That last idea, encrypting data before it gets sent out, seems vulnerable to fingerprinting or other leakage. What kind of encryption would give evil.com no information about the plaintext?
Yep, you are right. If the crypto/label API didn't force a
fixed-length blob (which may be hard to do), it would certainly be
leaking some information.
I was thinking more like timing side channels (if you can force the encryption at will and it isn't fixed time).
The possible security models where you can send data but it's encrypted are not very appealing. For a single application it may be fine (lastpass, or chrome syncing with passphrase), but it's really hard to see how that can be a standard api and remain secure.
