Google Tag Manager and Munchkin Code question | Community
Skip to main content
Mikes_Jones
Mikes_Jones
New Participant
February 26, 2015
Solved

Google Tag Manager and Munchkin Code question

  • February 26, 2015
  • 27 replies
  • 7427 views

So we've been having issues lately with other domains stealing our Munchkin Code. It seems as though a couple of domains had stolen our skin.js from our source code and deployed it on their website, inadvertantly taking our Munchkin Code as a result. Because of this, our analytics and reporting was all out of loop, filled with websites and data that we didnt' really care for.

So this leads me to Googel Tag Manager. The way GTM works, you use a "firing" rule to tell the tag exactly which pages to deploy the tag, in this case we could control specifically where the GTM tag is being called without having to worry about another domain stealing our code (in the future, it won't effect those who already have our code).

So I guess that leads me to my question - is this a recommended solution to prevent future domains/webmasters from snatching our Munchkin Code? We've talked to a few Marketo support specialists concerning this stolen munchkin issue but no one has been able to give us a conclusive answer. We've been suffering from broken analytics and reporting since last November and would really like to get back on track moving forward.

Thanks.

Best answer by Mikes_Jones
Sanford also - if you could take that photo down when you get a chance, would be appreciated. Thanks

EDIT: Ah, I found it - well then, guess it doesn't matter if you take that picture down or not.

Thanks for all your input, definitely nice to learn something new.

Accidentally clicked "best answer", I didn't know it would mark the case as solved. For the record, case is not solved.

27 replies

Show previous replies
SanfordWhiteman
SanfordWhiteman
New Participant
February 27, 2015
I feel like we told them the domains we had in the beginning. I thought it was just for this purpose. I could be wrong, this is my tenth instance or so I've touched.
 
You probably are thinking of branding domains, landing page domains, or setting up SPF/DKIM for sending domains.  Those are all different issues.
 
I feel like I lied to so many people about saying Munchkin is secure.. They should know as they should be logging this in their backend no? I mean its like Malik is saying, lets just leave the front door open and see who walks in there. 


I don't understand the concept of a public analytics tracking code being "secure."  I'm an IT guy and that's not an expression I would use.  As noted above, GA is just as, shall we say, insecure by default... what you should be requesting is the option to filter, not that everything be prefiltered.  It should be obvious by now that a marketing company managing potentially thousands of client domains has not entered those domains into the Marketo interface, since there is no place to put them.

SanfordWhiteman
SanfordWhiteman
New Participant
February 27, 2015
Within the above code will contain your Munchkin Code, but it's not actually visible on the site's HTML markup, therefore it keeps your code secure and out of harms way.

This is not true, but I'm not going to belabor the point with you if you won't test.
SanfordWhiteman
SanfordWhiteman
New Participant
February 27, 2015
The whole concept of someone being able to swipe your Munchkin code, which is one of the most valuable aspects of Marketo, on ACCIDENT at that, is ridiculous. It completely degrades the quality of your analytics, which in my instance, is a pivotal part of my daily operation.

It's a pivotal part of everybody's operation!  I understand that you're upset, but I don't think this completely degrades the quality of your analytics, provided you apply appropriate filters when reporting.  Then again, I'm not saying Marketo shouldn't add the ability to pre-filter, I'm just saying they shouldn't go back in time and force everyone to enter a filter.  Google Analytics, for example, allows you to apply a filter, but by default there is no filter -- thus just as vulnerable as Marketo.
A
Anonymous
February 27, 2015
Rigourous = detailed I guess :) 

I feel like we told them the domains we had in the beginning. I thought it was just for this purpose. I could be wrong, this is my tenth instance or so I've touched. 

I feel like I lied to so many people about saying Munchkin is secure.. They should know as they should be logging this in their backend no? I mean its like Malik is saying, lets just leave the front door open and see who walks in there. 
Mikes_Jones
Mikes_JonesAuthor
New Participant
February 27, 2015
Sandford, I'm not sure if you've ever used GTM before, but the code is infact buried within a universal GTM tag. So in the source of your website, you'll just see a tag that looks something like this:

<!-- Google Tag Manager -->
<noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-EXAMPLE"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-EXAMPLE');</script>
<!-- End Google Tag Manager -->

Within the above code will contain your Munchkin Code, but it's not actually visible on the site's HTML markup, therefore it keeps your code secure and out of harms way.
 
Mikes_Jones
Mikes_JonesAuthor
New Participant
February 27, 2015
It's upsetting that this isn't at the very least an option for those of us who do care about the security and accuracy of our data.

It's like selling someone a new car with a univesal lock to it. Yea, it's cool when you lose your keys, you can just pop in some random keys and go to work - but at the same time, any random person can pop their keys in and ride away with your car as well.

Again, would be nice to hear from someone at Marketo, surprised more people haven't brought this up before.
SanfordWhiteman
SanfordWhiteman
New Participant
February 27, 2015
So even if someone steals your GTM code, with the Marketo Munchkin code buried in it

That''s not what happens.  They scrape your website's HTML.   That has your Munchkin code not "buried" in it but right there in the markup, injected by GTM before your enemies scrape the site.

GTM firing rules determine what tags will appear in the final markup of your page.  The act of stealing your page occurs after GTM fires.
SanfordWhiteman
SanfordWhiteman
New Participant
February 27, 2015
P.S. The same approach is used by embedded Forms 2.0.  They can go on any website.  And this "decontrol" is, in the end, a good thing.  Because based on what I know about Marketo users, they are focused on Marketing and Marketing Ops, but not Web Ops.  I know it may seem like a stretch to call this an IT matter, but in my experience Mktg folks expect things like domain aliases to "just work": they buy the domain, IT sets up the host header on the webserver, and away they go. Having to maintain a domain list in Marketo as well could be seen as cumbersome, regardless of the security benefits.  Of course this same laziness applies to IT folks (I know this, being one) but we don't really have an excuse, while a Mktg person can legitimately say, "That's too much and not my job."
Mikes_Jones
Mikes_JonesAuthor
New Participant
February 27, 2015
Sandford ... it doesn't really matter if the people who stole the code didn't know what they were doing, and it REALLY doesn't matter if they ended up hurting themselves. What does matter is that in the process they hurt MY analytics, causing MY reporting to be super inaccurate and having me to dig through hundreds of URLs so I could add them to a filtering list, though everyday a couple of new URLs pop up in there and it just ends up being a long cat and mouse game.

The whole concept of someone being able to swipe your Munchkin code, which is one of the most valuable aspects of Marketo, on ACCIDENT at that, is ridiculous. It completely degrades the quality of your analytics, which in my instance, is a pivotal part of my daily operation.
Mikes_Jones
Mikes_JonesAuthor
New Participant
February 27, 2015
Also Sanford, I just re-read your comment, and to say that GTM is useless is confusing, and to suggest that it can be just as easily stolen doesn't really make sense since the whole point of GTM is the "firing" rule. So even if someone steals your GTM code, with the Marketo Munchkin code buried in it, and deploys it on their website, the actual Munchkin Code would not work becuase the "firing" rule would be set up for only your specific domain. So in this case, I feel as though using GTM could actually prevent this from happening.

Wondering if anyone from Marketo has any input on this

EDIT: This is assuming the code is stolen on accident. Of course, if someone really wants to mess with your website, I'm sure they can find a way, fortunately we aren't too worried about that.
Show more replies
Terms & ConditionsAccessibility statement

Loading footer...