1
00:00:00,750 --> 00:00:09,290
In this video I'm going to show you how to verify Tor Browser and install it on an Apple OS X computer.

2
00:00:09,480 --> 00:00:13,710
If you have a windows computer then Please revise the previous lecture.

3
00:00:13,710 --> 00:00:18,980
And if you have a Linux computer then skip this video and watch the next video.

4
00:00:19,140 --> 00:00:25,920
Only watch this lecture if you want to install tor browser on an Apple OS X computer.

5
00:00:25,920 --> 00:00:27,950
Otherwise just skip it.

6
00:00:28,110 --> 00:00:31,740
You will not lose any information if you skip this video.

7
00:00:32,880 --> 00:00:36,860
So right now I have the tour download page right here.

8
00:00:37,380 --> 00:00:42,720
And as you can see I can download tour for any operating system Windows Apple and Linux.

9
00:00:42,720 --> 00:00:47,220
And right now we want to install tor browser on an OS X computer.

10
00:00:47,220 --> 00:00:54,210
So I'm gonna download the English version from the Apple OS X column one click here will download it

11
00:00:54,210 --> 00:00:55,070
for you.

12
00:00:55,170 --> 00:00:58,410
What I already have it downloaded here so I'm not going to click that.

13
00:00:59,530 --> 00:01:04,930
And right now I can literally just double click it to install it.

14
00:01:04,930 --> 00:01:13,960
But before doing that it's a very good idea to verify that the file we downloaded here did not get modified

15
00:01:14,290 --> 00:01:16,400
as it was being downloaded.

16
00:01:16,630 --> 00:01:22,570
Because when you download something from the internet it passes through a number of nodes in which it

17
00:01:22,570 --> 00:01:27,720
can be modified so it can be modified by your Internet service provider.

18
00:01:27,730 --> 00:01:34,720
It can be modified by your network administrator and it can even be modified by hackers who managed

19
00:01:34,720 --> 00:01:37,900
to intercept the connection.

20
00:01:37,900 --> 00:01:45,400
So in order to verify that this file did not get modified we're going to use a signature provided to

21
00:01:45,400 --> 00:01:48,240
us by the Tor developers.

22
00:01:48,310 --> 00:01:56,110
So as you can see on this page each download has a sig this sig stands for signature.

23
00:01:56,200 --> 00:02:02,260
And this is a file that is unique to this download to the installer.

24
00:02:02,410 --> 00:02:10,360
It was generated by the developers when they packaged the installer and it can be used to verify that

25
00:02:10,360 --> 00:02:16,500
the installer did not get modified since it was packaged by the developers.

26
00:02:17,260 --> 00:02:23,260
So to verify the installer the first step is to download its signature.

27
00:02:23,260 --> 00:02:27,530
So like I said as you can see each file has its own signature.

28
00:02:27,580 --> 00:02:33,070
I downloaded this file right here so I'm going to download this signature and here I'm going to right

29
00:02:33,100 --> 00:02:40,120
click the signature file and I'm going to click on Steve link us to download it and I'm going to store

30
00:02:40,120 --> 00:02:43,400
it in Tor in the same directory that I have here.

31
00:02:43,480 --> 00:02:50,960
I'm going to click on Save and as you can see I have the signature file right here.

32
00:02:51,320 --> 00:02:58,070
Now all we need to do is verify the signature and make sure that this signature corresponds to this

33
00:02:58,160 --> 00:02:59,720
to this installer.

34
00:02:59,720 --> 00:03:07,400
And if it does then that means this installer was not modified since this signature was made which means

35
00:03:07,400 --> 00:03:15,600
that the installer was not modified since the publisher of Tor has published the file.

36
00:03:15,650 --> 00:03:23,570
Now we'll need to use a special program to do this verification on OSX we can download this for free.

37
00:03:23,570 --> 00:03:30,470
It's called GP G suit so it can click on download here to download it and I already have it downloaded

38
00:03:30,470 --> 00:03:37,520
right here and to install this all you have to do is literally just double click it just like any other

39
00:03:37,520 --> 00:03:38,420
application

40
00:03:41,170 --> 00:03:49,030
we're going to double click the installer here we're going to continue keep the language at English.

41
00:03:49,020 --> 00:03:54,620
We're going to agree we're going to click on install to install it.

42
00:03:54,680 --> 00:03:56,300
I'm going to put my password

43
00:03:59,430 --> 00:04:00,050
and that's it.

44
00:04:00,060 --> 00:04:05,630
It's installed so I'm going to click on close and I'm going to move this to Trish.

45
00:04:05,790 --> 00:04:12,060
This will just move the installer to Trish and I did this because I don't really need it anymore because

46
00:04:12,090 --> 00:04:18,180
I've installed the program so I'm going to close this I won't need to use any of this.

47
00:04:18,180 --> 00:04:24,700
This is just the program it got opened automatically and we're going to use the program that we just

48
00:04:24,700 --> 00:04:32,650
installed from the command prompt to verify the signature and see if this installer was modified or

49
00:04:32,650 --> 00:04:33,310
not.

50
00:04:33,310 --> 00:04:39,330
As we downloaded it to do this first we need to add the key.

51
00:04:39,330 --> 00:04:44,250
The third developers use to sign their installers.

52
00:04:44,580 --> 00:04:49,680
We can get the key from their web page right here and I'm going to include this in the resources of

53
00:04:49,680 --> 00:04:56,990
this lecture as well and as you can see if we just crawl to the top a little bit right here to the Mac

54
00:04:57,140 --> 00:05:04,040
OSX you can see that they're given us the keys so this is basically their key and the command that we

55
00:05:04,040 --> 00:05:08,790
need to use in order to add the key is this command right here.

56
00:05:09,050 --> 00:05:15,890
So G is the name of the program that we just installed that I said we need to use in order to verify

57
00:05:15,920 --> 00:05:19,430
the signature we're giving it a key server.

58
00:05:19,490 --> 00:05:27,350
So this is a server where we are going to pull the key from and then we're using the receive key argument

59
00:05:27,530 --> 00:05:31,440
to specify the key that we want to get.

60
00:05:31,460 --> 00:05:40,920
So I'm going to copy all of this and I'm going to paste it here and give this a few seconds and might

61
00:05:40,920 --> 00:05:44,160
actually take some time and it might even fail.

62
00:05:44,190 --> 00:05:51,090
So just try it a few times because when you try it the servers might be under a lot of pressure and

63
00:05:51,090 --> 00:05:54,600
they just will time out and they won't allow you to get the key.

64
00:05:55,110 --> 00:06:00,730
But as you can see in my case I got it from the first try in a relatively short time.

65
00:06:00,870 --> 00:06:02,750
So now the key is added.

66
00:06:02,820 --> 00:06:11,190
And before we actually verify the file I want to make sure that I got the correct key and to do that

67
00:06:11,280 --> 00:06:16,290
again I'm going to use the same command the same program that we just installed and I'm going to say

68
00:06:16,320 --> 00:06:22,730
I want to see the fingerprint of the key that we just got.

69
00:06:22,730 --> 00:06:33,170
So this is the key that we just got so I'm going to copy it and pasted and I actually didn't copy the

70
00:06:33,170 --> 00:06:33,710
full key.

71
00:06:33,710 --> 00:06:35,520
This is the full key.

72
00:06:35,750 --> 00:06:43,020
So again I'm just going to copy it and run the same command and perfect.

73
00:06:43,050 --> 00:06:44,870
I got the fingerprints.

74
00:06:44,870 --> 00:06:53,460
So the fingerprint is right here and you want to check this against the fingerprint that you have on

75
00:06:53,460 --> 00:06:54,280
their Web site.

76
00:06:54,300 --> 00:06:58,460
So this is the fingerprint that they have.

77
00:06:59,000 --> 00:07:05,220
And as you can see the two fingerprints March which means that we have the correct key added.

78
00:07:05,330 --> 00:07:12,470
And now we can go ahead and try to verify the installer that we just downloaded which is this installer

79
00:07:14,800 --> 00:07:20,710
so before we do this we need to navigate to the location where this is.

80
00:07:20,710 --> 00:07:30,890
And as you can see it's in downloads t o r so right now if I do P.W. d to get my current working directory

81
00:07:31,100 --> 00:07:40,280
you can see I am in users zoos and what I want to go is users zoos downloads t o r so I'm gonna do C

82
00:07:40,280 --> 00:07:47,960
D to change my working directory and I want to go to downloads forward slash T O R.

83
00:07:49,010 --> 00:07:54,170
So in your case if you just downloaded the files and your downloads you wouldn't need to go into the

84
00:07:54,170 --> 00:07:55,650
T O R directory.

85
00:07:55,730 --> 00:08:01,300
In my case because I have them in t t o r I'm gonna put t o r.

86
00:08:01,880 --> 00:08:08,900
I'm going to hit enter and if I do p WD to get my current working directory you can see I'm in user

87
00:08:08,900 --> 00:08:16,610
zoos downloads T O R and if I do Ellis to list all the files that I have in the current working directory

88
00:08:16,940 --> 00:08:23,870
you'll see that I have two files the first one is the installer deter browser installer and the second

89
00:08:23,870 --> 00:08:33,340
one is the signature that we can use to verify this installer now to verify the installer.

90
00:08:33,490 --> 00:08:36,470
All we have to do is again use the same command.

91
00:08:36,480 --> 00:08:44,530
P GP we're going gonna say that I want to verify and give it the name of the signature file.

92
00:08:44,530 --> 00:08:52,030
This file right here and we have it right here so you can just copy and paste it and we're going to

93
00:08:52,030 --> 00:08:56,870
hit enter and I typed BGP and actually should be CPG.

94
00:08:57,100 --> 00:09:00,000
So another spelling mistake that I made here.

95
00:09:00,760 --> 00:09:02,300
So I'll fix that.

96
00:09:02,350 --> 00:09:10,300
I'm going to hit enter and perfect as you can see it's telling us that this is a good signature from

97
00:09:10,300 --> 00:09:13,020
the top browser developers.

98
00:09:13,360 --> 00:09:22,060
So what we did right now is we use the signature to validate that this file right here did not get modified

99
00:09:22,300 --> 00:09:26,070
since the signature was created.

100
00:09:26,170 --> 00:09:29,050
Like I said this is not a necessary step.

101
00:09:29,140 --> 00:09:35,020
But if you want to make sure that you're using a clean version of the Tor browser then this is the best

102
00:09:35,020 --> 00:09:37,630
way to do it.

103
00:09:37,740 --> 00:09:44,400
So now that we are happy with the installer and know that it did not get modified we can just double

104
00:09:44,400 --> 00:09:51,750
click it to install it just like you install any other application on your system.

105
00:09:51,930 --> 00:09:55,000
So as you can see we have the third browser right here.

106
00:09:55,050 --> 00:09:59,730
You just have to drag and drop it to the applications in here.

107
00:09:59,850 --> 00:10:06,920
And once it's copied it will go into your applications where you can launch it from here.

108
00:10:07,060 --> 00:10:11,930
So if I just click on it in here I'm going to trust it.

109
00:10:11,930 --> 00:10:21,530
So I'm going to say open and this will first connect to the tour network and launch a normal web browser

110
00:10:21,650 --> 00:10:22,250
for me.

111
00:10:22,460 --> 00:10:30,380
But like I said anything you do on this web browser will go through the tour network and we'll talk

112
00:10:30,380 --> 00:10:36,670
more about how to use this browser how to configure it and all of that in the next lectures.

113
00:10:36,710 --> 00:10:43,640
But right now we managed to install a clean and unmodified version of detour browser.