Improved writing

Chapters/Introduction.tex

@@ -10,9 +10,9 @@ realistic conditions are scarce.
 
 This thesis addresses that gap. We benchmark ten peer-to-peer VPN
 implementations across seven workloads and four network impairment
-profiles, producing over 300 unique measurements. We complement these
-performance benchmarks with a source code analysis of each
-implementation, verified by the respective maintainers. The entire
+profiles. We complement these performance benchmarks with a source
+code analysis of each implementation, verified by the respective
+maintainers. The entire
 experimental framework is built on Nix, NixOS, and the Clan deployment
 system, so every result is independently reproducible.
 
@@ -20,10 +20,10 @@ system, so every result is independently reproducible.
 
 Peer-to-peer architectures can provide censorship-resistant,
 fault-tolerant infrastructure because they have no single point of
-failure \cite{shukla_towards_2021}. IoT edge computing, content
-delivery networks, and blockchain platforms like Ethereum all rely on
-some form of peer-to-peer topology. But these benefits only hold when
-nodes are spread across diverse hosting entities.
+failure \cite{shukla_towards_2021}. Blockchain platforms like Ethereum
+depend on this property, as do IoT edge networks and content delivery
+systems. But these benefits only hold when nodes are spread across
+diverse hosting entities.
 
 In practice, this diversity remains illusory.
 Amazon, Hetzner, and OVH collectively host 70\% of all Ethereum nodes
@@ -64,8 +64,9 @@ consumer-grade NAT can therefore participate as a first-class peer
 in a distributed system.
 
 The Clan deployment framework uses Nix and NixOS to eliminate
-configuration drift and dependency conflicts. The result is that a
-single administrator can reliably self-host distributed services.
+configuration drift and dependency conflicts, which makes it
+practical for a single administrator to self-host distributed
+services.
 Overlay VPNs are central to Clan's architecture: they supply the
 peer connectivity that lets nodes form a network regardless of
 physical location or NAT situation.
@@ -84,19 +85,21 @@ than systematic evaluation, which motivated the present work.
 Existing research offers only partial coverage of this space.
 Lackorzynski et al.\ \cite{lackorzynski_comparative_2019} benchmark
 OpenVPN, IPSec, Tinc, Freelan, MACsec, and WireGuard in the context
-of industrial communication systems, measuring point-to-point
-throughput, latency, and CPU overhead. Their work does not address
-overlay network behavior such as NAT traversal or dynamic peer discovery.
+of industrial communication systems. They measure point-to-point
+throughput, latency, and CPU overhead but do not address overlay
+network behavior such as NAT traversal or dynamic peer discovery.
 The most closely related study by Kjorveziroski et al.\
 \cite{kjorveziroski_full-mesh_2024} evaluates full-mesh VPN solutions
-for distributed systems, analyzing throughput, reliability under packet
-loss, and relay behavior for VPNs including ZeroTier. However, it
-focuses primarily on solutions with a central point of failure and
-limits its workloads to synthetic iperf3 tests. This thesis extends
-that work: it evaluates a broader set of VPN implementations with
-emphasis on fully decentralized architectures, tests them under
-application-level workloads (video streaming, package downloads),
-applies multiple network impairment profiles, and provides a
+for distributed systems, looking at throughput, reliability under
+packet loss, and relay behavior for VPNs including ZeroTier. However,
+it focuses primarily on solutions with a central point of failure and
+limits its workloads to synthetic iperf3 tests.
+
+This thesis extends that work in several directions. It evaluates a
+broader set of VPN implementations with emphasis on fully
+decentralized architectures and tests them under application-level
+workloads such as video streaming and package downloads. It also
+applies multiple network impairment profiles and provides a
 reproducible experimental framework built on Nix, NixOS, and Clan.
 
 A secondary goal was to create an automated benchmarking framework
@@ -111,17 +114,16 @@ This thesis makes the following contributions:
 
 \begin{enumerate}
   \item A benchmark of ten peer-to-peer VPN implementations across
-    seven workloads (including video streaming and package downloads)
-    and four network impairment profiles, with over 300 unique
-    measurements.
+    seven workloads and four network impairment profiles. The workloads
+    include video streaming and package downloads alongside synthetic
+    throughput tests.
   \item A source code analysis of all ten VPN implementations. Manual
     code review was combined with LLM-assisted analysis and the results
     were verified by the respective maintainers on GitHub.
   \item A reproducible experimental framework built on Nix, NixOS,
-    and the Clan deployment system. All dependencies are pinned,
-    system configuration is declarative, and cryptographic material
-    is generated deterministically, so every result can be
-    independently replicated.
+    and the Clan deployment system. Dependencies are pinned and system
+    configuration is declarative, down to deterministic cryptographic
+    material generation. Every result can be independently replicated.
   \item A performance analysis showing that Tailscale outperforms the
     Linux kernel's default networking stack under degraded conditions,
     and that kernel parameter tuning (Reno congestion control in place