[tor-bugs] #9843 [Website]: Short User Manual verification section

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Oct 5 21:13:15 UTC 2013


#9843: Short User Manual verification section
-------------------------+-------------------
     Reporter:  Sherief  |      Owner:  runa
         Type:  task     |     Status:  new
     Priority:  minor    |  Milestone:
    Component:  Website  |    Version:
   Resolution:           |   Keywords:
Actual Points:           |  Parent ID:  #8779
       Points:           |
-------------------------+-------------------

Comment (by runa):

 '''General comments''':

 The manual needs to be even more user friendly. The language is very
 technical and assumes a lot of things about the reader. Ideally, the
 manual should give the reader all the information that she needs to fully
 understand the what, the why, and the how. The manual should also make it
 clear that all of our software packages are signed, it's not just the
 stable Tor Browser Bundle for Windows (which you include a screenshot of).

 '''Why''':

 This section should be written for a more general, non-technical audience.
 Not everyone will understand what an adversary is, nor feel they have
 anything to worry about. What are the risks involved with not verifying a
 package you download? How does the process of verifying a digital
 signature improve things?

 '''What''':

 Again, this section needs to be written for a more general, non-technical
 audience. What does verifying a signature actually mean? What is a GPG
 key? Be careful with referencing specific versions of the Tor Browser
 Bundle as it may confuse some readers. If you want to use a filename as an
 example (in a sentence or in a command line argument), make that clear.

 '''How''':

 The previous section talks a lot about the stable Tor Browser Bundle for
 Windows, but this section only mentions "the appropriate bundle". Be
 consistent and give the user all the information necessary to successfully
 follow this manual.

 The process of verifying a digital signature can be confusing, especially
 if you have never done it before. Try to include as much explanatory
 information as possible.

 This section should explain why you need to have both .exe and .asc in the
 same place, it should link to the verifying-signatures-page and the
 signing-keys-page we have on torproject.org, it should explain what the
 user should do if keys.gnupg.net goes down, and why it is important to
 verify the fingerprint of the key.

 The output you illustrate in step III does not match the output you get in
 the screenshot below (Figure X). It also looks like you skipped the step
 of verifying the fingerprint of Erinn's key. The last sentence in step III
 should probably be a part of step IV? It might be a good idea to clarify
 that users who get a bad signature should not run the Tor Browser Bundle
 they just downloaded.

 The screenshot at the bottom (Figure X) contains a warning. What does this
 mean?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9843#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list