WEBVTT

00:00.090 --> 00:07.740
And this lecture, I'm going to show you how to properly verify and install the Tor browser on an Apple

00:07.740 --> 00:09.750
Mac OS computer.

00:10.320 --> 00:15.750
If you want to install the Tor browser on a Windows computer, then check out the previous lecture and

00:15.750 --> 00:19.920
if you want to install it on a Linux computer, then check out the next lecture.

00:19.920 --> 00:24.420
Skip this lecture if you do not want to install it on a mac or computer.

00:25.050 --> 00:28.460
Now downloading the Tor browser is very, very easy.

00:28.470 --> 00:33.150
First of all, you want to go to the official download link and I'm going to include that in the resources

00:33.150 --> 00:34.140
of the lecture.

00:34.140 --> 00:38.730
And we're simply going to scroll down to the language that we want to download it in.

00:38.730 --> 00:43.140
And I want to download the English version, and we're going to select the operating system.

00:43.140 --> 00:49.830
So I want to download it for Mac OS and we're going to click on the 64 bit because we have a 64 bit

00:49.830 --> 00:53.280
processor, one click on this, we'll download it for you.

00:53.280 --> 00:58.890
But I'm not going to do that because I already have it downloaded in here and I start it in a directory

00:58.890 --> 01:01.950
called Tor in my downloads directory.

01:02.550 --> 01:08.760
Now once you have it downloaded you can simply double click it to start the installer and install it.

01:08.790 --> 01:16.530
But since we are trying to protect our privacy and anonymity, it's a very good idea to verify that

01:16.530 --> 01:23.820
this installer right here did not get modified as we downloaded it, because when you download something

01:23.820 --> 01:29.370
from the internet, it passes through a number of nodes in which it can be modified.

01:29.370 --> 01:36.990
So it can be modified by your Internet service provider, it can be modified by your network administrator,

01:36.990 --> 01:42.210
and it can even be modified by hackers who managed to intercept the connection.

01:43.320 --> 01:49.800
So to verify the integrity of this installer, you need to download a signature file so they have it

01:49.800 --> 01:51.900
in here between the two brackets.

01:51.900 --> 01:57.990
So as you can see, every single file has a signature with it and you need to make sure that you download

01:57.990 --> 01:59.220
the right signature.

01:59.220 --> 02:06.060
So I downloaded the 64 bit installer for Mac OS and therefore we have to click on this signature.

02:06.060 --> 02:12.570
I'm not going to click it right now because I already have the signature downloaded in here and if the

02:12.570 --> 02:18.960
file changes in any way, shape or form, the signature will not correspond to the file anymore.

02:18.960 --> 02:25.020
And therefore, if we try to verify the file using this signature, the verification process will fail

02:25.020 --> 02:27.870
and we will know that this file got modified.

02:27.990 --> 02:35.670
So this signature will only validate this file if this file did not get modified since the signature

02:35.670 --> 02:36.840
was created.

02:37.500 --> 02:43.140
Now we have a full section in this course about encryption and verification, and you'll understand

02:43.140 --> 02:46.020
exactly how this verification process works.

02:46.020 --> 02:52.320
But for now, we're simply just trying to verify that this installer did not get modified as we downloaded

02:52.320 --> 02:52.650
it.

02:52.650 --> 02:58.920
Therefore, we're simply going to follow the instructions that the Tor website has on how to verify

02:58.920 --> 02:59.760
the signature.

03:00.270 --> 03:05.790
This verification process requires a specific program called GPG.

03:06.210 --> 03:12.900
You can download it from GPG tools dot org and I'm going to include this link in the resources of this

03:12.900 --> 03:19.140
lecture and you simply want to just click on the download and once the download is complete, click

03:19.140 --> 03:22.650
the installer and double click the install.

03:23.450 --> 03:26.450
And simply click on Continue, Continue.

03:26.480 --> 03:32.280
We're leaving everything the same agreement to the agreement and click on install.

03:32.330 --> 03:33.980
Put your password.

03:34.990 --> 03:36.940
And give it some time to install.

03:38.080 --> 03:40.220
Once this is installed, we're going to close it.

03:40.240 --> 03:42.550
We're going to move the installer to the bin.

03:45.700 --> 03:47.980
And we're actually going to give it permissions.

03:48.130 --> 03:50.650
So we're just going to close all of this.

03:51.600 --> 04:00.630
And now you can use the command GPG in your terminal in order to verify the integrity of this file.

04:01.420 --> 04:07.390
So all we did so far is simply just install this program right here that we need for the verification

04:07.390 --> 04:08.110
process.

04:08.740 --> 04:14.350
So we're going to go to the terminal and using the terminal might seem a bit scary, but it's actually

04:14.350 --> 04:15.470
very, very simple.

04:15.490 --> 04:20.710
You can, first of all find it in your applications in the launchpad and here and simply you can type

04:20.740 --> 04:22.150
terminal to start it.

04:22.510 --> 04:28.600
And once you start it, you're simply going to run a number of commands in order to verify the integrity

04:28.600 --> 04:29.560
of this file.

04:30.010 --> 04:35.640
We have all of the commands in here in this page, along with a description of what they do.

04:35.650 --> 04:41.080
And the first command that we want to run is a command to fetch or download the developer key.

04:42.250 --> 04:46.130
The program we're using is GPG, the program that we just installed.

04:46.150 --> 04:52.150
We're telling is that we want to locate a key and we're giving it the key that we're looking for, which

04:52.150 --> 04:55.330
is the one belonging to the Tor browser developers.

04:55.330 --> 04:58.180
So it's Tor browser at Tor project dot org.

04:58.780 --> 05:04.270
And all you have to do is simply copy this and paste it in your terminal.

05:06.330 --> 05:07.590
We're going to hit enter.

05:09.480 --> 05:13.730
And as you can see, we got a response saying that this key has been located.

05:13.740 --> 05:16.490
It does belong to the Tor browser developers.

05:16.500 --> 05:20.130
We can see the email again similar to the one that we requested.

05:20.520 --> 05:23.670
And you can see the key fingerprint right here.

05:24.180 --> 05:28.240
Now that we have the key, we need to save it to a file.

05:28.260 --> 05:30.780
So we're going to use another command to do that.

05:30.780 --> 05:33.300
And again, you can simply copy it from here.

05:33.300 --> 05:37.470
And I'm going to include the list of these commands in the resources of the lecture as well.

05:37.770 --> 05:40.740
And we're simply going to paste it again in here.

05:40.980 --> 05:42.960
So again, we're using the same program.

05:42.960 --> 05:50.270
GPG We're telling it that we want to store this into a file and we're calling the output file toward

05:50.280 --> 05:53.520
keyring so you can choose whatever name you want in here.

05:53.700 --> 05:59.880
This file will include the key that we just downloaded, and then we're telling it which key we want

05:59.880 --> 06:00.400
to store.

06:00.420 --> 06:03.450
So we're telling it we want to export this specific key.

06:03.450 --> 06:09.760
And then right here, we're actually specifying the fingerprint of the key that we just downloaded.

06:09.780 --> 06:14.940
So notice this fingerprint is identical to the fingerprint that we see in here.

06:15.150 --> 06:22.050
So what we're saying is we're saying we want to use GPG to export this fingerprint to the following

06:22.050 --> 06:23.010
local file.

06:24.100 --> 06:25.450
We're going to hit enter.

06:25.930 --> 06:30.880
And because we don't see any errors, it means that the command got executed successfully.

06:30.880 --> 06:36.570
So right now we should have a file in the current working directory called Talking Ring.

06:36.580 --> 06:42.970
We can double check that by doing ls tor dot keyring and perfect.

06:42.970 --> 06:44.410
As you can see, we have that file.

06:44.410 --> 06:45.940
It's being listed for us.

06:45.940 --> 06:53.560
So the next step is to actually use this key with the signature that we have in here to verify that

06:53.560 --> 06:57.940
the installer did not get modified as it was being downloaded.

06:58.420 --> 07:03.460
Now we have the command to do that in here, but I'm actually going to use a slightly different command

07:03.460 --> 07:05.020
that makes things easier.

07:05.020 --> 07:10.840
So we're still going to use GPG, the same program that we've been using so far.

07:10.930 --> 07:13.300
We're going to say that we want to verify.

07:13.330 --> 07:17.800
We're going to give it the the key with the dash dash key ring argument.

07:17.950 --> 07:23.800
The key ring is named Thor dot key ring is the one that we just created right there in the previous

07:23.800 --> 07:24.490
command.

07:24.790 --> 07:30.430
And then we're going to give it the path to the signature file right here.

07:30.610 --> 07:36.070
So I have my signature file in the downloads in Tor in a directory called Tor.

07:36.310 --> 07:43.090
So we're going to type that down, we're going to type downloads T, o, r and then followed by the

07:43.090 --> 07:46.570
name of the signature file dot a, C.

07:47.110 --> 07:52.810
And finally, we're going to put a space followed by the name of the installer itself.

07:52.810 --> 07:59.290
So the installer right here and now, the signature and the installer have the same file name and the

07:59.290 --> 08:01.750
only difference is the extension right here.

08:02.260 --> 08:10.930
So again, it's in downloads T or R and we can type capital T and hit the top button to autocomplete

08:10.930 --> 08:17.470
because this is the only file name that we have in the directory that starts with a T, so a very simple

08:17.470 --> 08:17.860
command.

08:17.860 --> 08:21.610
Again, we're using GPG, the same command that we've been using.

08:21.640 --> 08:27.400
We're saying that we want to verify a key ring and we're giving it the key ring that contains the key

08:27.400 --> 08:29.080
for the Tor developers.

08:29.290 --> 08:36.160
And then we're giving it the file name of the signature, followed by the file name of the installer

08:36.940 --> 08:38.290
we're going to hit Enter.

08:40.010 --> 08:40.820
I'm perfect.

08:40.820 --> 08:46.130
As you can see, it's telling us that this is a good signature from the Tor browser developers.

08:46.280 --> 08:53.480
This means that this file right here did not get modified since the developers that created the key

08:53.480 --> 08:57.440
that we used created this signature right here.

08:57.770 --> 09:04.490
So now we can run this file with confidence, knowing that it did not get modified and that it's going

09:04.490 --> 09:10.040
to run exactly the same way that the Tor browser developers intended to run.

09:11.020 --> 09:13.480
So we're going to double click it now to install it.

09:13.510 --> 09:15.430
Now, like I said, this step is optional.

09:15.430 --> 09:20.890
You don't have to do it, but we're doing it to protect our privacy and anonymity because if this file

09:20.890 --> 09:26.170
gets modified, it could contain code that will have a backdoor or even render the features offered

09:26.170 --> 09:28.030
by the Tor browser useless.

09:28.510 --> 09:34.930
Now to install this, all you have to do is simply drag the Tor browser to your applications and that's

09:34.930 --> 09:35.230
it.

09:35.230 --> 09:39.610
It should be installed, so you'll be able to find it in here in your launchpad.

09:39.610 --> 09:45.700
If you scroll to the end and I have it right here and one click on it will start it exactly the same

09:45.700 --> 09:47.770
as any other program that you have.

09:47.770 --> 09:52.720
We're going to tick the box to always connect automatically so that it always automatically connects

09:52.720 --> 09:53.890
to the Tor network.

09:53.890 --> 09:56.230
And we're going to click on Connect to Connect.

09:56.770 --> 10:00.670
Now, don't worry about how to use this browser and all of the features.

10:00.670 --> 10:04.240
We will cover that in details in the next lectures.