Tor Browser

WARNING: Do NOT follow random advice instructing you to edit your torrc! Doing so can allow an attacker to compromise your security and anonymity through malicious configuration of your torrc.

Tor uses a text file called torrc that contains configuration instructions for how Tor should behave. The default configuration should work fine for most Tor users (hence the warning above.)

To find your Tor Browser torrc, follow the instructions for your operating system below.

On Windows or Linux:

  • The torrc is in the Tor Browser Data directory at Browser/TorBrowser/Data/Tor inside your Tor Browser directory.

On macOS:

  • The torrc is in the Tor Browser Data directory at ~/Library/Application Support/TorBrowser-Data/Tor.
  • Note the Library folder is hidden on newer versions of macOS. To navigate to this folder in Finder, select "Go to Folder..." in the "Go" menu.
  • Then type "~/Library/Application Support/" in the window and click Go.

Close Tor Browser before you edit your torrc, otherwise Tor Browser may erase your modifications. Some options will have no effect as Tor Browser overrides them with command line options when it starts Tor.

Have a look at the sample torrc file for hints on common configurations. For other configuration options you can use, see the Tor manual page. Remember, all lines beginning with # in torrc are treated as comments and have no effect on Tor's configuration.

While the names may imply otherwise, 'Incognito mode' and 'private tabs' do not make you anonymous on the Internet. They erase all the information on your machine relating to the browsing session after they are closed, but have no measures in place to hide your activity or digital fingerprint online. This means that an observer can collect your traffic just as easily as any regular browser.

Tor Browser offers all the amnesic features of private tabs while also hiding the source IP, browsing habits and details about a device that can be used to fingerprint activity across the web, allowing for a truly private browsing session that's fully obfuscated from end-to-end.

For more information regarding the limitations of Incognito mode and private tabs, see Mozilla's article on Common Myths about Private Browsing.

Kami sangat menyarankan untuk tidak menggunakan Tor di browser apapun selain Tor Browser. Menggunakan Tor di browser lain dapat membuat Anda rentan tanpa perlindungan privasi browser Tor.

Tor Browser dapat membantu dalam akses situs web Anda dari tempat yang terblokir. Umumnya hanya unduh Tor Browser dan gunakannya untuk membuka akses situs yang terblokir. Di tempat-tempat yang mengalami sensor berat, tersedia beberapa pilihan yang mengatasinya, termasuk pluggable transport..

Untuk info lebih lanjut, silakan baca bagian Tor Browser Manual di bagian censorship.

Sometimes websites will block Tor users because they can't tell the difference between the average Tor user and automated traffic. The best success we've had in getting sites to unblock Tor users is getting users to contact the site administrators directly. Something like this might do the trick:

"Hi! I tried to access your site xyz.com while using Tor Browser and discovered that you don't allow Tor users to access your site. I urge you to reconsider this decision; Tor is used by people all over the world to protect their privacy and fight censorship. By blocking Tor users, you are likely blocking people in repressive countries who want to use a free internet, journalists and researchers who want to protect themselves from discovery, whistleblowers, activists, and ordinary people who want to opt out of invasive third party tracking. Please take a strong stance in favor of digital privacy and internet freedom, and allow Tor users access to xyz.com. Thank you."

In the case of banks, and other sensitive websites, it is also common to see geography-based blocking (if a bank knows you generally access their services from one country, and suddenly you are connecting from an exit relay on the other side of the world, your account may be locked or suspended).

If you are unable to connect to an onion service, please see I cannot reach X.onion!

Anda bisa menggunakan browser lain saat Anda juga menggunakan Tor Browser. Namun, Anda harus tahu bahwa fitur privasi Tor Browser tidak akan hadir di dalam browser lainnya. Hati-hati ketika beralih bolak-balik antara Tor dan browser yang kurang aman, karena Anda mungkin secara tidak sengaja menggunakan browser lain untuk sesuatu yang Anda dimaksudkan untuk Tor.

You can set Proxy IP address, port, and authentication information in Tor Browser's Network Settings. If you're using Tor another way, check out the HTTPProxy and HTTPSProxy config options in the manual page, and modify your torrc file accordingly. You will need an HTTP proxy for doing GET requests to fetch the Tor directory, and you will need an HTTPS proxy for doing CONNECT requests to get to Tor relays. (It's fine if they're the same proxy.) Tor also recognizes the torrc options Socks4Proxy and Socks5Proxy.

Also, read up on the HTTPProxyAuthenticator and HTTPSProxyAuthenticator options if your proxy requires auth. We only support basic auth currently, but if you need NTLM authentication, you may find this post in the archives useful.

If your proxies only allow you to connect to certain ports, look at the entry on Firewalled clients for how to restrict what ports your Tor will try to access.

Please see the Installation section in the Tor Browser Manual.

Sometimes, after you've used Gmail over Tor, Google presents a pop-up notification that your account may have been compromised. The notification window lists a series of IP addresses and locations throughout the world recently used to access your account.

In general, this is a false alarm: Google saw a bunch of logins from different places, as a result of running the service via Tor, and decided it was a good idea to confirm the account was being accessed by its rightful owner.

Even though this may be a byproduct of using the service via Tor, that doesn't mean you can entirely ignore the warning. It is probably a false positive, but it might not be since it is possible for someone to hijack your Google cookie.

Cookie hijacking is possible by either physical access to your computer or by watching your network traffic. In theory, only physical access should compromise your system because Gmail and similar services should only send the cookie over an SSL link. In practice, alas, it's way more complex than that.

And if somebody did steal your google cookie, they might end up logging in from unusual places (though of course they also might not). So the summary is that since you're using Tor Browser, this security measure that Google uses isn't so useful for you, because it's full of false positives. You'll have to use other approaches, like seeing if anything looks weird on the account, or looking at the timestamps for recent logins and wondering if you actually logged in at those times.

More recently, Gmail users can turn on 2-Step Verification on their accounts to add an extra layer of security.

This is a known and intermittent problem; it does not mean that Google considers Tor to be spyware.

When you use Tor, you are sending queries through exit relays that are also shared by thousands of other users. Tor users typically see this message when many Tor users are querying Google in a short period of time. Google interprets the high volume of traffic from a single IP address (the exit relay you happened to pick) as somebody trying to "crawl" their website, so it slows down traffic from that IP address for a short time.

An alternate explanation is that Google tries to detect certain kinds of spyware or viruses that send distinctive queries to Google Search. It notes the IP addresses from which those queries are received (not realizing that they are Tor exit relays), and tries to warn any connections coming from those IP addresses that recent queries indicate an infection.

To our knowledge, Google is not doing anything intentionally specifically to deter or block Tor use. The error message about an infected machine should clear up again after a short time.

Google uses "geolocation" to determine where in the world you are, so it can give you a personalized experience. This includes using the language it thinks you prefer, and it also includes giving you different results on your queries.

If you really want to see Google in English you can click the link that provides that. But we consider this a feature with Tor, not a bug --- the Internet is not flat, and it in fact does look different depending on where you are. This feature reminds people of this fact.

Note that Google search URLs take name/value pairs as arguments and one of those names is "hl". If you set "hl" to "en" then Google will return search results in English regardless of what Google server you have been sent to. On a query this looks like:

https://encrypted.google.com/search?q=online%20anonymity&hl=en

Another method is to simply use your country code for accessing Google. This can be google.be, google.de, google.us and so on.

Tor Browser is built using Firefox ESR, so errors regarding Firefox may occur. Pastikan tidak ada Tor browser lain sedang berjalan, dan bahwa Anda telah mengekstrak Tor Browser di lokasi yang pengguna memiliki izin yang sesuai. If you are running an anti-virus, please see My antivirus/malware protection is blocking me from accessing Tor Browser, it is common for anti-virus / anti-malware software to cause this type of issue.

Dengan rilis dari Tor Browser 6.0.6, kami beralih ke DuckDuckGo sebagai mesin pencari utama. Untuk sekarang, Disconnect tidak punya akses ke hasil pencarian Google yang kita gunakan dalam Tor Browser. Karena Disconnect adalah sebuah mesin pencari meta yang memungkinkan pengguna untuk memilih antara penyedia layanan pencarian yang berbeda, menggunakan Bing, yang memberikan hasil pencarian yang tidak dapat diterima pada kualitasnya.

Di Tor Browser, setiap domain baru mendapatkan sirkuitnya sendiri. The Design and Implementation of Tor Browser document further explains the thinking behind this design.

Tor Browser adalah versi modifikasi dari Firefox yang khusus dirancang untuk digunakan dengan Tor. Banyak pekerjaan telah dimasukkan ke dalam membuat Tor Browser, termasuk penggunaan tambahan patch untuk meningkatkan privasi dan keamanan. Meskipun secara teknis mungkin menggunakan Tor dengan browser lain, Anda dapat membuka diri terhadap serangan potensial atau kebocoran informasi, sehingga kami sangat melarang itu. Learn more about the design of Tor Browser.

Kadang-kadang website yang banyak menggunakan JavaScript dapat memiliki masalah fungsional di Tor Browser. The simplest fix is to click on the Security icon (the small gray shield at the top-right of the screen), then click "Advanced Security Settings..." Atur keamanan Anda ke "Standar".

Saat menggunakan Tor Browser, tidak ada yang bisa melihat situs web yang Anda kunjungi. Namun, penyedia layanan atau admin jaringan Anda mungkin dapat melihat bahwa Anda tersambung ke jaringan Tor, meskipun mereka tidak akan tahu apa yang Anda lakukan ketika Anda menggunakannya.

We want everyone to be able to enjoy Tor Browser in their own language. Tor Browser is now available in 30 different languages, and we are working to add more. Want to help us translate? Become a Tor translator!

You can also help us in testing the next languages we will release, by installing and testing Tor Browser Alpha releases.

Kami tidak merekomendasikan menjalankan beberapa Tor browser secara bersamaan, dan ini mungkin tidak bekerja seperti yang diantisipasi pada banyak platform.

Sayangnya, beberapa situs web memberikan CAPTCHA kepada pengguna Tor, dan kami tidak dapat menghilangkan CAPTCHA tersebut. Hal terbaik untuk dilakukan dalam kasus ini adalah untuk menghubungi pemilik situs, dan memberitahu mereka bahwa mereka captcha mencegah pengguna seperti Anda dari menggunakan jasa mereka.

Kami mengonfigurasi NoScript untuk mengizinkan JavaScript secara default di Tor Browser karena banyak situs web tidak akan berfungsi dengan JavaScript dinonaktifkan. Sebagian besar pengguna akan meninggalkan Tor jika JavaScript dimatikan secara default karena akan menyebabkan banyak masalah bagi mereka. Pada akhirnya, kami ingin membuat Tor Browser seaman mungkin sementara juga membuat bermanfaat bagi sebagian orang, jadi untuk sekarang, ini berarti membuat JavaScript diaktifkan secara default.

For users who want to have JavaScript disabled on all HTTP sites by default, we recommend changing your Tor Browser's "Security Level" option. This can be done by navigating the Security icon (the small gray shield at the top-right of the screen), then clicking "Advanced Security Settings...". The "Standard" level allows JavaScript, but the "Safer" and "Safest" levels both block JavaScript on HTTP sites.

Menjalankan Tor Browser tidak membuat Anda bertindak sebagai relay dalam jaringan. Ini berarti bahwa komputer Anda tidak akan digunakan untuk merutekan lalu lintas untuk orang lain. If you'd like to become a relay, please see our Tor Relay Guide.

Saat ini ada tidak ada metode yang didukung untuk menetapkan Tor Browser sebagai penjelajah standar. Tor Browser bekerja keras untuk mengisolasi diri dari seluruh sistem Anda, dan langkah-langkah untuk membuat default browser tidak dapat diandalkan. This means sometimes a website would load in the Tor Browser, and sometimes it would load in another browser. This type of behavior can be dangerous and break anonymity.

Tor Browser is currently available on Windows, Linux and macOS.

There is a version of Tor Browser for Android and The Guardian Project also provides the app Orbot to route other apps on your Android device over the Tor network.

There is no official version of Tor for iOS yet, though we recommend Onion Browser.

Tor Browser sering membuat koneksi Anda seakan-akan datang dari bagian dunia yang sama sekali berbeda. Sejumlah situs, seperti bank atau penyedia email mungkin saja mengartikan ini sebagai tanda bahwa akun Anda telah diretas atau terkompromikan dan mengkunci Anda dari layanan.

Satu-satunya cara untuk memecahkan masalah ini adalah dengan mematuhi prosedur yang direkomendasikan oleh situs yang dimaksud untuk menjalankan pemulihan akun atau menghubungi operator dan menjelaskan situasi Anda.

Anda mungkin mampu menghindari skenario ini jika penyedia layanan menawarkan 2-factor authentication, yang merupakan pilihan keamanan yang jauh lebih baik daripada reputasi berbasis IP. Hubungi penyedia layanan Anda dan tanya mereka jika mereka menyediakan 2FA.

Tor Browser mencegah orang lain mengetahui situs web yang Anda kunjungi. Beberapa entitas, seperti Internet Service Provider (ISP) And, dapat melihat bahwa Anda menggunakan Tor, tetapi mereka tidak akan tahu di mana Anda dan kapan Anda melakukannya.

Tor Browser memiliki dua cara untuk mengubah sirkuit relay Anda — "Identitas baru" dan "Tor sirkuit Baru untuk situs ini".

Kedua pilihan berada pada Menu, tetapi Anda juga bisa mengakses pilihan Sirkuit Baru di dalam menu informasi situs, pada kolom URL.

Identitas Baru

Pilihan ini berguna jika Anda ingin mencegah aktivitas browser Anda agar tidak terhubung dengan apa yang Anda lakukan sebelumnya.

Memilihnya akan menutup semua tab dan jendela yang terbuka, menghapus semua informasi pribadi seperti cookies dan riwayat penjelajahan, dan menggunakan sirkuit Tor baru untuk semua koneksi.

Browser Tor akan memperingatkan Anda bahwa semua aktivitas dan unduhan akan dihentikan, jadi pertimbangkanlah ini sebelum mengklik "New Identity".

Tor Browser Menu

Sirkuit Tor Baru untuk Situs ini

Pilihan ini berguna jika relay keluar tidak dapat terhubung ke situs web, atau situsnya tidak ditampilkan dengan benar. Memilihnya akan menyebabkan tab atau jendela yang aktif saat ini akan dimuat ulang melalui sebuah sirkuit Tor yang baru.

Tabs atau jendela lain yang sedang terbuka dari website yang sama akan menggunakan sirkuit yang baru demikian juga dengan yang sedang dijalankan.

Opsi ini tidak akan menghilangkan setiap infomasi pribadi atau tidak menghubungkan aktivitas anda, tidak juga berdampak pada koneksi anda saat ini pada website yang lain.

New Circuit for this Site

Please see the HTTPS Everywhere FAQ. If you believe this is a Tor Browser issue, please report it on our bug tracker.

Please see the NoScript FAQ. If you believe this is a Tor Browser issue, please report it on our bug tracker.

Please see the DuckDuckGo support portal. If you believe this is a Tor Browser issue, please report it on our bug tracker.

DuckDuckGo is the default search engine in Tor Browser. DuckDuckGo does not track its users nor does it store any data about user searches. Learn more about DuckDuckGo privacy policy.

Tor Browser kadang-kadang lebih lambat dari peramban lain. The Tor network has over a million daily users, and just over 6000 relays to route all of their traffic, and the load on each server can sometimes cause latency. And, by design, your traffic is bouncing through volunteers' servers in various parts of the world, and some bottlenecks and network latency will always be present. You can help improve the speed of the network by running your own relay, or encouraging others to do so. For the much more in-depth answer, see Roger's blog post on the topic and Tor's Open Research Topics: 2018 edition about Network Performance. Walaupun begitu, Tor sekarang jauh lebih cepat daripada sebelumnya dan Anda mungkin tidak benar-benar melihat perubahan kecepatan dari peramban lain.

Klik tombol yang berlabel "Salin Tor Log ke Clipboard" yang muncul dalam jendela dialog ketika Tor Browser pertama kali terhubung ke jaringan. If Tor Browser is already open, click on the Torbutton icon (the small gray onion at the top-right of the screen), then "Tor Network Settings", then "Copy Tor Log To Clipboard". Setelah Anda telah menyalin log, Anda akan dapat menyalinya ke dalam teks editor atau email klien.

Salah satu masalah yang paling umum yang menyebabkan kesalahan koneksi di Tor Browser adalah jam sistem yang keliru. Silakan pastikan jam di sistem operasi dan zona waktu diatur dengan tepat di komputer Anda. Jika ini tidak memperbaiki masalah koneksi, lihat halaman Troubleshooting di [petunjuk Tor Browser(https://tb-manual.torproject.org/id/troubleshooting).

Itu adalah perilaku normal Tor. Relay pertama di sirkuit Anda disebut "penjaga entri" atau "penjaga". Ini adalah relay yang sangat cepat dan stabil yang tetap menjadi relay yang pertama dalam sirkuit Anda selama 2-3 bulan untuk melindungi terhadap serangan perusak anonimitas yang dikenal. Sisa sirkuit Anda berubah untuk setiap website baru setiap Anda mengunjunginya, dan semua bersama-sama relay ini memberikan perlindungan privasi lengkap Tor. For more information on how guard relays work, see this blog post and paper on entry guards.

Anda mungkin pada jaringan disensor, sehingga Anda harus mencoba menggunakan bridge. Beberapa bridge dibuat untuk Tor Browser, dan Anda dapat menggunakannya dengan memilih "mengkonfigurasi" (kemudian mengikuti petunjuknya) di jendela Tor Launcher yang muncul ketika Anda membuka Tor Browser untuk pertama kalinya. Jika Anda memerlukan bridge lain, Anda dapat memperolehnya di situs web bridge kami. Untuk info lebih lanjut tentang bridge, silakan baca petunjuk Tor Browser.

Maaf, saat ini tidak ada dukungan resmi Tor Browser untuk *BSD. There is something called the TorBSD project, but their Tor Browser is not officially supported.

Jika Anda menjalankan Tor Browser dan browser lain pada saat yang sama, tidak akan mempengaruhi kinerja atau privasi Tor. Namun, ketahuilah bahwa browser Anda yang lain tidak menjaga kerahasiaan aktivitas Anda, dan Anda mungkin lupa dan secara tidak sengaja menggunakan browser non-pribadi tersebut untuk melakukan sesuatu yang ingin Anda lakukan di Tor Browser.

Memodifikasi cara Tor menciptakan sirkuit sangat tidak disarankan. Anda mendapatkan keamanan terbaik yang dapat diberikan Tor ketika Anda meninggalkan pilihan rute kepada Tor; mengubah node masuk/keluar dapat mengurangi anonimitas Anda. Jika hasil yang Anda inginkan adalah hanya untuk dapat mengakses sumber daya yang tersedia hanya di satu negara, Anda mungkin ingin mempertimbangkan menggunakan VPN daripada menggunakan Tor. Harap dicatat bahwa vpn tidak memiliki sifat privasi yang sama dengan Tor, tetapi mereka akan membantu memecahkan beberapa masalah pembatasan geolokasi.

Sayangnya, kami belum memiliki versi Tor Browser untuk Chrome OS. You could run Tor Browser for Android on Chrome OS. Note that by using Tor Mobile on Chrome OS, you will view the mobile (not desktop) versions of websites. However, because we have not audited the app in Chrome OS, we don't know if all the privacy features of Tor Browser for Android will work well.

Sangat tidak dianjurkan untuk memasang add-on baru di Tor Browser karena mereka dapat membahayakan privasi dan keamanan Anda.

Installing new add-ons may affect Tor Browser in unforeseen ways and potentially make your Tor Browser fingerprint unique. If your copy of Tor Browser has a unique fingerprint, your browsing activities can be deanonymized and tracked even though you are using Tor Browser.

Basically, each browser's settings and features create what is called a "browser fingerprint". Most browsers inadvertently create a unique fingerprint for each user which can be tracked across the internet. Tor Browser is specifically engineered to have a nearly identical (we're not perfect!) fingerprint across it's users. This means each Tor Browser user looks like every other Tor Browser user, making it difficult to track any individual user.

There's also a good chance a new add-on will increase the attack surface of Tor Browser. This may allow sensitive data to be leaked or allow an attacker to infect Tor Browser. The add-on itself could even be maliciously designed to spy on you.

Tor Browser already comes installed with two add-ons — HTTPS Everywhere and NoScript — and adding anything else could deanonymize you.

Want to learn more about browser fingerprinting? Here's an article on The Tor Blog all about it!

Hanya lalu lintas Tor Browser akan diarahkan melalui jaringan Tor. Aplikasi lain pada sistem Anda (termasuk browser lain) tidak akan diarahkan melalui jaringan Tor, dan akan tidak dilindungi. Mereka perlu secara terpisah dikonfigurasi untuk menggunakan Tor. If you need to be sure that all traffic will go through the Tor network, take a look at the Tails live operating system which you can start on almost any computer from a USB stick or a DVD.

Flash is disabled in Tor Browser, and we recommend you to not enable it. Kami tidak berpikir Flash aman untuk digunakan dalam browser apapun — ini adalah software yang sangat tidak aman yang dengan mudah dapat membahayakan privasi Anda atau memberikan malware kepada Anda. Untungnya, sebagian besar situs web, perangkat, dan peramban lain menjauh dari penggunaan Flash.

File yang Anda download dan jalankan akan meminta Anda untuk sebuah destinasi. Jika Anda tidak ingat destinasi tersebut, itu adalah kemungkinan unduhan atau Desktop folder.

The default setting in the Windows installer also creates a shortcut for you on your Desktop, though be aware that you may have accidentally deselected the option to create a shortcut.

Jika Anda tidak dapat menemukannya di salah satu folder tersebut, download lagi dan cari prompt yang meminta Anda untuk memilih direktori untuk men-download itu. Pilih lokasi direktori yang Anda akan ingat dengan mudah, dan setelah download selesai Anda akan melihat folder Tor Browser yang ada.

Perlindungan antivirus atau malware membuat pengguna membuat "daftar putih" terhadap proses tertentu yang normalnya diblokir. Silahkan buka perangkat lunak perlindungan antivirus atau malware Anda dan cari di dalam setting untuk "daftar putih" atau sesuatu yang serupa. Selanjutnya, kecualikan proses berikut:

  • Untuk Windows
    • firefox.exe
    • tor.exe
    • obfs4proxy.exe (jika Anda menggunakan bridge)
  • For macOS
    • TorBrowser
    • tor.real
    • obfs4proxy (jika Anda menggunakan bridge)

Akhirnya, restart Tor Browser. Ini seharusnya memperbaiki masalah yang Anda alami. Harap dicatat bahwa beberapa klien antivirus, seperti Kaspersky, juga dapat memblokir Tor di tingkat firewall.

Setiap kali kami merilis versi stabil baru Tor Browser, kami menulis posting blog yang merinci fitur-fiturnya yang baru dan masalah yang diketahui. Jika Anda mulai mengalami masalah dengan peramban Tor setelah update, silakan bacablog.torproject.org untuk posting tentang Tor Browser stable terkini dan lihat apakah masalah Anda sudah terdaftar. If your issue is not listed, please file a bug report about what you're experiencing.

Tor Browser in its default mode is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That works so far until users start to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing), a technique developed by Mozilla and presented earlier this year. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

In simple words, this technique makes groups of users of certain screen sizes and this makes it harder to single out users on basis of screen size, as many users will have same screen size.

Digital signature is a process ensuring that a certain package was generated by its developers and has not been tampered with. Below we explain why it is important and how to verify that the Tor program you download is the one we have created and has not been modified by some attacker.

Each file on our download page is accompanied by a file with the same name as the package and the extension ".asc". These .asc files are OpenPGP signatures. They allow you to verify the file you've downloaded is exactly the one that we intended you to get.

For example, torbrowser-install-win64-9.0_en-US.exe is accompanied by torbrowser-install-win64-9.0_en-US.exe.asc.

We now show how you can verify the downloaded file's digital signature on different operating systems. Please notice that a signature is dated the moment the package has been signed. Therefore every time a new file is uploaded a new signature is generated with a different date. As long as you have verified the signature you should not worry that the reported date may vary.

Installing GnuPG

First of all you need to have GnuPG installed before you can verify signatures.

For Windows users:

If you run Windows, download Gpg4win and run its installer.

In order to verify the signature you will need to type a few commands in windows command-line, cmd.exe.

For macOS users:

If you are using macOS, you can install GPGTools.

In order to verify the signature you will need to type a few commands in the Terminal (under "Applications").

For GNU/Linux users:

If you are using GNU/Linux, then you probably already have GnuPG in your system, as most GNU/Linux distributions come with it preinstalled.

In order to verify the signature you will need to type a few commands in a terminal window. How to do this will vary depending on your distribution.

Fetching the Tor Developers key

The Tor Browser team signs Tor Browser releases. Import the Tor Browser Developers signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):

gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

This should show you something like:

gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrowser@torproject.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub   rsa4096 2014-12-15 [C] [expires: 2020-08-24]
      EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid           [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
sub   rsa4096 2018-05-26 [S] [expires: 2020-09-12]

After importing the key, you can save it to a file (identifying it by fingerprint here):

gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290

Verifying the signature

To verify the signature of the package you downloaded, you will need to download the corresponding ".asc" signature file as well as the installer file itself, and verify it with a command that asks GnuPG to verify the file that you downloaded.

The examples below assume that you downloaded these two files to your "Downloads" folder.

For Windows users:

gpgv --keyring .\tor.keyring Downloads\torbrowser-install-win64-9.0_en-US.exe.asc Downloads\torbrowser-install-win64-9.0_en-US.exe

For macOS users:

gpgv --keyring ./tor.keyring ~/Downloads/TorBrowser-9.0-osx64_en-US.dmg{.asc,}

For GNU/Linux users (change 64 to 32 if you have the 32-bit package):

gpgv --keyring ./tor.keyring ~/Downloads/tor-browser-linux64-9.0_en-US.tar.xz{.asc,}

The result of the command should produce something like this:

gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time
gpgv:                using RSA key EB774491D9FF06E2
gpgv: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"

Workaround (using a public key)

If you encounter errors you cannot fix, feel free to download and use this public key instead. Alternatively, you may use the following command:

curl -s https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf |gpg --import -

You may also want to learn more about GnuPG.