you probably already have those grades in another document anyhow.

Just use something like kmail to send encrypted messages. If you google around, you can setup your mail client to use GMail's SMTP servers easily. Then messages you send still show up in your 'sent mail'.

I use the firefox editus externus extension, because I like to write my stuff on my favorite editor (in my case it's vim). So when I click on the gmail's textbox and press edit my editor pops up and firefox actually gets unresponsive. I write the whole thing in the editor and then close it, so firefox starts to answer again and the text appears on the gmail textbox and I simple select it and click in "crypt and send". That way the autosave is never triggered. If you're concerned that it might happen because you took too long to crypt or whatever, you always have the option of having gpg integrated to your editor, so you crypt it before sending to gmail textbox, that way you use firegpg only to decrypt e-mails.

Try this url : https://mail.google.com/mail/

I'm sorry for piling on, but the fact that drafts aren't encrypted is a huge deal.  This is a gaping hole, and greatly reduces the usefulness of your extension.  When I encrypt mail, I want to know that only me and my recipient can see it.  I don't trust Google any more than any other site.  Their interest is in making money; not necessarily in protecting my privacy.  And since a large part of their business model involves analyzing (reading) people's mail (Gmail), I'm not inclined to trust them very far.

I use Enigmail and Thunderbird currently to send encrypted mail via Gmail.  I've even set my girlfriend and some friends up this way.  They're not very savvy, technologically, and they prefer the Gmail web interface.  Your plugin is almost there!  If you encrypted drafts, you really would have hit on the holy grail.

Disabling drafts would be good.  If that doesn't work, how feasible would it be to encrypt drafts for yourself before they're auto-saved, and decrypt them when they're opened for editing?

Also:

http://lifehacker.com/software/gmail/li … 251923.php

Better gmail can automatically send you to https://mail.google.com and pick up all mailto: links