WEBVTT

00:00.180 --> 00:06.450
In this video, I'm going to show you how to properly install the Tor browser and make sure that it

00:06.450 --> 00:09.540
was not modified as it was being downloaded.

00:10.540 --> 00:15.400
The method that I'm going to show you here will work on Windows 11 and Windows ten.

00:15.640 --> 00:22.780
If you want to install the Tor browser on Linux or Mac OS, then skip this lecture as I will cover this

00:22.780 --> 00:26.620
process for other operating systems in the next lectures.

00:28.300 --> 00:32.920
So first of all, we're going to download the Tor browser from their official website.

00:33.070 --> 00:34.420
We're going to scroll down.

00:35.650 --> 00:39.850
And we want to download it for Windows and I want to download the English version.

00:39.850 --> 00:45.430
And as you can see, we have a 32 bit and 64 bit version depending on your processor.

00:45.460 --> 00:48.910
Now I have a 64 bit processor in my computer.

00:48.910 --> 00:51.580
Therefore I'm going to click on the 64 bit.

00:52.200 --> 00:54.580
As you can see, it's going to download it here for me.

00:54.910 --> 00:58.290
And once the download is complete, it's going to go into your downloads.

00:58.300 --> 01:04.870
So I'm going to open up my file manager and I'm going to go to downloads and we have the installer right

01:04.870 --> 01:05.380
here.

01:05.920 --> 01:11.200
Now, just like any other program, you can simply double click this and click on next, next, next,

01:11.200 --> 01:14.020
next and it will be installed on your system.

01:14.290 --> 01:22.780
But because we are trying to protect our privacy and anonymity, it is a good idea to verify the integrity

01:22.780 --> 01:30.130
of this file before we run it, to make sure that this file did not get modified as it was downloaded.

01:30.310 --> 01:36.250
Because if the file gets modified as it's being downloaded, it could contain backdoors or it could

01:36.250 --> 01:43.120
contain code that would render the privacy and anonymity features that this browser offers useless.

01:43.510 --> 01:49.510
Because when you download something from the internet, it passes through a number of nodes in which

01:49.510 --> 01:50.920
it can be modified.

01:50.920 --> 01:58.510
So it can be modified by your Internet service provider, it can be modified by your network administrator,

01:58.510 --> 02:03.730
and it can even be modified by hackers who manage to intercept the connection.

02:04.180 --> 02:10.540
So in order to verify the integrity of this file, we're going to need to download the file signature

02:10.540 --> 02:12.220
associated with it.

02:12.250 --> 02:16.180
So as you can see, every single file has a sig.

02:16.780 --> 02:23.920
A sig is short for signature, and this is a file that the developers create once they package the program

02:23.920 --> 02:31.120
and they create it for us so that we can use it to make sure that the program did not get modified since

02:31.120 --> 02:32.540
this file was created.

02:32.560 --> 02:37.990
So if this file gets modified in any way, shape or form, it will break the signature.

02:37.990 --> 02:41.770
And the verification process that I'm about to show you will fail.

02:42.100 --> 02:47.070
So you want to make sure you download the right signature for the file that you downloaded.

02:47.080 --> 02:48.730
So I downloaded this file.

02:48.730 --> 02:50.950
That means I should download the signature.

02:51.190 --> 02:53.200
So we're going to download the signature.

02:53.890 --> 02:56.170
And again, it's going to go into my downloads.

02:56.170 --> 02:57.670
So we have it right here.

02:58.680 --> 03:04.620
And finally, we need to download the public key for the developers that create Tor.

03:05.100 --> 03:07.770
You can download it from their website from here.

03:07.770 --> 03:09.240
So if you scroll down.

03:10.460 --> 03:14.150
We have the download link in here so you can click on it.

03:14.270 --> 03:16.940
You're going to see gibberish on the page, but that's fine.

03:16.940 --> 03:18.290
That's their public key.

03:18.290 --> 03:26.150
So we're going to right click this file and save file as we're going to keep it in our downloads and

03:26.150 --> 03:27.830
you can name it anything you want.

03:27.830 --> 03:34.910
I'm just going to name it Tor browser key and you can use any extension you want, but I'm going to

03:34.910 --> 03:38.300
name it dot key just to eliminate the confusion.

03:38.300 --> 03:40.880
And we're going to select all files from here.

03:41.300 --> 03:42.890
We're going to click on Save.

03:43.750 --> 03:50.110
And if I go to my downloads now, I have the installer right here, I have the signature file right

03:50.110 --> 03:53.890
here and I have the developer's key right here.

03:53.950 --> 04:00.100
So the developers are the people that created the Tor browser and created this file right here.

04:00.130 --> 04:06.700
Once they create this file, they create a signature that corresponds to this version of the file.

04:06.850 --> 04:11.810
This signature will only be valid if this file is not modified.

04:11.830 --> 04:17.950
If this file gets modified in any way, shape or form, the verification between the two will break

04:17.950 --> 04:20.590
and this signature will become invalid.

04:20.620 --> 04:26.710
Now we have a full section about encryption and verification later on in the course, and we will explain

04:26.710 --> 04:29.080
how this whole process works in details.

04:29.080 --> 04:35.830
But basically we're going to use the public key for the developers that created this package to make

04:35.830 --> 04:42.370
sure that this package did not get modified since they created it and created this signature for it.

04:44.090 --> 04:49.250
Now to do all of this, we're going to need to use a program that does the verification for us.

04:49.280 --> 04:56.000
The program is called GPG for when I'm going to include the download link in the resources and to download

04:56.000 --> 04:56.140
it.

04:56.150 --> 05:00.710
We're just going to set this to zero because we don't want to donate anything and we're going to click

05:00.710 --> 05:01.760
on Download.

05:02.860 --> 05:09.400
And that said, download it for us and here we're going to run this program to install it on our computer.

05:10.330 --> 05:13.030
And installing it is going to be very, very simple.

05:13.060 --> 05:19.090
We're simply going to click on next next install, keeping everything to the default settings.

05:20.320 --> 05:22.240
Once the installation is complete.

05:22.240 --> 05:28.260
Again, we're going to click on next and I'm going to take this box so it doesn't launch it for me automatically.

05:28.270 --> 05:32.170
We're going to click on Finish and the program is installed for us.

05:32.770 --> 05:38.350
So we're going to use that program to verify that this package did not get modified.

05:38.590 --> 05:43.930
And as you can see, we have the program here on my desktop or you can find this under your application

05:43.930 --> 05:45.130
in the start menu.

05:45.160 --> 05:49.150
It's called Cleopatra, so we're going to double click it to start it.

05:50.080 --> 05:57.610
And we're going to click on import to import a key, and we want to import the public key for the developers.

05:57.610 --> 06:04.810
So we're going to select all files from here and we're going to select the file with the DOT key extension.

06:04.810 --> 06:07.480
So that's the file that we downloaded from the Internet.

06:07.840 --> 06:12.820
We're going to click on Open and give it some time to import it and verify it.

06:13.390 --> 06:14.140
And perfect.

06:14.140 --> 06:20.890
Now, the developer key, as you can see in here, is the Tor browser developer's key is added successfully

06:20.890 --> 06:23.110
to this program, Cleopatra.

06:23.920 --> 06:30.640
Next, we want to verify that the installer did not get modified and we're going to do this by clicking

06:30.670 --> 06:32.290
on Decrypt Verify.

06:32.770 --> 06:35.560
We're going to select the file that we want to verify.

06:35.560 --> 06:39.370
So I'm going to go to my downloads and we're going to select the installer.

06:39.370 --> 06:42.760
So this file right here, remember it's the application.

06:43.030 --> 06:48.100
Now, as you can see, we're actually not selecting the signature, but it's going to automatically

06:48.100 --> 06:52.510
use the signature that has the same name as the file that you downloaded.

06:52.540 --> 06:58.600
That's why it's very important to make sure when you're downloading Tor is to download the right signature

06:58.600 --> 07:01.270
file for the right file that you downloaded.

07:02.110 --> 07:07.930
So going back to Cleopatra, we're simply going to select the application, the Tor Installer.

07:07.960 --> 07:12.580
We're going to click on Open and give it some time to verify it for us.

07:14.340 --> 07:15.240
And perfect.

07:15.240 --> 07:22.290
As you can see, it's telling us that it's verified the third browser installer with the signature file.

07:22.860 --> 07:28.920
Now you could ignore this part that says the data could not be verified because it's only referring

07:28.920 --> 07:31.910
to the fact that the key is not trusted by us.

07:31.920 --> 07:35.760
So I can simply right click the key and trust it to get rid of this message.

07:35.760 --> 07:41.220
But the main thing that we're looking for is it's saying that the signature is matching the file and

07:41.220 --> 07:43.830
we know that the key is the key of the developers.

07:43.830 --> 07:46.410
And we downloaded it from the official website.

07:46.410 --> 07:52.950
And if we click on Show Audit Log, you will see that it's telling us that it is a good signature from

07:52.950 --> 07:56.940
Tor browser developers and we have their email right here.

07:56.940 --> 08:04.200
So this basically means that the file that we have right here, the installer did not get modified since

08:04.200 --> 08:09.720
the owner of this key created this file and created its signature.

08:10.550 --> 08:12.610
Now, like I said, this step is optional.

08:12.620 --> 08:18.320
You could have simply double click this file and install Tor, but now we know that it was not modified

08:18.320 --> 08:24.590
and we know that we can use it with confidence that it will work exactly the same way that the developers

08:24.590 --> 08:26.030
intended it to work.

08:26.210 --> 08:30.020
So as long as we trust the developers, we should trust this program.

08:30.230 --> 08:33.470
So we're going to double click it now to install and install.

08:33.470 --> 08:35.030
And it is very, very simple.

08:35.030 --> 08:40.130
We're simply going to click on okay for the language and we're just going to click on install to install

08:40.130 --> 08:40.400
it.

08:42.270 --> 08:44.110
And now the installation is complete.

08:44.130 --> 08:46.690
I'm going to antique run the Tor browser for now.

08:46.710 --> 08:51.720
We will talk about it in details on how to use it and its features in the next lectures.

08:51.720 --> 08:56.850
And we're just going to keep this ticked so that it's added to our start menu and desktop.

08:57.240 --> 09:03.210
We're going to click on Finish and now we have a verified version of the Tor browser installed on our

09:03.210 --> 09:04.410
Windows computer.

09:04.560 --> 09:10.440
As I mentioned, if you want to install it on Linux or Mac OS, then check out the next lectures.