Improved Writing made it less verbouse

Chapters/Introduction.tex

@@ -2,38 +2,33 @@
 
 \label{Introduction}
 
-Peer-to-peer overlay VPNs promise to restore genuine decentralization
-by enabling direct connectivity between nodes regardless of NAT or
-firewall restrictions. Yet practitioners choosing among the growing
-number of mesh VPN implementations must rely largely on anecdotal
-evidence: systematic, reproducible comparisons under realistic
-conditions are scarce.
+Peer-to-peer overlay VPNs allow nodes to connect directly regardless
+of NAT or firewall restrictions. Yet practitioners choosing among the
+growing number of mesh VPN implementations must rely largely on
+anecdotal evidence: systematic, reproducible comparisons under
+realistic conditions are scarce.
 
 This thesis addresses that gap. We benchmark ten peer-to-peer VPN
 implementations across seven workloads and four network impairment
-profiles, yielding over 300 unique measurements. We complement these
+profiles, producing over 300 unique measurements. We complement these
 performance benchmarks with a source code analysis of each
-implementation, verified through direct engagement with the respective
-maintainers. The entire experimental framework is built on Nix, NixOS,
-and the Clan deployment system, making every result independently
-reproducible.
+implementation, verified by the respective maintainers. The entire
+experimental framework is built on Nix, NixOS, and the Clan deployment
+system, so every result is independently reproducible.
 
 \section{Motivation}
 
-Peer-to-peer architectures promise censorship-resistant, fault-tolerant
-infrastructure by eliminating single points of failure
-\cite{shukla_towards_2021}.
-These architectures underpin a growing range of systems, from IoT
-edge computing and content delivery networks to blockchain platforms
-like Ethereum.
-Yet realizing these benefits requires distributing nodes across
-genuinely diverse hosting entities.
+Peer-to-peer architectures can provide censorship-resistant,
+fault-tolerant infrastructure because they have no single point of
+failure \cite{shukla_towards_2021}. IoT edge computing, content
+delivery networks, and blockchain platforms like Ethereum all rely on
+some form of peer-to-peer topology. But these benefits only hold when
+nodes are spread across diverse hosting entities.
 
 In practice, this diversity remains illusory.
 Amazon, Hetzner, and OVH collectively host 70\% of all Ethereum nodes
-(see Figure~\ref{fig:ethernodes_hosting}),
-concentrating nominally decentralized infrastructure
-within a handful of cloud providers.
+(see Figure~\ref{fig:ethernodes_hosting}), so nominally decentralized
+infrastructure actually sits in a handful of cloud providers.
 More concerning, these providers operate under overlapping regulatory
 jurisdictions,
 predominantly the United States and the European Union.
@@ -49,50 +44,40 @@ data disclosure, or traffic manipulation across a majority of the network.
   \label{fig:ethernodes_hosting}
 \end{figure}
 
-Why does this centralization persist despite the explicit goals of
-decentralization?
-The answer lies in the practical barriers to self-hosting.
-Cloud providers offer static IP addresses and publicly routable endpoints,
-eliminating the networking complexity that plagues residential and
-small-office deployments.
+This centralization persists because self-hosting is hard. Cloud
+providers offer static IP addresses and publicly routable endpoints,
+which avoids the networking problems that residential and small-office
+deployments face.
 Most internet-connected devices sit behind Network Address Translation (NAT),
 which prevents incoming connections without explicit port forwarding
 or relay infrastructure.
-Combined with dynamic IP assignments from ISPs, maintaining stable
-peer connectivity
-from self-hosted infrastructure traditionally required significant
-technical expertise.
+Combined with dynamic IP assignments from ISPs, stable peer
+connectivity from self-hosted infrastructure has traditionally
+required significant technical expertise.
 
-Overlay VPNs offer a solution to this fundamental barrier.
-By establishing encrypted tunnels that traverse NAT boundaries,
-mesh VPNs enable direct peer-to-peer connectivity without requiring
-static IP addresses or manual firewall configuration.
-Each node receives a stable virtual address within the overlay network,
-regardless of its underlying network topology.
-In practice, this means a device behind consumer-grade NAT can
-participate as a first-class peer in a distributed system,
-removing the primary technical advantage that cloud providers hold.
+Overlay VPNs solve this problem. They establish encrypted tunnels
+that traverse NAT boundaries, so peers can connect directly without
+static IP addresses or manual firewall configuration. Each node
+receives a stable virtual address within the overlay network,
+regardless of its physical network topology. A device behind
+consumer-grade NAT can therefore participate as a first-class peer
+in a distributed system.
 
-The Clan deployment framework builds on this foundation.
-Clan uses Nix and NixOS to eliminate configuration drift and
-dependency conflicts, reducing operational overhead enough for a
-single administrator to reliably self-host complex distributed
-services.
-Overlay VPNs are central to Clan's architecture,
-providing the secure peer connectivity that enables nodes
-to form cohesive networks regardless of their physical location or
-NAT situation.
-As illustrated in Figure~\ref{fig:vision-stages}, Clan envisions
-a web interface that enables users to design and deploy private P2P networks
-with minimal configuration, assisted by an integrated LLM
-for contextual guidance and troubleshooting.
+The Clan deployment framework uses Nix and NixOS to eliminate
+configuration drift and dependency conflicts. The result is that a
+single administrator can reliably self-host distributed services.
+Overlay VPNs are central to Clan's architecture: they supply the
+peer connectivity that lets nodes form a network regardless of
+physical location or NAT situation.
+As illustrated in Figure~\ref{fig:vision-stages}, Clan plans to offer
+a web interface that lets users design and deploy private P2P networks
+with minimal configuration, assisted by an integrated LLM.
 
-During the development of Clan, a recurring challenge became apparent:
-practitioners held divergent preferences for mesh VPN solutions,
-each citing different edge cases where their chosen VPN
-proved unreliable or lacked essential features.
-These discussions were grounded in anecdotal evidence rather than
-systematic evaluation, motivating the present work.
+During Clan's development, a recurring problem surfaced:
+practitioners disagreed on which mesh VPN to use, each pointing to
+different edge cases where their preferred VPN failed or lacked a
+needed feature. These discussions relied on anecdotal evidence rather
+than systematic evaluation, which motivated the present work.
 
 \subsection{Related Work}
 
@@ -108,49 +93,45 @@ for distributed systems, analyzing throughput, reliability under packet
 loss, and relay behavior for VPNs including ZeroTier. However, it
 focuses primarily on solutions with a central point of failure and
 limits its workloads to synthetic iperf3 tests. This thesis extends
-that foundation by evaluating a broader set of VPN implementations
-with emphasis on fully decentralized architectures, exercising them
-under real-world workloads such as video streaming and package
-downloads, applying multiple network impairment profiles, and
-providing a fully reproducible experimental framework built on
-Nix, NixOS, and Clan.
+that work: it evaluates a broader set of VPN implementations with
+emphasis on fully decentralized architectures, tests them under
+application-level workloads (video streaming, package downloads),
+applies multiple network impairment profiles, and provides a
+reproducible experimental framework built on Nix, NixOS, and Clan.
 
-Beyond filling this research gap, a further goal was to create a fully
-automated benchmarking framework capable of generating a public
-leaderboard, similar in spirit to the js-framework-benchmark
-(see Figure~\ref{fig:js-framework-benchmark}). By providing an
-accessible web interface with regularly updated
-results, the framework gives VPN developers a concrete, public
-baseline to measure against.
+A secondary goal was to create an automated benchmarking framework
+that generates a public leaderboard, similar in spirit to the
+js-framework-benchmark (see Figure~\ref{fig:js-framework-benchmark}).
+A web interface with regularly updated results gives VPN developers a
+concrete baseline to measure against.
 
 \section{Research Contribution}
 
 This thesis makes the following contributions:
 
 \begin{enumerate}
-  \item A comprehensive benchmark of ten peer-to-peer VPN
-    implementations across seven workloads (including real-world
-    video streaming and package downloads) and four network
-    impairment profiles, producing over 300 unique measurements.
-  \item A source code analysis of all ten VPN implementations,
-    combining manual code review with LLM-assisted analysis,
-    followed by verification through direct engagement with the
-    respective maintainers on GitHub.
-  \item A fully reproducible experimental framework built on
-    Nix, NixOS, and the Clan deployment system, with pinned
-    dependencies, declarative system configuration, and
-    deterministic cryptographic material generation, enabling
-    independent replication of all results.
-  \item A performance analysis demonstrating that Tailscale
-    outperforms the Linux kernel's default networking stack under
-    degraded conditions, and that kernel parameter tuning (Reno
-      congestion control in place of CUBIC, with RACK
-    disabled) yields measurable throughput improvements.
+  \item A benchmark of ten peer-to-peer VPN implementations across
+    seven workloads (including video streaming and package downloads)
+    and four network impairment profiles, with over 300 unique
+    measurements.
+  \item A source code analysis of all ten VPN implementations. Manual
+    code review was combined with LLM-assisted analysis and the results
+    were verified by the respective maintainers on GitHub.
+  \item A reproducible experimental framework built on Nix, NixOS,
+    and the Clan deployment system. All dependencies are pinned,
+    system configuration is declarative, and cryptographic material
+    is generated deterministically, so every result can be
+    independently replicated.
+  \item A performance analysis showing that Tailscale outperforms the
+    Linux kernel's default networking stack under degraded conditions,
+    and that kernel parameter tuning (Reno congestion control in place
+    of CUBIC, with RACK disabled) yields measurable throughput
+    improvements.
   \item The discovery of several security vulnerabilities across
     the evaluated VPN implementations.
-  \item An automated benchmarking framework designed for public
-    leaderboard generation, intended to encourage ongoing
-    optimization by VPN developers.
+  \item An automated benchmarking framework that produces a public
+    leaderboard, giving VPN developers a target to optimize
+    against.
 \end{enumerate}
 
 \begin{figure}[H]