Browse code

WIP verification: improve wording

traumschule authored on 27/08/2018 22:15:44
Showing 1 changed files
... ...
@@ -47,7 +47,7 @@
47 47
     <a href="https://en.wikipedia.org/wiki/Digital_signature">
48 48
     https://en.wikipedia.org/wiki/Digital_signature</a>.</p>
49 49
 
50
-    <p class="hint">(Click on each headline to show or hide it.)</p>
50
+    <p class="hint">(Click on each headline to show or hide the section.)</p>
51 51
   </article>
52 52
  </div>
53 53
 
... ...
@@ -56,26 +56,30 @@
56 56
    <input id="ac-1" name="accordion-1" type="checkbox" />
57 57
    <label for="ac-1">
58 58
     <a class="nav" title="link here" href="#Why-verify-signature">&#9668;</a>
59
-    <h3><a name="Why-verify-signature">Always verify the signature of downloaded files</a></h3>
59
+    <h3><a name="Why-verify-signature">Always verify the signature of
60
+        downloaded files</a></h3>
60 61
     <hr>
61 62
     <p>
62 63
     How do you know that the Tor program you have is really the one we made?
63
-    Digital signatures ensure that the package you are downloading was created by
64
-    our developers. It uses a cryptographic mechanism to ensure that the software package
65
-    that you have just downloaded is authentic. <span class="hint">(click to toggle)</span></p>
64
+    Digital signatures ensure that the package you are downloading was created
65
+    by our <a href="<>page about/corepeople>">developers</a>. It uses a
66
+    cryptographic mechanism to ensure that the software package that you have
67
+    just downloaded is authentic.
68
+    <span class="hint">(click to toggle)</span></p>
66 69
    </label>
67 70
    <article class="ac-small">
68 71
 
69 72
 
70 73
     <p>
71
-    For many Tor users it is important to verify that the Tor software is authentic
72
-    as they have very real adversaries who might try to give them a fake version
73
-    of Tor.
74
+    For many Tor users it is important to verify that the Tor software is
75
+    authentic as they have very real adversaries who might try to give them a
76
+    fake version of Tor.
74 77
     </p>
75 78
 
76 79
     <p>
77
-    If the Tor package has been modified by some attacker it is not safe to use.
78
-    It doesn't matter how secure and anonymous Tor is if you're not running the real Tor.
80
+    If the Tor package has been modified by some attacker it is not safe to use
81
+    it. It doesn't matter how secure and anonymous Tor is if you're not running
82
+    the real Tor.
79 83
     </p>
80 84
 
81 85
     <p>
... ...
@@ -87,26 +91,27 @@
87 91
 
88 92
     <p>
89 93
     There are a variety of attacks that can be used to make you download a fake
90
-    version of Tor. For example, an attacker could trick you into thinking some other
91
-    website is a great place to download Tor. You should
92
-    always download Tor from <a href="https://www.torproject.org"><b>https</b>://www.torproject.org/</a>.
94
+    version of Tor. For example, an attacker could trick you into thinking some
95
+    other website is a great place to download Tor. You should always download
96
+    Tor from
97
+    <a href="https://www.torproject.org"><b>https</b>://www.torproject.org/</a>.
93 98
     </p>
94 99
 
95 100
     <h4>Always make sure you are browsing over https</h4>
96 101
 
97 102
     <p>
98
-    <a href="https://www.torproject.org">https://www.torproject.org/</a> uses https.
99
-    Https is the secure version of the http protocol which uses encryption and authentication between your
100
-    browser and the website. This makes it much harder for the attacker
101
-    to modify your download. But it's not perfect. Some places in the
102
-    world block the Tor website, making users to download Tor
103
-    <a href="<page docs/faq>#GetTor">somewhere else</a>.
103
+    <a href="https://www.torproject.org">https://www.torproject.org/</a> uses
104
+    https. Https is the secure version of the http protocol which uses
105
+    encryption and authentication between your browser and the website.
106
+    This makes it much harder for the attacker to modify your download. But
107
+    it's not perfect. Some places in the world block the Tor website, making
108
+    users to download Tor <a href="<page docs/faq>#GetTor">somewhere else</a>.
104 109
     </p>
105 110
 
106 111
     <p>
107 112
     Large companies sometimes force employees to use a modified browser,
108
-    so the company can listen in on all their browsing. We've even <a
109
-    href="https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it">seen</a>
113
+    so the company can listen in on all their browsing. We've even
114
+    <a href="https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it">seen</a>
110 115
     attackers who have the ability to trick your browser into thinking
111 116
     you're talking to the Tor website with https when you're not.
112 117
     </p>
... ...
@@ -134,7 +139,8 @@
134 139
   <input id="ac-2" name="accordion-2" type="checkbox" checked />
135 140
   <label for="ac-2">
136 141
     <a class="nav" title="link here" href="#Keys">&#9668;</a>
137
-    <h3><a name="Keys">Where do I get the signatures and the keys that made them?</a></h3>
142
+    <h3><a name="Keys">Where do I get the signatures and the keys that made
143
+        them?</a></h3>
138 144
     <hr>
139 145
     <p>
140 146
     Each file on <a href="<page download/download>">our download
... ...
@@ -161,12 +167,28 @@
161 167
   </article>
162 168
  </div>
163 169
 
170
+  <input id="ac-3" name="accordion-3" type="checkbox" checked />
171
+  <label for="ac-3">
172
+    <a class="nav" title="link here" href="#Keys">&#9668;</a>
173
+    <h3><a name="Keys">How to verify files with OpenPGP signatures</a></h3>
174
+    <hr>
175
+    <p>
176
+    In the following section We now show how you can verify the downloaded file's digital signature on
177
+    different operating systems. Please notice that a signature is dated the
178
+    moment the package has been signed. Therefore every time a new file is
179
+    uploaded a new signature is generated with a different date. As long as you
180
+    have verified the signature you should not worry that the reported date may
181
+    vary.
182
+    </p>
183
+  </label>
184
+  <article class="ac-medium">
185
+
164 186
 <!-- Windows -->
165 187
  <div>
166
-  <input id="ac-3" name="accordion-3" type="checkbox" />
167
-   <label for="ac-3">
188
+  <input id="ac-3-1" name="accordion-3-1" type="checkbox" />
189
+   <label for="ac-3-1">
168 190
     <a class="nav" title="link here" href="#Windows">&#9668;</a>
169
-    <h3><a name="Windows">Windows</a></h3>
191
+    <h4><a name="Windows">Windows</a></h4>
170 192
     <hr>
171 193
    </label>
172 194
    <article class="ac-small">
... ...
@@ -239,10 +261,10 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
239 261
 
240 262
 <!-- MacOS / Linux -->
241 263
  <div>
242
-  <input id="ac-4" name="accordion-4" type="checkbox" />
243
-   <label for="ac-4">
264
+  <input id="ac-4-1" name="accordion-4-1" type="checkbox" />
265
+   <label for="ac-4-1">
244 266
     <a class="nav" title="link here" href="#MacosLinux">&#9668;</a>
245
-    <h3><a name="MacosLinux">Mac OS X and Linux</a></h3>
267
+    <h4><a name="MacosLinux">Mac OS X and Linux</a></h4>
246 268
     <hr>
247 269
    </label>
248 270
    <article class="ac-small">
... ...
@@ -330,6 +352,10 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
330 352
   </article>
331 353
  </div>
332 354
 
355
+    <a class="nav" href="#TOC" title="go up">&uarr;</a>
356
+  </article>
357
+ </div>
358
+
333 359
 <!-- Build verification -->
334 360
  <div>
335 361
   <input id="ac-5" name="accordion-5" type="checkbox" />