I've made a small proof of concept with Google Analytics. I was checking that running the frontend code coming from my localhost I could already receive the events on my Google Analytics (GA) account. So GA is just not running any kind of validation on where the events are coming from (domain check or something). Then, since the tracking ID remains public, it's possible to just send any kind of event using someone else's tracking ID, therefore messing with their insights in their GA dashboard. I have published the code on github.com/goferito/gapoc in case someone wants to take a look, even though it's pretty simple.So the question is, how can I know someone is not sending events (pageview events or whatever) using my tracking ID? Is there any way in GA to filter those, before or after GA stores them?