[tor-bugs] #23226 [Applications/GetTor]: GetTor help message could be more helpful
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 18 20:14:39 UTC 2020
#23226: GetTor help message could be more helpful
-------------------------------------------------+-------------------------
Reporter: catalyst | Owner: cohosh
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone:
Component: Applications/GetTor | Version:
Severity: Normal | Resolution:
Keywords: anti-censorship-roadmap-2020Q1, ux- | Actual Points:
team |
Parent ID: #9036 | Points: 1
Reviewer: phw | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cohosh):
Okay here's a merge request that includes also updates to the body message
(with the specialized signature verification instructions built-in):
https://gitlab.torproject.org/torproject/anti-censorship/gettor-
project/gettor/merge_requests/3
The result for osx is:
{{{
This is an automated email response from GetTor.
You requested Tor Browser for osx.
Step 1: Download Tor Browser
First, try downloading Tor Browser from either GitLab or GitHub:
gitlab:
https://gitlab.com/thetorproject/torbrowser-9.0.6-osx/raw/master/TorBrowser-9.0.6
-osx64_en-US.dmg
Signature file:
https://gitlab.com/thetorproject/torbrowser-9.0.6-osx/raw/master/TorBrowser-9.0.6
-osx64_en-US.dmg.asc
github: https://github.com/torproject/torbrowser-
releases/releases/download/torbrowser-release/TorBrowser-9.0.6-osx64_en-
US.dmg
Signature file: https://github.com/torproject/torbrowser-
releases/releases/download/torbrowser-release/TorBrowser-9.0.6-osx64_en-
US.dmg.asc
If you cannot download Tor Browser from GitLab or GitHub,
try downloading the file TorBrowser-9.0.6-osx64_en-US.dmg
from the following archives:
Internet Archive: https://archive.org/details/@gettor
Google Drive folder:
https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU
Step 2: Verify the signature (Optional)
Verifying the signature ensures that a certain package was
generated by its
developers, and has not been tampered with. This email provides
links to signature
files that have the same name as the Tor Browser file, but end
with ".asc" instead.
If you are using macOS, you can install GPGTools. In order to
verify the signature
you will need to type a few commands in the Terminal (under
"Applications").
The Tor Browser team signs Tor Browser releases. Import the Tor
Browser Developers
signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):
gpg --auto-key-locate nodefault,wkd --locate-keys
torbrowser at torproject.org
This should show you something like:
gpg: key 4E2C6E8793298290: public key "Tor Browser
Developers (signing key) <torbrowser at torproject.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
pub rsa4096 2014-12-15 [C] [expires: 2020-08-24]
EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid [ unknown] Tor Browser Developers (signing
key) <torbrowser at torproject.org>
sub rsa4096 2018-05-26 [S] [expires: 2020-09-12]
After importing the key, you can save it to a file (identifying it
by fingerprint here):
gpg --output ./tor.keyring --export
0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290
Next, you will need to download the corresponding ".asc" signature
file and verify it
with the command:
gpgv --keyring ./tor.keyring ~/Downloads/TorBrowser-9.0.6
-osx64_en-US.dmg{.asc,}
The result of the command should produce something like this:
gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight
Time
gpgv: using RSA key EB774491D9FF06E2
gpgv: Good signature from "Tor Browser Developers (signing
key) <torbrowser at torproject.org>"
Step 3: Get Bridges (Optional)
If you believe that Tor is blocked where you are, you can use
bridges to connect
to Tor. Bridges are hidden Tor relays that can circumvent
censorship.
Tor Browser includes a list of built-in bridges, which you should
try first.
You can activate built-in bridges inside of Tor Browser's
settings, under the
"Tor" menu. If built-in bridges don't work, try requesting
different bridges,
which you can also do in the "Tor" menu inside Tor Browser's
settings.
}}}
For windows:
{{{
This is an automated email response from GetTor.
You requested Tor Browser for windows.
Step 1: Download Tor Browser
First, try downloading Tor Browser from either GitLab or GitHub:
gitlab:
https://gitlab.com/thetorproject/torbrowser-9.0.6-windows/raw/master
/torbrowser-install-9.0.6_en-US.exe
Signature file:
https://gitlab.com/thetorproject/torbrowser-9.0.6-windows/raw/master
/torbrowser-install-9.0.6_en-US.exe.asc
github: https://github.com/torproject/torbrowser-
releases/releases/download/torbrowser-release/torbrowser-install-9.0.6_en-
US.exe
Signature file: https://github.com/torproject/torbrowser-
releases/releases/download/torbrowser-release/torbrowser-install-9.0.6_en-
US.exe.asc
If you cannot download Tor Browser from GitLab or GitHub,
try downloading the file torbrowser-install-9.0.6_en-US.exe
from the following archives:
Internet Archive: https://archive.org/details/@gettor
Google Drive folder:
https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU
Step 2: Verify the signature (Optional)
Verifying the signature ensures that a certain package was
generated by its
developers, and has not been tampered with. This email provides
links to signature
files that have the same name as the Tor Browser file, but end
with ".asc" instead.
If you run Windows, download Gpg4win and run its installer. In
order to verify the
signature you will need to type a few commands in windows command-
line, cmd.exe.
The Tor Browser team signs Tor Browser releases. Import the Tor
Browser Developers
signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):
gpg --auto-key-locate nodefault,wkd --locate-keys
torbrowser at torproject.org
This should show you something like:
gpg: key 4E2C6E8793298290: public key "Tor Browser
Developers (signing key) <torbrowser at torproject.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
pub rsa4096 2014-12-15 [C] [expires: 2020-08-24]
EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid [ unknown] Tor Browser Developers (signing
key) <torbrowser at torproject.org>
sub rsa4096 2018-05-26 [S] [expires: 2020-09-12]
After importing the key, you can save it to a file (identifying it
by fingerprint here):
gpg --output ./tor.keyring --export
0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290
Next, you will need to download the corresponding ".asc" signature
file and verify it
with the command:
gpgv --keyring .\tor.keyring Downloads\torbrowser-
install-9.0.6_en-US.exe.asc Downloads\torbrowser-install-9.0.6_en-US.exe
The result of the command should produce something like this:
gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight
Time
gpgv: using RSA key EB774491D9FF06E2
gpgv: Good signature from "Tor Browser Developers (signing
key) <torbrowser at torproject.org>"
}}}
For linux:
{{{
Step 3: Get Bridges (Optional)
If you believe that Tor is blocked where you are, you can use
bridges to connect
to Tor. Bridges are hidden Tor relays that can circumvent
censorship.
Tor Browser includes a list of built-in bridges, which you should
try first.
You can activate built-in bridges inside of Tor Browser's
settings, under the
"Tor" menu. If built-in bridges don't work, try requesting
different bridges,
which you can also do in the "Tor" menu inside Tor Browser's
settings.
This is an automated email response from GetTor.
You requested Tor Browser for linux.
Step 1: Download Tor Browser
First, try downloading Tor Browser from either GitLab or GitHub:
gitlab:
https://gitlab.com/thetorproject/torbrowser-9.0.6-linux/raw/master/tor-
browser-linux64-9.0.6_en-US.tar.xz
Signature file:
https://gitlab.com/thetorproject/torbrowser-9.0.6-linux/raw/master/tor-
browser-linux64-9.0.6_en-US.tar.xz.asc
github: https://github.com/torproject/torbrowser-
releases/releases/download/torbrowser-release/tor-browser-linux64-9.0
.6_en-US.tar.xz
Signature file: https://github.com/torproject/torbrowser-
releases/releases/download/torbrowser-release/tor-browser-linux64-9.0
.6_en-US.tar.xz.asc
If you cannot download Tor Browser from GitLab or GitHub,
try downloading the file tor-browser-linux64-9.0.6_en-US.tar.xz
from the following archives:
Internet Archive: https://archive.org/details/@gettor
Google Drive folder:
https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU
Step 2: Verify the signature (Optional)
Verifying the signature ensures that a certain package was
generated by its
developers, and has not been tampered with. This email provides
links to signature
files that have the same name as the Tor Browser file, but end
with ".asc" instead.
If you are using GNU/Linux, then you probably already have GnuPG
in your system,
as most GNU/Linux distributions come with it preinstalled. In
order to verify the
signature you will need to type a few commands in a terminal
window.
The Tor Browser team signs Tor Browser releases. Import the Tor
Browser Developers
signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):
gpg --auto-key-locate nodefault,wkd --locate-keys
torbrowser at torproject.org
This should show you something like:
gpg: key 4E2C6E8793298290: public key "Tor Browser
Developers (signing key) <torbrowser at torproject.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
pub rsa4096 2014-12-15 [C] [expires: 2020-08-24]
EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid [ unknown] Tor Browser Developers (signing
key) <torbrowser at torproject.org>
sub rsa4096 2018-05-26 [S] [expires: 2020-09-12]
After importing the key, you can save it to a file (identifying it
by fingerprint here):
gpg --output ./tor.keyring --export
0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290
Next, you will need to download the corresponding ".asc" signature
file and verify it
with the command:
gpgv --keyring ./tor.keyring ~/Downloads/tor-browser-
linux64-9.0.6_en-US.tar.xz{.asc,}
The result of the command should produce something like this:
gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight
Time
gpgv: using RSA key EB774491D9FF06E2
gpgv: Good signature from "Tor Browser Developers (signing
key) <torbrowser at torproject.org>"
Step 3: Get Bridges (Optional)
If you believe that Tor is blocked where you are, you can use
bridges to connect
to Tor. Bridges are hidden Tor relays that can circumvent
censorship.
Tor Browser includes a list of built-in bridges, which you should
try first.
You can activate built-in bridges inside of Tor Browser's
settings, under the
"Tor" menu. If built-in bridges don't work, try requesting
different bridges,
which you can also do in the "Tor" menu inside Tor Browser's
settings.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23226#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list