Hacker News new | past | comments | ask | show | jobs | submit login
Launch HN: GoLinks (YC W19) – Internal short links for teams
88 points by jazamora on Mar 8, 2019 | hide | past | web | favorite | 93 comments
Hello HN!

We’re Jorge, Kevin and Sean and we’re building GoLinks (https://www.golinks.io).

GoLinks is a platform that allows you to easily manage and share links by letting teams create a short link for any internal URL within a company. These links are easy to remember and share, so you don't have to bookmark or copy and paste them in emails.

Each day we use and share hundreds of links to get our jobs done, without considering how long it takes to access and share these resources. It’s one reason why many of us leave tabs open in our browser: we don’t want to spend the 5 to 10 steps to navigate back to that important page. With GoLinks, you’ll be able to deep-link directly into any application with just a simple keyword entered into your address bar. This allows links to be conversational. For example, one employee can create the keyword “go/review” to point to the annual review page in Workday. Later in a meeting, that employee can mention, “Remember to visit go/review to fill out your annual reviews!” Now anyone in that meeting can remember and access the link “go/review”, without digging through their email or Slack.

Golink systems are commonly used in many big tech companies such as Google, Linkedin, Twitter and Airbnb, built by internal tools engineers in those companies. These systems have become an integral part of the way tech companies share internal links.

When we started our careers in tech, we would often visit each other for lunch at these tech companies and we began to notice the same go/links everywhere. In the hallways, cafes, break rooms, posters. fliers and TVs, there would be these keywords prefixed with “go/” that allowed employees to quickly access information on their devices. The employee could enter a shortened URL like go/food into their mobile browser, or desktop, and could access the lunch menu for that day. An easy and simple concept, but an extremely powerful method for internal communication.

Although these systems are ubiquitous in large tech companies, we noticed there was nothing on the market that catered to startups, midsize, or non-tech companies. Companies usually don’t have the time or the resources to build sophisticated internal tools, so we set out to create GoLinks as a Service.

The challenge was building an internal tool for companies that may not have any internal infrastructure. For example, large tech companies have infrastructure so when you connect to the company Wifi or access the VPN, you can access the internal company network. This allows users to access the “go” domain on the network, which resolves the deep link redirection. For smaller and midsize companies, employees might be 100% remote or working in a coworking space, or maybe the company never got around to setting up an intranet. We had to build a product that did not rely on assuming internal infrastructure.

We were able to replicate the functionality of an internal network, and the simplicity of a short-link redirect system, by creating browser extensions for each of the popular browsers. The extension would proxy the “go” domain to our server and we authenticate and redirect the user to the correct location. Now coworkers can be on any network and any wifi, and as long as they authenticate in their current browser, we can find their company’s internal links.

We are startup-friendly—anyone under 10 users can get started completely free—but our main initial focus is on enterprise clients.

If you’ve ever used our GoLinks or any company's golink system, let us know how it’s changed your daily workflow. Thanks for reading. We appreciate your ideas and feedback!

I think our company has a policy against using shortened URLs, namely because:

- If the company goes out of business, then our documentation and business logs have a lot of dead, useless links that can't be fixed after the fact. If it's a business critical use case, then you just shot yourself in the foot.

- Related to the above, it's not human-parseable. If you're on a mailing list and you send out a hyperlink, you don't immediately know if it's relevant to you and have to scan the rest of the text for context.

- It's an unnecessary abstraction on top of perfectly good HTTP URIs, that couples an Internet-scale protocol to one particular company and its closed-source parsing logic.

I also don't get how this is product is "sticky" / won't be cut at the first sign of a recession, how much overhead larger companies really have in maintaining such an internal tool (I would think you make something like bit.ly once and keep extending the suffix length by changing one number in a conf file), why smaller companies might need this (I think larger companies just track everything because human analytics at scale might have business value), and how it's different from other solutions on the market.

To address the first concern, anyone in the company can modify any link, so they will never go stale. We do this to solve that exact problem where documentation may contain dead links. With GoLinks your links will always be up to date as long as people are using them. Your company is the owner of the links, not an individual.

The second, our links are actually more human-parsable. go/customer-feedback is much more readable than https://docs.google.com/d/document/ABCDE1234/. You actually wouldn't know if the google doc is relevant without opening it. This might be surprising, but many companies with a similar system actually don't maintain them very well. It works the first time when a tools team builds it, but when those engineers leave the company, new engineers will either try to revive the old system, or rewrite the entire system from scratch to maintain it. We continue to improve the product over time with customer feedback and can provide analytics for the most common links used in the company.

There currently isn't a solution specifically solving these issue on the market today.

Hope this helps!

My understanding of the first concern was that users are in trouble if GoLinks shuts down or has an outage. Do you have any mitigation plan for such cases?

Yep, It’s in our terms of service, in the unlikely case something happens to GoLinks, we will provide you with all your links. But we plan on being around for a long time.

Grandparent asked about outage. Not about going out of business.

Outages are definitely a risk every company encounters. Whether it's a third-party hosted solution or an internal solution, unfortunately, servers do go down. We run all our services on AWS which provides an uptime SLA of at least 99.99%, so uptime shouldn't be a problem, but we do recognize the concern.

Services can also go down when the infrastructure is up too.

Self hosted solution can give that responsibility away though.

Your product is a really smart idea. I wonder if adding an on premise solution would help sales with larger orgs. Sort of like what GitHub did with GitHub Enterprise.

(Not creator, but have a similar chrome extension for personal use [0])

I think you might be confusing this product with shorteners like bit.ly. The format should actually be more semantic such as `m/roadmap/q2` rather than `bit.ly/Fa2ca`

That being said I agree the long term durability of the business would be a concern (as with any SaaS) for people. But that hasn't stopped the growth of other SaaS cos (and I'm sure there can be workarounds for ensuring usability even if they fold).

[0] https://chrome.google.com/webstore/detail/shortlink/apgeoooc...

Ah, gotcha. I was thinking of the latter, haven't seen the former. I still think it's an induced, unnecessary dependency and I'm not sure I myself would trust something like this. But best of luck to the creators, I hope their customers will find it useful enough to renew/expand :)

Bitly supports custom domains and human-readable identifiers.

If you want a simple (but bare-bones) self-hosted version of this service, check out the open source version I made a couple years back:


Here’s a hubot plugin for slack:


We use this extensively at MIT for HackMIT and the MIT Pokerbots competition, and best of all, it’s free.

The deploy to Heroku button should “just work”.

Awesome work! We love to see go link enthusiasts! There are a ton of good open source golinks systems out there, we just want to give users a full suite of golinks with zero setup :)

Was thinking to try this out as a self hosted solution but requires a domain.

Demo looked ok.


I think Facebook's "bunny" system is also open source, but I have no idea how easy it is to set up.

We've actually curated a large list of the open source solutions on our blog. Find "The History of Go Links" article to see the full list!

I think you have something useful here. This is something I've seen a number of large companies build/deploy internally because they've been burned hard on content migrations. In the enterprise noone is going to set up a .htaccess redirect unless it's for the CEO's document repository. Whether it can sustain a company larger than 1-2 people is a larger question.

* Have pages listing available links go/hr could take you to the HR homepage, but go/hr/_list would link everything that exists under go/hr like go/hr/holidays or go/hr/stockawards.

* Give users a personal links page with personal and private links. Allow the company to display custom news/content on this in a tasteful way. Internal comms want to get their content to users.

* Let users bookmark links from the _list pages I mentioned.

* If a user links another link shortener, or a page that has a redirect, either - remove those intermediate redirects, or flag it to the admin.

* Add some sort of safe site checking to "protect IT from the risks of public link shortening services." Not sure if you can reuse an online database for this.

* Provide RSS feeds of top links etc to import into the company's portal.

* Resolve page titles correctly. If someone pastes the link into a tool that looks up the go link for a preview, ensure you return useful metadata. This is a common problem now because companies have some stuff on-prem (their documents and tools) but are using a cloud chat tool. If you can work out a way to know that particular tools are scraping your link then you might be able to give a better experience.

You pretty much just listed out our current backlog. Great minds think a like! For the first item though, we plan to implement “tags”. The sub directory format actually causes links to be siloed under a specific subname, so if 2 links should exist across 2 sub directories, it would need to be duplicated. With tags, you can tag the link and aggregate the links with the tag.

For the 4th point about someone using another link redirect, that's an interesting use case. Should we change the link to the underlying link, removing the intermediate links, or treat it as its own links? I can see a user doing this to try and create their own analytics, or maybe they found it easier to copy an already shortened link. That's a great suggestion, and we'll look into that use case.

I'm not sure on the best solution. From the security perspective many enterprise customers like want the intermediaries removed so that they can see the real final destination. If the destination changes at some point you should update to the new destination, but it might be interesting to record the change when your system checks link validity.

Congrats. I used this funtionality in a couple of companies I worked and its neat. Never thought someone could make a business out of it. Especially, since ever tech company's favourite question is "Design a URL shortener"!!

Thanks! The functionality is definitely powerful at large scales. We want to provide a solution that companies can get started with right away, with zero setup.

It asks me to install a browser extension, which asks for this permission: "It can: Read and change all your data on the websites you visit". Is it normal?

The browser extension is how you we're able to get "go/" links working in your browser without having any kind of network infrastructure. We have other integration options without the extension but its the recommended approach. https://www.golinks.io/support.php#technical

I’ve found manually prefixing links with http:// (http://go/test) is a better alternative to auto-linkification via chrome extension (works in slack app, mobile apps, etc.)

I think the question is why the extension needs that particular permission.

Specifically, it's to resolve any go links that exist in your browser, but we plan to explore the partial permissions options to have the user choose if they want this feature enabled or not. This way you could install the extension and have the golink redirection option without the "reading all data" permission.

and if you think it's bad now, just wait until the company goes under and sells the extension to someone else. next week on: "When good extensions go bad"

The extension will read the text on screen to determine if there are any golinks so that it can change it to a click-through link. We know this may sound scary but rest assure that we do not have any ability to see or save any content. Your privacy is our top concern.

Because extensions automatically update, I believe you do have the ability to do that. It would mean changing the extension and releasing an update. I don't think that you would do that, but it's technically possible.

Correct me if I am wrong but if I visit my tax account page or something where the ssn is displayed - you can see it too?

If you load a page with your SSN, the full page will probably be parsed by the extension in search of a "GoLink". Honestly, that's pretty unavoidable. The parser most likely needs to read every byte on the page to see if its part of a GoLink, and that includes the segment of bytes that includes your SSN.

Any ad-blocker or otherwise page-modifying Chrome Extension requires the same permissions and likely does the same thing.

Provided the GoLinks extension isn't phoning home with the full contents of the pages its parsing, and immediately discards non-GoLink related data, this shouldn't be a problem.

It would be nice if the GoLinks team could clarify exactly what data is sent back to their servers by the Chrome Extension.

Chrome Extensions can also be inspected and their network traffic can be sniffed quite easily, so independent auditing is possible as well.

If someone broke into their account somehow and published a version to the Chrome Web Store, they could do that.

I suggest adding an alert anytime a new version of the extension is published, or if you already get an email from Chrome Web Store each time a new extension is published or the email addresses of the Chrome Web Store account are changed (npm does this I believe), to make sure it gets sent to an inbox that's actively monitored.

Thanks for pitching it! We do not send any content from the destination pages back to our servers.

Based on what we're hearing from the comments, we're planning to roll out a more detailed privacy page to build more confidence with our users.

Absolutely nothing on that page is sent to us. The only thing sent to our servers from the extension is when you create a golink using the extension. Your content is completely private to you.

wow - nice catch - uninstalled! i really like the idea of the product and i used it for a few minutes, it works great but I do not feel comfortable with those permissions.

Stay tuned, we're working on creating a more granular permissions policy as this is a concern for many users. We can promise you that we don't store or read any information on the sites you visit, but of course it would make users feel more comfortable if they could read it themselves in the permissions when installing.

I'd throw this in the bucket of things browsers could do better. There is no extension API that just lets an extension declaratively rewrite links. The plugin has to ask for a mile to use an inch, because that's what's available.

It's not normal and shouldn't be allowed to become some dystopian new normal.

This is definitely a real concern, and we're actually exploring the Chrome permissions to see if it's possible to redirect your traffic, without requiring the "Read all data" permission, because you're right, that shouldn't be the norm.

The permission would need to ask for "your data on go" rather than "your data on golinks.io". I'm not certain that the "your data on golinks.io" would cover it but I think it would.

IMO this permission is something that Chrome should explore, along with other fine-grained permissions. It might be worth making a bug report to Chromium so you can link it when people ask why you ask for such broad permissions. I think the bug report should probably mention that Google uses go links :)

I don't think this is correct. The extension identifies GoLinks embedded in other websites (like internal knowledge bases or emails, I presume) and converts them to a link to the destination.

Ah, so plain text go/test would be linked? That would need full permissions I guess. What wouldn't is for the markdown [jobs](//go/jobs) - that would only need the ability to intercept links on the `go` host - but that wouldn't be nearly as convenient (I didn't realize it would need double slashes before it until now, that makes it a lot less appealing.)

It would still be possible to create a permission that makes it so the code that edits a page can't make any network requests (the output would need to be HTML sanitized, including links), and I'd like to see that, but it would be more difficult to design, implement, and communicate to users.

You can also do this in a Chrome extension by overriding the user's proxy settings, which is worse.

If it's found to be grabbing more data than it should, people can report them and the extension can be banned from the Chrome Web Store.

It's not ideal but in order to make utilities that work on every page, these permissions are needed.

The code inside the extension bundle (.crx) would need to contain the potential for abuse, and if it gets popular enough, security researchers will look at it. Even if it's not popular, incentives will be at work, because it would be a foolish risk for a company to ship code that could expose a user's entire browser history into the extension, because at any point someone could take a look at the bundle and find the flaw.

It's all about building trust with the company. We don't store or read any information on the sites you visit, we just redirect URLs that contain "go" as the domain, and provide a link for any "go/" links in your browser. We would never risk compromising that trust.

If you take a look at a company like Grammarly, they've built trust with their users, which is why they can have the "Read and modify all data on all sites" and still have 10 million customers. We plan to build the same trust with our customers.

It would be great if you could create a separate links page for individual teams within an organization. The most important and most complicated links at my work tend to be specific to my team, and are not relevant to the rest of the company.

Unless I'm using the product wrong...

Thanks for that feedback! We've actually been hearing that from multiple users and have added the feature to our backlog.

That's great. Thanks for letting me know

I don't think it's needed. We make domain names for important links with a simple DNS entry. Things like https://jenkins.balabit/ for all the Jenkins instances or https://doc.balabit/ for all the documentation we have. These are both Confluence pages. Not really a big deal to make another one, as we are using multiple DNS servers anyway.

That's great! More companies need a solution like the one you've created, unfortunately, not everyone knows how to build one. There needs to be an easy way to access important links. Some companies will even save a Google Doc with a list of all the important links, which isn't scalable long term. We're hoping we can make that process even easier so that even non-technical employees can create links.

Personally, at my company we just use a private link redirecter at go.company-name.example. We use a modified version of the open source Zerodrop webapp[1].

This solution doesn't require a browser extension with elevated permissions that increases your attack surface.

1. https://go.eligrey.com/zerodrop

Always happy to see go links being used at other companies! You can actually take this a step further at Eligrey. By setting up a DNS Entry that redirects go.eligrey.com to the domain go you would then allow your links to become conversational and even quicker to access. For example you could say "Checkout go slash zerodrop" without physically sending an email or message.

I think this is super useful and you're totally right about how go spreads. At Netflix we ended up rewriting go at least three times. Every time someone new took it over, they rewrote it. Having a go service with no work is super useful.

I set it up but didn't look carefully -- is there an export function? And an API? I think I could get around most of my concerns if I could just get a CSV each day of all the current links, just in case something happens to you guys.

Another source of comfort would be if you could give me a lambda function that I could deploy into my own AWS that would just resolve go links. So all the management would happen on your platform, but the actual resolution would be on my side so I would be in control of its reliability. I know that at Netflix we built go to be highly reliable because in an outage, go was actually essential infrastructure to get us to the tools and dashboards we need most.

Thanks for making this!

We do plan on creating an API that will allow users to create links, and view links through integrations, but it isn’t built currently. That’s an interesting solution for resolution, but I can definitely see the utility in having the resolution be in a lamda function, to ensure reliability. We don’t have a daily export function, but can provide links to companies in the rare event that something happens to us.

Curious about the pricing. It says $2.75 / month / user but it also says unlimited users. Does that mean you can pay $2.75 / month / user for as many users as you want? Seems confusing and I'd assume it's unlimited users if I'm paying per seat.

Can everyone in the company use the go links but only paid users can create them?

Good catch, we've been doing some price experimentation with user count and price, and I think that line needs to be updated.

Few questions:

1. [solved] How does it work? I couldn't get it from the website: 'go/' is not a real DNS-resolved domain but some host alias?!

2. [solved] If 1 is true, how do you want to target smaller to medium sized companies which just have G-Suite, Slack but no real intranet/private net where you could create this host alias easily for the entire staff? Guess I got it wrong, so I am happy about a technical explanation/architecture.

3. How is the business model's defensibility? What's hindering me to set up the same with some open source repo, write a Chrome extension, add a nice landing page and hire a sales force for SaaS enterprise sales?

EDIT: ok now I fully read your post and got my answer for 1 and 2 but how should this work on mobile where you don't have extensions?

We have a mobile application on the product roadmap, so stay tuned!

For our business model, we’re focusing on making GoLinks integrate with all the great applications that you use everyday. We’re currently available in the Slack marketplace, and Okta, but soon to be in Attlasian’s marketplace, with more integrations in the way. The more integrations we can incorporate, the stronger the business.

Setting up the account to try this for our small team, we're running everything on different spreadsheets, pulling different sheets has been "hey X, can you get me the sheet url for Y again". Thanks for the startup friendly pricing model, keep up the great work!

Awesome! Definitely a problem a lot of companies have. Great to know we can help out.

Whenever I see mentions of go links, I think "How are you handling TLS?" which there's not a great answer for* so I think it's neat that the extension model solves this problem.

* I don't trust most enterprise IT teams to be able to set-up and administer a secure CA with the appropriate critical nameConstraint that limits the CA to signing certificates for `go`.


OP: You should probably mention the TLS problem on https://www.golinks.io/support.php#technical since right now I assume the CNAME approach will only work with HTTP.

That's a great suggestion, our support page could include more technical details. It's long over due for some updates.

I use golinks for personal use and it is incredibly valuable. Thanks for the service!

Great to hear! Few of our users have suggested this and is something that solves a valid use case :)

Looks like a useful product. We'll give it a try at our company.

Thanks! Let us know if you have any feedback

We are distinctly not allowed to use URL shorteners at my enterprise company and our fraud prevention department regularly educates us about the dangers of clicking URL-shortened links (you have no idea if it will send you to a phishing site or not).

URL shortening was created so people could send tweets without using up their character counts on a URL. I'm pretty sure most software companies aren't communicating via Twitter, so I'm not sure the practical application of this anyways.

Good luck.

It's less of a link shortener and more of a link manager for companies. The concern that companies have with URL shorteners is they can't manage who is creating these links, and who owns these links. With GoLinks, the company will own the links, they can manage, edit, update, delete any links within the organization, so they will be centralized. The added benefit is that with a memorable link, you can access go/benefits much easier than bit.ly/fE7r232r. URL shorteners aim to shorten links, Golinks aims to make links memorable.

The issue is that you obfuscate the destination of the link. This is a big no-no in enterprise fraud prevention. We train people to only click trusted links. How do I know whether a golink is trusted or not? And what if my golinks account is compromised and all my links get redirected to phising sites? All of this huge risk so... people can remember the link?

These are all great questions. Security is definitely our number one priority, especially since most of our customers are large enterprises. In order to create a link, you must first authenticate with your company's Single Sign-on solution to access the dashboard. If a user cannot properly be authenticated through Okta, GSuite, or another SSO, then that user cannot use the shortened link and cannot access the knowledge base of links. Second, all of the destinations can be audited in the dashboard, and we're currently testing solutions for checking the safety of a link that users can redirect to. This is unique to a golink system since the company can set these policies up for its users. For example, as an admin, you can disallow "http" links and force all links to use "https" to increase the security of the links. Now the company has control over which links are allowed to be used. The memorable link portion is also an added benefit of implementing a golink system.

We've been using golinks.io for a few months now at my current employer, and it's been very well received by folks, with both technical and non-technical users adopting it quickly.

Variable links are very useful - links like "go/monitoring/alpha", "go/monitoring/beta" (with a template "go/monitoring/$1 -> $1.example.com"), make it super easy to keep things up to date.

Glad to hear that it's been a hit within your organization! We love to hear about happy customers. :)

I linked your site on our slack to ask about opinions, and was surprised (not pleasantly or unpleasantly, just neutrally so :) to see that Slack can identify the app even though I haven't installed anything yet: https://i.imgur.com/H6v3LYX.png

Slack has a really great feature where it associates websites with applications if they have them. Thanks for sharing this! Its working as intended :)

So I built this as a prototype for the college I worked on. Broken links are a big problem with learning materials which are hard to change after publishing.

The idea was that someone is responsible for each link and any 404s would get corrected. Then if the person left active directory would assign the manager.

Hope that’s useful. It was also called go.

Yep! This is a problem we've addressed by making everyone in the organization an owner. If a link breaks, anyone in the organization can change it, even if the original creator leaves the company. Checkout out our blog to learn more about the history of go links, you may see why the "go" term is so popular.

I'd probably use it or give it a try.

The pricing jump from the free to paid tier after you hit 11 users is a bit steep. Like from free to 363 USD at once.

Also, I'd'offer a feature to opt-out of your analytics collection as I don't see a reason why your company should know on how exactly our team members work all day long.

Pricing is always a tough thing to get right. If you look at Shopify's pricing page on the internet archive, you can see it changes almost every week since 2012, so it's something that all companies struggle with getting right. We're always open to feedback from customers.

For the analytics, this is a trend I've personally seen in SaaS products lately, where companies can get in-depth analytics on how their team members are working. If you look at Github, Jira, or Google Docs, you can see personal stats for user events. Even Slack is starting to send out the number of private vs public messages sent throughout the week. It's something that definitely needs to be discussed because I can see it being used for good or being used for bad (as in micromanagement). Google Docs is the only one I know of that gives the option to opt out of usage analytics, so that's a great suggestion for a feature.

One suggestion -- make the $2.75/user/mo not apply to the first 10 users. So when I hit user 11, you bill me $2.75/mo. User 12 makes it $5.50/mo and so on. That way you don't have the big jump, and you're not losing a lot money because if they had 10 users it would be free anyway.

That's actually a really good suggestion, thanks!

Thanks for the advice! The analytics are for team use and are used for auto sorting and surfacing up links that your company is using today.

Don't domains managed by Microsoft Active Directory do the same thing? E.g. If git is hosted on git.contoso.com and my workstation is part of contoso.com, I can just go to https://git

Yep, that's correct! That works assuming you have access to setup subdomains for contoso.com. We make it easy for any employee, technical and non-technical, to update and create links.

When it is designed to be conversational, wouldn't the company run out of easy to remember keywords at some point? Or should they keep reusing the keywords whenever they update the resource?

It depends on each company, for example let’s say you have a link to a holiday party, you can create go/holidayparty and update that every year to the new page, or use go/holidayparty2019, go/holidayparty2020, ideally, you could update the links so that they are more relevant to the current time that they are being used.

Anecdote, you've done some Facebook ad targeting to Google employees. Clever. One of the ads in the Seattle area has a meet and greet of Google employees in the comment section haha.

We're still experimenting with our ad strategy, but one of our target markets are previous employees of companies who have used to have a go link system. It just happen to spread to current employees that use a go link system, probably through word of mouth.

Isn't this identical to Bit.ly's business model?

Great question, and it’s a common question we get a lot. Bit.ly allows you to shorten links in marketing campaigns, and is meant for public use. GoLinks is used to make links memorable and conversational and is private, so it can only be used within your company.

I love the usability of go links when I’m at work, but it sucks that they don’t work on mobile.

You are able to use go.golinks.io/KEYWORD with ours or if you are setup on the enterprise tier with us, we can setup full TLS go.youcompany.com/KEYWORD

Hi Jorge, nice to see this at HN front page. Wish you guys all the best.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact