Comment by simonw
7 months ago
The self-service thing is such a nightmare. There are two things that you almost certainly cannot trust your marketing team with:
1. Understanding the security implications of code they add via tag manager. How good are they at auditing the third parties that they introduce to make sure they have rock-solid security? Even worse, do they understand that they need to be very careful not to add JavaScript code that someone emailed to them with a message that says "Important! The CEO says add this code right now!".
2. Understand the performance overhead of new code. Did they just drop in a tag that loads a full 1MB of JavaScript code before the page becomes responsive? Can they figure that out themselves? Are they positioned to make good decisions on trade-offs with respect to analytics compared to site performance?
I agree with this and can add two more problems that are super common.
Firstly, people will add all sorts of things on a whim without telling anybody. So your privacy policy won’t capture any of this.
Secondly, nobody ever cleans up after themselves. So a year down the line, you’ll have a dozen different services, all doing the same thing, all added by different people, and half of them aren’t even being used by anybody because the people that added them forgot about them or left the company.
I don’t think I’ve ever seen GTM used responsibly.
Yep it's vibe coding before vibe coding existed. Paste in the script. No code review. No staging. No roll-out. Just straight in prod. And it can break stuff.
You effectively delegate code-review on a XSS path to your marketing team. I refused to do that anywhere users could be logged in.
If there is one thing you can trust marketing departments with, it's their ability to ruin any website they have the chance of ruining.
Agreed that it's a nightmare, but what usually happens then is that an MBA-type VP will come in and demand the marketing team be allowed to insert whatever they want. Not many dev teams have the political clout to push back.