WEBVTT

00:00.300 --> 00:07.380
And this lecture, I'm going to show you how to properly verify and install the Tor browser on Linux

00:07.380 --> 00:08.250
computers.

00:08.670 --> 00:14.730
Skip this lecture if you already have the Tor browser installed or if you want to install it for Windows

00:14.730 --> 00:16.200
or Mac OS.

00:16.200 --> 00:20.190
I cover install it for Windows and Mac os in the previous lectures.

00:20.190 --> 00:25.560
So if you want to learn how to do that for these operating systems, please revise the previous two

00:25.560 --> 00:26.250
lectures.

00:26.700 --> 00:33.180
Now I'm going to be installing it on a Linux distribution in this lecture, but the installation process

00:33.180 --> 00:39.780
is the same on pretty much most Linux operating systems like Debian fedora and so on.

00:40.650 --> 00:45.670
So first of all, you want to go to the official download page of the Tor browser.

00:45.690 --> 00:48.540
I will include it in the resources of this lecture.

00:48.630 --> 00:52.320
You want to scroll down and select the language that you want.

00:52.320 --> 00:57.990
So I want to download the English version and I want to download it for new Linux.

00:58.020 --> 00:59.550
As you can see, you have two options.

00:59.550 --> 01:02.820
You can download a 32 bit and a 64 bit version.

01:02.850 --> 01:07.710
I have a 64 bit computer and therefore I'm going to click on the 64 bit.

01:07.860 --> 01:13.290
Once you do that, it will download it into your downloads directory and as you can see, I already

01:13.290 --> 01:14.820
have it downloaded in here.

01:15.030 --> 01:20.880
Now usually once you have the browser or the application that you want to download downloaded, all

01:20.880 --> 01:24.940
you have to do is simply run it and if it's compressed and compress it and run it.

01:24.960 --> 01:33.270
But because we are trying to protect our privacy and anonymity, it would be a good idea to verify that

01:33.270 --> 01:40.110
this file did not get modified as we downloaded it from the Internet, because if it got modified,

01:40.110 --> 01:46.770
it could contain backdoors or it could contain code that would render the privacy and anonymity features

01:46.770 --> 01:48.630
of this browser useless.

01:48.750 --> 01:54.750
Because when you download something from the internet, it passes through a number of nodes in which

01:54.750 --> 01:56.190
it can be modified.

01:56.190 --> 02:03.780
So it can be modified by your Internet service provider, it can be modified by your network administrator,

02:03.780 --> 02:09.030
and it can even be modified by hackers who managed to intercept the connection.

02:09.330 --> 02:15.960
So in order to verify the integrity of this file, we're going to use a signature file.

02:15.990 --> 02:22.110
Now, as you can see here in the download page, for every single download you have a sig.

02:22.620 --> 02:28.440
This sig is short for signature, and if you click on it, it will download the file similar to this

02:28.440 --> 02:29.340
one right here.

02:29.730 --> 02:34.740
Now you want to make sure that you download the signature for the file that you downloaded.

02:34.740 --> 02:41.250
So I downloaded the 64 bit version of the Linux installer and therefore you want to download this signature

02:41.250 --> 02:41.820
file.

02:42.180 --> 02:46.740
The reason for this is because each signature is unique to the file.

02:46.740 --> 02:53.370
That's why each file has its own signature, and the signature is created by the Tor developers when

02:53.370 --> 02:56.040
they created this file on their own system.

02:56.790 --> 03:03.060
Therefore, if this file gets modified in any way, shape or form, then the verification process using

03:03.060 --> 03:07.800
this signature will fail and therefore we will know that this file got modified.

03:08.100 --> 03:14.400
If we can verify this file using the same signature that the creators created, then that means that

03:14.400 --> 03:19.380
this file did not get modified since they created the file and created the signature.

03:19.470 --> 03:24.750
Now we're going to have a full section in this course about encryption and verification.

03:24.750 --> 03:28.200
So we're going to learn exactly how this works in details.

03:28.200 --> 03:34.760
But for now, we just want to make sure that this installer did not get modified as we downloaded it.

03:34.800 --> 03:39.420
Therefore, we're simply going to follow the instructions in the official to our website.

03:39.450 --> 03:43.050
To do this, you're going to need to run a number of commands on the terminal.

03:43.050 --> 03:47.910
But don't worry, the commands are actually simple, even though it might seem like it's a little bit

03:47.910 --> 03:48.630
difficult.

03:48.630 --> 03:51.210
And I'm going to walk you through it step by step.

03:51.990 --> 03:57.600
So the first command that we need to run is a command to fetch or download the developer's key.

03:58.260 --> 04:00.060
This is the command right here.

04:00.060 --> 04:01.470
I'm going to copy it.

04:02.890 --> 04:07.120
I'm going to go to a new desktop and I'm going to run the terminal.

04:07.120 --> 04:10.960
So I'm going to click on all applications and type terminal to run it.

04:11.530 --> 04:13.030
And we have it right here.

04:13.030 --> 04:18.250
So I'm going to click it and I'm simply going to paste the command that I copied.

04:19.060 --> 04:21.640
Now, the command is actually very, very simple.

04:21.670 --> 04:24.310
It's using a program called GPG.

04:24.340 --> 04:28.900
This is a program that you can use to create and verify and encrypt data.

04:29.530 --> 04:36.340
We're saying that we want to download to locate a key, and the key that we want to download or locate

04:36.340 --> 04:42.880
belongs to a user that has the email of Tor browser at Tor project dot org.

04:43.330 --> 04:44.620
We're going to hit Enter.

04:46.660 --> 04:47.410
And perfect.

04:47.410 --> 04:48.750
As you can see, it's still us.

04:48.760 --> 04:55.540
The public key for Tor browser developers has been located and you can see the email in here and it's

04:55.540 --> 04:57.670
telling us that this key is imported.

04:57.670 --> 05:01.120
And also you can see the key fingerprint right here.

05:01.120 --> 05:03.010
We'll get back to that in a second.

05:03.190 --> 05:07.120
So now the key is imported into GPG, the program.

05:07.120 --> 05:12.520
What we want to do next is actually store it in a file and we're going to go back to the instructions

05:12.520 --> 05:13.960
to see how to do that.

05:13.960 --> 05:15.940
And we have the command right here.

05:15.940 --> 05:21.130
So again, we're going to copy it and we're going to paste it in here.

05:21.580 --> 05:24.730
Again, we're using the same program GPG To do that.

05:24.730 --> 05:27.490
We're saying that we want to output a file.

05:27.490 --> 05:32.830
Like I said, we want to store it and we want to store it in a file called Tor Dot KeyRing so you can

05:32.830 --> 05:34.780
name this file whatever you want.

05:34.780 --> 05:40.120
And we're saying that we want to export a key that has the following fingerprint.

05:40.120 --> 05:46.570
So note this fingerprint right here is the same as the fingerprint of the key that we just imported,

05:46.570 --> 05:48.130
the third developer's key.

05:48.130 --> 05:50.680
So what we're saying this key is already imported.

05:50.680 --> 05:55.870
We're saying that we want to export it, we're selecting it using the fingerprint, and we're saying

05:55.870 --> 06:00.670
we want to output it or store it in a file called Tor Dot KeyRing.

06:01.510 --> 06:06.730
We're going to hit enter and the command will get executed without showing any errors, meaning it got

06:06.730 --> 06:08.380
executed successfully.

06:08.380 --> 06:13.390
But just to double check, we can use the RLS command, the list command to double check that we have

06:13.390 --> 06:16.210
a file that is called Tor Dot KeyRing.

06:16.570 --> 06:22.690
If I hit enter you can see that we have the file in here, meaning that we manage to store the imported

06:22.690 --> 06:25.810
key in here into this file.

06:26.590 --> 06:33.940
So the last step is to actually use this key along with the signature in here to verify that this package

06:33.940 --> 06:35.530
did not get modified.

06:35.680 --> 06:38.620
And to do that we're actually going to use the same program.

06:38.620 --> 06:46.660
GPG We're going to say that we want to verify, we're going to specify the keyring file that we just

06:46.660 --> 06:48.640
downloaded or stored in here.

06:48.640 --> 06:55.900
So it's called Talking Ring and then we're going to give it the location where we have the signature

06:55.900 --> 06:57.250
file in here.

06:57.670 --> 07:03.220
So as you can see, it's in my downloads and it's called Tor browser Linux, whatever, dot ISC.

07:03.700 --> 07:05.800
So the path is going to be.

07:06.750 --> 07:09.240
Downloads Tor browser.

07:09.240 --> 07:12.510
I'm going to type T and hit tab to autocomplete.

07:13.140 --> 07:19.320
And as you can see, because it is the only file that starts with a T, it ought to be completed to

07:19.320 --> 07:20.820
the name of the package.

07:20.820 --> 07:27.840
So I'm just going to add that a C to specify the signature file because if you go back in here, you

07:27.840 --> 07:31.230
can see the signature file has the same name as the package file.

07:31.230 --> 07:34.890
And the only difference is this one ends with a dot ask.

07:36.100 --> 07:38.500
So now we're giving it the signature file.

07:38.500 --> 07:39.830
We're giving it the key ring.

07:39.850 --> 07:43.960
Next, we need to give it the actual package file that we want to verify.

07:43.990 --> 07:50.740
So again, it's in downloads and I'm going to type T and tap to autocomplete and that's it.

07:51.430 --> 07:57.310
So we're using GPG, the same program we're telling it, we want to verify, we're giving it the key

07:57.310 --> 07:59.710
ring file using the key ring argument.

07:59.710 --> 08:02.920
This is the file that contains the key from the previous step.

08:02.920 --> 08:09.520
And then we're giving it, first of all, the signature file and then followed by the actual package

08:09.520 --> 08:13.480
that we want to verify we're going to hit, enter and perfect.

08:13.480 --> 08:18.370
As you can see, we're getting a message telling us that this is a good signature from the Tor browser

08:18.370 --> 08:19.270
developers.

08:19.750 --> 08:26.620
This means that this package did not get modified since the Tor browser developers created this signature

08:26.620 --> 08:27.790
using their key.

08:28.090 --> 08:33.910
So now we can interact with this package, use it, and use the Tor browser with confidence, knowing

08:33.910 --> 08:39.880
that it's going to work exactly the same way that the developers intended to work and that it did not

08:39.880 --> 08:42.190
get modified as it was downloaded.

08:43.120 --> 08:46.300
So from now on, the installation is actually pretty simple.

08:46.330 --> 08:49.800
We're going to, first of all, need to uncompressed this archive.

08:49.810 --> 08:56.020
So I'm going to right click it and extract it here and then we're going to open up the new directory

08:56.020 --> 09:02.620
that was created and we're simply going to be able to run the Tor browser by executing this file.

09:02.620 --> 09:04.810
So we're going to go to the terminal.

09:04.840 --> 09:06.130
I'm going to clear it.

09:06.340 --> 09:10.680
I'm going to navigate to the location where this file is stored.

09:10.690 --> 09:15.970
So it's in my downloads in the Tor browser directory, in another directory called Tor Browser E and

09:16.000 --> 09:16.770
us.

09:16.780 --> 09:19.830
So we're going to use the CD command to do that.

09:19.840 --> 09:26.350
We're going to go into downloads, I'm going to type T and tab to Autocomplete and another T and a tab

09:26.350 --> 09:27.760
to autocomplete.

09:28.240 --> 09:35.200
I'm going to do LS to list the files and directories and notice that this file is in green, meaning

09:35.200 --> 09:42.280
that it is an executable so I can start it by typing dot forward slash followed by the file name.

09:42.280 --> 09:47.680
So again, I'm going to type s and a tab to autocomplete and I'm going to hit Enter.

09:48.640 --> 09:52.160
And as you can see, we get the default window for the Tor browser.

09:52.180 --> 09:57.760
I'm going to check this box to always automatically connect to the Tor network and I'm going to click

09:57.760 --> 10:00.700
and connect to connect to it and start the browser.

10:01.330 --> 10:04.950
Now, don't worry about how this browser works and about its features.

10:04.960 --> 10:08.020
We're going to cover all of that in the next lectures.

10:08.020 --> 10:14.830
But for now we have a clean, unmodified version of the Tor browser installed on our Linux computer.

10:15.280 --> 10:21.040
And like I said, you can follow these installation steps on pretty much any Linux distro and it should

10:21.040 --> 10:22.480
work exactly the same.