Download only from their official site (which you’ve linked correctly)
You may want to check signature as well
Run it directly from folder
Don’t change too much settings and it’s window size \ position, because you can be tracked by it, and by default TOR doing good job automatically to randomize it
If you want to use it for anonymity / privacy, as hard as you can possibly go - don’t touch it, because users can be narrowed down significantly by screen-size when maximized.
It seems that this scenario has been take care of from Tor Browser 9 onwards:
Tor Browser in its default mode is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That works so far until users start to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing, a technique developed by Mozilla and presented in 2019. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.
In simple words, this technique makes groups of users of certain screen sizes and this makes it harder to single out users on basis of screen size, as many users will have same screen size.
I have used Tor which was downloaded from their site without issues and the update works directly from the program itself.
Never tried the AUR version so not sure how it’s updated.
I rather use Tor from their site than a AUR version.
So, the AUR version is from the official site. It’s the same thing, except you install it as a package. Therefore, it is perfectly safe to install Tor with:
yay -S tor-browser
The AUR version works fine and is well maintained and regularly updated. Of course, always check the diffs in the PKGBUILD file when updating, just in case…