It asks me to install a browser extension, which asks for this permission: "It can: Read and change all your data on the websites you visit". Is it normal?
The browser extension is how you we're able to get "go/" links working in your browser without having any kind of network infrastructure. We have other integration options without the extension but its the recommended approach. https://www.golinks.io/support.php#technical
I’ve found manually prefixing links with http:// (http://go/test) is a better alternative to auto-linkification via chrome extension (works in slack app, mobile apps, etc.)
Specifically, it's to resolve any go links that exist in your browser, but we plan to explore the partial permissions options to have the user choose if they want this feature enabled or not. This way you could install the extension and have the golink redirection option without the "reading all data" permission.
and if you think it's bad now, just wait until the company goes under and sells the extension to someone else. next week on: "When good extensions go bad"
The extension will read the text on screen to determine if there are any golinks so that it can change it to a click-through link. We know this may sound scary but rest assure that we do not have any ability to see or save any content. Your privacy is our top concern.
Because extensions automatically update, I believe you do have the ability to do that. It would mean changing the extension and releasing an update. I don't think that you would do that, but it's technically possible.
If you load a page with your SSN, the full page will probably be parsed by the extension in search of a "GoLink". Honestly, that's pretty unavoidable. The parser most likely needs to read every byte on the page to see if its part of a GoLink, and that includes the segment of bytes that includes your SSN.
Any ad-blocker or otherwise page-modifying Chrome Extension requires the same permissions and likely does the same thing.
Provided the GoLinks extension isn't phoning home with the full contents of the pages its parsing, and immediately discards non-GoLink related data, this shouldn't be a problem.
It would be nice if the GoLinks team could clarify exactly what data is sent back to their servers by the Chrome Extension.
Chrome Extensions can also be inspected and their network traffic can be sniffed quite easily, so independent auditing is possible as well.
If someone broke into their account somehow and published a version to the Chrome Web Store, they could do that.
I suggest adding an alert anytime a new version of the extension is published, or if you already get an email from Chrome Web Store each time a new extension is published or the email addresses of the Chrome Web Store account are changed (npm does this I believe), to make sure it gets sent to an inbox that's actively monitored.
Absolutely nothing on that page is sent to us. The only thing sent to our servers from the extension is when you create a golink using the extension. Your content is completely private to you.
wow - nice catch - uninstalled! i really like the idea of the product and i used it for a few minutes, it works great but I do not feel comfortable with those permissions.
Stay tuned, we're working on creating a more granular permissions policy as this is a concern for many users. We can promise you that we don't store or read any information on the sites you visit, but of course it would make users feel more comfortable if they could read it themselves in the permissions when installing.
I'd throw this in the bucket of things browsers could do better. There is no extension API that just lets an extension declaratively rewrite links. The plugin has to ask for a mile to use an inch, because that's what's available.
This is definitely a real concern, and we're actually exploring the Chrome permissions to see if it's possible to redirect your traffic, without requiring the "Read all data" permission, because you're right, that shouldn't be the norm.
The permission would need to ask for "your data on go" rather than "your data on golinks.io". I'm not certain that the "your data on golinks.io" would cover it but I think it would.
IMO this permission is something that Chrome should explore, along with other fine-grained permissions. It might be worth making a bug report to Chromium so you can link it when people ask why you ask for such broad permissions. I think the bug report should probably mention that Google uses go links :)
I don't think this is correct. The extension identifies GoLinks embedded in other websites (like internal knowledge bases or emails, I presume) and converts them to a link to the destination.
Ah, so plain text go/test would be linked? That would need full permissions I guess. What wouldn't is for the markdown [jobs](//go/jobs) - that would only need the ability to intercept links on the `go` host - but that wouldn't be nearly as convenient (I didn't realize it would need double slashes before it until now, that makes it a lot less appealing.)
It would still be possible to create a permission that makes it so the code that edits a page can't make any network requests (the output would need to be HTML sanitized, including links), and I'd like to see that, but it would be more difficult to design, implement, and communicate to users.
If it's found to be grabbing more data than it should, people can report them and the extension can be banned from the Chrome Web Store.
It's not ideal but in order to make utilities that work on every page, these permissions are needed.
The code inside the extension bundle (.crx) would need to contain the potential for abuse, and if it gets popular enough, security researchers will look at it. Even if it's not popular, incentives will be at work, because it would be a foolish risk for a company to ship code that could expose a user's entire browser history into the extension, because at any point someone could take a look at the bundle and find the flaw.
It's all about building trust with the company. We don't store or read any information on the sites you visit, we just redirect URLs that contain "go" as the domain, and provide a link for any "go/" links in your browser. We would never risk compromising that trust.
If you take a look at a company like Grammarly, they've built trust with their users, which is why they can have the "Read and modify all data on all sites" and still have 10 million customers. We plan to build the same trust with our customers.