Since there's a new browser bundle out, now's a good time to learn how to verify file signatures. Here are the instructions on the Tor web site: https://www.torproject.org/docs/verifying-signatures.html.en They say you need GPG4Win, but that's not true. You just need gpg.exe, and that comes with GPG4USB. It is located in the bin subfolder of wherever you extracted GPG4USB: C:\wherever\you\extracted\gpg4usb\bin\gpg.exe Pro tip: don't use gpg.exe to download Erinn's signing key from a key server, since that connection will go over clearnet. The key server will log your clearnet IP address. Instead, copy her key from here (access it over Tor): http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x416F061063FEE659 The rest of the instructions should work the same.