Discord, telegram, WhatsApp, twitter, mastodon, Facebook and co all show a link preview which is pulled from special meta tags (“open graph meta tags” is their name, here is a list of them: Complete List of HTML Meta Tags · GitHub):
The potential privacy problem is when doing pulling the data on the receiving site, a web request is made from the device.
So the obvious solution is to send the meta-data with the message that contains the link or use a proxy server to hide the ip of the request (telegram does the proxy AFAIK).
Pulling when sending also can be a problem, for example when the link was shared from browsing with tor and deltachat is running outside of tor.
So I propose that we could detect links and show them in the draft/composer and when the user clicks on them the info is loaded and attached to the outgoing message:
Letting the user decide to do that web request moves the problem out of our responsibility zone.