Honestly, This is good to prevent malware but I imagine this breaks a bunch of things if for eg. If the link has a limited visit count. The link will "expire" before the recipient gets a chance to view it.
To be fair, an HTTP GET request should never modify the state of the system - hitting a link should not change anything.
If you need to expire links then make the initial link display a form with a submit button (which does a POST) to reveal the content (and expire the link). Legitimate crawlers don’t submit forms so it should be safe.
No, both your logic and premise are incorrect. To give just one example, rate-limiting is clearly widespread stateful practice applied to GET requests, and it doesn't cause web crawlers to wreak havoc on anything.
I have absolutely no problems with the don't. I don't think any central body should be responsible for policing my private conversations and it just seems like a convenient excuse for these companies to perpetuate the surveillance.
This is certainly how I feel, but "damned if you do and damned if you don't" doesn't imply that the level of damnedness is equal. The balance between fettering "malicious" speech/activity and preserving privacy seems to be strongly tilting in the mainstream towards the former recently; "tech platforms have a responsibility to heavily police the content on their systems" is apparently a lot more resonant with most people than "tech platforms should preserve the privacy of their users".