Comment by mlinsey
8 months ago
Google Tag Manager is a single place for you to drop in and manage all the tracking snippets you might want to add to your site. When I've worked on B2C sites that run a lot of paid advertising campaigns, the marketing team would frequently ask me to add this tracking pixel or another, usually when we were testing a new ad channel. Want to start running ads on Snapchat? Gotta ad the Snapchat tracker to your site to know when users convert. Now doing TikTok? That's another snippet. Sometimes there would be additional business logic for which pages to fire or not fire, and this would change more often. Sometimes it was so they could use a different analytics tool.
While these were almost always very easy tickets to do, they were just one more interruption for us and a blocker for the stakeholders, who liked to have an extremely rapid iteration cycle themselves.
GTM was a way to make this self-service, instead of the eng team having to keep this updated, and also it was clear to everyone what all the different trackers were.
The self-service thing is such a nightmare. There are two things that you almost certainly cannot trust your marketing team with:
1. Understanding the security implications of code they add via tag manager. How good are they at auditing the third parties that they introduce to make sure they have rock-solid security? Even worse, do they understand that they need to be very careful not to add JavaScript code that someone emailed to them with a message that says "Important! The CEO says add this code right now!".
2. Understand the performance overhead of new code. Did they just drop in a tag that loads a full 1MB of JavaScript code before the page becomes responsive? Can they figure that out themselves? Are they positioned to make good decisions on trade-offs with respect to analytics compared to site performance?
I agree with this and can add two more problems that are super common.
Firstly, people will add all sorts of things on a whim without telling anybody. So your privacy policy won’t capture any of this.
Secondly, nobody ever cleans up after themselves. So a year down the line, you’ll have a dozen different services, all doing the same thing, all added by different people, and half of them aren’t even being used by anybody because the people that added them forgot about them or left the company.
I don’t think I’ve ever seen GTM used responsibly.
Yep it's vibe coding before vibe coding existed. Paste in the script. No code review. No staging. No roll-out. Just straight in prod. And it can break stuff.
You effectively delegate code-review on a XSS path to your marketing team. I refused to do that anywhere users could be logged in.
If there is one thing you can trust marketing departments with, it's their ability to ruin any website they have the chance of ruining.
Agreed that it's a nightmare, but what usually happens then is that an MBA-type VP will come in and demand the marketing team be allowed to insert whatever they want. Not many dev teams have the political clout to push back.