[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #23226 [Applications/GetTor]: GetTor help message could be more helpful



#23226: GetTor help message could be more helpful
-------------------------------------------------+-------------------------
 Reporter:  catalyst                             |          Owner:  cohosh
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:
Component:  Applications/GetTor                  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  anti-censorship-roadmap-2020Q1, ux-  |  Actual Points:
  team                                           |
Parent ID:  #9036                                |         Points:  1
 Reviewer:  phw                                  |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cohosh):

 Okay here's a merge request that includes also updates to the body message
 (with the specialized signature verification instructions built-in):
 https://gitlab.torproject.org/torproject/anti-censorship/gettor-
 project/gettor/merge_requests/3

 The result for osx is:
 {{{
 This is an automated email response from GetTor.

 You requested Tor Browser for osx.

 Step 1: Download Tor Browser

         First, try downloading Tor Browser from either GitLab or GitHub:


         gitlab:
 https://gitlab.com/thetorproject/torbrowser-9.0.6-osx/raw/master/TorBrowser-9.0.6
 -osx64_en-US.dmg
         Signature file:
 https://gitlab.com/thetorproject/torbrowser-9.0.6-osx/raw/master/TorBrowser-9.0.6
 -osx64_en-US.dmg.asc

         github: https://github.com/torproject/torbrowser-
 releases/releases/download/torbrowser-release/TorBrowser-9.0.6-osx64_en-
 US.dmg
         Signature file: https://github.com/torproject/torbrowser-
 releases/releases/download/torbrowser-release/TorBrowser-9.0.6-osx64_en-
 US.dmg.asc


         If you cannot download Tor Browser from GitLab or GitHub,
         try downloading the file TorBrowser-9.0.6-osx64_en-US.dmg
         from the following archives:

         Internet Archive: https://archive.org/details/@gettor

         Google Drive folder:
 https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU

 Step 2: Verify the signature (Optional)

         Verifying the signature ensures that a certain package was
 generated by its
         developers, and has not been tampered with.  This email provides
 links to signature
         files that have the same name as the Tor Browser file, but end
 with ".asc" instead.

         If you are using macOS, you can install GPGTools. In order to
 verify the signature
         you will need to type a few commands in the Terminal (under
 "Applications").

         The Tor Browser team signs Tor Browser releases. Import the Tor
 Browser Developers
         signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):

                 gpg --auto-key-locate nodefault,wkd --locate-keys
 torbrowser@xxxxxxxxxxxxxx

         This should show you something like:

                 gpg: key 4E2C6E8793298290: public key "Tor Browser
 Developers (signing key) <torbrowser@xxxxxxxxxxxxxx>" imported
                 gpg: Total number processed: 1
                 gpg:               imported: 1
                 pub   rsa4096 2014-12-15 [C] [expires: 2020-08-24]
                       EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
                 uid           [ unknown] Tor Browser Developers (signing
 key) <torbrowser@xxxxxxxxxxxxxx>
                 sub   rsa4096 2018-05-26 [S] [expires: 2020-09-12]

         After importing the key, you can save it to a file (identifying it
 by fingerprint here):

                 gpg --output ./tor.keyring --export
 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290

         Next, you will need to download the corresponding ".asc" signature
 file and verify it
         with the command:

                 gpgv --keyring ./tor.keyring ~/Downloads/TorBrowser-9.0.6
 -osx64_en-US.dmg{.asc,}

         The result of the command should produce something like this:

                 gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight
 Time
                 gpgv:                using RSA key EB774491D9FF06E2
                 gpgv: Good signature from "Tor Browser Developers (signing
 key) <torbrowser@xxxxxxxxxxxxxx>"

 Step 3: Get Bridges (Optional)

         If you believe that Tor is blocked where you are, you can use
 bridges to connect
         to Tor.  Bridges are hidden Tor relays that can circumvent
 censorship.
         Tor Browser includes a list of built-in bridges, which you should
 try first.
         You can activate built-in bridges inside of Tor Browser's
 settings, under the
         "Tor" menu.  If built-in bridges don't work, try requesting
 different bridges,
         which you can also do in the "Tor" menu inside Tor Browser's
 settings.
 }}}

 For windows:
 {{{
 This is an automated email response from GetTor.

 You requested Tor Browser for windows.

 Step 1: Download Tor Browser

         First, try downloading Tor Browser from either GitLab or GitHub:


         gitlab:
 https://gitlab.com/thetorproject/torbrowser-9.0.6-windows/raw/master
 /torbrowser-install-9.0.6_en-US.exe
         Signature file:
 https://gitlab.com/thetorproject/torbrowser-9.0.6-windows/raw/master
 /torbrowser-install-9.0.6_en-US.exe.asc

         github: https://github.com/torproject/torbrowser-
 releases/releases/download/torbrowser-release/torbrowser-install-9.0.6_en-
 US.exe
         Signature file: https://github.com/torproject/torbrowser-
 releases/releases/download/torbrowser-release/torbrowser-install-9.0.6_en-
 US.exe.asc


         If you cannot download Tor Browser from GitLab or GitHub,
         try downloading the file torbrowser-install-9.0.6_en-US.exe
         from the following archives:

         Internet Archive: https://archive.org/details/@gettor

         Google Drive folder:
 https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU

 Step 2: Verify the signature (Optional)

         Verifying the signature ensures that a certain package was
 generated by its
         developers, and has not been tampered with.  This email provides
 links to signature
         files that have the same name as the Tor Browser file, but end
 with ".asc" instead.

         If you run Windows, download Gpg4win and run its installer. In
 order to verify the
         signature you will need to type a few commands in windows command-
 line, cmd.exe.

         The Tor Browser team signs Tor Browser releases. Import the Tor
 Browser Developers
         signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):

                 gpg --auto-key-locate nodefault,wkd --locate-keys
 torbrowser@xxxxxxxxxxxxxx

         This should show you something like:

                 gpg: key 4E2C6E8793298290: public key "Tor Browser
 Developers (signing key) <torbrowser@xxxxxxxxxxxxxx>" imported
                 gpg: Total number processed: 1
                 gpg:               imported: 1
                 pub   rsa4096 2014-12-15 [C] [expires: 2020-08-24]
                       EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
                 uid           [ unknown] Tor Browser Developers (signing
 key) <torbrowser@xxxxxxxxxxxxxx>
                 sub   rsa4096 2018-05-26 [S] [expires: 2020-09-12]

         After importing the key, you can save it to a file (identifying it
 by fingerprint here):

                 gpg --output ./tor.keyring --export
 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290

         Next, you will need to download the corresponding ".asc" signature
 file and verify it
         with the command:

                 gpgv --keyring .\tor.keyring Downloads\torbrowser-
 install-9.0.6_en-US.exe.asc Downloads\torbrowser-install-9.0.6_en-US.exe

         The result of the command should produce something like this:

                 gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight
 Time
                 gpgv:                using RSA key EB774491D9FF06E2
                 gpgv: Good signature from "Tor Browser Developers (signing
 key) <torbrowser@xxxxxxxxxxxxxx>"

 }}}
 For linux:
 {{{
 Step 3: Get Bridges (Optional)

         If you believe that Tor is blocked where you are, you can use
 bridges to connect
         to Tor.  Bridges are hidden Tor relays that can circumvent
 censorship.
         Tor Browser includes a list of built-in bridges, which you should
 try first.
         You can activate built-in bridges inside of Tor Browser's
 settings, under the
         "Tor" menu.  If built-in bridges don't work, try requesting
 different bridges,
         which you can also do in the "Tor" menu inside Tor Browser's
 settings.


 This is an automated email response from GetTor.

 You requested Tor Browser for linux.

 Step 1: Download Tor Browser

         First, try downloading Tor Browser from either GitLab or GitHub:


         gitlab:
 https://gitlab.com/thetorproject/torbrowser-9.0.6-linux/raw/master/tor-
 browser-linux64-9.0.6_en-US.tar.xz
         Signature file:
 https://gitlab.com/thetorproject/torbrowser-9.0.6-linux/raw/master/tor-
 browser-linux64-9.0.6_en-US.tar.xz.asc

         github: https://github.com/torproject/torbrowser-
 releases/releases/download/torbrowser-release/tor-browser-linux64-9.0
 .6_en-US.tar.xz
         Signature file: https://github.com/torproject/torbrowser-
 releases/releases/download/torbrowser-release/tor-browser-linux64-9.0
 .6_en-US.tar.xz.asc


         If you cannot download Tor Browser from GitLab or GitHub,
         try downloading the file tor-browser-linux64-9.0.6_en-US.tar.xz
         from the following archives:

         Internet Archive: https://archive.org/details/@gettor

         Google Drive folder:
 https://drive.google.com/open?id=13CADQTsCwrGsIID09YQbNz2DfRMUoxUU

 Step 2: Verify the signature (Optional)

         Verifying the signature ensures that a certain package was
 generated by its
         developers, and has not been tampered with.  This email provides
 links to signature
         files that have the same name as the Tor Browser file, but end
 with ".asc" instead.

         If you are using GNU/Linux, then you probably already have GnuPG
 in your system,
         as most GNU/Linux distributions come with it preinstalled. In
 order to verify the
         signature you will need to type a few commands in a terminal
 window.

         The Tor Browser team signs Tor Browser releases. Import the Tor
 Browser Developers
         signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):

                 gpg --auto-key-locate nodefault,wkd --locate-keys
 torbrowser@xxxxxxxxxxxxxx

         This should show you something like:

                 gpg: key 4E2C6E8793298290: public key "Tor Browser
 Developers (signing key) <torbrowser@xxxxxxxxxxxxxx>" imported
                 gpg: Total number processed: 1
                 gpg:               imported: 1
                 pub   rsa4096 2014-12-15 [C] [expires: 2020-08-24]
                       EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
                 uid           [ unknown] Tor Browser Developers (signing
 key) <torbrowser@xxxxxxxxxxxxxx>
                 sub   rsa4096 2018-05-26 [S] [expires: 2020-09-12]

         After importing the key, you can save it to a file (identifying it
 by fingerprint here):

                 gpg --output ./tor.keyring --export
 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290

         Next, you will need to download the corresponding ".asc" signature
 file and verify it
         with the command:

                 gpgv --keyring ./tor.keyring ~/Downloads/tor-browser-
 linux64-9.0.6_en-US.tar.xz{.asc,}

         The result of the command should produce something like this:

                 gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight
 Time
                 gpgv:                using RSA key EB774491D9FF06E2
                 gpgv: Good signature from "Tor Browser Developers (signing
 key) <torbrowser@xxxxxxxxxxxxxx>"

 Step 3: Get Bridges (Optional)

         If you believe that Tor is blocked where you are, you can use
 bridges to connect
         to Tor.  Bridges are hidden Tor relays that can circumvent
 censorship.
         Tor Browser includes a list of built-in bridges, which you should
 try first.
         You can activate built-in bridges inside of Tor Browser's
 settings, under the
         "Tor" menu.  If built-in bridges don't work, try requesting
 different bridges,
         which you can also do in the "Tor" menu inside Tor Browser's
 settings.
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23226#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs