osund in @dfri's IRC channel made a short demonstrational video on how # leaks metadata (URLs are _accessed_ while composing a message even though e2e etc. is enabled and privacy is expected): https://www.youtube.com/watch?v=lNP8PUh7J7c !security
Non-Google link: https://social.umeahackerspace.se/attachment/188763