Google Tag Manager and Munchkin Code question | Community
Skip to main content
Mikes_Jones
Mikes_Jones
Level 7
February 26, 2015
Solved

Google Tag Manager and Munchkin Code question

  • February 26, 2015
  • 27 replies
  • 7443 views

So we've been having issues lately with other domains stealing our Munchkin Code. It seems as though a couple of domains had stolen our skin.js from our source code and deployed it on their website, inadvertantly taking our Munchkin Code as a result. Because of this, our analytics and reporting was all out of loop, filled with websites and data that we didnt' really care for.

So this leads me to Googel Tag Manager. The way GTM works, you use a "firing" rule to tell the tag exactly which pages to deploy the tag, in this case we could control specifically where the GTM tag is being called without having to worry about another domain stealing our code (in the future, it won't effect those who already have our code).

So I guess that leads me to my question - is this a recommended solution to prevent future domains/webmasters from snatching our Munchkin Code? We've talked to a few Marketo support specialists concerning this stolen munchkin issue but no one has been able to give us a conclusive answer. We've been suffering from broken analytics and reporting since last November and would really like to get back on track moving forward.

Thanks.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Mikes_Jones
Sanford also - if you could take that photo down when you get a chance, would be appreciated. Thanks

EDIT: Ah, I found it - well then, guess it doesn't matter if you take that picture down or not.

Thanks for all your input, definitely nice to learn something new.

Accidentally clicked "best answer", I didn't know it would mark the case as solved. For the record, case is not solved.

27 replies

Show previous replies
SanfordWhiteman
SanfordWhiteman
Level 10
February 27, 2015
So even if someone steals your GTM code, with the Marketo Munchkin code buried in it

That''s not what happens.  They scrape your website's HTML.   That has your Munchkin code not "buried" in it but right there in the markup, injected by GTM before your enemies scrape the site.

GTM firing rules determine what tags will appear in the final markup of your page.  The act of stealing your page occurs after GTM fires.
Mikes_Jones
Mikes_JonesAuthor
Level 7
February 27, 2015
It's upsetting that this isn't at the very least an option for those of us who do care about the security and accuracy of our data.

It's like selling someone a new car with a univesal lock to it. Yea, it's cool when you lose your keys, you can just pop in some random keys and go to work - but at the same time, any random person can pop their keys in and ride away with your car as well.

Again, would be nice to hear from someone at Marketo, surprised more people haven't brought this up before.
Mikes_Jones
Mikes_JonesAuthor
Level 7
February 27, 2015
Sandford, I'm not sure if you've ever used GTM before, but the code is infact buried within a universal GTM tag. So in the source of your website, you'll just see a tag that looks something like this:

<!-- Google Tag Manager -->
<noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-EXAMPLE"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-EXAMPLE');</script>
<!-- End Google Tag Manager -->

Within the above code will contain your Munchkin Code, but it's not actually visible on the site's HTML markup, therefore it keeps your code secure and out of harms way.
 
A
Anonymous
February 27, 2015
Rigourous = detailed I guess :) 

I feel like we told them the domains we had in the beginning. I thought it was just for this purpose. I could be wrong, this is my tenth instance or so I've touched. 

I feel like I lied to so many people about saying Munchkin is secure.. They should know as they should be logging this in their backend no? I mean its like Malik is saying, lets just leave the front door open and see who walks in there. 
SanfordWhiteman
SanfordWhiteman
Level 10
February 27, 2015
The whole concept of someone being able to swipe your Munchkin code, which is one of the most valuable aspects of Marketo, on ACCIDENT at that, is ridiculous. It completely degrades the quality of your analytics, which in my instance, is a pivotal part of my daily operation.

It's a pivotal part of everybody's operation!  I understand that you're upset, but I don't think this completely degrades the quality of your analytics, provided you apply appropriate filters when reporting.  Then again, I'm not saying Marketo shouldn't add the ability to pre-filter, I'm just saying they shouldn't go back in time and force everyone to enter a filter.  Google Analytics, for example, allows you to apply a filter, but by default there is no filter -- thus just as vulnerable as Marketo.
SanfordWhiteman
SanfordWhiteman
Level 10
February 27, 2015
Within the above code will contain your Munchkin Code, but it's not actually visible on the site's HTML markup, therefore it keeps your code secure and out of harms way.

This is not true, but I'm not going to belabor the point with you if you won't test.
SanfordWhiteman
SanfordWhiteman
Level 10
February 27, 2015
I feel like we told them the domains we had in the beginning. I thought it was just for this purpose. I could be wrong, this is my tenth instance or so I've touched.
 
You probably are thinking of branding domains, landing page domains, or setting up SPF/DKIM for sending domains.  Those are all different issues.
 
I feel like I lied to so many people about saying Munchkin is secure.. They should know as they should be logging this in their backend no? I mean its like Malik is saying, lets just leave the front door open and see who walks in there. 


I don't understand the concept of a public analytics tracking code being "secure."  I'm an IT guy and that's not an expression I would use.  As noted above, GA is just as, shall we say, insecure by default... what you should be requesting is the option to filter, not that everything be prefiltered.  It should be obvious by now that a marketing company managing potentially thousands of client domains has not entered those domains into the Marketo interface, since there is no place to put them.

Mikes_Jones
Mikes_JonesAuthor
Level 7
February 27, 2015
Sanford, can you please elloborate on the GTM code and whether it's in teh markup or not?

Here is our website: www.r2integrated.com

When you view the page source, you will see a GTM tag. Within that tag is a Google Analytics tag, but you won't see that in the markup of the page source ... unless it's there, and I just don't see it. Let me know if you can find it :)
SanfordWhiteman
SanfordWhiteman
Level 10
February 27, 2015
Add Munchkin via GTM.  That is what you should be testing.  (GTM has a special plugin for GA, which means that is not an appropriate testbed.)

Technical rule: any elements injected into your markup can be scraped.  It's just a fact of browser life.
Mikes_Jones
Mikes_JonesAuthor
Level 7
February 27, 2015
Sanford

The following template has Munchkin DISABLED, the Munchkin Code is being pulled in soley through Google Tag Manager.

pages.r2integrated.com/TEST_TEST_munchkin.html

Now, I checked the page source and could not locate any instances to the munchkin code, only the Google Tag code. Thoughts?
Show more replies
Terms & ConditionsAccessibility statement

Loading footer...