I wanted to try using TOR on my new Linux Mint 18.1 installation. So I apt-get install
ed torbrowser-launcher
and tor
, then ran torbrowser-launcher
. It opened a dialog box and showed me it was downloading the TOR browser; but when it was done, it said it had failed the signature check and that I may be "under attack" (oh my!).
Now, it's quite unlikely I'm under some attack personally (I'm not important enough for that), so I'm guessing either it's some technical glitch, or, what would be possible although far far less likely, a man-in-the-middle attack covering my ISP rather than myself individually, nefarious government surveillance or what-not.
How can I tell? What should I do?
By the way, the URLs downloaded are:
https://dist.torproject.org/torbrowser/6.5/tor-browser-linux64-6.5_en-US.tar.xz.asc
https://dist.torproject.org/torbrowser/6.5/tor-browser-linux64-6.5_en-US.tar.xz
Best Answer
It's not an attack, just an outdated key.
There's a issue report on this matter over at the GitHub repository.
A workaround reported there, which works for some systems if not all, is to run:
before
torbrowser-launcher
. Then it works. It's quite possible that what Kusalananda suggested would also work, but I can't check that unless I undo the key update.