I don’t know, but maybe this helps:
And this one as well, although it’s not 100% correct anymore:
The thing is, you can’t choose your own XOR-address. The network gives you one when you connect. And when you connect on IP-level it’s through relay-nodes. So when you connect to 4 ip-addresses (relay-nodes) 1 could trick you to a different network, but you interact over 4 relay-nodes, so your node would find out soon that 1 is corrupt.
When the network goes live, you connect to it using a build-in PKI to one of the Maidsafe-servers. And they’ll provide you with different IP’s and will try to get rid of you as fast as they can I predict 
. From that moment your client knows about maybe 10 or 20 IP’s so when you ever connect again you don’t use fallbacknodes from Maidsafe but just try to pick some you already know. And when you’re connected to the network through one of them, they don’t have a clue what you are doing. They’ll just route your data back an forth.
At least, this is how I get it.