-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.USER-HOWTO
90 lines (61 loc) · 3.15 KB
/
README.USER-HOWTO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
This document explains how a user may request Tor or Tor-related
software via email with the GetTor program.
FINDING GETTOR
--------------
It is assumed that a user has a method of finding a valid GetTor email robot.
Currently the best known GetTor email is gettor @ torproject.org. This should
be the most current stable GetTor robot as it is operated by the Tor Project.
REQUIREMENTS FOR USING GETTOR
-----------------------------
Users communicate with the GetTor robot by sending messages via email. The
messages are currently English keywords. The user must use an email provider
that signs their email with DKIM. A user will be alerted if their email
provider is unsupported.
USING GETTOR
------------
Currently, users have a limited set of options. It is best to send an email
with a message body (the subject line can be blank) that consists of only the
word 'help' to receive instructions. This will send the most current set of
choices. An example reply to a request for help follows:
Hello, This is the "gettor" robot.
I am sorry, but your request was not understood. Please select one of the
following package names:
panther-bundle
source-bundle
windows-bundle
tiger-bundle
tor-browser-bundle
tor-im-browser-bundle
Please send me another email. It only needs a single package name anywhere
in the body of your email.
For example, it is possible to fetch the most current Windows bundle. A user may
send a request with only the word 'windows-bundle' in the body of the email. An
example reply would look something like the following:
Hello! This is the "gettor" robot.
Here's your requested software as a zip file. Please unzip the
package and verify the signature.
Hint: If your computer has GnuPG installed, use the gpg
commandline tool as follows after unpacking the zip file:
gpg --verify <packagename>.asc <packagename>
The output should look somewhat like this:
gpg: Good signature from "Roger Dingledine <[email protected]>"
If you're not familiar with commandline tools, try looking for
a graphical user interface for GnuPG on this website:
http://www.gnupg.org/related_software/frontends.html
Have fun.
The email should also include an attachment with the name 'windows-bundle.z'
that can be downloaded by the user. The user must now unpack the zip file and
if they wish, they may verify that the file is from the Tor Project.
UNPACKING AND VERIFYING THE REQUESTED FILES
-------------------------------------------
A user should have software for decompressing .zip files. It will contain at
least two files, the requested bundle and its digital signature. Before a user
installs the bundle, they should verify the signature.
Users should follow the most current instructions for signature verification
as detailed by the Tor Project website:
https://www.torproject.org/verifying-signatures.html
INSTALLING THE REQUESTED FILES
------------------------------
After verifying that the file is valid, a user should simply run the program.
If a user requested the source code to Tor, we assume that they're able to
follow the build instructions contained within the source itself.