WIP verification: improve wording (75bd0a592) - tor-webwml.git

@@ -47,7 +47,7 @@
     <a href="https://en.wikipedia.org/wiki/Digital_signature">
     https://en.wikipedia.org/wiki/Digital_signature</a>.</p>
 
-    <p class="hint">(Click on each headline to show or hide it.)</p>
+    <p class="hint">(Click on each headline to show or hide the section.)</p>
   </article>
  </div>
 
@@ -56,26 +56,30 @@
    <input id="ac-1" name="accordion-1" type="checkbox" />
    <label for="ac-1">
     <a class="nav" title="link here" href="#Why-verify-signature">&#9668;</a>
-    <h3><a name="Why-verify-signature">Always verify the signature of downloaded files</a></h3>
+    <h3><a name="Why-verify-signature">Always verify the signature of
+        downloaded files</a></h3>
     <hr>
     <p>
     How do you know that the Tor program you have is really the one we made?
-    Digital signatures ensure that the package you are downloading was created by
-    our developers. It uses a cryptographic mechanism to ensure that the software package
-    that you have just downloaded is authentic. <span class="hint">(click to toggle)</span></p>
+    Digital signatures ensure that the package you are downloading was created
+    by our <a href="<>page about/corepeople>">developers</a>. It uses a
+    cryptographic mechanism to ensure that the software package that you have
+    just downloaded is authentic.
+    <span class="hint">(click to toggle)</span></p>
    </label>
    <article class="ac-small">
 
 
     <p>
-    For many Tor users it is important to verify that the Tor software is authentic
-    as they have very real adversaries who might try to give them a fake version
-    of Tor.
+    For many Tor users it is important to verify that the Tor software is
+    authentic as they have very real adversaries who might try to give them a
+    fake version of Tor.
     </p>
 
     <p>
-    If the Tor package has been modified by some attacker it is not safe to use.
-    It doesn't matter how secure and anonymous Tor is if you're not running the real Tor.
+    If the Tor package has been modified by some attacker it is not safe to use
+    it. It doesn't matter how secure and anonymous Tor is if you're not running
+    the real Tor.
     </p>
 
     <p>
@@ -87,26 +91,27 @@
 
     <p>
     There are a variety of attacks that can be used to make you download a fake
-    version of Tor. For example, an attacker could trick you into thinking some other
-    website is a great place to download Tor. You should
-    always download Tor from <a href="https://www.torproject.org"><b>https</b>://www.torproject.org/</a>.
+    version of Tor. For example, an attacker could trick you into thinking some
+    other website is a great place to download Tor. You should always download
+    Tor from
+    <a href="https://www.torproject.org"><b>https</b>://www.torproject.org/</a>.
     </p>
 
     <h4>Always make sure you are browsing over https</h4>
 
     <p>
-    <a href="https://www.torproject.org">https://www.torproject.org/</a> uses https.
-    Https is the secure version of the http protocol which uses encryption and authentication between your
-    browser and the website. This makes it much harder for the attacker
-    to modify your download. But it's not perfect. Some places in the
-    world block the Tor website, making users to download Tor
-    <a href="<page docs/faq>#GetTor">somewhere else</a>.
+    <a href="https://www.torproject.org">https://www.torproject.org/</a> uses
+    https. Https is the secure version of the http protocol which uses
+    encryption and authentication between your browser and the website.
+    This makes it much harder for the attacker to modify your download. But
+    it's not perfect. Some places in the world block the Tor website, making
+    users to download Tor <a href="<page docs/faq>#GetTor">somewhere else</a>.
     </p>
 
     <p>
     Large companies sometimes force employees to use a modified browser,
-    so the company can listen in on all their browsing. We've even <a
-    href="https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it">seen</a>
+    so the company can listen in on all their browsing. We've even
+    <a href="https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it">seen</a>
     attackers who have the ability to trick your browser into thinking
     you're talking to the Tor website with https when you're not.
     </p>
@@ -134,7 +139,8 @@
   <input id="ac-2" name="accordion-2" type="checkbox" checked />
   <label for="ac-2">
     <a class="nav" title="link here" href="#Keys">&#9668;</a>
-    <h3><a name="Keys">Where do I get the signatures and the keys that made them?</a></h3>
+    <h3><a name="Keys">Where do I get the signatures and the keys that made
+        them?</a></h3>
     <hr>
     <p>
     Each file on <a href="<page download/download>">our download
@@ -161,12 +167,28 @@
   </article>
  </div>
 
+  <input id="ac-3" name="accordion-3" type="checkbox" checked />
+  <label for="ac-3">
+    <a class="nav" title="link here" href="#Keys">&#9668;</a>
+    <h3><a name="Keys">How to verify files with OpenPGP signatures</a></h3>
+    <hr>
+    <p>
+    In the following section We now show how you can verify the downloaded file's digital signature on
+    different operating systems. Please notice that a signature is dated the
+    moment the package has been signed. Therefore every time a new file is
+    uploaded a new signature is generated with a different date. As long as you
+    have verified the signature you should not worry that the reported date may
+    vary.
+    </p>
+  </label>
+  <article class="ac-medium">
+
 <!-- Windows -->
  <div>
-  <input id="ac-3" name="accordion-3" type="checkbox" />
-   <label for="ac-3">
+  <input id="ac-3-1" name="accordion-3-1" type="checkbox" />
+   <label for="ac-3-1">
     <a class="nav" title="link here" href="#Windows">&#9668;</a>
-    <h3><a name="Windows">Windows</a></h3>
+    <h4><a name="Windows">Windows</a></h4>
     <hr>
    </label>
    <article class="ac-small">
@@ -239,10 +261,10 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
 
 <!-- MacOS / Linux -->
  <div>
-  <input id="ac-4" name="accordion-4" type="checkbox" />
-   <label for="ac-4">
+  <input id="ac-4-1" name="accordion-4-1" type="checkbox" />
+   <label for="ac-4-1">
     <a class="nav" title="link here" href="#MacosLinux">&#9668;</a>
-    <h3><a name="MacosLinux">Mac OS X and Linux</a></h3>
+    <h4><a name="MacosLinux">Mac OS X and Linux</a></h4>
     <hr>
    </label>
    <article class="ac-small">
@@ -330,6 +352,10 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
   </article>
  </div>
 
+    <a class="nav" href="#TOC" title="go up">&uarr;</a>
+  </article>
+ </div>
+
 <!-- Build verification -->
  <div>
   <input id="ac-5" name="accordion-5" type="checkbox" />


...	...	@@ -47,7 +47,7 @@
47	47	<a href="https://en.wikipedia.org/wiki/Digital_signature">
48	48	https://en.wikipedia.org/wiki/Digital_signature</a>.</p>
49	49
50		- <p class="hint">(Click on each headline to show or hide it.)</p>
	50	+ <p class="hint">(Click on each headline to show or hide the section.)</p>
51	51	</article>
52	52	</div>
53	53
...	...	@@ -56,26 +56,30 @@
56	56	<input id="ac-1" name="accordion-1" type="checkbox" />
57	57	<label for="ac-1">
58	58	<a class="nav" title="link here" href="#Why-verify-signature">◄</a>
59		- <h3><a name="Why-verify-signature">Always verify the signature of downloaded files</a></h3>
	59	+ <h3><a name="Why-verify-signature">Always verify the signature of
	60	+ downloaded files</a></h3>
60	61	<hr>
61	62	<p>
62	63	How do you know that the Tor program you have is really the one we made?
63		- Digital signatures ensure that the package you are downloading was created by
64		- our developers. It uses a cryptographic mechanism to ensure that the software package
65		- that you have just downloaded is authentic. <span class="hint">(click to toggle)</span></p>
	64	+ Digital signatures ensure that the package you are downloading was created
	65	+ by our <a href="<>page about/corepeople>">developers</a>. It uses a
	66	+ cryptographic mechanism to ensure that the software package that you have
	67	+ just downloaded is authentic.
	68	+ <span class="hint">(click to toggle)</span></p>
66	69	</label>
67	70	<article class="ac-small">
68	71
69	72
70	73	<p>
71		- For many Tor users it is important to verify that the Tor software is authentic
72		- as they have very real adversaries who might try to give them a fake version
73		- of Tor.
	74	+ For many Tor users it is important to verify that the Tor software is
	75	+ authentic as they have very real adversaries who might try to give them a
	76	+ fake version of Tor.
74	77	</p>
75	78
76	79	<p>
77		- If the Tor package has been modified by some attacker it is not safe to use.
78		- It doesn't matter how secure and anonymous Tor is if you're not running the real Tor.
	80	+ If the Tor package has been modified by some attacker it is not safe to use
	81	+ it. It doesn't matter how secure and anonymous Tor is if you're not running
	82	+ the real Tor.
79	83	</p>
80	84
81	85	<p>
...	...	@@ -87,26 +91,27 @@
87	91
88	92	<p>
89	93	There are a variety of attacks that can be used to make you download a fake
90		- version of Tor. For example, an attacker could trick you into thinking some other
91		- website is a great place to download Tor. You should
92		- always download Tor from <a href="https://www.torproject.org"><b>https</b>://www.torproject.org/</a>.
	94	+ version of Tor. For example, an attacker could trick you into thinking some
	95	+ other website is a great place to download Tor. You should always download
	96	+ Tor from
	97	+ <a href="https://www.torproject.org"><b>https</b>://www.torproject.org/</a>.
93	98	</p>
94	99
95	100	<h4>Always make sure you are browsing over https</h4>
96	101
97	102	<p>
98		- <a href="https://www.torproject.org">https://www.torproject.org/</a> uses https.
99		- Https is the secure version of the http protocol which uses encryption and authentication between your
100		- browser and the website. This makes it much harder for the attacker
101		- to modify your download. But it's not perfect. Some places in the
102		- world block the Tor website, making users to download Tor
103		- <a href="<page docs/faq>#GetTor">somewhere else</a>.
	103	+ <a href="https://www.torproject.org">https://www.torproject.org/</a> uses
	104	+ https. Https is the secure version of the http protocol which uses
	105	+ encryption and authentication between your browser and the website.
	106	+ This makes it much harder for the attacker to modify your download. But
	107	+ it's not perfect. Some places in the world block the Tor website, making
	108	+ users to download Tor <a href="<page docs/faq>#GetTor">somewhere else</a>.
104	109	</p>
105	110
106	111	<p>
107	112	Large companies sometimes force employees to use a modified browser,
108		- so the company can listen in on all their browsing. We've even <a
109		- href="https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it">seen</a>
	113	+ so the company can listen in on all their browsing. We've even
	114	+ <a href="https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it">seen</a>
110	115	attackers who have the ability to trick your browser into thinking
111	116	you're talking to the Tor website with https when you're not.
112	117	</p>
...	...	@@ -134,7 +139,8 @@
134	139	<input id="ac-2" name="accordion-2" type="checkbox" checked />
135	140	<label for="ac-2">
136	141	<a class="nav" title="link here" href="#Keys">◄</a>
137		- <h3><a name="Keys">Where do I get the signatures and the keys that made them?</a></h3>
	142	+ <h3><a name="Keys">Where do I get the signatures and the keys that made
	143	+ them?</a></h3>
138	144	<hr>
139	145	<p>
140	146	Each file on <a href="<page download/download>">our download
...	...	@@ -161,12 +167,28 @@
161	167	</article>
162	168	</div>
163	169
	170	+ <input id="ac-3" name="accordion-3" type="checkbox" checked />
	171	+ <label for="ac-3">
	172	+ <a class="nav" title="link here" href="#Keys">◄</a>
	173	+ <h3><a name="Keys">How to verify files with OpenPGP signatures</a></h3>
	174	+ <hr>
	175	+ <p>
	176	+ In the following section We now show how you can verify the downloaded file's digital signature on
	177	+ different operating systems. Please notice that a signature is dated the
	178	+ moment the package has been signed. Therefore every time a new file is
	179	+ uploaded a new signature is generated with a different date. As long as you
	180	+ have verified the signature you should not worry that the reported date may
	181	+ vary.
	182	+ </p>
	183	+ </label>
	184	+ <article class="ac-medium">
	185	+
164	186	<!-- Windows -->
165	187	<div>
166		- <input id="ac-3" name="accordion-3" type="checkbox" />
167		- <label for="ac-3">
	188	+ <input id="ac-3-1" name="accordion-3-1" type="checkbox" />
	189	+ <label for="ac-3-1">
168	190	<a class="nav" title="link here" href="#Windows">◄</a>
169		- <h3><a name="Windows">Windows</a></h3>
	191	+ <h4><a name="Windows">Windows</a></h4>
170	192	<hr>
171	193	</label>
172	194	<article class="ac-small">
...	...	@@ -239,10 +261,10 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
239	261
240	262	<!-- MacOS / Linux -->
241	263	<div>
242		- <input id="ac-4" name="accordion-4" type="checkbox" />
243		- <label for="ac-4">
	264	+ <input id="ac-4-1" name="accordion-4-1" type="checkbox" />
	265	+ <label for="ac-4-1">
244	266	<a class="nav" title="link here" href="#MacosLinux">◄</a>
245		- <h3><a name="MacosLinux">Mac OS X and Linux</a></h3>
	267	+ <h4><a name="MacosLinux">Mac OS X and Linux</a></h4>
246	268	<hr>
247	269	</label>
248	270	<article class="ac-small">
...	...	@@ -330,6 +352,10 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
330	352	</article>
331	353	</div>
332	354
	355	+ <a class="nav" href="#TOC" title="go up">↑</a>
	356	+ </article>
	357	+ </div>
	358	+
333	359	<!-- Build verification -->
334	360	<div>
335	361	<input id="ac-5" name="accordion-5" type="checkbox" />
336	362