Torrents show. Bitcoin shows. Common protocol, many clients, graceful as possible failures, distributed everything. Else you'll always have a centralized something that can get broken. The alternative answer is that you're dealing with two problems. Political problems, from gag-order-ish affairs to licenses to prevent you from doing it, and operational problems, the implanted code, the coerced backdoor. Political problems call for political solutions. Distributing everything is an approach to evade them. Just like we can write code we can write a legal structure for our entities. Mega is doing just that. Put the right thing in the right country, evade certain punishable things but deal with their use cases. Basically you're looking at a system of laws, and you're programming a way to not be subject to them. You musn't forget that laws move, however slowly. (like dealing with changing APIs) Operational problems are historically dealt with by controlling the people working on the project. You should get those with iron loyalty and confidence in the greater good you're doing. That's nearly impossible to be sure about and NSL-type-things make it excruciatingly hard for them. Then layering, rounds of approval, people approving in different nations, etc. Which is a combined political and physical means of dealing with the problem. I'm pretty sure that ATM it is unfeasible to produce code that doesn't contain backdoors. Formal proofs are touchy and hard to read. Code gets complicated and large. Backdoors are elaborate and sneaky. But the political problems can be dealt with. And minimizing the code that can contain backdoors is also a good idea. You could also go for the never-done-in-production testing method where you have two (or more) distinct implementations of the same thing, and you see if the results are totally correct. That way someone would have to hide two backdoors, for two different programs, in the same payload without breaking the program the backdoor is not meant for. There's ways. It's a lot of work.