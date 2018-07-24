Screenshot by Stephen Shankland/CNET

Three and a half years ago, Google predicted that the day would come when Chrome would warn us all of the security risks of using the web's seminal HTTP technology to deliver web pages to your browser.

That day is today.

Google's newest web browser version, Chrome 68, gives new prominence to a broad effort to curtail surveillance, tampering and security risks on the web by showing a "not secure" warning for any HTTP website. Instead, Google wants website operators to use HTTPS, which adds encryption to the connection between your browser and the computer hosting a website.

HTTPS blocks a number of problems, like injecting ads, getting your browser to run software to mine someone else's cryptocurrency or sending you to fake websites used to steal your passwords. For details, check CNET's FAQ on Chrome's "not secure" warning for HTTP websites.

Google announced the long-planned security warning in a blog post Tuesday. "This makes it easier to know whether your personal information is safe as it travels across the web, whether you're checking your bank account or buying concert tickets," said Emily Schechter, Chrome security product manager.

The "not secure" warning doesn't indicate that you've been hacked -- just that you're not as protected if someone tries to do so.

HTTPS now is commonplace

HTTPS once was rare, protecting logins and e-commerce transactions. But now it's common -- it protects 85 percent of Chrome traffic from personal computers and 76 percent on Android, Schechter said. Most of the big sites you might use daily -- Facebook, Yahoo, Google, Twitter, YouTube, Reddit -- have long offered HTTPS.

But it's not universal. Only five-sixths of the top 100 websites employ it by default, and it's not hard to find sites like ESPN that send you to an unencrypted HTTP connection even if you specifically type "https://www.espn.com" into your browser's address bar.

Chrome is the top browser, accounting for 59 percent of website usage, according to analytics firm StatCounter. So its choices carry a lot of weight.

Protecting website communications with HTTPS used to be more difficult, in part because it cost money. But an effort sponsored by Google, Mozilla, Facebook and others called Let's Encrypt has made it free to obtain the necessary certificate. It still takes work to update a website to HTTPS, though.

Next phases in Chrome's HTTPS plans

Google's stance against HTTP and in favor of HTTPS change has been gradual. It began by with warnings when HTTP was used on web pages where you could share sensitive information like passwords and credit card numbers. Today's warning, shown in black wording on the left side of Chrome's address bar, is for any HTTP website.

The change Tuesday that arrives with Chrome 68 isn't the last, though. Chrome 69 in September will change from today's green-word "secure" label for HTTPS websites to less obvious black. Chrome 70 in October will change the "not secure" warning to more noticeable red words. And a later version will remove the "secure" label for HTTPS websites, reflecting Google's belief that HTTPS encryption should be the norm, not something you should have to check for.

"Our eventual goal is that the default unmarked state is secure," Schechter said.