diff --git a/readme.md b/readme.md
index 2866435..05ac495 100644
--- a/readme.md
+++ b/readme.md
@@ -60,17 +60,17 @@ debian, other
 - Obviously, executing arbitrary Javascript from around the web is never going
   to be completely safe, however the following steps have been taken to ensure
     the saftey of the host machine:
-        - All websites have a maximum time in which they have to load their
+    - All websites have a maximum time in which they have to load their
           content (default 2s) and execute any scripts (default 2s)
-        - When running outside of a Docker container, all renderer processes
+    - When running outside of a Docker container, all renderer processes
           will be run inside the Chromium sandbox
 (https://github.com/chromium/chromium/blob/master/docs/linux/sandboxing.md)
-        - When running inside of a Docker container, the entire program is
+    - When running inside of a Docker container, the entire program is
           running inside a Docker container (as an unprivileged user).
-        - Nodejs integration is disabled in all renderer processes
-        - Context isolation is enabled in all reneder processes
-        - Any request for browser permissions is automatically denied
-        - Any request to create a new window is automatically denied
+    - Nodejs integration is disabled in all renderer processes
+    - Context isolation is enabled in all reneder processes
+    - Any request for browser permissions is automatically denied
+    - Any request to create a new window is automatically denied
 - Essentially, in theory, the machine hosting hellgate should not be at any
   more risk than a regular web broser. However, security vulnerabilities
 exists, and no software is perfect, not Docker, not Chromium, not Linux not