#23226: GetTor help message could be more helpful -------------------------------------------------+------------------------- Reporter: catalyst | Owner: cohosh Type: defect | Status: | needs_revision Priority: Medium | Milestone: Component: Applications/GetTor | Version: Severity: Normal | Resolution: Keywords: anti-censorship-roadmap-2020Q1, ux- | Actual Points: team | Parent ID: #9036 | Points: 1 Reviewer: phw | Sponsor: -------------------------------------------------+-------------------------
Comment (by cohosh): Okay here's a merge request that includes also updates to the body message (with the specialized signature verification instructions built-in): https://gitlab.torproject.org/torproject/anti-censorship/gettor- project/gettor/merge_requests/3 The result for osx is: {{{ This is an automated email response from GetTor. You requested Tor Browser for osx. Step 1: Download Tor Browser First, try downloading Tor Browser from either GitLab or GitHub: gitlab: https://gitlab.com/thetorproject/torbrowser-9.0.6-osx/raw/master/TorBrowser-9.0.6 -osx64_en-US.dmg Signature file: https://gitlab.com/thetorproject/torbrowser-9.0.6-osx/raw/master/TorBrowser-9.0.6 -osx64_en-US.dmg.asc github: https://github.com/torproject/torbrowser- releases/releases/download/torbrowser-release/TorBrowser-9.0.6-osx64_en- US.dmg Signature file: https://github.com/torproject/torbrowser- releases/releases/download/torbrowser-release/TorBrowser-9.0.6-osx64_en- US.dmg.asc If you cannot download Tor Browser from GitLab or GitHub, try downloading the file TorBrowser-9.0.6-osx64_en-US.dmg from the following archives: Internet Archive: https://archive.org/details/@gettor Google Drive folder: https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU Step 2: Verify the signature (Optional) Verifying the signature ensures that a certain package was generated by its developers, and has not been tampered with. This email provides links to signature files that have the same name as the Tor Browser file, but end with ".asc" instead. If you are using macOS, you can install GPGTools. In order to verify the signature you will need to type a few commands in the Terminal (under "Applications"). The Tor Browser team signs Tor Browser releases. Import the Tor Browser Developers signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290): gpg --auto-key-locate nodefault,wkd --locate-keys torbrow...@torproject.org This should show you something like: gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrow...@torproject.org>" imported gpg: Total number processed: 1 gpg: imported: 1 pub rsa4096 2014-12-15 [C] [expires: 2020-08-24] EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 uid [ unknown] Tor Browser Developers (signing key) <torbrow...@torproject.org> sub rsa4096 2018-05-26 [S] [expires: 2020-09-12] After importing the key, you can save it to a file (identifying it by fingerprint here): gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290 Next, you will need to download the corresponding ".asc" signature file and verify it with the command: gpgv --keyring ./tor.keyring ~/Downloads/TorBrowser-9.0.6 -osx64_en-US.dmg{.asc,} The result of the command should produce something like this: gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time gpgv: using RSA key EB774491D9FF06E2 gpgv: Good signature from "Tor Browser Developers (signing key) <torbrow...@torproject.org>" Step 3: Get Bridges (Optional) If you believe that Tor is blocked where you are, you can use bridges to connect to Tor. Bridges are hidden Tor relays that can circumvent censorship. Tor Browser includes a list of built-in bridges, which you should try first. You can activate built-in bridges inside of Tor Browser's settings, under the "Tor" menu. If built-in bridges don't work, try requesting different bridges, which you can also do in the "Tor" menu inside Tor Browser's settings. }}} For windows: {{{ This is an automated email response from GetTor. You requested Tor Browser for windows. Step 1: Download Tor Browser First, try downloading Tor Browser from either GitLab or GitHub: gitlab: https://gitlab.com/thetorproject/torbrowser-9.0.6-windows/raw/master /torbrowser-install-9.0.6_en-US.exe Signature file: https://gitlab.com/thetorproject/torbrowser-9.0.6-windows/raw/master /torbrowser-install-9.0.6_en-US.exe.asc github: https://github.com/torproject/torbrowser- releases/releases/download/torbrowser-release/torbrowser-install-9.0.6_en- US.exe Signature file: https://github.com/torproject/torbrowser- releases/releases/download/torbrowser-release/torbrowser-install-9.0.6_en- US.exe.asc If you cannot download Tor Browser from GitLab or GitHub, try downloading the file torbrowser-install-9.0.6_en-US.exe from the following archives: Internet Archive: https://archive.org/details/@gettor Google Drive folder: https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU Step 2: Verify the signature (Optional) Verifying the signature ensures that a certain package was generated by its developers, and has not been tampered with. This email provides links to signature files that have the same name as the Tor Browser file, but end with ".asc" instead. If you run Windows, download Gpg4win and run its installer. In order to verify the signature you will need to type a few commands in windows command- line, cmd.exe. The Tor Browser team signs Tor Browser releases. Import the Tor Browser Developers signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290): gpg --auto-key-locate nodefault,wkd --locate-keys torbrow...@torproject.org This should show you something like: gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrow...@torproject.org>" imported gpg: Total number processed: 1 gpg: imported: 1 pub rsa4096 2014-12-15 [C] [expires: 2020-08-24] EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 uid [ unknown] Tor Browser Developers (signing key) <torbrow...@torproject.org> sub rsa4096 2018-05-26 [S] [expires: 2020-09-12] After importing the key, you can save it to a file (identifying it by fingerprint here): gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290 Next, you will need to download the corresponding ".asc" signature file and verify it with the command: gpgv --keyring .\tor.keyring Downloads\torbrowser- install-9.0.6_en-US.exe.asc Downloads\torbrowser-install-9.0.6_en-US.exe The result of the command should produce something like this: gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time gpgv: using RSA key EB774491D9FF06E2 gpgv: Good signature from "Tor Browser Developers (signing key) <torbrow...@torproject.org>" }}} For linux: {{{ Step 3: Get Bridges (Optional) If you believe that Tor is blocked where you are, you can use bridges to connect to Tor. Bridges are hidden Tor relays that can circumvent censorship. Tor Browser includes a list of built-in bridges, which you should try first. You can activate built-in bridges inside of Tor Browser's settings, under the "Tor" menu. If built-in bridges don't work, try requesting different bridges, which you can also do in the "Tor" menu inside Tor Browser's settings. This is an automated email response from GetTor. You requested Tor Browser for linux. Step 1: Download Tor Browser First, try downloading Tor Browser from either GitLab or GitHub: gitlab: https://gitlab.com/thetorproject/torbrowser-9.0.6-linux/raw/master/tor- browser-linux64-9.0.6_en-US.tar.xz Signature file: https://gitlab.com/thetorproject/torbrowser-9.0.6-linux/raw/master/tor- browser-linux64-9.0.6_en-US.tar.xz.asc github: https://github.com/torproject/torbrowser- releases/releases/download/torbrowser-release/tor-browser-linux64-9.0 .6_en-US.tar.xz Signature file: https://github.com/torproject/torbrowser- releases/releases/download/torbrowser-release/tor-browser-linux64-9.0 .6_en-US.tar.xz.asc If you cannot download Tor Browser from GitLab or GitHub, try downloading the file tor-browser-linux64-9.0.6_en-US.tar.xz from the following archives: Internet Archive: https://archive.org/details/@gettor Google Drive folder: https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU Step 2: Verify the signature (Optional) Verifying the signature ensures that a certain package was generated by its developers, and has not been tampered with. This email provides links to signature files that have the same name as the Tor Browser file, but end with ".asc" instead. If you are using GNU/Linux, then you probably already have GnuPG in your system, as most GNU/Linux distributions come with it preinstalled. In order to verify the signature you will need to type a few commands in a terminal window. The Tor Browser team signs Tor Browser releases. Import the Tor Browser Developers signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290): gpg --auto-key-locate nodefault,wkd --locate-keys torbrow...@torproject.org This should show you something like: gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrow...@torproject.org>" imported gpg: Total number processed: 1 gpg: imported: 1 pub rsa4096 2014-12-15 [C] [expires: 2020-08-24] EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 uid [ unknown] Tor Browser Developers (signing key) <torbrow...@torproject.org> sub rsa4096 2018-05-26 [S] [expires: 2020-09-12] After importing the key, you can save it to a file (identifying it by fingerprint here): gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290 Next, you will need to download the corresponding ".asc" signature file and verify it with the command: gpgv --keyring ./tor.keyring ~/Downloads/tor-browser- linux64-9.0.6_en-US.tar.xz{.asc,} The result of the command should produce something like this: gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time gpgv: using RSA key EB774491D9FF06E2 gpgv: Good signature from "Tor Browser Developers (signing key) <torbrow...@torproject.org>" Step 3: Get Bridges (Optional) If you believe that Tor is blocked where you are, you can use bridges to connect to Tor. Bridges are hidden Tor relays that can circumvent censorship. Tor Browser includes a list of built-in bridges, which you should try first. You can activate built-in bridges inside of Tor Browser's settings, under the "Tor" menu. If built-in bridges don't work, try requesting different bridges, which you can also do in the "Tor" menu inside Tor Browser's settings. }}} -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23226#comment:25> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs