>I always considered proxies, url shorteners, etc to be suspicious in the first place
It doesn't have to be as overt making it look like a proxy (eg. a endpoint that makes arbitrary http requests on behalf of the caller). It can be as simple as changing the endpoint for the spying service from https://evil.example.com/api/ to https://484044b296.execute-api.us-east-1.amazonaws.com/evil/...
> Some more investigation would be required in some cases.
The point is that the "nutrition facts label" doesn't really do anything because it's trivial to bypass. If it becomes widespread I guarantee every malicious addon maker would adopt this tactic.
