alt Hacker News> 422 network requests and 49 megabytes of data
Just FYI how this generally works: it's not developers who add it, but non-technical people.
Developers only add a single `<script>` in the page, which loads Google Tag Manager, or similar monstrosity, at the request of someone high up in the company. Initially it loads ~nothing, so it's fine.
Over time, non-technical people slap as many advertising "partner" scripts they can in the config of GTM, straight to prod without telling developers, and without thinking twice about impact on loading times etc. All they track is $ earned on ads.
(It's sneaky because those scripts load async in background so it doesn't immediately feel like the website gets slower / more bloated. And of course, on a high end laptop the website feels "fine" compared to a cheap Android. Also, there's nothing developers can do about those requests, they're under full the control of all those 3rd-parties.)
Fun fact: "performance" in the parlance of adtech people means "ad campaign performance", not "website loading speed". ("What do you mean, performance decreased when we added more tracking?")
Replies
The good thing about the heavy use of GTM, is that its easy to block. Just block that one endpoint and you remove most of the advertising and tracking. When some new advertising service is invented, its already blocked thanks to the blocking of GTM.
Developers do that as well. Especially now with llm-assisted coding. Accept half-baked solution and go to the next ticket.
I've had recently a case at work, while filling a contact form to add a new party there were 300+ calls to the validation service to validate email and phones. Three calls per every character entered to every text input!
Yeah, never allow non-technical people to put something like google tags manager on the business' website, that can load arbitrary other stuff. The moment this is pushed through, against engineering's advice, distancing yourself from the cesspool, that the website will inevitably become sooner or later, is the healthy choice. It is difficult to uphold the dam, against wishes of other departments, like marketing and sales, and it takes an informed and ethically aware engineering department lead, who upholds principles and remains steadfast. Rare.
GDPR-compliance is the first thing that goes out of the window, and with that conforming to the law, when in the EU. Ethics fly out of the window at the same time, or just slightly afterwards, when they add tracking, that no one agreed to, or when they forget to ask for consent, or when they have a "consent" popup, that employs dark pattern, or when they outsource consent to a third party tool, that informed visitors don't want anything to do with.
I tried to fight against the introduction of GTM in a project I worked on; we spent a lot of effort on coding, reviewing, testing, optimizing and minimizing client-side code before our end-users would see it, and the analytics people want a shortcut to inject any JS anywhere?
I didn't win that one, but I did make sure that it would only load after the user agreed to tracking cookies and the like.