Seems to me that, as MAID becomes huge, the core development team themselves become a target for the authorities to control.
Now, I’m not referring to such things as NSA/GCHQ middle-man tampering with downloads of client software, which can be thwarted by cryptographic signing and reproducible builds.
I’m talking about such things as threatening someones family or other forms of pressure to get them to accept some tiny flaw in the security. I saw a CCC video from a couple of years back (sorry, can’t find the link) where changing just one bit in a crypto module disabled its entropy and made it vulnerable to breaking by anyone who knew the break was there. A zero day type of thing, like the SSL failure of a few years back.
No wonder so many firms in this area are based in Switzerland and Luxembourg.
Apart from the authorities, there are just plain terrorists angry at some content appearing on the SAFE network.
Are there plans to harden or make distributed, the core development? Is that even possible?