[seantomburke]

This is definitely a real concern, and we're actually exploring the Chrome permissions to see if it's possible to redirect your traffic, without requiring the "Read all data" permission, because you're right, that shouldn't be the norm.

[benatkin]

The permission would need to ask for "your data on go" rather than "your data on golinks.io". I'm not certain that the "your data on golinks.io" would cover it but I think it would.

IMO this permission is something that Chrome should explore, along with other fine-grained permissions. It might be worth making a bug report to Chromium so you can link it when people ask why you ask for such broad permissions. I think the bug report should probably mention that Google uses go links :)

[pageandrew]

I don't think this is correct. The extension identifies GoLinks embedded in other websites (like internal knowledge bases or emails, I presume) and converts them to a link to the destination.

[benatkin]

Ah, so plain text go/test would be linked? That would need full permissions I guess. What wouldn't is for the markdown [jobs](//go/jobs) - that would only need the ability to intercept links on the `go` host - but that wouldn't be nearly as convenient (I didn't realize it would need double slashes before it until now, that makes it a lot less appealing.)

It would still be possible to create a permission that makes it so the code that edits a page can't make any network requests (the output would need to be HTML sanitized, including links), and I'd like to see that, but it would be more difficult to design, implement, and communicate to users.

[tbodt]

You can also do this in a Chrome extension by overriding the user's proxy settings, which is worse.