A sort-of warning about Google Analytics

Firefox has started warning me from time to time about a “mismatched” security certificate on this site from Google analytics. When I go to a forum listing, a JS alert pops up saying that I’m accessing a site named “www.google-analytics.com” but the certificate belongs to “www.google.com.”

The cert is legit and of course everyone knows Google is legit. It’s actually a problem Google needs to work out or Firefox needs to learn to ignore - nothing the SDMB can do about it.

Just thought I’d put a heads-up here in ATMB for anyone worried about this alert. It’s somewhat annoying, although it doesn’t happen every time I visit a forum listing, but it’s completely benign.

Thanks! I thought as much, but was going to post here to ask if others were seeing this pop-up too and whether my understanding of it was correct.


I use Firefox and I’ve never seen the popup for this site (although I do get it from time to time with others).

I’ve seen it 3 times in the past 3 days, but never before.


I have not tracked down the whole series, but it would appear to me that “google-analytics” is a spoof site. The Google Analytics software is under the google. com domain with a direct to the analytics page: http://www.google.com/analytics/
I know of no Google™ application that is launched from any base site other than google.com. (I am open to correction on that point.)

I would guess that it might be time to run and AdAware sweep and a SpyBot analysis. (Might be nothing there, but it can’t hurt to be safe.)

www.google-analytics.com will redirect to www.google.com/analytics/

"Google Analytics (GA) is a free service offered by Google that generates detailed statistics about the visitors to a website. Its main highlight is that a webmaster can optimize his/her AdWords advertisement and marketing campaigns through the use of GA’s analysis of where the visitors came from, how long they stayed on the website and their geographical position.

More importantly, a webmaster can define and track conversions, or goals. Goals might include sales, lead generation, viewing a specific page, or downloading a particular file. By using this tool, marketers can determine which ads are performing, and which are not, as well as find unexpected sources of quality visitors.


Then again, maybe it’s an elaborate ruse to take over the planet. Anything’s possible.


If you Google “google-analytics.com” “certificate” you’ll see that there’s a lot of reports about this problem.

Google is using their certificate that is registered for google.com for their google-analytics.com site. When they give people (like the SDMB) code to place on their site for use with Google Analytics, the URL that the script points to is google-analytics.com.

Look at the source of any SDMB page:

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

Security settings in some browsers will alert you to this fact, because what does your browser know?

So, tomndebb, it is not spyware. It’s a legitimate problem. I was just trying to make users aware that it’s not as scary as it sounds.

I get the same message when I access Gmail securely (via https, rather than http).
I found a Firefox extension to hide the warning message, but I’m rather surprised Google hasn’t got it’s act together on this.