Launch HN: GoLinks (YC W19) – Internal short links for teams
We’re Jorge, Kevin and Sean and we’re building GoLinks (https://www.golinks.io).
GoLinks is a platform that allows you to easily manage and share links by letting teams create a short link for any internal URL within a company. These links are easy to remember and share, so you don't have to bookmark or copy and paste them in emails.
Each day we use and share hundreds of links to get our jobs done, without considering how long it takes to access and share these resources. It’s one reason why many of us leave tabs open in our browser: we don’t want to spend the 5 to 10 steps to navigate back to that important page. With GoLinks, you’ll be able to deep-link directly into any application with just a simple keyword entered into your address bar. This allows links to be conversational. For example, one employee can create the keyword “go/review” to point to the annual review page in Workday. Later in a meeting, that employee can mention, “Remember to visit go/review to fill out your annual reviews!” Now anyone in that meeting can remember and access the link “go/review”, without digging through their email or Slack.
Golink systems are commonly used in many big tech companies such as Google, Linkedin, Twitter and Airbnb, built by internal tools engineers in those companies. These systems have become an integral part of the way tech companies share internal links.
When we started our careers in tech, we would often visit each other for lunch at these tech companies and we began to notice the same go/links everywhere. In the hallways, cafes, break rooms, posters. fliers and TVs, there would be these keywords prefixed with “go/” that allowed employees to quickly access information on their devices. The employee could enter a shortened URL like go/food into their mobile browser, or desktop, and could access the lunch menu for that day. An easy and simple concept, but an extremely powerful method for internal communication.
Although these systems are ubiquitous in large tech companies, we noticed there was nothing on the market that catered to startups, midsize, or non-tech companies. Companies usually don’t have the time or the resources to build sophisticated internal tools, so we set out to create GoLinks as a Service.
The challenge was building an internal tool for companies that may not have any internal infrastructure. For example, large tech companies have infrastructure so when you connect to the company Wifi or access the VPN, you can access the internal company network. This allows users to access the “go” domain on the network, which resolves the deep link redirection. For smaller and midsize companies, employees might be 100% remote or working in a coworking space, or maybe the company never got around to setting up an intranet. We had to build a product that did not rely on assuming internal infrastructure.
We were able to replicate the functionality of an internal network, and the simplicity of a short-link redirect system, by creating browser extensions for each of the popular browsers. The extension would proxy the “go” domain to our server and we authenticate and redirect the user to the correct location. Now coworkers can be on any network and any wifi, and as long as they authenticate in their current browser, we can find their company’s internal links.
We are startup-friendly—anyone under 10 users can get started completely free—but our main initial focus is on enterprise clients.
If you’ve ever used our GoLinks or any company's golink system, let us know how it’s changed your daily workflow. Thanks for reading. We appreciate your ideas and feedback!
96 comments
[ 1.6 ms ] story [ 54.4 ms ] threadThe pricing jump from the free to paid tier after you hit 11 users is a bit steep. Like from free to 363 USD at once.
Also, I'd'offer a feature to opt-out of your analytics collection as I don't see a reason why your company should know on how exactly our team members work all day long.
For the analytics, this is a trend I've personally seen in SaaS products lately, where companies can get in-depth analytics on how their team members are working. If you look at Github, Jira, or Google Docs, you can see personal stats for user events. Even Slack is starting to send out the number of private vs public messages sent throughout the week. It's something that definitely needs to be discussed because I can see it being used for good or being used for bad (as in micromanagement). Google Docs is the only one I know of that gives the option to opt out of usage analytics, so that's a great suggestion for a feature.
IMO this permission is something that Chrome should explore, along with other fine-grained permissions. It might be worth making a bug report to Chromium so you can link it when people ask why you ask for such broad permissions. I think the bug report should probably mention that Google uses go links :)
It would still be possible to create a permission that makes it so the code that edits a page can't make any network requests (the output would need to be HTML sanitized, including links), and I'd like to see that, but it would be more difficult to design, implement, and communicate to users.
It's not ideal but in order to make utilities that work on every page, these permissions are needed.
The code inside the extension bundle (.crx) would need to contain the potential for abuse, and if it gets popular enough, security researchers will look at it. Even if it's not popular, incentives will be at work, because it would be a foolish risk for a company to ship code that could expose a user's entire browser history into the extension, because at any point someone could take a look at the bundle and find the flaw.
If you take a look at a company like Grammarly, they've built trust with their users, which is why they can have the "Read and modify all data on all sites" and still have 10 million customers. We plan to build the same trust with our customers.
Any ad-blocker or otherwise page-modifying Chrome Extension requires the same permissions and likely does the same thing.
Provided the GoLinks extension isn't phoning home with the full contents of the pages its parsing, and immediately discards non-GoLink related data, this shouldn't be a problem.
It would be nice if the GoLinks team could clarify exactly what data is sent back to their servers by the Chrome Extension.
Chrome Extensions can also be inspected and their network traffic can be sniffed quite easily, so independent auditing is possible as well.
Based on what we're hearing from the comments, we're planning to roll out a more detailed privacy page to build more confidence with our users.
I suggest adding an alert anytime a new version of the extension is published, or if you already get an email from Chrome Web Store each time a new extension is published or the email addresses of the Chrome Web Store account are changed (npm does this I believe), to make sure it gets sent to an inbox that's actively monitored.
- If the company goes out of business, then our documentation and business logs have a lot of dead, useless links that can't be fixed after the fact. If it's a business critical use case, then you just shot yourself in the foot.
- Related to the above, it's not human-parseable. If you're on a mailing list and you send out a hyperlink, you don't immediately know if it's relevant to you and have to scan the rest of the text for context.
- It's an unnecessary abstraction on top of perfectly good HTTP URIs, that couples an Internet-scale protocol to one particular company and its closed-source parsing logic.
I also don't get how this is product is "sticky" / won't be cut at the first sign of a recession, how much overhead larger companies really have in maintaining such an internal tool (I would think you make something like bit.ly once and keep extending the suffix length by changing one number in a conf file), why smaller companies might need this (I think larger companies just track everything because human analytics at scale might have business value), and how it's different from other solutions on the market.
I think you might be confusing this product with shorteners like bit.ly. The format should actually be more semantic such as `m/roadmap/q2` rather than `bit.ly/Fa2ca`
That being said I agree the long term durability of the business would be a concern (as with any SaaS) for people. But that hasn't stopped the growth of other SaaS cos (and I'm sure there can be workarounds for ensuring usability even if they fold).
[0] https://chrome.google.com/webstore/detail/shortlink/apgeoooc...
The second, our links are actually more human-parsable. go/customer-feedback is much more readable than https://docs.google.com/d/document/ABCDE1234/. You actually wouldn't know if the google doc is relevant without opening it. This might be surprising, but many companies with a similar system actually don't maintain them very well. It works the first time when a tools team builds it, but when those engineers leave the company, new engineers will either try to revive the old system, or rewrite the entire system from scratch to maintain it. We continue to improve the product over time with customer feedback and can provide analytics for the most common links used in the company.
There currently isn't a solution specifically solving these issue on the market today.
Hope this helps!
Self hosted solution can give that responsibility away though.
Unless I'm using the product wrong...
https://github.com/Detry322/redisred
Here’s a hubot plugin for slack:
https://github.com/Detry322/hubot-redisred
We use this extensively at MIT for HackMIT and the MIT Pokerbots competition, and best of all, it’s free.
The deploy to Heroku button should “just work”.
Demo looked ok.
https://github.com/cydrobolt/polr
This solution doesn't require a browser extension with elevated permissions that increases your attack surface.
1. https://go.eligrey.com/zerodrop
URL shortening was created so people could send tweets without using up their character counts on a URL. I'm pretty sure most software companies aren't communicating via Twitter, so I'm not sure the practical application of this anyways.
Good luck.
The idea was that someone is responsible for each link and any 404s would get corrected. Then if the person left active directory would assign the manager.
Hope that’s useful. It was also called go.
* I don't trust most enterprise IT teams to be able to set-up and administer a secure CA with the appropriate critical nameConstraint that limits the CA to signing certificates for `go`.
--------
OP: You should probably mention the TLS problem on https://www.golinks.io/support.php#technical since right now I assume the CNAME approach will only work with HTTP.
Can everyone in the company use the go links but only paid users can create them?
* Have pages listing available links go/hr could take you to the HR homepage, but go/hr/_list would link everything that exists under go/hr like go/hr/holidays or go/hr/stockawards.
* Give users a personal links page with personal and private links. Allow the company to display custom news/content on this in a tasteful way. Internal comms want to get their content to users.
* Let users bookmark links from the _list pages I mentioned.
* If a user links another link shortener, or a page that has a redirect, either - remove those intermediate redirects, or flag it to the admin.
* Add some sort of safe site checking to "protect IT from the risks of public link shortening services." Not sure if you can reuse an online database for this.
* Provide RSS feeds of top links etc to import into the company's portal.
* Resolve page titles correctly. If someone pastes the link into a tool that looks up the go link for a preview, ensure you return useful metadata. This is a common problem now because companies have some stuff on-prem (their documents and tools) but are using a cloud chat tool. If you can work out a way to know that particular tools are scraping your link then you might be able to give a better experience.
For the 4th point about someone using another link redirect, that's an interesting use case. Should we change the link to the underlying link, removing the intermediate links, or treat it as its own links? I can see a user doing this to try and create their own analytics, or maybe they found it easier to copy an already shortened link. That's a great suggestion, and we'll look into that use case.
1. [solved] How does it work? I couldn't get it from the website: 'go/' is not a real DNS-resolved domain but some host alias?!
2. [solved] If 1 is true, how do you want to target smaller to medium sized companies which just have G-Suite, Slack but no real intranet/private net where you could create this host alias easily for the entire staff? Guess I got it wrong, so I am happy about a technical explanation/architecture.
3. How is the business model's defensibility? What's hindering me to set up the same with some open source repo, write a Chrome extension, add a nice landing page and hire a sales force for SaaS enterprise sales?
EDIT: ok now I fully read your post and got my answer for 1 and 2 but how should this work on mobile where you don't have extensions?
For our business model, we’re focusing on making GoLinks integrate with all the great applications that you use everyday. We’re currently available in the Slack marketplace, and Okta, but soon to be in Attlasian’s marketplace, with more integrations in the way. The more integrations we can incorporate, the stronger the business.
Variable links are very useful - links like "go/monitoring/alpha", "go/monitoring/beta" (with a template "go/monitoring/$1 -> $1.example.com"), make it super easy to keep things up to date.