1
00:00:00,000 --> 00:00:07,000
And this lecture, I'm going to show you how to properly verify and install the Tor browser on an Apple

2
00:00:07,000 --> 00:00:09,000
Mac OS computer.

3
00:00:10,000 --> 00:00:15,000
If you want to install the Tor browser on a Windows computer, then check out the previous lecture and

4
00:00:15,000 --> 00:00:19,000
if you want to install it on a Linux computer, then check out the next lecture.

5
00:00:19,000 --> 00:00:24,000
Skip this lecture if you do not want to install it on a mac or computer.

6
00:00:25,000 --> 00:00:28,000
Now downloading the Tor browser is very, very easy.

7
00:00:28,000 --> 00:00:33,000
First of all, you want to go to the official download link and I'm going to include that in the resources

8
00:00:33,000 --> 00:00:34,000
of the lecture.

9
00:00:34,000 --> 00:00:38,000
And we're simply going to scroll down to the language that we want to download it in.

10
00:00:38,000 --> 00:00:43,000
And I want to download the English version, and we're going to select the operating system.

11
00:00:43,000 --> 00:00:49,000
So I want to download it for Mac OS and we're going to click on the 64 bit because we have a 64 bit

12
00:00:49,000 --> 00:00:53,000
processor, one click on this, we'll download it for you.

13
00:00:53,000 --> 00:00:58,000
But I'm not going to do that because I already have it downloaded in here and I start it in a directory

14
00:00:58,000 --> 00:01:01,000
called Tor in my downloads directory.

15
00:01:02,000 --> 00:01:08,000
Now once you have it downloaded you can simply double click it to start the installer and install it.

16
00:01:08,000 --> 00:01:16,000
But since we are trying to protect our privacy and anonymity, it's a very good idea to verify that

17
00:01:16,000 --> 00:01:23,000
this installer right here did not get modified as we downloaded it, because when you download something

18
00:01:23,000 --> 00:01:29,000
from the internet, it passes through a number of nodes in which it can be modified.

19
00:01:29,000 --> 00:01:36,000
So it can be modified by your Internet service provider, it can be modified by your network administrator,

20
00:01:36,000 --> 00:01:42,000
and it can even be modified by hackers who managed to intercept the connection.

21
00:01:43,000 --> 00:01:49,000
So to verify the integrity of this installer, you need to download a signature file so they have it

22
00:01:49,000 --> 00:01:51,000
in here between the two brackets.

23
00:01:51,000 --> 00:01:57,000
So as you can see, every single file has a signature with it and you need to make sure that you download

24
00:01:57,000 --> 00:01:59,000
the right signature.

25
00:01:59,000 --> 00:02:06,000
So I downloaded the 64 bit installer for Mac OS and therefore we have to click on this signature.

26
00:02:06,000 --> 00:02:12,000
I'm not going to click it right now because I already have the signature downloaded in here and if the

27
00:02:12,000 --> 00:02:18,000
file changes in any way, shape or form, the signature will not correspond to the file anymore.

28
00:02:18,000 --> 00:02:25,000
And therefore, if we try to verify the file using this signature, the verification process will fail

29
00:02:25,000 --> 00:02:27,000
and we will know that this file got modified.

30
00:02:27,000 --> 00:02:35,000
So this signature will only validate this file if this file did not get modified since the signature

31
00:02:35,000 --> 00:02:36,000
was created.

32
00:02:37,000 --> 00:02:43,000
Now we have a full section in this course about encryption and verification, and you'll understand

33
00:02:43,000 --> 00:02:46,000
exactly how this verification process works.

34
00:02:46,000 --> 00:02:52,000
But for now, we're simply just trying to verify that this installer did not get modified as we downloaded

35
00:02:52,000 --> 00:02:52,000
it.

36
00:02:52,000 --> 00:02:58,000
Therefore, we're simply going to follow the instructions that the Tor website has on how to verify

37
00:02:58,000 --> 00:02:59,000
the signature.

38
00:03:00,000 --> 00:03:05,000
This verification process requires a specific program called GPG.

39
00:03:06,000 --> 00:03:12,000
You can download it from GPG tools dot org and I'm going to include this link in the resources of this

40
00:03:12,000 --> 00:03:19,000
lecture and you simply want to just click on the download and once the download is complete, click

41
00:03:19,000 --> 00:03:22,000
the installer and double click the install.

42
00:03:23,000 --> 00:03:26,000
And simply click on Continue, Continue.

43
00:03:26,000 --> 00:03:32,000
We're leaving everything the same agreement to the agreement and click on install.

44
00:03:32,000 --> 00:03:33,000
Put your password.

45
00:03:34,000 --> 00:03:36,000
And give it some time to install.

46
00:03:38,000 --> 00:03:40,000
Once this is installed, we're going to close it.

47
00:03:40,000 --> 00:03:42,000
We're going to move the installer to the bin.

48
00:03:45,000 --> 00:03:47,000
And we're actually going to give it permissions.

49
00:03:48,000 --> 00:03:50,000
So we're just going to close all of this.

50
00:03:51,000 --> 00:04:00,000
And now you can use the command GPG in your terminal in order to verify the integrity of this file.

51
00:04:01,000 --> 00:04:07,000
So all we did so far is simply just install this program right here that we need for the verification

52
00:04:07,000 --> 00:04:08,000
process.

53
00:04:08,000 --> 00:04:14,000
So we're going to go to the terminal and using the terminal might seem a bit scary, but it's actually

54
00:04:14,000 --> 00:04:15,000
very, very simple.

55
00:04:15,000 --> 00:04:20,000
You can, first of all find it in your applications in the launchpad and here and simply you can type

56
00:04:20,000 --> 00:04:22,000
terminal to start it.

57
00:04:22,000 --> 00:04:28,000
And once you start it, you're simply going to run a number of commands in order to verify the integrity

58
00:04:28,000 --> 00:04:29,000
of this file.

59
00:04:30,000 --> 00:04:35,000
We have all of the commands in here in this page, along with a description of what they do.

60
00:04:35,000 --> 00:04:41,000
And the first command that we want to run is a command to fetch or download the developer key.

61
00:04:42,000 --> 00:04:46,000
The program we're using is GPG, the program that we just installed.

62
00:04:46,000 --> 00:04:52,000
We're telling is that we want to locate a key and we're giving it the key that we're looking for, which

63
00:04:52,000 --> 00:04:55,000
is the one belonging to the Tor browser developers.

64
00:04:55,000 --> 00:04:58,000
So it's Tor browser at Tor project dot org.

65
00:04:58,000 --> 00:05:04,000
And all you have to do is simply copy this and paste it in your terminal.

66
00:05:06,000 --> 00:05:07,000
We're going to hit enter.

67
00:05:09,000 --> 00:05:13,000
And as you can see, we got a response saying that this key has been located.

68
00:05:13,000 --> 00:05:16,000
It does belong to the Tor browser developers.

69
00:05:16,000 --> 00:05:20,000
We can see the email again similar to the one that we requested.

70
00:05:20,000 --> 00:05:23,000
And you can see the key fingerprint right here.

71
00:05:24,000 --> 00:05:28,000
Now that we have the key, we need to save it to a file.

72
00:05:28,000 --> 00:05:30,000
So we're going to use another command to do that.

73
00:05:30,000 --> 00:05:33,000
And again, you can simply copy it from here.

74
00:05:33,000 --> 00:05:37,000
And I'm going to include the list of these commands in the resources of the lecture as well.

75
00:05:37,000 --> 00:05:40,000
And we're simply going to paste it again in here.

76
00:05:40,000 --> 00:05:42,000
So again, we're using the same program.

77
00:05:42,000 --> 00:05:50,000
GPG We're telling it that we want to store this into a file and we're calling the output file toward

78
00:05:50,000 --> 00:05:53,000
keyring so you can choose whatever name you want in here.

79
00:05:53,000 --> 00:05:59,000
This file will include the key that we just downloaded, and then we're telling it which key we want

80
00:05:59,000 --> 00:06:00,000
to store.

81
00:06:00,000 --> 00:06:03,000
So we're telling it we want to export this specific key.

82
00:06:03,000 --> 00:06:09,000
And then right here, we're actually specifying the fingerprint of the key that we just downloaded.

83
00:06:09,000 --> 00:06:14,000
So notice this fingerprint is identical to the fingerprint that we see in here.

84
00:06:15,000 --> 00:06:22,000
So what we're saying is we're saying we want to use GPG to export this fingerprint to the following

85
00:06:22,000 --> 00:06:23,000
local file.

86
00:06:24,000 --> 00:06:25,000
We're going to hit enter.

87
00:06:25,000 --> 00:06:30,000
And because we don't see any errors, it means that the command got executed successfully.

88
00:06:30,000 --> 00:06:36,000
So right now we should have a file in the current working directory called Talking Ring.

89
00:06:36,000 --> 00:06:42,000
We can double check that by doing ls tor dot keyring and perfect.

90
00:06:42,000 --> 00:06:44,000
As you can see, we have that file.

91
00:06:44,000 --> 00:06:45,000
It's being listed for us.

92
00:06:45,000 --> 00:06:53,000
So the next step is to actually use this key with the signature that we have in here to verify that

93
00:06:53,000 --> 00:06:57,000
the installer did not get modified as it was being downloaded.

94
00:06:58,000 --> 00:07:03,000
Now we have the command to do that in here, but I'm actually going to use a slightly different command

95
00:07:03,000 --> 00:07:05,000
that makes things easier.

96
00:07:05,000 --> 00:07:10,000
So we're still going to use GPG, the same program that we've been using so far.

97
00:07:10,000 --> 00:07:13,000
We're going to say that we want to verify.

98
00:07:13,000 --> 00:07:17,000
We're going to give it the the key with the dash dash key ring argument.

99
00:07:17,000 --> 00:07:23,000
The key ring is named Thor dot key ring is the one that we just created right there in the previous

100
00:07:23,000 --> 00:07:24,000
command.

101
00:07:24,000 --> 00:07:30,000
And then we're going to give it the path to the signature file right here.

102
00:07:30,000 --> 00:07:36,000
So I have my signature file in the downloads in Tor in a directory called Tor.

103
00:07:36,000 --> 00:07:43,000
So we're going to type that down, we're going to type downloads T, o, r and then followed by the

104
00:07:43,000 --> 00:07:46,000
name of the signature file dot a, C.

105
00:07:47,000 --> 00:07:52,000
And finally, we're going to put a space followed by the name of the installer itself.

106
00:07:52,000 --> 00:07:59,000
So the installer right here and now, the signature and the installer have the same file name and the

107
00:07:59,000 --> 00:08:01,000
only difference is the extension right here.

108
00:08:02,000 --> 00:08:10,000
So again, it's in downloads T or R and we can type capital T and hit the top button to autocomplete

109
00:08:10,000 --> 00:08:17,000
because this is the only file name that we have in the directory that starts with a T, so a very simple

110
00:08:17,000 --> 00:08:17,000
command.

111
00:08:17,000 --> 00:08:21,000
Again, we're using GPG, the same command that we've been using.

112
00:08:21,000 --> 00:08:27,000
We're saying that we want to verify a key ring and we're giving it the key ring that contains the key

113
00:08:27,000 --> 00:08:29,000
for the Tor developers.

114
00:08:29,000 --> 00:08:36,000
And then we're giving it the file name of the signature, followed by the file name of the installer

115
00:08:36,000 --> 00:08:38,000
we're going to hit Enter.

116
00:08:40,000 --> 00:08:40,000
I'm perfect.

117
00:08:40,000 --> 00:08:46,000
As you can see, it's telling us that this is a good signature from the Tor browser developers.

118
00:08:46,000 --> 00:08:53,000
This means that this file right here did not get modified since the developers that created the key

119
00:08:53,000 --> 00:08:57,000
that we used created this signature right here.

120
00:08:57,000 --> 00:09:04,000
So now we can run this file with confidence, knowing that it did not get modified and that it's going

121
00:09:04,000 --> 00:09:10,000
to run exactly the same way that the Tor browser developers intended to run.

122
00:09:11,000 --> 00:09:13,000
So we're going to double click it now to install it.

123
00:09:13,000 --> 00:09:15,000
Now, like I said, this step is optional.

124
00:09:15,000 --> 00:09:20,000
You don't have to do it, but we're doing it to protect our privacy and anonymity because if this file

125
00:09:20,000 --> 00:09:26,000
gets modified, it could contain code that will have a backdoor or even render the features offered

126
00:09:26,000 --> 00:09:28,000
by the Tor browser useless.

127
00:09:28,000 --> 00:09:34,000
Now to install this, all you have to do is simply drag the Tor browser to your applications and that's

128
00:09:34,000 --> 00:09:35,000
it.

129
00:09:35,000 --> 00:09:39,000
It should be installed, so you'll be able to find it in here in your launchpad.

130
00:09:39,000 --> 00:09:45,000
If you scroll to the end and I have it right here and one click on it will start it exactly the same

131
00:09:45,000 --> 00:09:47,000
as any other program that you have.

132
00:09:47,000 --> 00:09:52,000
We're going to tick the box to always connect automatically so that it always automatically connects

133
00:09:52,000 --> 00:09:53,000
to the Tor network.

134
00:09:53,000 --> 00:09:56,000
And we're going to click on Connect to Connect.

135
00:09:56,000 --> 00:10:00,000
Now, don't worry about how to use this browser and all of the features.

136
00:10:00,000 --> 00:10:04,000
We will cover that in details in the next lectures.