Your security needs may be different than others, depending on your location, your needs, and your particular threat model. Lantern recommends the following sources for understanding and identifying your particular security needs.

• Consumer Reports | Security Planner (https://securityplanner.consumerreports.org/)
• Miaan Digital Security Helpdesk | Assistance (https://miaan.org/projects/miaan-digital-security-helpdesk/)

How to validate that a client application file is authentic, even if downloaded through an untrusted network.

Hash functions can be used to create a unique digital signature -- a hash -- for any file. Lantern captures this hash when our application is compiled and publishes them on GitHub: lantern-binaries. Users can run the same hash function (SHA256) on downloaded copies to assure they are an exact match, proving the file to be an authentic and unaltered copy of the original.

Most operating systems have built-in hash functions. Follow the steps below for your operating system to generate the hash for a file.

From your preferred terminal application, run the following command:

openssl dgst -sha256 /path/to/my_file

1. Press Windows+R to open the Run box
2. Type cmd and click OK.
3. The Command Prompt window will open.
4. Run the following command:

certutil -hashfile C:\file\path\my_file.exe SHA256

1. Press Windows+R to open the Run box
2. Type powershell and click OK.
3. The Windows PowerShell window will open.
4. Run the following command:

Get-FileHash C:\file\path\my_file.exe -Algorithm SHA256