Wording / formatting

content/about.md

@@ -4,19 +4,17 @@ title: About Me
 
 ## Overview
 
-My name is Sam Al-Sapti. I'm a 6th semester Software Development B.Sc.
+My name is Sam Al-Sapti. I'm a 6th semester Software Development B.Sc. student
-student at the IT-University of Copenhagen. My main interests are
+at the IT-University of Copenhagen. My main interests are backend development,
-backend development, DevOps, DevSecOps, IT security, open-source and
+DevOps, DevSecOps, IT security, open-source and Linux.
-Linux.
 
-Furthermore, I'm an advocate for online privacy, I'm against attention
+Furthermore, I'm an advocate for online privacy, I'm against attention economy
-economy and surveillance capitalism, I'm a big supporter of the Free
+and surveillance capitalism, I'm a big supporter of the Free Software movement,
-Software movement, I'm a digital minimalist, and I'm a member of
+I'm a digital minimalist, and I'm a member of [data.coop](https://data.coop)
-[data.coop](https://data.coop) (I'm also one of the system
+(I'm also one of the system administrators). Also, you won't find me on
-administrators). Also, you won't find me on
+[Facebook](https://fsf.org/fb) or any other social media platform (except for
-[Facebook](https://fsf.org/fb) or any other social media platform
+[LinkedIn](https://www.linkedin.com/in/sam-a-dev/), but that's not really a
-(except for [LinkedIn](https://www.linkedin.com/in/sam-a-dev/), but
+social media platform).
-that's not really a social media platform).
 
 ## My skills
 
@@ -41,17 +39,16 @@ Some technologies and tech concepts I'm familiar with are:
 
 I host some online services that you're welcome to use free of charge.
 
-* [Lingva](https://translate.sapti.me)
+- [Lingva](https://translate.sapti.me)
   ([onion service](http://22qfd63ax4zt5arctpfh62kvjekap7yrdfzwq5kv5jvhew5hcpq6vgyd.onion)) -
-  An alternative way of accessing Google Translate without being
+  An alternative way of accessing Google Translate without being tracked.
-  tracked.
+- [SearXNG](https://search.sapti.me)
-* [SearXNG](https://search.sapti.me)
   ([onion service](http://gbat2pbpg7ys3fi3pbp64667tt5x66mg45xok35bxdw7v55brm7a27yd.onion)) -
-  A metasearch engine that gets its results from other search engines
+  A metasearch engine that gets its results from other search engines while
-  while protecting your privacy.
+  protecting your privacy.
-* [An SMP server](smp://PUDVvQiNbsYG6gXYC2-GYUIQnNICi3BoxKGDKWX55uM=@smp01.simplex.sapti.me,pcexmrs4eod35vdvidq47jce7mnsfm26j27anttoy4zprc25pulkcfyd.onion) -
+- [An SMP server](smp://PUDVvQiNbsYG6gXYC2-GYUIQnNICi3BoxKGDKWX55uM=@smp01.simplex.sapti.me,pcexmrs4eod35vdvidq47jce7mnsfm26j27anttoy4zprc25pulkcfyd.onion) -
-  A server used by [SimpleX Chat](https://simplex.chat)
+  A server used by [SimpleX Chat](https://simplex.chat) to relay messages
-  to relay messages between users. Server address:
+  between users. Server address:
   ```txt
   smp://PUDVvQiNbsYG6gXYC2-GYUIQnNICi3BoxKGDKWX55uM=@smp01.simplex.sapti.me,pcexmrs4eod35vdvidq47jce7mnsfm26j27anttoy4zprc25pulkcfyd.onion
   ```
@@ -59,8 +56,8 @@ I host some online services that you're welcome to use free of charge.
 ## Want to know more?
 
 Feel free to contact me if you want to know more about me. As I'll be
-completing my bachelor's degree this summer, I'm currently on the
+completing my bachelor's degree this summer, I'm currently on the lookout for a
-lookout for a full-time job. As such, if you're a recruiter, you're more
+full-time job. As such, if you're a recruiter, you're more than welcome to
-than welcome to contact me as well.
+contact me as well.
 
 Find my contact information [here]({{< relref "contact.md" >}}).

content/contact.md

@@ -40,7 +40,7 @@ matrix_sessions:
 ## Signal
 
 I use Signal for messaging as well. If you have my number, feel free to message
-me there. If not, you can get it by contacting me via one of the above contact
+me there. If not, you can get it by contacting me via one of the other contact
 methods.
 
 ## SimpleX Chat

content/keys.md

@@ -20,8 +20,7 @@ sub   ed25519/0x899C7CF4B526656F 2022-05-28 [A] [expires: 2023-05-18]
       Key fingerprint = FA9B 317E D1D3 4906 46CC  D154 899C 7CF4 B526 656F
 ```
 
-You can download it [here](/pgp.asc), via WKD or from your preferred
+You can download it [here](/pgp.asc), via WKD or from your preferred keyserver.
-keyserver.
 
 <details>
   <summary>
@@ -37,30 +36,29 @@ keyserver.
   - Change expiry for subkeys or the master key itself
   - Sign other keys
 
-  My private master key is only ever accessed on an airgapped machine,
+  My private master key is only ever accessed on an airgapped machine, with no
-  with no internet or wireless communication capabilities (all wireless
+  internet or wireless communication capabilities (all wireless components
-  components physically removed), no camera or microphone and no
+  physically removed), no camera or microphone and no persistent storage. This
-  persistent storage. This airgapped machine is booted with the latest
+  airgapped machine is booted with the latest version of [Tails
-  version of [Tails OS](https://tails.boum.org). The master key is
+  OS](https://tails.boum.org). The master key is protected by a long and secure
-  protected by a long and secure passphrase and stored on an encrypted
+  passphrase and stored on an encrypted storage medium, which itself is stored
-  storage medium, which itself is stored in a safe place.
+  in a safe place.
 
   ### Subkeys
 
-  My subkeys are stored on an OpenPGP smartcard for daily use. The
+  My subkeys are stored on an OpenPGP smartcard for daily use. The smartcard
-  smartcard makes sure that the local machine never has direct access to
+  makes sure that the local machine never has direct access to the keys. It is
-  the keys. It is protected by a pin-code and requires a physical touch
+  protected by a pin-code and requires a physical touch on every cryptographic
-  on every cryptographic operation.
+  operation.
 
   ### Revocation and expiry
 
-  I usually set my master key to be valid for 2 years at a time. I will
+  I usually set my master key to be valid for 2 years at a time. I will always
-  always extend it at least 1 week prior to the expiry date. The same
+  extend it before the expiry date. The same goes for my subkeys, which are set
-  goes for my subkeys, which are set to be valid for 6 months at a time.
+  to be valid for 6 months at a time.
 
-  If my keys are ever compromised, I have a revocation certificate,
+  If my keys are ever compromised, I have a revocation certificate, stored in a
-  stored in a safe place, that I will publish to this website and
+  safe place, that I will publish to this website and various keyservers.
-  various keyservers.
 
 </details>
 
@@ -76,58 +74,54 @@ keyserver.
 
   #### Level 0: Generic verification (`sig`/`0x10`)
 
-  This certification level is used if I have somehow verified that you
+  This certification level is used if I have somehow verified that you are in
-  are in control of the email address(es) of the UID(s) to be signed.
+  control of the email address(es) of the UID(s) to be signed. No assertions
-  No assertions are made about your identity.
+  are made about your identity.
 
   #### Level 1: No verification (`sig1`/`0x11`)
 
-  This certification level is used when I have not safely verified you
+  This certification level is used when I have not safely verified you as the
-  as the keyholder, but I merely _believe_ that you own the key in
+  keyholder, but I merely *believe* that you own the key in question.
-  question.
 
   #### Level 2: Casual verification (`sig2`/`0x12`)
 
-  This certification level is used when I have verified your identity
+  This certification level is used when I have verified your identity with at
-  with at least one form of photo ID (government-issued or equally
+  least one form of photo ID (government-issued or equally secure), that your
-  secure), that your identity matches that of the UID(s) to be signed,
+  identity matches that of the UID(s) to be signed, and that you are in control
-  and that you are in control of the email address(es) of the UID(s) to
+  of the email address(es) of the UID(s) to be signed.
-  be signed.
 
   #### Level 3: Extensive verification (`sig3`/`0x13`)
 
-  This certification level is used when I am _absolutely sure_ that you
+  This certification level is used when I am *absolutely sure* that you are in
-  are in fact the keyholder. This means that either you are someone I
+  fact the keyholder. This means that either you are someone I know personally
-  know personally and trust, or that someone I ultimately trust have
+  and trust, or that someone I ultimately trust have notified me that you want
-  notified me that you want a signature and have given me your key
+  a signature and have given me your key fingerprint in a secure manner.
-  fingerprint in a secure manner.
 
   ### Signing process
 
   The signing process consists of 2 steps:
 
-  1)  Verification will take place either in person or over video call.
+  1) Verification will take place either in person or over video call. If we
-      If we meet in person, you will give me a physical copy of your key
+  meet in person, you will give me a physical copy of your key fingerprint. If
-      fingerprint. If verification takes place over video call, you will
+  verification takes place over video call, you will give me your key
-      give me your key fingerprint verbally.
+  fingerprint verbally.
-  2)  You will have to send me your public key from the email address
+  2) You will have to send me your public key from the email address associated
-      associated with one of the UIDs to be signed. The email has to be
+  with one of the UIDs to be signed. The email has to be signed. I will then
-      signed. I will then sign the key and send it back to the same
+  sign the key and send it back to the same email address in encrypted form.
-      email address in encrypted form.
 
 </details>
 
 ## SSH key
 
-If you need to give me shell access to your server or similar, please
+If you need to give me shell access to your server or similar, please use the
-use the following public SSH key:
+following public SSH key:
 
 ```txt
 sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
 ```
 
-If your SSH server does not support FIDO2-protected SSH keys, use this
+If your SSH server does not support FIDO2-protected SSH keys, use this fallback
-fallback key instead:
+key instead:
 
 ```txt
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332

content/posts/why-i-switched-from-proton-mail.md

@@ -13,95 +13,90 @@ tags:
 series: []
 ---
 
-I wanted to write this blog post (and by the way, this is my first) to
+I wanted to write this blog post (and by the way, this is my first) to shed
-shed some light on my recent choice of email provider. You see, Proton
+some light on my recent choice of email provider. You see, Proton Mail is a
-Mail is a great email service, and I've used them for years, but it just
+great email service, and I've used them for years, but it just doesn't fit my
-doesn't fit my needs anymore. This is due to a number of reasons, but
+needs anymore. This is due to a number of reasons, but it's primarily due to
-it's primarily due to some issues with external PGP handling (I'll talk
+some issues with external PGP handling (I'll talk more about this later on) and
-more about this later on) and their recent change of direction.
+their recent change of direction.
 
 ## Centralization and Proton's new direction
 
-One of the main reasons I chose to switch, is the new direction Proton
+One of the main reasons I chose to switch, is the new direction Proton is going
-is going in. Recently, they've revamped all of their products and their
+in. Recently, they've revamped all of their products and their website, to make
-website, to make it more clear that both Proton Mail, Proton VPN, Proton
+it more clear that both Proton Mail, Proton VPN, Proton Calendar and Proton
-Calendar and Proton Drive is under the same family/suite (notice how
+Drive is under the same family/suite (notice how there's a space now in their
-there's a space now in their product names, that's one of the changes).
+product names, that's one of the changes). All of this is great for many
-All of this is great for many reasons, now it actually feels like an
+reasons, now it actually feels like an alternative all-in-one solution to
-alternative all-in-one solution to something like Google's, and I'm sure
+something like Google's, and I'm sure this will benefit them in the long run
-this will benefit them in the long run and appeal to more people. A lot
+and appeal to more people. A lot of people like these kinds of ecosystems,
-of people like these kinds of ecosystems, because it usually increases
+because it usually increases ease of use and convenience. In fact, this change
-ease of use and convenience. In fact, this change now allows Proton to
+now allows Proton to better integrate their products together. For example, you
-better integrate their products together. For example, you can now
+can now easily send large attachments via email, by letting Proton Mail
-easily send large attachments via email, by letting Proton Mail
+automatically upload the file to Proton Drive and send a share link in the
-automatically upload the file to Proton Drive and send a share link in
+email, instead of attaching it in the email itself. All of the changes are
-the email, instead of attaching it in the email itself. All of the
+outlined in [this article](https://proton.me/news/updated-proton) by Proton's
-changes are outlined in
+CEO, Andy Yen.
-[this article](https://proton.me/news/updated-proton) by Proton's CEO,
-Andy Yen.
 
-Personally though, this does not appeal to me. I'm not a fan of
+Personally though, this does not appeal to me. I'm not a fan of ecosystems and
-ecosystems and having all my eggs in one basket, and I'm a huge fan of
+having all my eggs in one basket, and I'm a huge fan of self-hosting. You see,
-self-hosting. You see, I'm a big proponent of decentralization. One
+I'm a big proponent of decentralization. One aspect of decentralization is to
-aspect of decentralization is to not have everything in one place, when
+not have everything in one place, when you don't control that place. For
-you don't control that place. For example, I wouldn't have both my
+example, I wouldn't have both my email, calendar, contacts and cloud storage
-email, calendar, contacts and cloud storage with Google, and neither
+with Google, and neither would I with Proton. Instead, I self-host my cloud
-would I with Proton. Instead, I self-host my cloud storage, calendar,
+storage, calendar, contacts, to-do lists, and notes with the help of
-contacts, to-do lists, and notes with the help of
+[Nextcloud](https://nextcloud.com) at home on a Raspberry Pi. This way, even
-[Nextcloud](https://nextcloud.com) at home on a Raspberry Pi. This way,
+though it's all in one place, I'm the one in control of the server hosting it
-even though it's all in one place, I'm the one in control of the server
+and what happens with it.
-hosting it and what happens with it.
 
-I can definitely see why Proton chose to go in this direction, and I
+I can definitely see why Proton chose to go in this direction, and I fully
-fully support them. But they should also expect, and I'm sure they did,
+support them. But they should also expect, and I'm sure they did, that some of
-that some of their customers wouldn't want this change of direction. I
+their customers wouldn't want this change of direction. I have nothing against
-have nothing against Proton as a company, but having my digital life
+Proton as a company, but having my digital life centralized with one company is
-centralized with one company is just not my cup of tea.
+just not my cup of tea.
 
 ## The way Proton Mail handles PGP
 
-Proton Mail offers zero-access encryption of your inbox, meaning all of
+Proton Mail offers zero-access encryption of your inbox, meaning all of your
-your emails are encrypted, and only you have access to read them after
+emails are encrypted, and only you have access to read them after unlocking
-unlocking them with your password. Behind the scenes, this works by each
+them with your password. Behind the scenes, this works by each customer having
-customer having a PGP key pair stored on their servers, with the private
+a PGP key pair stored on their servers, with the private key being encrypted by
-key being encrypted by the customer's password. This means that not even
+the customer's password. This means that not even Proton themselves can read
-Proton themselves can read your emails, and this is great for privacy.
+your emails, and this is great for privacy.
 
-PGP has been a standard for email encryption for many years, and it's
+PGP has been a standard for email encryption for many years, and it's widely
-widely used for sensitive communication via email. Proton has taken PGP
+used for sensitive communication via email. Proton has taken PGP and integrated
-and integrated it into their email service, automatically providing
+it into their email service, automatically providing end-to-end encrypted
-end-to-end encrypted emails between Proton Mail users (it also works
+emails between Proton Mail users (it also works with other email providers, but
-with other email providers, but it requires some setup by the
+it requires some setup by the communicating parties). The thing is though, that
-communicating parties). The thing is though, that you're not in control
+you're not in control of the private PGP key when using Proton Mail's PGP
-of the private PGP key when using Proton Mail's PGP integration. Even
+integration. Even though it is encrypted on their servers, and only I can
-though it is encrypted on their servers, and only I can decrypt it, I
+decrypt it, I want to be in control of my private key myself. This also relates
-want to be in control of my private key myself. This also relates to the
+to the centralization problem I described above. By using Proton Mail, I
-centralization problem I described above. By using Proton Mail, I
 entrust my email security with a central entity.
 
-This one is more on the technical side of things. I've had some not so
+This one is more on the technical side of things. I've had some not so great
-great experiences when trying to use my own PGP key on top of Proton
+experiences when trying to use my own PGP key on top of Proton Mail's
-Mail's encryption. For example, my signatures wouldn't be recognized by
+encryption. For example, my signatures wouldn't be recognized by the
-the recipient's email client, due to the second layer of encryption that
+recipient's email client, due to the second layer of encryption that is Proton
-is Proton Mail's PGP integration. Because I want to use my own PGP key,
+Mail's PGP integration. Because I want to use my own PGP key, that I'm in
-that I'm in control of myself, this doesn't work for me.
+control of myself, this doesn't work for me.
 
 ## Conclusion
 
-With all that said, I want to end this blog post by saying this: Don't
+With all that said, I want to end this blog post by saying this: Don't go ahead
-go ahead and delete your Proton account solely based on what I'm saying.
+and delete your Proton account solely based on what I'm saying. This is my own
-This is my own personal opinion. If you're someone who's not very
+personal opinion. If you're someone who's not very technical and/or are
-technical and/or are satisfied with what Proton is offering, then stay.
+satisfied with what Proton is offering, then stay. I'm not here to trash talk
-I'm not here to trash talk Proton and tell everyone to abandon them. I
+Proton and tell everyone to abandon them. I think Proton offers some great
-think Proton offers some great privacy preserving services and their
+privacy preserving services and their line of products is perfectly suitable
-line of products is perfectly suitable for a lot of people, and their
+for a lot of people, and their work is important in the privacy world. I'm just
-work is important in the privacy world. I'm just someone who's a bit
+someone who's a bit more technical than the average person, and because of
-more technical than the average person, and because of that, Proton Mail
+that, Proton Mail is just not a fit for me personally. For the average person,
-is just not a fit for me personally. For the average person, Proton is
+Proton is fantastic, and I can only recommend them if you're wondering which
-fantastic, and I can only recommend them if you're wondering which
 email, VPN, calendar or cloud storage provider to use.
 
-You might be asking, what am I using now then? I'm now a happy customer
+You might be asking, what am I using now then? I'm now a happy customer over at
-over at [mailbox.org](https://mailbox.org), and if you're like me, you
+[mailbox.org](https://mailbox.org), and if you're like me, you should totally
-should totally check them out. If not, go ahead and keep your Proton
+check them out. If not, go ahead and keep your Proton account (you have one,
-account (you have one, right?).
+right?).

content/privacy.md

@@ -13,36 +13,34 @@ This website and the free services are owned and hosted by Sam Al-Sapti.
 
 ## What data is collected
 
-No data is collected about the site's visitors. The webserver's access
+No data is collected about the site's visitors. The webserver's access logs are
-logs are discarded immediately, so the server doesn't persist any IP
+discarded immediately, so the server doesn't persist any IP addresses or other
-addresses or other personally identifiable information. Moreover, if
+personally identifiable information. Moreover, if you access this site over a
-you access this site over a VPN or Tor connection (`.onion` link
+VPN or Tor connection (`.onion` link available at the bottom of the page), the
-available at the bottom of the page), the site won't even be able to
+site won't even be able to learn your IP address in case of a compromise.
-learn your IP address in case of a compromise.
 
-Furthermore, the hosting provider of this site is
+Furthermore, the hosting provider of this site is [Hetzner Online
-[Hetzner Online GmbH](https://www.hetzner.com/). According to their
+GmbH](https://www.hetzner.com/). According to their privacy policy, they do not
-privacy policy, they do not store any log data either. Please refer to
+store any log data either. Please refer to their privacy policy for further
-their privacy policy for further information.
+information.
 
 If you use my SearXNG instance however, the built-in limiter plugin will
-collect your IP address in hashed form. Hashing is a one-way encryption
+collect your IP address in hashed form. Hashing is a one-way encryption method
-method that allows data to be encrypted, but not decrypted. This means
+that allows data to be encrypted, but not decrypted. This means that the server
-that the server does not learn your real IP address, but only a one-way
+does not learn your real IP address, but only a one-way encrypted version of it
-encrypted version of it so that it can detect IP addresses that behave
+so that it can detect IP addresses that behave maliciously and rate limit
-maliciously and rate limit connections from those. Furthermore, this
+connections from those. Furthermore, this database of hashed IP addresses is
-database of hashed IP addresses is stored in memory only, and is not
+stored in memory only, and is not used for any other purpose than rate
-used for any other purpose than rate limiting. A single hashed IP
+limiting. A single hashed IP address is stored for a maximum of 10 minutes
-address is stored for a maximum of 10 minutes after the last request
+after the last request from it.
-from it.
 
 ## Cookies
 
-No cookies are used on this website. However, your browser's local
+No cookies are used on this website. However, your browser's local storage is
-storage is used to save your color scheme preference if you ever change
+used to save your color scheme preference if you ever change it manually.
-it manually. SearXNG can optionally use cookies to store settings if you
+SearXNG can optionally use cookies to store settings if you choose to change
-choose to change them from the default. Your settings can alternatively
+them from the default. Your settings can alternatively be stored in a custom
-be stored in a custom URL instead.
+URL instead.
 
 ## Embedded third party content
 
@@ -50,13 +48,12 @@ Currently no third party content is embedded on this site.
 
 ## Analytics
 
-No analytics are used on this site. SearXNG measures aggregate
+No analytics are used on this site. SearXNG measures aggregate statistics on
-statistics on how upstream search engines perform, but this does not
+how upstream search engines perform, but this does not include any user data.
-include any user data.
 
 ## Changes to this privacy policy
 
 I reserve the right to update this privacy policy from time to time. I
-constantly keep it up to date with the latest changes. If this policy
+constantly keep it up to date with the latest changes. If this policy is
-is changed substantially, I will put a clear notice on the front page
+changed substantially, I will put a clear notice on the front page for at least
-for at least 7 days.
+7 days.