Why I Built a PGP Encryption Layer for Gmail (And Open-Sourced the Chrome Extension)

Why I Built a PGP Encryption Layer for Gmail (And Open-Sourced the Chrome Extension) I sent a contract over Gmail last year. Nothing fancy — just a freelance agreement with a client's banking details for direct deposit. Hit send, moved on with my day. Three weeks later, that client got a phishing email referencing exact dollar amounts from our agreement. Someone had scraped it. Maybe from a compromised inbox, maybe from a server breach, maybe from something else entirely. The point is: the email sat on Google's servers in plaintext the entire time. That's the moment I stopped assuming Gmail "encryption" meant what I thought it meant. What Gmail Actually Encrypts (And What It Doesn't) Here's the thing most developers don't realize until they dig into it. Gmail uses TLS — Transport Layer Security. Your email is encrypted while it's moving between servers. The little padlock icon in your browser? That's TLS doing its job. But once your email lands on Google's servers, it's stored in a for